Analysis Overview
SHA256
4f9e4f63d26c3b9c131cbb34b5174d01920013988247601238eb612df379fdc8
Threat Level: No (potentially) malicious behavior was detected
The file 8c67a73e06dbacf9a73f098a72d43556_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:05
Reported
2024-06-02 01:07
Platform
win7-20240221-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c098670789b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000197a49aea7c596419e7a4e7a8a4b4a750000000002000000000010660000000100002000000071d4a0818624cc406f47106de5bc43c0aade2a887f84abc7b457844ea477b20b000000000e80000000020000200000002ad49a9b56a95944e39bf90d0aca394c9cf27d496fe098e6f656dd4f235f776c90000000640975a5833ae498ec3b69ab0a20a59d5f59af4785d73367c5b13c4a97d0fe92fda540be33de64cd204a7beade030cc8d16b6d44a1c67d496ef63f9ab27e9de776936d4cc3dac4b2881a2b58fc4c0463c763bbed345eb20df93d94137bcb186e974eec55d68fbc7a4bae54d074050ac6b420b5a6ec6c1bed38be7fbf9b27ecd54b2e9cf3012d296af17668bf8e7006444000000004e731924479885303283f71876e149ae9b1ceab1ef1018e2c90d957f2f14106a2fcde33ee88d8c172684ad5ae0529d1969691fa21ab1bf5f6cf2e9e69152699 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452195" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A844601-207C-11EF-9667-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000197a49aea7c596419e7a4e7a8a4b4a7500000000020000000000106600000001000020000000278aa95e97268d663ee1b9ff1c5c2fdf75be3a4d74c4a17d494a53cf220a64e1000000000e8000000002000020000000a26132effef3e4fe2a5d0c96640287199bce67667575d1099c92913b5ca3b70c20000000ff7b1484b77ad638ac6ffd6e0bb7fff8f2ca5e4d71136647aa0730cae79e72fc4000000097d3e95ef31b63f39d132c96a42e63a8bcad72a7d5ae707a226599a45e998ff65d9fb4169017800af523b253e74ef0ac1f9ff74f329c2eb020febc64a6dfc577 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1624 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1624 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1624 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1624 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c67a73e06dbacf9a73f098a72d43556_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | scoutness.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9501.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar9581.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar977A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7b0a48d00d604f03a00f9a7055a178d |
| SHA1 | ef78beb7a4e7bea796ce18621a21a17259adf4ac |
| SHA256 | fb55abd1dc15272fba4b3d7e92cfaf1fed8e5050aef66c2847a7823eeb4bb66a |
| SHA512 | f7efa7a060f9903b68820b78384d59020ecc0ad4fca86798f0ed166b1fa37a5920cebd2969fe2c966490911e26bc0d94009cfd93c11269a070c3cf8260828cfc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\cb=gapi[2].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd451f7aed6c92cbe2af103cb09ee8ef |
| SHA1 | c5ccfe21ec381a1e8db2667b18f712dcef3e9c8f |
| SHA256 | 85f4406c33dd1baed6c5b7d3ef51a8654c940f18326ef68a1b97271b53a734dc |
| SHA512 | 051608554a9b55c990e824db38420e395ec15a2ab0b9ff2ff1f6b4cdabfe288b7eb4b327cf8b0846cfd377408f4e65584cc5ca5e5ac77b56d69ac82099912619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524a6b89516555c26427c953e8d55802 |
| SHA1 | 938f9c4bb6babde4b370cfe09abaf839d7b39793 |
| SHA256 | 0130fbf327197dd65f33b0034959680f6168b9b2af61fdae811152b9779073c5 |
