Analysis Overview
SHA256
d8a88747d69718d71dbbd143a286af3789e662db9bd43dd80be3f5e979ebb536
Threat Level: No (potentially) malicious behavior was detected
The file 910da04fafbdb45e0780da565fbc67cc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:05
Reported
2024-06-03 08:08
Platform
win7-20240221-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b65f7a292fde544b1eac32da090ca5600000000020000000000106600000001000020000000cc8a95605772dffe3c094e594d834ef4cec2367227ff83227cf87af010cf6430000000000e800000000200002000000060e556c637c76321021ae7374c83320d7eb7ca4fefdae577701526c6561c2710200000004ca37d83f6445ff27cef4f1735abdb5ae65057957ec73a9763f2a5e728d6e0fc40000000959669436fb80a6cf7480c1044ed458164d64560b5bacae6901916e98cb06a2a3e143567b4b0aa68f429889c0331d936167c9691ad2a3e5001787c798cc40f23 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b65f7a292fde544b1eac32da090ca56000000000200000000001066000000010000200000009a0ea8a6c13340cdc1dcb06e889dcfdf375ffc11793204ae7cdbcc65385fa62f000000000e8000000002000020000000a03f3585f069f410a4a845653acec08294e285acc3614d46feef9a6ee502df6690000000b43a557d065b885041df5ac58edd50264508d797357bf4d5c33cd76daa32b4e7a299e215b7a62e772119e510d94aec34e7a282db32ef45abd109facea9bcac62f392cccd2755b0b5f2bec9c6d0ff08d74384cba13e20bf04e24b94ea3be5756085ddf74fd7909690cdda173b050578a43bf00eaea5975ce06cb7c0f2e294d303c9dfdbc86c34a17bde68fb402b280a9040000000aed4734ee2496c24d16a902873951aeb5f37ad0772a960d8d720202ceb7afc46e8c6363a4ea6acf3b9e003545f116c59b0731a9b7baee5749399b70198ef8e85 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208167e78cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563814" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1201C8A1-2180-11EF-AB07-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2528 wrote to memory of 1836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 1836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 1836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 1836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | minecraft911.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.178.2:80 | www.googletagservices.com | tcp |
| GB | 142.250.178.2:80 | www.googletagservices.com | tcp |
| GB | 142.250.178.2:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 44b02d2235e7c59a3bdf97c241321e7b.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 44b02d2235e7c59a3bdf97c241321e7b.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | 44b02d2235e7c59a3bdf97c241321e7b.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 271bd0ca50801f63ea7e2cac95b777cd |
| SHA1 | b007068d76516be9f5ebf4020b82279e04ebba23 |
| SHA256 | 14cc661840ac6fde4c34ee4ae12842c9df0f5ff96ceabd9fb60f9ff3fbb517b8 |
| SHA512 | c694595c90df4716f44cb7f9446cfe638d6bfce9d1fbda15163f6afa28823d6ce7c86820a773e999123592101760e8b3d5980acef3a2488ba79d5f6a26370ba7 |
C:\Users\Admin\AppData\Local\Temp\Cab44EE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar44F0.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar464E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049eaad2f35ff9c2745c67c1e2f92c6d |
