Analysis Overview
SHA256
1abafecb311fc105c88818ede0f92a1b1d4a69f66b59a79b0d157431f4ac6245
Threat Level: No (potentially) malicious behavior was detected
The file 8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:35
Reported
2024-06-02 01:38
Platform
win7-20240215-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e28a5df0c1fbce4fa84df0dc9c3fd35000000000020000000000106600000001000020000000a841478c43f71aed0e13a0900336ecf0606298a45b995c1c89dc648470919b90000000000e80000000020000200000008076b8cbd4de2b868818d8cf08949ebe4f873eb010f7df56a98a263edc1d4556900000008ccb9ad621c01276edca3c26f5cee5c29362ebd1f7e8baff4bf55b3494736884594ce00c6b552e9e58489a0d6eb572ed1243a914f98c7a6051608d008b83d934c78a333e87ac93a6210dfea51cb0d6776e83f5bb84f1c20979490c78a85b241c771902fea9348a5184820695f236d0661bb24195c5f2044f205a3de1153bac18be6703b05da659ea80fa0d4fba2fc647400000009e1b2887846633dba3e590ee2db1281b1bc3543f9e9d9e01709b6ed6c2aa4e482bf96db78e0c5921f37e16a76be3753338cad6ed39ac0782aa8b34ddc9d37dba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454005" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e28a5df0c1fbce4fa84df0dc9c3fd3500000000002000000000010660000000100002000000083970aac60469b11a454953f9717f74f2a0c07b8a25c5c2359f0fe1130bad53e000000000e80000000020000200000006c16c3bf717cec2dfe1523fcd7db076f4d72cd8a60699e5003690ebf3f8f4954200000000aca175aabe3dbde4fdf3cbea0dfbeed66888c5d040f49e52e9fabc8ec090989400000000f886d2163d7252d23ebad695b240fdc4788921fb1e3b681719ddd876ff5121d70632cd21fbb8c275e53f3040a67162de95434bc6950061b7d7891f572b793b6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69B6D051-2080-11EF-AF55-CE46FB5C4681} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b002d23e8db4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1772 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1772 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1772 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1772 wrote to memory of 2660 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a6e466ae2100de1fee98158a9675e15a |
| SHA1 | 1fd56ca64dc94c1575d3489df5e71c2681fbae0a |
| SHA256 | 3ec0dee7741e09c59679c91662247354fd27b146b7e6f9e3b1476f43a09f7f0a |
| SHA512 | ebd2d4eb468a622ca6a9c07f1c462b4a81a708a81ab9eb0b2a457367c5466906da5868db091f14cc4f9666b6ed768e29b029a68ba188d4cb77d5f01391a6c524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e45e619e897e3e3fb040001c59f1492a |
| SHA1 | 192c331e72c5e85908b2518c9fddc45bc0d79fac |
| SHA256 | 159933a20be82cac22c71e112cce4a3e7394cbc1dce3d1d8461b9ac689173594 |
| SHA512 | b30b8299082c4c78dc6652ddfe9026d26a1a0d7e1492011447a1a21259a8932e3ee6888700fb6e5ab92418dc11a4dc9dfc632bba55bb9edf3047681446d5aa84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 929c6b52915327098f029fae3a657dfa |
| SHA1 | e387b753d915e8aae191c7a49edc5b7180ddba0f |
| SHA256 | dc41d426f23942e4e3d6eedc31cffbd4ddc5928b788a9c59163168b6f2b9380f |
| SHA512 | f5bfaa188b08bc8101e1cb84488784888e452148d09480d5b729cfb1c6d0eceec4d072692f1f36c2a43a8f154c796f2fdae7a2f22cf4eee819bc017cd848df39 |
C:\Users\Admin\AppData\Local\Temp\Tar258E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab258C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar268E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d43070ba90ef98329a467d0e7a4d4cc2 |
