Analysis Overview
SHA256
23561569a84019f03c1680aba4331fe320ce865e6ccfa304752df92f340218ba
Threat Level: No (potentially) malicious behavior was detected
The file 8c7f6a1fd9dabf5fcc47ef6ea5c2fbbf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:42
Reported
2024-06-02 01:44
Platform
win7-20240221-en
Max time kernel
138s
Max time network
139s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000253f2586ab7444d9ec0e43e5fd9fee200000000020000000000106600000001000020000000862f912e0904a61ae47d78a96872f82a595522bc8a82e2d3e2bd86e20b132353000000000e8000000002000020000000395f3d40b239ca47ec914d993d5c327417e8d2b5d3f0ec7838fe8949323d508a90000000f6e3d05e11e16c752d4171cdcb1d9b59e942c4285db67266c4d059aa681b5913a621f3c1ceeec49d0487952b1a8998a9167da691205d6d9ddbb9aa3bbef2bdedfa0a2d3484a789ab26b77639f0b9bb3a3d30c5e6db93d51f64ef365e89ab4fb9a3f5e94ffd1bbdd904398253e81f6fca80701f88082a53926445fae07e8175942a09f9fc6a49e21e6d60215e793ce1984000000015fdab5c11ca2be28e5260baf888397d3a11008e86a9382eaff3f494781bf6a33c86d0da0e627acfdf2618d886201ba3d9d97034042ecfcdb6896e33e3d72df5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58576801-2081-11EF-873B-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dc052f8eb4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000253f2586ab7444d9ec0e43e5fd9fee200000000020000000000106600000001000020000000c3753c1186b7e77936af0698dcbdd04459511da82f4a2d24e5be348614ece280000000000e8000000002000020000000f83ea93ce082002e939cd8a3262ab0d0be5b3a51378d079c90046c741a800cee20000000157d97edd6761a8ea3d59305d1e6643f19754b8b74946c9041627475573bd8b4400000004d6242508c7b951869e7a79df5f5c640b2da1cb9f93ebdee3715897ad8c42bed778be68f0b0e4243f7385e38a0ca26b5abc6da41d7e09e0e0360764a9fd0a265 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454411" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 1052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 1052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 1052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 1052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7f6a1fd9dabf5fcc47ef6ea5c2fbbf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar22B2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab229E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e919b244cc03c28180ff652a827950f6 |
| SHA1 | 28f2564d44935b27a36e191f2d777dcc934282dc |
| SHA256 | 835e50bc4c40d8d9eba1d7c269dfaddaab7bc08f79b2a46120e7c85272a1e624 |
| SHA512 | 9a0d7a9a73b879360180a8be2cc04e1c3965db50da59bf85b62dc5551def690f3291a6b438de42edbdc226be983fc672788f21626610107ed41e8f28be2391ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e45e619e897e3e3fb040001c59f1492a |
| SHA1 | 192c331e72c5e85908b2518c9fddc45bc0d79fac |
| SHA256 | 159933a20be82cac22c71e112cce4a3e7394cbc1dce3d1d8461b9ac689173594 |
| SHA512 | b30b8299082c4c78dc6652ddfe9026d26a1a0d7e1492011447a1a21259a8932e3ee6888700fb6e5ab92418dc11a4dc9dfc632bba55bb9edf3047681446d5aa84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 0fb6825702f95ab29aa34a18d333db7f |
| SHA1 | f2c678327eb9a1dc53fcb83cd443d4083bac15c6 |
| SHA256 | 9477670f31717e9ea2b8f95c7d74fe7ac3a9d470619f866cd147fde30da694b1 |
| SHA512 | d782ef277d7c3ce25ea68ad02ca8bfaf021101b0b9d6221bb8fb1c54dd9457218fb15673bed214bc48d80dacc3691883d27bbcc3481c1a104f2c1140ddd2ef5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b16d969f0f11b65b7f095e8b92746e4a |
| SHA1 | 0a8ec8eb02ae05a36330fc328d31b2bcb789df98 |
| SHA256 | 59c5edcc60e13dcfe11a0ce53bab3735f0cdddadc59a7f67942ad9e5bf503f42 |
| SHA512 | 8fac11e258d2b12bacc4483d77178797cf9102c92c6b750e9420a28229b3c3baf036d1f30843dacd789b7ad81ff9d1c6e40a350ed60f376fd71ee1ffdec9de02 |
C:\Users\Admin\AppData\Local\Temp\Cab239F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar23B4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e34d9820e97d7efe961fabaccb4ed58b |
