Analysis Overview
SHA256
25f27daf8e62211118a22e1b4cee878afca59277e5383f69c1653a0cdd4393d8
Threat Level: No (potentially) malicious behavior was detected
The file 9176b1450f38b24d0fa30c009d531643_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:37
Platform
win7-20240221-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000808cb13cdfebea48ae3bb02f1fb9b0510000000002000000000010660000000100002000000081b9bb0bd985d1d8f62126835274e813dc63ebb8a873d904add478a6e97f820b000000000e80000000020000200000007cfca8d5fa43ea767cf02455ec2504407e2526121211987f0a85d9773ba9399720000000f5dbdbbab3738dca829e34a334063128f2cba51b0809cded7b8c472cf6431d4a4000000021ede928246a9a025ce641d9c92a57f042aee78b2907511b600ab2932481c568b1cc751a019ef1e1a3850c17b056e48d6d57ea7ecb755ef50650676cf899327d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000808cb13cdfebea48ae3bb02f1fb9b05100000000020000000000106600000001000020000000fca554788387e7278b90acf949247ac16632c6902089dcd8278e9925280f2eb1000000000e8000000002000020000000832d354004136c9fb49bd88900fb682495bebe9e78107ebef98184abc2aa1cea900000007256183212b80b49a878f2b9af835bffbc22eb4e482a6e49c91916f6289d3ba1564b9636f699ef12ee67070e605ac91fc696301441839b2655deaf234ba5ad3ee399bcb9c0c4fd056bb73b847b99417f332f8fa5d531e5cb39699a8429607470d2321c75cff8606cb4ebb89c29c10316eca27cbc17eb488cdd0758706c8f5c56d3eef89b417b9970732f0b1e2ac27f654000000011e5ffc1a19f8846f2c2e230e7c2d1609a0190a9defc25d7ca4c0aecbb437bc2d96a86be6546f000ab06d8d31b48e9c92ca9990355c392e5f7d2cf16c6d317ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E22BD2F1-2194-11EF-B1D1-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10dd7ab9a1b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572749" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3048 wrote to memory of 1852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 1852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 1852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 1852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9176b1450f38b24d0fa30c009d531643_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fast.ulmart.ru | udp |
| US | 8.8.8.8:53 | mytoysgroup.scene7.com | udp |
| US | 8.8.8.8:53 | ozon-st.cdn.ngenix.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 8e9a48adbc4734745b0cf256ae3aecf8 |
| SHA1 | f2356317604a404be170e5648c4f9234a274cd72 |
| SHA256 | bae41e820b9b9a9a6fcd574d006498ccb8c4a082b405ad322eeed51dc4e775d4 |
| SHA512 | 2f355a73b6c0c6dd3c1a2a0dc678e0cbe7af6dc486df16580f141925f69c08fa5917db4cb596e8cd30c793c0c97d4e3d2a1596a04106fc6ecb7774c033e7fc4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 5045963f2f3edf90c8bca8ad623d8ca7 |
| SHA1 | c0a2729fc8e9b10d01658b5391a54e783fe13ea1 |
| SHA256 | 3638488981c1c73205ecf3c13253e8fa4ae7a70110f6e87da7f4746962d587de |
| SHA512 | 3e054dfe0a69c357ad6eb0f7cf3abb574962ec21d4af1817e5c95b2b7766f87c108ed71e9bdea020a09ef4d6c971e5b8ec502554f018ccf1b1c9092ae491ecc7 |
C:\Users\Admin\AppData\Local\Temp\Cab2428.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2439.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c8a59b801d7183458fe1d7bd60c03b7 |
| SHA1 | 1308c94a1cc0e045adf2d30cf51684577d487e0c |
| SHA256 | 978920e8dc4951040bec8b00f3ee0497dc727fb2e55eaa94d106f4d45d9ddd4e |