| SHA512 | 187b92f9f459e3159adb7521d8b5b8eae25b5c70f4424d39e320750927a40f5698b7888959ebdca43e974206ff55108dca6e29107c0482ac44d598bdd1d3fce9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10125d0b6f27025ea7e1e3d8fbb855ca |
| SHA1 | a0b5f5c97346b11f8bdc7071f84970fd6a7b0221 |
| SHA256 | 0c9aeae3714db5ce7ae6acb70c686fc977143f458abec45ced50d42e666c3e35 |
| SHA512 | 51b2b46f5bc46a7a46e0f51a0a2d4888a6ec665d2eb36001e33ce84afadf1b880eb958b2f9744495561ce1f23b3fe1aaf939a88922cfffddd1e72784964526e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e4cf2603293ebb952cb8bbc593c62b3 |
| SHA1 | 4c28721909e5e3d1bd3b7de01f751df894da0a4a |
| SHA256 | 0596136942c1b78a6d1a0b5c2a0c0ecf7224a7fca530ca4f5720671b0e376d19 |
| SHA512 | 1d36e2483f6555ec2e8200c6cec2a3e2c32fd1dded2290728b0cb93aa10a2f437edb73b56c620a6b159d9190d730d3dc756fe251f9dc4ceba087c233bdcf6da7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f70b63ae42ef96128fc4026819ed96e |
| SHA1 | 0dbd9500f72fb198478c66d10597cf4a4bbfc194 |
| SHA256 | 8aaf7c665957e06d5088d8fcc34641fef8d72549089b8ee51a7869e4fc22c77b |
| SHA512 | dbffd86fcd83f003b42021352be34118be5191a5b828559d63970d27784c724790daa2d0de5ad79e2ec1af57a77d7407c2aa4be9289084f1f871d4252729846c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 780e90cce8164ffe3abe5c425e3ea868 |
| SHA1 | c5dd2cd8f94ec74b432520d4f5b615567cb2f97a |
| SHA256 | 4ad5013ae01e000393d77d3c1820e026a081184a3a590a32dbb89fff66ef978a |
| SHA512 | c2edf4f134fc3a319c5309ff4b7bed96cd67f48ea82f20f922904195df4d9f61ac1b79580da0a9e63396f3d963aa634b42680d40eecf78c4173e0e3c4c27df6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b642b558900c29af86c7a9845cfdcbf |
| SHA1 | 16cabacd48c88a665e8b6a5b9c42e556729a9ca4 |
| SHA256 | ab1b9038763983b18193defed7c16e20685edeaf97f0d4a668267fff026f13a6 |
| SHA512 | b892506bbdff0786c929c7db8134ca47a6d63c32b64271ca486c1dd7deebb1b2e2cc8fa113b3c6a2c3b6c5c6abd53a403dceb6aa482939c5d4f8e4442bc25e19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc5182d87b6c3c978acdf535c09421d6 |
| SHA1 | 04798b20b4d9e1f02e7b6ce604d45976dd837bf1 |
| SHA256 | 9500a5a13a04df26a2ec35bddb40081ea9b945ba3058e0e94b816fd747ca2743 |
| SHA512 | a0fd530d8c232155f653dd7b82c6a633e491280d5035a9dc88e7f87e9fb2726c2536d42235f5d98af5f8d14dd157852d1abd766c0262716d80dc79c5989a8128 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94cae307bb9ca44d23a564f15dfa63af |
| SHA1 | 63ea2f8ab0d8444e13751792a9bb6f5444e720b0 |
| SHA256 | 0d54ee78cd24b7be3629c3531ae8f65af441c456e5ac7ce5a24a49d7a352810b |
| SHA512 | 262d02ba73f1a03dde976cf70bb2babbae262742d5cd9b4b1d7fa8088744b1d826c9defef3dca4a11daf7b812497bc9610c87aa913f62ee734beab2a36b4ef81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ad4b11c628c95d815e7af8cf1ea86b5 |
| SHA1 | 613ef9fa4f32ed390ebd65ba58c04c697d6bd0f5 |
| SHA256 | c3ff8fb408ec067b655644105e393b888297f48d965731af74ca95c5190a68a3 |
| SHA512 | f69cacbb4995707bef7dec82fb800c0cb6b74c97575122f6239ead7dd90556d0251ed6511aef1aac7afc08decf09f38e4c810f267fccc29a328f562536f1dbba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a890973d0d91961cacf25e044bf25a8c |
| SHA1 | 0c2baf37757af2a6d972512352930853b5457f2c |
| SHA256 | d184e75ba0351f7b2f7c2d70420ddf8fd8738b56e7d35b364b416f069f890917 |
| SHA512 | 70cd35cf0afdf3ec05794d4e1172de1a7170e6fb7ceac5a5312933c43472b545fc30e24dddec104a911dfccfebd82e27b4ba7f54f4f69cefdd316ad839669f93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f66130e70186434bae61e929f198979f |