| SHA1 | 7ac345fde2c4dfa6f9fb9cf9c2149d5abaec069f |
| SHA256 | 618bdbf61a4706428b8ec21f404b3d67e5c9f4e4b56c4d448af45c2c03cad6b7 |
| SHA512 | cb26e2efa55b30f0f97e4e9a34716c5a47b67444d852c4295be1f75fc4a7190740852eafbf178cbac18d911363a90abb73b8d53f039578985cb399bb9bc45a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3649e516a019b6b0d158f8c0c67718c2 |
| SHA1 | e65e882a491ca142189f9eaf95d53d88c136a2f3 |
| SHA256 | d12f0416f74907b7f51e244ae16178361434bf1c5ba3cc4b6986fd8aa46f11f4 |
| SHA512 | ac2e7e141e8ae4d30d45960789791400c9f02bc4d59b8958ec5aa0b1bbc912c4b77ac81b0732fbfa8c83e103a44e808c0822e90ff91f3261c8ac66af2e56a913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42abbafc064955453160b2c54d31a692 |
| SHA1 | b8d19fd6692bca4e9ba441230cfe34f89013bdf5 |
| SHA256 | 5660a0ad88e92eadea7275506f91e5fbef0e4ead9c9432c3f16bf8c68f01d907 |
| SHA512 | 5a2cd814c435a54fba26f570a7b100a6303a2210d361d575150b9ee65b6dc829b33c2976c9e25210c05d8c7974d7ea1e4904a4eb9fdc7ed9f7fbb53ade3bc6c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d9e3fde83b3f06e15efa89e67a94532 |
| SHA1 | 2f8959bc17e5218eab6e9a5923f08375b81d317e |
| SHA256 | b1e1a9d4deaed9cc9b93e98809d84ac54e343e834e6ec17c036687db148a1c13 |
| SHA512 | e3a2f92f77012ab129c386708d66dee2aefd39fe472e52e637ab7a065077e2aeaab6aac8c011c4a8880081288a1d8b3e9a06453b7baa6f6f3ce876ad6a49e390 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fe7f59be048a0d7e8c278cd9ec729d0 |
| SHA1 | 237ae39768f0eb566497b641ea721c788cbaacce |
| SHA256 | cec6e58e8c3b591e8714538755f35255e918cd8496d54b8a2c2909f10008bad7 |
| SHA512 | 488b393f019628da20d3eda83254f45c42fb4d5f7bafac3a2e715b508976cc6055c5996783e866892c85b4d7be17997d9c07da75ebb226bb6cc036de25f057d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3afbc1c2b0cbcc3de220322552c0a4a |
| SHA1 | a937a236e125b6b9b5914c46a1bef55218d12c2e |
| SHA256 | d9eeaa89e080a2e2b4caf0d53f81dda2e1a985bf42d400edbc7138b70a166623 |
| SHA512 | 748bc8b68c79feff713aca330097f0336a9fd354b94c935f3d7f51903b82fce8a4f48562bd472c9c76afe4684b70aefafaa2adf9efd7c6ce30011405abfc57f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 683a647ac51dfc0a0552ce936cf0668b |
| SHA1 | 6e467022f048a0868bd00a705f18a63daede433a |
| SHA256 | a253d07c4dd1c612a4c4a3e931a24420c8392603b79ccb5e9d6fed8dc72de548 |
| SHA512 | acd1cc9e260bbf00a10c880195ee6597d3e6dee968d9c04f1c3b46f0e6a2893db1e212447e8c4ebededfaa74cdcc9d26463f503cc526face3bb09710b172e19d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2abe9239478c7ec2b64b92fc55926b68 |
| SHA1 | 7f068e83a1192279b66a186cac3d32881da075e3 |
| SHA256 | e046e0428064558cd57dd5a3aef0f91617ecd77903bb705516456e8540b00052 |
| SHA512 | 948022ca17e658c7fb58a316ad870b28565104714e0976ad7ca4f4bb84b84ce4aa698139e3f2fde64ef76cb2e08feedd1084947870e32880223ea4e530b2f146 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c2087832cdf8e4eca3c16b0b0dd4a1 |
| SHA1 | d72a002e455b0760e6d9407f77be8047ee920de0 |
| SHA256 | 1ce58a27bac54e104953702e87ca519b88f4a13bf285cde20fa53d2a98a29a23 |
| SHA512 | 5147fa6015cccda4996a78286eaf5813d7f6b4f9c44b51b9139b3d55dc5a1e4792cb1fbbdb42097acc39d688c4793004208c77c628a5700f5730a586a32442ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06697324a5317990bf93543c5b6065d5 |