| SHA1 | be006300c1a6efe2fb65eff3b5af9b14ef85fb98 |
| SHA256 | f8c9577b5f75eb5de1b6d7aa4125a51f818995dfb7dd858a1a53d774a0b4a94f |
| SHA512 | dae7ad7e51adf3cc9ee60868af94dd0d3771c55a25b75016b1b24ab0517efedfeb87da8b1844f14509e9f2539032e4ad6190dfc0a017466b75bdbf6a92cf831e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dc6386e1e4914e3773f60536a709a7e |
| SHA1 | 0780b09f75cb0ba5450b233f0841fea69833b1a2 |
| SHA256 | ac0adfd341844cea14db6ac7429799cbd77b18ef99ea6998475807841a0a4b6d |
| SHA512 | f49d28274d38ff0e0dfe823fccd58ac862d77db39c220a1012fb07a2882a014c29c1a518b1f4bca2a1440b3b994d4d3b374ef06252c70177c889912076ad5a69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 880db36df4225e4318060657983bcd39 |
| SHA1 | 8f8f8010d6ceb6ac2acefe75d918ada87bf8a446 |
| SHA256 | b9d7d5b01310c5b3b2b1fd44ca636ef1eac9b9fee477e52ccebd4791f320bc47 |
| SHA512 | 63e595e9aad1a51aab7e99e620069a38b396e717c55429d2f7232c8fad4a0310282c4f599f4c49a56a35fdd5c29a5f6483a0e7e50857cd1bb292834701976d34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7403241a4d3b8ae32ccb7598e70ddf98 |
| SHA1 | 5b845a46003ac733d8445a4e03412c55349c3bf1 |
| SHA256 | 554460f1a017d54f3ec43c7a03023ac9b3bef088062d1fef2ff7b5978d3d98a9 |
| SHA512 | 0c483e9e999595b0e0430d6a74776a83e2fd1e6927707995036dd40397ae9f82a67fa910a59d0655e59f5dd40e4b24b513b94f480863a47ed5a8fda0432b0fa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47cd4e3a8bf7ad72c36034aa81775219 |
| SHA1 | d60c5bc1b4998d1d392c26a54cfbe66ffda08e14 |
| SHA256 | e47605602ab7341fad9940b4c284a4d253de48f821891874bac7420be1bb23f4 |
| SHA512 | 9aa760b07b43b130d6b9782cac926ba25427327b7440e5ab737817ef3d19419e2082390c4d0553f6c42e6151512dc3834647b8fc5613fab9e27e098127c3a161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d38baae055abeb1d11d564f85668390 |
| SHA1 | 722e7b249b33725ef5882ec045d80bf6585ea087 |
| SHA256 | eb72e36a0372fb5070afa42a2955d7b9e9e1f6e6811a9186e1d425830bba6de9 |
| SHA512 | 8c0eeb09e0e11f7157e8309d2d465ee135ac3658f25981d9865dfbc4cedfde4d1889c23196aac71f29e2c3896a5316697ff556d52f7c06710b51d65f7acbbe52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3d2f4bd351d1985d3d98430c34e4db9 |
| SHA1 | 37aee459a966bcd9f945189d8781a147cf3dd4a9 |
| SHA256 | 916ef3e964affb4b1c804904ab1dc2c8fd491206adc7d50ec3fec9868f321de9 |
| SHA512 | a3d600629c27901bb82d8658911229cd6acd3ebbe074ee93896e80df969e993371ce58b69c059698245f152dea66bf166ea1a6b4774d181ca9804b496e408cff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61ae64fab08219921d9857594313dca9 |
| SHA1 | 4fbcfaa462543aa4434cb20fc49cfa8e1455dfd0 |
| SHA256 | f29b25382cad54c6193e6f09fe6c3c23721bc1f2a4639961d39e3ae9c727ea81 |
| SHA512 | bb9c7381b727b4b3d0fc0a657158077e675f8ecb4c8bf96dcca78d0cce7572d4e3f4d4c2ed7542fe1ae92b9469a57d27757d5cfb94aabada54bbc3cff8184706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e2afef4a59bac262ea866bde08b0447 |
| SHA1 | 66e0abf83d37b073f2d6b30e31e51e1dc3ba865c |
| SHA256 | 12977564213bf5efe585fa5c0bfd4b463376d2af00cdd214597fba59c5fe648a |
| SHA512 | 0edea5268d8ad7239ebb6bbd9adc90f4ab4cc34af4bebf6eaa4e3d2bc3e4603743c747b3ae894d29257901254155fdaa7d1027d6295e6139092ddd6e37beb823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5bd7c17c72ffcbdfed5ee75ee2228fb |