| SHA512 | 5b814a49aa62781f8c20e105a72f3eb25aa8a2a644f663cb399b5a8309d0bae330ebd781a8da9e53f5bd3f5e153e11afaa2eccd12739e2036abd456e18a07fc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4BE9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c0786bd4f11e26fa611589a83126bda |
| SHA1 | 70c27f09eb380a8710ba1af67bc379c43a024cdb |
| SHA256 | db7d0d7d40f11804f5adb146327e03612825773518d8684e25c8460d3243f3b2 |
| SHA512 | 34c767f4398a2cab6e05bb355b01128eebbe279d5ac8f421d98678ba4a1e478e3ed33bc4c731e20b0194c8f05b08f659e6716498a0360a1bcf58e526455c06fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2115d4ef59401e58ff8d25d18347358 |
| SHA1 | 81b5e8b6f186454b4063cb0c7087f1274476c6cb |
| SHA256 | e92edcbee031d0b430b66ad48750e0d8ec88fc73223387139f7d477a72ce8093 |
| SHA512 | 663a6ef86615ba7d81d17a7fa8e1edf3ff9d888f2203a75d1158476c9090385f58868438ca947b3eea10e64ee3e523aae17b95553bd56c60ba93b43230dd82ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3efc8208b799a05acd595078cd2a370a |
| SHA1 | 514ce514ac86c0f3df2db194f8e8e893644c9bd6 |
| SHA256 | 1dc30b2c39624c7f8641b98453ec8332682a170d490fc731140889c711e66af7 |
| SHA512 | 0445736cd861d8fb672c5e22b2ba0ffafcff2c1a4014e314ec2f57f1b13e5dbc23ee7b0819f9ff71d83547d7b559baa80ad46b023a8fd683b67c9b9834572fb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54d3b1a73a1443a9a046c7a5d84da611 |
| SHA1 | aff56c243d8c03febcf9032aa340299d7798449a |
| SHA256 | 8398c09d267e7b02e1e549748faa398499a197ed21aaf05c285e3da0fefc5099 |
| SHA512 | 09c490d9af7f2071161693f71121e001e1b1f05ce0ae18a0a47bf46823df712f7ee39b7646a0ce65e82325419ba62f485a643909ad565f72e7676de5853a23ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56170d046238a0e4854ba61d48ed8964 |
| SHA1 | 4f97456f1bd79c852867fa7400c8748944149874 |
| SHA256 | 52199d0092dec5f2a1b69e8c787d56152535d7d6d91a28870a26966b4bfd51e5 |
| SHA512 | 021fb74ae938285b4512e28bf2d917b01daa9abf17bc03afdb9a475627c4cdbcf893814076dea10ade3f0759bde1546693d42a61d13ea85e92d36d48ad5685ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b7cc34bfd7f43647a692ff086cb8c68 |
| SHA1 | b6079d8e0d19bf5ab74ada82da03fca10f71a701 |
| SHA256 | 41e75b38eb6b75b17abb665a95a7d12f29a3a661a927273900c438f257fd17dd |
| SHA512 | 1cb86dc0093de7c5735aacfa095d6430afbe660fc963b688e3dab2584114fa81e59ccb3faba21e6f00f81193f1d1a5136e0f398a83f21fe272b4a463ffc14d19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9a25cfc11e11fe02dadfcb7bec94ea1 |
| SHA1 | 2414ba6f689d9da1b788f4fb2ab65b31f4476402 |
| SHA256 | cdbdd06f368048a00b88cb03de996c8175bcb724667f8ca1ffabaec05aaff4e9 |
| SHA512 | 7a7746d208352bb50f76e5135e0601c534bcced0c039c6ad74672e8ba2dbded29ba49a1526964a3ef4df130a1be5594e7f6959abd96f84c65e5f68ab971272a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15322bfa09c6d4cb9ef1d49143553336 |
| SHA1 | bca2e1a305059311963a8b39b4a095f39522b4f0 |
| SHA256 | 380b7be11ffcfff5cc9bf8301702461a6ca10601a4184aff680700c050974a36 |
| SHA512 | dfe2ea9180f19c7c2371f1f1362a233d4f2beef829f9397a3569f6203131c86079ae40cb889635c20c05dec495d8faeec3a85d2c54fb42a33dbdae6fcd9952a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72c0c6f9b2670a9816a59e322b9f6148 |
| SHA1 | 4e614c69ff3d8657db9c2003e2da3e6df6ef96d7 |
| SHA256 | 458cca0ee014413695e36d8a4199c958e24c4f207d277c7c33a57ef86429281e |