| SHA1 | 43819f261c78a66ab91466b0517b9763f0e864ec |
| SHA256 | 584c191607e95e337ddf12af63629d12aef85d70af2f56c8c9a0f4928355a048 |
| SHA512 | 2ff43fa1d0c8884756caee9f5b402ad8436c6a9d70ca4c5029ec0555c2a252cc9861daf04da90a1f210c90873306cf7a9a207e8a28c115382aacad0ba823339e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af1b4dc2402bb49cc8af9f4a26e5d0ed |
| SHA1 | 344f0960b0c9475812b70e66e30c76c29f1eeca1 |
| SHA256 | 57fbfb90329b135dd0af38b4b41fd3c2bfe6856072e72edcf27f1fdc8c81f155 |
| SHA512 | 33bb5b7c324ca99a6c0bce519a8570674301cbd354f9f256e27c6bc2d618d0c5e236d869ee0c7eb9a2c07cf10daa4b875e6a06f69091ad1ee8daea64925ac8a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 24113b81ba1f0a7dd7ee8173acb18489 |
| SHA1 | 096e48069837186eb030daacef4d504e199b665f |
| SHA256 | 2153ada253e1592a6e0c59ccf2efcdb7d0c5f29637b1868df7cdd698c79ee1dd |
| SHA512 | f9cde25a268853602b318ca6e6ede8d0644914ed0a00455fd2faa6424bae138b40eaa0e7d94f34060fbddb4abc9942e2f855e97b5d825fce2d2c8b3636aa012a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d487c552c73bbb006e89f09923360c |
| SHA1 | f8c2ffe36b01ce4f01de6443bdafa55b9e14af8a |
| SHA256 | c33632ceb5e440552d23f78c5b955873593e23df4be64aa56fd4b8dd4a9dd075 |
| SHA512 | fe919bc38e645db81f322deae018aef578750ac4cf0ad41b74683a7f7352aa25c5eaafd06d878769affe077f515e4f5a070262f7c563735d6b2b194f390407ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0be82fd44d83f2d8a9b32b08f1869aaf |
| SHA1 | 9cd60fa6545e4f376830192d1e2736312013717d |
| SHA256 | c1914a4d57afd7ddf8a04e8041561959c23f42c5427ccf395e60df607dd76b86 |
| SHA512 | 0108aebfb8e4636955f34a6444a5390f70a90b06b87e55af5f43f219763611a58ecb6c27266b21c2836c2930a96450c4298b3c61f4422c6b0c5074f5e690c490 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c846d829ea72b52f3e2c36fe142d1315 |
| SHA1 | 6b13fe7e85d2aff0291eaf8c7fd1bd5e06943efb |
| SHA256 | aad2831d5e3fd07cab0cf0c672969115f0842c5294bb11e6ba841a8443296cdc |
| SHA512 | e76271628bd233da0982a779730c3db07f63c06f45e5a74cb385ddb0f38c542150bdd2e6a6e1b35bb92bbac5ad37d46b60a595f9f4204ea6a105811ecd976d5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909b4ecec943143a42cfc03d5315c6a2 |
| SHA1 | e7c72ebba688e123203409c622301a2f46039f9f |
| SHA256 | d8353148e01020c02436222232d09d22996f8c8c50892d874a8e26c9afdc11dc |
| SHA512 | 148c11fc85d1d234f2f01d01ab78653d5df061fb20138e0e3220bf620e55d6b5a04255ac6b61e90146e46055db590e4a870f7a856a61ab69b92ce04bb9bd2f99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd807946662ea2aa0df8193e5e8f51d7 |
| SHA1 | 126dc143f88be077cc9089c4d6ad1322cc5e2a2f |
| SHA256 | 36eb4cbe106d0d006c4574095b4265c8d783b2252f6eb5466c11d42f8ab45083 |
| SHA512 | 9bf00239b0fe9bb2cb95cfb474b1ddb30018044ce0cb2b185020ac9622f508ac9ee244cc7b2db4129c2851fb9ef42a1a1a6b81db81ef67ced3a4df884f746d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c3595af8828b6d0110b539ad76d156 |
| SHA1 | ab2154fbd17477ade77836897d7cdd7f0440f658 |
| SHA256 | 1dfe5cfcd4ed21698801b0f3301b7c98bf5ccd851ae897bad73ed958e888caf5 |