| SHA1 | 8b06390066e4ea86dd2738866953a123b72b6bd4 |
| SHA256 | af2cec37f592d2b290ef1f4fe884649fd233d68f208d040954c9ad9051ed59b7 |
| SHA512 | 48c39223d51049db539896bfa9bf7336ef4b04b2ee9fa964848f7c71ae88ca3ddd615bfdbc0d767f493ecb16bc4baf4707b8bd3b83084985323e4976a6169f84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48bfaded3e75366f29c015e563eb1160 |
| SHA1 | 36fa6d3927ebcddf1e542aaeda51444d786a371f |
| SHA256 | 3d003acb623a25c5eb58a754b7491e864b575835d15303b9dc52a8486f71ee08 |
| SHA512 | 66a77225bc80028f5dad04aee77de83d2e8f6a51d4a42092a9559098696d549e1cc534c99857b4147bd6106fec733df418637e6e435aac861d2b96faa420b429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 997aa68c357fc8803a46427a9de5a997 |
| SHA1 | 22e7b22f04e3a4a790021ceeb04fa1172b2dfa5e |
| SHA256 | 4e4333756ae6f305e5dba49df02cac7ef94bee3c4a4f02bea09681205ab4c635 |
| SHA512 | 12023f25fb8d6e75b495c4f17107ecb56d9609eebacf18a2dd1b8dc9236017d7145ab123e3068a0ed124ba532d54339ff75c802201ff407fe09cef8fd667895f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 827e2f756ceb06aec70ac2b746d148ea |
| SHA1 | 526f1d1f7dd24f74ceab269897ff1bbd8fabad59 |
| SHA256 | 13ef14146c545eb9a66e914d87a8c14cc92635a464bb791a15b35cfca7ce7fcc |
| SHA512 | e58fe74deab46eb115d9d3e19762ea419fbff20633f753fb68e97d9fbeca69c640dddc0b752b5a62020f89d4f16310de9a7c1cb5fc5ecc111018695a3bcb1a49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e88d9ef391a36d8c406a617b28abafea |
| SHA1 | d31239d17d7da8ee5ab6fb0b02338ff63c667dfe |
| SHA256 | 2186f32bbb5038edb3c3b7c088c06cc97560c74d46c303e466e12fd2f66e8e69 |
| SHA512 | 394623b903bcbce31c694cfbd6a281df3a287b9f7f6015e7404a8447bbb3774b3e9e38473601674124c759aeb55977d0d484bfcd3a64ddfcf06eae2604592f60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cf7d22870548d8a05957288daf8e648 |
| SHA1 | 925722a2a6d43c7217d274035febc9ba01e8a55f |
| SHA256 | 71447f2d49f8955af293df9ead35ebd2e21a755bfdd41d3e433323a6c89d0e03 |
| SHA512 | 3dc9e4da331add2cd3d47452aa93286cf83b3cc4d138ef1597f09c3a0822a3f2999def9c47e35017949c3e1c595bd98b0c99f92cb2fc4cf23f371b4ff25797b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71be34c2834401c90c6bfb6a2d01c312 |
| SHA1 | 38d3c79b6949a662578afb3b0eb4667b1a320ab3 |
| SHA256 | 26af37050255cbc82f4139786440728ce865ec76f983fa8d445faa7d07478fc8 |
| SHA512 | 072b5f5b4db25b968f21caece3d7ac01160a31efeb994c0c1629a7a1ec0a24dcb89fe6a520b9ae4260f78742153e90a2636f0c09e58ee37b43f4a31f310d3b1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed4036873b1127e86416e763879c054e |
| SHA1 | 42aa81d1a80359712937fe283109dd0f696cfb6a |
| SHA256 | 5c4c2b44252df86be79192697a14787ff6ca7d89ee35a570522ca32477837882 |
| SHA512 | 19a3f0f5c24bc310bbff6dca9bffbfc1b07f599a493ee6e338f1320a12872af896ca3ac4dd8b88ca8e6a1260a12f6bb2259237d5f412ded581875983bdd9f819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | cf7a90dd5acc9588dd7652b3c4ac1fc8 |
| SHA1 | c20eec99aef89634b21822883521709aa9e92838 |
| SHA256 | 2eea48ad1167d7d1cb70c13e0b2518fbb33cccfff1fa767d8e2ff8a77d3ee649 |
| SHA512 | 9c6e30fa976f9fd23f0aa545ec984b74876dd09247a9d27cc91f29f7c9c874644def858ba3f232dc07c45e68a46c147ca701f03b0d69887676179bef01499079 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1c8e80282f175104fcb3aeabc82ef0a |