| SHA1 | bbf5e622ed1c529c01f55e1a64aa6e15693bc31b |
| SHA256 | 641df1b4a1a18339c720a7f43f867509b369a83d43859940ce433c689e38e1d0 |
| SHA512 | d99dda636d68811d9c38f0753819be4f990da65914ba58c3a740804d0d02775401d057bbee6fe44222176e7bf3d6669c36cba30300099ca7d134b4e692301196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4c8a7146521a488f0898ed1e741bafa |
| SHA1 | 23428c5528ccab05bbad722294cd869ab1575cdf |
| SHA256 | ffc58f66cdac309827cb4a0979b0c8f2283a16e75944652c932340210474cd71 |
| SHA512 | b46acfe7c0ff7ecde5df992df0787e6bfa8941aafebd6afc9cbb0657e16da4b3822ef87558c89f80dcb28a0aad278af0c1cfc31a67417ee0c72fdf62e6ab9415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c7e6a06d6db9e13fdce6c44dfb89e9 |
| SHA1 | 81392b92176716262b04da15e2b31a3f36b3a203 |
| SHA256 | 47a24ebc22ca7664f894b3f64182fa2476e95304a9de897ad8069cb0e5e708d1 |
| SHA512 | cb9bd1a862e2c93d2fbc946f1f8dbd2e817a39b41951a7a5f098208306fda5d506e0062b00a6cb4cb999141c2e347f95fc3a4b82cfe657a85ee7688fdff8dec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 494de631b84556c388ed446d484a3714 |
| SHA1 | 75fe3b8ba65b63e7e45c280155d91110fe4fcc7a |
| SHA256 | 458c0d9d55d1eef5ae2ae9117047c9d7666dca4cda3cc572472cc7b19ad967e8 |
| SHA512 | 72205d5c43d1fda93325b7d8c2a2a5b7c8e4982e15759f8d8c6afde77f99f356a22c4014b110886188876a032fc14240e4fc2a264041f6340ad5273aa517fb2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63819cc532623c8f0f811017f3f8187d |
| SHA1 | 0374e758fa43bbb9456341260a5f7274541120d2 |
| SHA256 | 193054cd2007928a1ceeb3d9a6870f19626eec0237b797ed65f2eafdc946da53 |
| SHA512 | 19f4f4d4d67b9199ad722f1771e0812a681e43dc48ab95b1d7430c2467126d1ec613dd6a1de1b14a5ab48b140cf218facbc5ad2e3e499cfc06d7a2286b22ff16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4289930aa83f9c5d3e8d8e7233b428 |
| SHA1 | 41db278bec79a257abc5eee30af1d54ed39960c0 |
| SHA256 | e34c0fec22291d7939cb07de2535b09119c9fa48bdb583ea3ab3886d7be6975f |
| SHA512 | 7f79092dd67b61e710b5891a8bc1f65dd77cf42d9da552ddff5c2008f6ef6096c5c49e39ad02452299c0c19b93b552596ebd9cc31cd247b51a4925a67161b171 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb72b4280a7869f7f70f278d5b811101 |
| SHA1 | 13c0779e6c24f96787a0f9eea75c79315b5cfb38 |
| SHA256 | 94459699452592722e55c0a39a8b3cead961ac86bc2db8b0ef3d715e3a96236e |
| SHA512 | 3f6eaf06c7dd5661902d70332244692725863bf43c9624317bcb690bc6003da49aa37453ea99bc7727b7ee48c42253453b8159e9e900c1cf1a0ffe8a0e62faed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c79d014f4068c1def02b8badce715b5 |
| SHA1 | f161b40ffdbb7a2619aab856dfbb07f1813abf57 |
| SHA256 | eb69da36662973c337e572d3f0d34e879b3e8be30c88d58a7ca865b54d9d244e |
| SHA512 | bb1a6cb8e94d65c67be78d36b67bf9d522e1da726a16fc36360c0582c9b5a234d821aa68a32a741a37ec4abaae8a25fd1070c1d077df92555f87c15ab8b39e75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65499c02822e57e147ae6e0eef929822 |
| SHA1 | c08cd981c519631f59f1b227cdfbe7129d2c1b54 |
| SHA256 | 984696b00daf4765eec5bd6edc80e442b817581498c225f72bc249a6cf88fbb0 |
| SHA512 | 49396ba97bc93f701f41e9d48d1883a0a733ec1d52cb2c38f70b617d6fbe56641801420605d4e356933e4b5e96df908d91e6b9af8d5a8c20ffd08460402d23a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9dbc85bbbb4b13960f05d09029da13e |
| SHA1 | 4893f87035f26ed32a8270abf13f5672e9a014a1 |
| SHA256 | f8652031cb1c3e30345ca2b769eaa2f6beca62fe715215c2d910c3bb4fb6235e |
| SHA512 | 94d802e6203308305d9a0729bb10ba4b7a4c1aa1fd582a8f1c107ec5524b2c3633122561c7527aea7ccddbad0469b8cc317383fcacdac74da6a30b03ae52dc7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e63379e028e557d4d19c739e408a535 |
| SHA1 | f0b31456247bf6ff4a98e1bb18104832fc4b3072 |
| SHA256 | 37f71c1ee1d8274395243163f10c3f1dda2dc45fa951cf7e361312eec271f05d |