| SHA512 | 09ec51f49bcf792e8b7622f6053de598ed0476fa7a6eec4768343842e86a77475bad94bf0c203893e8c6e4314a0dadd53f377fbb4b8ad83e07c26a19ff224540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc8cf351681cd1fee408777505dce0be |
| SHA1 | 509f2c1b8a5c04e9f2a18ec53f81187a2a012533 |
| SHA256 | 43817b55c926faec7f1874c1118f1599e5321442aabc170024020fb65a1d99e8 |
| SHA512 | 38042eb24234052afb18112a8b50de143d78f99e1cd4dbda8e02b3235a36d6627ca827acb054d3724b37f52e2fd71dfa116d7904c7e71b9da0e58e640733d1f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | aa26acc67c048a7e08eb9ed16097ebaf |
| SHA1 | 87771fb95032d20d2c5ec65f28c21ffa60d1a2a4 |
| SHA256 | 3ea8e3f06c7b988d7924d08b69181bac53520e22c0e70d6bfee47be0918f2b0f |
| SHA512 | 168391d5a0bdc958d73b260a56c2bd9361b23dbb7465ad84ec7b460c71b0c0c2e512fe8d7459284eb3d504b801eab2814e169bb3867423d90624098bf95f8c93 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:05
Reported
2024-06-03 08:08
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | minecraft911.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.179.226:80 | www.googletagservices.com | tcp |
| GB | 142.250.179.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d738395cc448c6fbf11021456c307c7b.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | d738395cc448c6fbf11021456c307c7b.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_956_KUCIUNAPSEAWCNDN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a0fa79bed2b727e36f4e0f9f2da8435 |
| SHA1 | db802e022bb6fa8c8a8d488097285aed0acc864f |
| SHA256 | 92835607d5b7ccf1fef8178cf185c4c5c144c9a53423ef103c9950f075df7483 |
| SHA512 | 2a9312df37fff5e48e20fd613eae43efe8d11d26326d9e6d0039ba8786b6eba2225768fac365b6d40874ba5dc1f3d0d46615248bf41904075a2824bbd6aeac98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ac80e26f520e5810f1bcbf0abf73cf1 |
| SHA1 | 98cc17a9324f3443d128e8a6eee4a7aaed905eb5 |
| SHA256 | 97c107dd61427a142de9e39f9007a4ce2b4ed7f2d8213b7c36285f8739cc6471 |
| SHA512 | ebcea463c2b2eeed1bbfad8f3660f1cd63bb5f60b84033b22fe351b7d9e883ef5c751b43db8a7bc1f065bf6a6f813c00b8202b786b703aa79d5f58654c9e20f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40d36acd546fe363a237605d1bac24c5 |
| SHA1 | 3a4c7d59372a10035c188ce027b0259dacebfbfe |
| SHA256 | ff8fd594f46ebd7d159653563de7a403d80f607faed673eef9d6b31d68b58efb |
| SHA512 | 6bf8d6376fe40ed368c97ed28cf5d17208de209e31f09405e8ea5043daee53acfefb6cc906d786c0afb399974ef32837761dc7d026458a554bab14a958031fcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2891f3c5bdd19a66b7f98a045bfb64a7 |
| SHA1 | 157a693e7d060e5aff633480710f7926f056b854 |
| SHA256 | 2eacf5071bc2006105b7900f0c137aa116062c8b3843c308941316473c1cf9a0 |
| SHA512 | 391aecf1453c294aea88a27e834fe7d39f67e32b752adbbe8079f238f416aa9f383e6dd36c0e9794fe72aaddbff6377bf5008c243f3bbe63a5903ecf55827f7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5b46e8bcb8482ab92a5a27ddcceeeb36 |
| SHA1 | 63454acb693d12a9c4d48cb27a21405960589b6f |
| SHA256 | dc4a19151b53bd27a03c1fa5d5e80ba1842b6c2d5b9ea7664c72555c9fbc6173 |
| SHA512 | af0d98354fa681b32cbffb373a7ae94982cd01beb4f107aa6a2afff82ff55c1ab0415d20c522243657d3ce79e3898ea75acb2bcd0c0be169a719f2ff8e558c4d |