| SHA1 | 4f3b433be3a23de8cecaf2b38fea314e8f9f4c51 |
| SHA256 | e1f7232be8e5cf2ae35a0eac72a70dc978aa537786930f912781779dda06a524 |
| SHA512 | 7fae626d6d4799dfabb22ffbc18ce6bac21f9ca73954f2d9c7d41558fec7db49f421a121a7afab087e159f9ae807d905e30d4a98c8318cc15710b284b7381385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0702de798b61a8e32f7be6536d1b8973 |
| SHA1 | 42fd7826aa449faea0f5d2d7d0d1e039f5ad9b97 |
| SHA256 | 3cae7e7ff669288fee0dbf30be08464e900ae24e5a39707bdad7341658354eec |
| SHA512 | 5c06681837b57ba3e967b8f30ec1bbc814db66e5aea5981cfa9e027f559485f4c0923b90fb4b147ada7a79fc7b064ae7f714bbd018d8b4b3335ee63942e46c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 700af0a0f1d2e448d81f599ec7a6d686 |
| SHA1 | 8c367046415eacb8fda4c07fc60f47520f47b5d0 |
| SHA256 | dff10580cf5551ae6091eb0f959f8e7948df1f0577d8314b76866fe8af6ae09c |
| SHA512 | a2d2045274b2093035a4579e2f7ef234091754078ccc6f4bfc3cda71ee710023fab4e7a5aaa17726d14fcc9ecd6305127b1aabc6703f91510e46e3a8388dade7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4ad12d15499a3b76de3654848412bf2 |
| SHA1 | f2c6b1664507bdac513432c5e0223a496014063f |
| SHA256 | cf908523bf41dbf07ec36cb00f9c1dfd46f441ede340946234553f7026bd636d |
| SHA512 | 40163d4f425f511bd4b29c9e29f3c1eb9b22cebaf08c07ffc2c179e145203bf84a78f6a2666a100011623f08b5434249523a3a4ea42bd9242103561f3cdf2f2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | fae135c2ca00179dba105d84b1fc4efa |
| SHA1 | bb0e4cca032ca974f133285e7bfbfb106328ca01 |
| SHA256 | d60d54c10a69cfb4a9ee768cb10eb069598b1f0fced673b2f4867afed566f876 |
| SHA512 | f6453695b634c631d96eb1b3c40df32d0e591934163a0207a2e0b19400d6ab2b6c7d887355c079bc0e24e35d45f4785875cad6f31c959dcd26f87130d2805b39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80fd0a98d12613529e867006d8a5ea1b |
| SHA1 | d940b11cac5791ea62c13eec415b5bcd17448196 |
| SHA256 | e9a618a7cc5f327dd7860a0cf269e21c460632d932d370a826d919d0c204eb9d |
| SHA512 | 8cc57595b523774c624f32bc6f0c6e00a0a33246d01c749e69ad69a8c39cf164f3f18a8e24879a1d0a881d5d85b3357b49c99bb28fa385e2793038ad7225fe31 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:05
Reported
2024-06-02 01:07
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c67a73e06dbacf9a73f098a72d43556_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb649446f8,0x7ffb64944708,0x7ffb64944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4851364559039163583,8074591415798030537,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3980 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | scoutness.com | udp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| FR | 109.234.161.212:80 | scoutness.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.161.234.109.in-addr.arpa | udp |
| US | 152.199.22.144:445 | platform.linkedin.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 152.199.22.144:139 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| BE | 23.55.96.209:445 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| BE | 23.55.96.209:139 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| FR | 109.234.161.212:443 | scoutness.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1732_XUPEHFQQIHUVOFNU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a9fbfe5f2ab9e0d2379fc82b8831713f |
| SHA1 | 2a7c1ae752f396d88b5bfa95fe5de6e47297f9ee |
| SHA256 | f0bccb445de80079bd4e9e8f6b484ed0d257a87e67db3fff0987b6f6716970a9 |