| SHA512 | 68004b6b875f2676536f85b6baf1dc4074e8c608dbc86e1ab932f2ae0e6331cd48abe38f72f478b660d8c14ce2673975cc712733377c5a01af8382b2b7ef0f25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49c028fbd8886a96d05b1a406043524c |
| SHA1 | 9e373e97fbf88532707b4ad7728aefcfdb129be4 |
| SHA256 | ee490d7535929b31f569cac78d0e939c29ecd002529d16ae3875c61cca122063 |
| SHA512 | 388fd99ad84e78a5595bc2e47b601f54fc2b3649d4478b558c94d76791640ed7f027489ef9a0a8ac119c08e70efd9f745e66febcb00fd58ea1c7216124f174a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 52d2ea683353de0cdccb0c3ea2c07175 |
| SHA1 | 7651352ed7d0a6d00a6888423d4788e2daf5b3f5 |
| SHA256 | 9a52fabced19609d3201e4a4f030e8c821d482fcee193b6294e329ededb7ccbf |
| SHA512 | 157a6510c3eb96ae55e3da314228ac2128983bc73578030a414e22950c6ea86d5c4fc4d72f97b83b1b1c72883ce709b2ab24119ada8a054b116ecdbbeb7feab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f75760cfff3bf9f8324e9063055672bb |
| SHA1 | 292acffb570bdcae9a96436a18a49395c97e5a40 |
| SHA256 | dbcdddaaa32a791982ff2858b67965f0c95a50ccd0609f597c8816be179e31ad |
| SHA512 | 50d43740e3e14b483e55e68d243d39f07589dafcb5132a40d672e3539069380a3130844105cc541e500f7fa63685b0e3e771022785a9fb4babd80e9c5600940f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c49719677194a0630560c707e47b4be5 |
| SHA1 | 822a81783551462be9c0c64150a13eec1548d8b0 |
| SHA256 | a56d9a64afbc124c1b204f9e884aa9e1ced634c4581044a795e0f0ebd8e8f5ac |
| SHA512 | 66bdb34c2169b72488581b146da868d311d34631b22d0fcf66aee430d36c8fa6118ac4f6e33b9bd1130edabf92b7c4de952928f47faaa7f0e13b3bbed29ff95e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3edf4aecf6640dfd659d58102ba48763 |
| SHA1 | 753e80d912b74f9823ec60964408897a861985f5 |
| SHA256 | 91e7bd1fab8c1e190391e58bdfb25d65c29e6eaeddf85c726326388eb00ea505 |
| SHA512 | c4496ebe483508ee0f7840c7ef087299ae0d4432c56df5a5673ae9fae143d0726c972a8575a8e4e9ed84c00b02d2d6710177e84586b4bc0370c9bff822dd6bfb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:42
Reported
2024-06-02 01:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7f6a1fd9dabf5fcc47ef6ea5c2fbbf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe24a846f8,0x7ffe24a84708,0x7ffe24a84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11443365911670739357,10558107776452233140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 216.239.36.178:80 | www.google-analytics.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1100_KBHQKVKPZJCHPKUC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33de989e6723a8ea060b3da605aaf524 |
| SHA1 | c06527fbc20cf138cad3346a38c85b43f2587c6b |
| SHA256 | b4afb944fc51cc5950ddd05a3f89fdb4fa5be9d9a8ffc5b5c99ff4d502f8b72a |
| SHA512 | 3d2bb4e795ab5096c16f8a33c974290220231b49fb3a7d373cd18925b19d3a2538c7c39f0ca88d6f82d7a82429f7cb3e4f6c1b0793203bac729fbfefe80eff47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e158d9828cf7969534b41ff8d64038c |
| SHA1 | 2ed211d85f5542d4ea533b1b3120f1a6529739bf |
| SHA256 | 2253bab82282d2a8cba7a38b91966cfb5cb365b7dfebda786d76afd729e2d743 |
| SHA512 | 885246fd4fd3247a8ce273fd8762b481aa26e92ee9f0bf680ed5d076ea67eb3d42b95983d19f1537b4ca3443a50dded8966f7a3c56dee0075ebd3998b007df76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19adac259990252b80ddc67315d4719c |
| SHA1 | f3b705a3367d33d962ea6524cd852d7106f495d2 |
| SHA256 | 73b92df1674ad791c2f760f26ba2697dba1340d8b683fd0eeebcd1a51db9bdc4 |
| SHA512 | 881592af1942b8b739d0f2012ecde04ae6e8c6f6b638120fcb70796c0bd8d44fbd5cdb346d56341d904c9ab99adac8effe443e48e62cb99796408b33e36c6421 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 95781ec2c1cc71b39688a5d1a2d6aafc |
| SHA1 | 681ed967e65cd447a39b6b687741b466089b9b91 |
| SHA256 | 3e7e09888c9ddb18e33e97caa6a838325e22a9cffb264b68a8ba80188d9d7527 |
| SHA512 | 3bba4bc48137485417d1d2325d6e9b0477147796cf04d1dfb7de1057123c2f26e53b2c200af537bd09d71284d1d650b0c7191b6e40a6e36d8009c56ddf7f434d |