| SHA1 | e0ee813fa99d272cf5a363894c8fc421f1721a1c |
| SHA256 | 65cbcb2360ad4cc1ef928f694844330ace4422fb9d0a50b27379745f73039ef3 |
| SHA512 | 80da3850b1a0df6386a975c5079bf72b70b9b12a4d0a9f32d2bc974307684650e1c016bd7789ad22c7c3bf717842062ebdf5f73d3d52ddabe23ce7b28bd95562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a7b1550ae763907f0c1bc7c8cc5930 |
| SHA1 | 693f6b957e6be60e54c3d008ab3020ec0e554a62 |
| SHA256 | f83701d000a0644842efaf71657b38af6f530643783ab97674b57ad7e3860964 |
| SHA512 | 56851e75dcec93a891ee74cad1f121a1594521d405237e8e87600fb7dcd21bc07037d9c14eb6662de28d54d90a61dcc38918c1177b14e6a8d552b0be9ea5738f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c0abb89141f8963839b63917eb1335a |
| SHA1 | f757c995b9f1a90f2adf732964653dfec4da115a |
| SHA256 | f8ffee064da01528a564ff8733a427229e80d3850671e94cce68a32cf9bdf091 |
| SHA512 | afdcf88ec5717549cf6571f495a0d82fc0b2da5b6480150ddf9a759f27ef41ca8aaac399a4940d0ba095b9caebd5931e383b6864044557e68bbc9f18d44c7f22 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:35
Reported
2024-06-02 01:38
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe48be46f8,0x7ffe48be4708,0x7ffe48be4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | microsupport.net | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_4916_JUIOFJXZTSTWYMPZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1906a2d6b559ece57b5370c19d1c2348 |
| SHA1 | 5dd13e7a075647eb070f5a87047b581a412fe692 |
| SHA256 | db0f03339f71abf106d5e163031de924cd558edeb09807a4e999ef93531efe4f |
| SHA512 | 047680f9dbbc98be07d5c9254f00949dd1898df488770fff31c3ee0e905cfb4514223943f01807eb2e77998c665ca2a55ba5f608208ebf87b0cb7f1cd7327de4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c980689a37b713a9844f4383e834124 |
| SHA1 | 092597f4a5b5b9c63899a9256427ab8930e42efa |
| SHA256 | c387c72c33dfac8327316afa879a7e5f86b94ed9e7cf81d53f94d376cebf6397 |
| SHA512 | df967f10ba11ba3a0ef0c0994ae4910b655d5d8d7621b3a0c3fc1a05addebc6a73a0b84cbccda24c64d5a39e7450b8f2d2f378226259eecf9ca414d09ff31e40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ab7f0caae196b7017173acdc75afd2c |
| SHA1 | 7b1609383b17c891db51a714e29c2a01cf421f99 |
| SHA256 | 7b116aeb688ada203078d1cae3bb7f4988e38302298144151b1e754e6c953d2c |
| SHA512 | 6c88c9b221a6050dd0b5a4bdf9735c8352b39b1cbd7651bf5fb40261c70da455cb9bd96df23c8bed7ab00b1f45f414f661e500451af92c89b6682759c70e9537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d90870b209ec615402690b399257d7d |
| SHA1 | 28304d736aef866ccf4adc59f9edb1ddb9aad6a1 |
| SHA256 | 78bae835759fde2d4fb17db97d43e15cb7ce9699eb17ab629a01a00d9885ed9a |
| SHA512 | 3307a94f300880133618d724c8c2f7dafe2f8488967fe39a8d661c33ab8cc186b5c8ec6c9899894edb217b532cdf70a319ccc6f2bab472172d8ab845d8489e8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c15b897e13f3f11bb8cf55bed9fb984e |
| SHA1 | c71d0ac547755b4ba2f07e85a4a1c6e8990f290b |
| SHA256 | 35777f96b7596393cf62220e516ade9793213b88f1da5c489cb87cee1e4a974c |
| SHA512 | fee8d99ceb18d67dd94c05129632bed659d081fb1254765cc373e0dd8162f25deb7ec002c988346739d79abe2bee76b74d6239378bd526b7318cf4be54091378 |