| SHA512 | a927e1c972ba4c58fbfaacbcbab93b5049506f1491a4479811c637b044b41385983b14f126e1695d92ca02287f567440573be3316b45d46d91023430ae1106a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c6999c49d272ffeba3bbfca9f4c6cd6 |
| SHA1 | ac75808a3f2f8adde71057348b0459bd51cf91be |
| SHA256 | bd5b238acd798d7c2bcda2b5dec12d41c2e72973edcf3a93164acaaa162f4462 |
| SHA512 | 9fe471dd5bd5f50ff22b90b39fba4b2fabcbe495c8e450a15cf20945cdf5e2dfc04df70163e658b080762105c0a1976611655bfba32197cc22e7a30a743392f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a76ae4d3768b1dccf689e37037eca797 |
| SHA1 | 1ccf3a5603a6d2f451024d7ed63198fc8cc333f2 |
| SHA256 | aa634888dd609561b896f4d5db12bed2994ffe2cd09d7961a2b784452e713941 |
| SHA512 | 058c5a8dbb12222441658d874a81b55f72d73d97f94dd18a9bf7c519b39a88015101f8b376baa191bae951be92e6fa7280c6a4a260c6b2defa5e1b33baf03830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6015a6f2bae2d243fe445dde3b016c4 |
| SHA1 | 01116780069e808da96990b43f8c79522dfa65be |
| SHA256 | bdf7f68da4b5926b6402e7d6da6add8564338da0af6004c7c9a752f19ef2ae62 |
| SHA512 | ed2d397a23b7e21ec248c25de23c93287d77a2818a65bc77e9a2e0d718ad5db2d6e7238ec6b3f0e3117dd4bccb37164d07afe9fcc0a4b9af6f7cdf4d905d28f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc132b1459a76f5994cc7d1124a260e7 |
| SHA1 | ae69ebf4a1d177f64a10fc8a483fcaad56e6e915 |
| SHA256 | 830dc23970c1f94111e266d2f6a47d609ed0de886828f2cd13d9608b5413b131 |
| SHA512 | 55ad51ef7ba0163d7c395aff2eb925639895d1b05b982b8f9b8b732e5fc7fc1c54dded42d4e955154f7129b11d694e184808b176cd429096fcb77d9f8be57129 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 21b0af4b9b2627209a761cff319a3e05 |
| SHA1 | d86e17888403481606d43260a291703c832ef5b7 |
| SHA256 | e318ef7edb6cd198007afbd9705c890ce40c9f3ccbcb3a77188af20b70672766 |
| SHA512 | 77845a151a35c92e862144dc941f0a6f039681fc8f2909ee3cfeacc5b2fc5d555367ad9e16e783847374170ba99e6ec8dfed4019ad27cf200d1ae9b2dfd5840d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48d55c435f404800823c92e1ccd4d1a7 |
| SHA1 | b8c3ecdf5c5ec6e4be31507a0e5198d14bd35835 |
| SHA256 | f6ae671e16ea65365754dacf78721a075e9e03c9e10dc69292d1af8ea479f90d |
| SHA512 | d9f94b9a3e0d7c0984e8700f85af34d9aeca7e6c904e9523afc4272213af7707d9461b656f4d5fc615eed5db8406f15b8b6f29d2b47717102e17e26e7b3dab34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bb6218c769aef743133efb3d4502e492 |
| SHA1 | 7d3d0a8f8ed851e3cf12eaa9eddbc4a666d7ae85 |
| SHA256 | f8153c64fd2b348eb74103fc641675558f4a82fc6e0f085897bc0e5be275ca52 |
| SHA512 | 2c7f0ad5d164e9ae1e9b8bfaff91c17f79c3f1913af8e3f9d3857b61763f569dcd671b285f9dd76723b33bc0727740ffa9d928073e99d21ff54f9c4e850d04a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590cd7.TMP
| MD5 | f646181c1f67d632e1ae6aee3a210d15 |
| SHA1 | 0ca8b28fda9b96a8a66b056ed93445639f23ca4a |
| SHA256 | 15faac3891a1411dfd5c9a5578c2e7c3cc24c327f8e27ec0688b830f5b032946 |
| SHA512 | 64b327df6095546e4c2c44c6b61c9d581e4f67782a037e6f40aca92d8dab5dd18c92796bbfeb7be71ce56c5acf1b6da5c1a42c1bc8a03e7749406684be93e5c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 819751a0adfae35d5c04e23b093c47d3 |
| SHA1 | 914e6cc1ea732687f669462da929431cef47dc02 |
| SHA256 | e2a4271ea7c08de23736f0d5baec0389b60ed1ad46c8c74c0ed19aa284c311b2 |
| SHA512 | 570f9cd8a7b54dbc4863429a9a5e52c5b8e3d9f2555b9cecae5ad517b16a422a0c648848390299ac91881b3c10eb774a69984abc0be82e2d91af2acd88d8dcce |