| SHA512 | b45d3bd4266a8cd6c4ad890fef91e6180e07c8bebd24c10dcb239d321ea1aff83de0c9553c36256b27fb4844c23792b7797dc8ce9b2e8e926daf5b71c4b5a7d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ea33ed9bf3152715ff2ca4884677d83 |
| SHA1 | 138fc08be27c3487ea942b984b6515e95753bbe1 |
| SHA256 | d39900b4aa51e7a67971f3dccb394d6b846cdbb1eaef9a59bb7a9563887f0986 |
| SHA512 | e5889be23248b14f2e994ace9e2f231cea813bd2f5a3f71bf9bd9dce740fac56853ffa27a988714b9c1d92844f6f083be375e062fbab938ae763021f8fc41da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0fb7b0626f06acff6f6cc438def88e81 |
| SHA1 | 9bfc37877745e6f01b5c549a8eeca714e0c91689 |
| SHA256 | 369eaf4a37ca7eef6b22e2bed377fb861ec2a37785428b7d0ab9d61c7e42e5e0 |
| SHA512 | a80b3e3e65d5e1ccb2afe96134ede3965623e05c653d408c4c15102729a223b9b3c05cf61fffc9820f6a67c621ed109596300a699f836f55d50c3f68c0c75be0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e63b665ef0e3c595fbf8493ee0b4d3a2 |
| SHA1 | 90c6c47228cfe386fb90e44cb3cfbe58371b8641 |
| SHA256 | 7f11446cc5dae48f1d3d3d4c431d3649890e9cae657a37c0ad955818b7a9a2ba |
| SHA512 | 118eba080ce0eae11d9d179f312bf56e6619ddd7a78879d66f4653b00562415db42dd260476a0a9752375b15454169237618125cfcdfc790ae7679203e5408cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15292b9b367ffe17360890ee442c35ab |
| SHA1 | 5b996f4d8fbad9cf1b2fbd415f70f87062525831 |
| SHA256 | 84f68094935fac5c4d715d94fac919ad3eb5d97f5c71f2aa5c5fb287fad2688c |
| SHA512 | 8e55d73192e1fd87041f8139915952cc4176212d7a13c3fcd203917179bdbc5e4cb96ac8f443815317ab567d625295a2dbbcc36d4713c7d92fef56afd0c82eb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c44b69ac35f3554312fca2856836de9 |
| SHA1 | e68f8f11d505799c012afa91a0f6c3bea3fea6bc |
| SHA256 | c1489da600fd9e3c9c1560f33db14fa9348df60cc68dcf717fe1515a080be6a6 |
| SHA512 | b8db4504251a099d712671a241d08dfe6be6c2cec0ed96ea3ec600481e308de4b12566583b2a52ec991a1696326a1b9a2e47395a90b0d9ec43c6bf0e306670e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbe965f3e1bf796f92a6074b309921f5 |
| SHA1 | ace0b611938d99e3233a92f19c818b7a62a183da |
| SHA256 | a35b92a597485af3b084ea0152c6a20fde522ea18a45c8af45edc41ed1036e5b |
| SHA512 | 9b80123a9995a3f31d7d38df1bab0b8a70615d06124e462918f1f7da4f67223cdefbbb376b06c9d846eae9910c6953da6b3e69afd44af894f689bda249738b39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 512b1642e23fdf9d7e93d5e38092f469 |
| SHA1 | 41598583f1d0e51c72950fec6addb6a743f34fad |
| SHA256 | c8f8ba383a5ab255b61a45dc17ac3231fffc34e861b2adb0314f84eebc99114a |
| SHA512 | 0ecb1798dca81345be9581d980d9882dd8f7db56848c656c052551c91779bd1091980a180f0a824842dca7db058fb403be355a5fd257443ed3b98c015b4dcc8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0b4e9376090f64b33bdb8ee12a57301 |
| SHA1 | 85b1414379559f542af13e7006d96862eb8b2dfa |
| SHA256 | 70e7871e23d66ee2843ddaea6df247e1b4f9f99bbbc4df23b0cc7b383924a5c4 |
| SHA512 | 9022f534cf557c9549eb066ec5a3d9c4b14db55cc3531613abfa06ccf9b5ae9ef69da63511dc8af8b394db308447f4aac7811c186707cdcbf382a05c5e66eeab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c217b651512a3f0dcd16436ddda2bf70 |
| SHA1 | cc2b5c20117a7e47a02bbfd452013abde4ca10ac |
| SHA256 | 8b52d64780c653e127ea85064aaa1d70fc2dfa23d9f1e6dec5fd37d9aece329a |
| SHA512 | 355b422e7d88142ceffbbf9f83a8e2f3fd77c1bf4518f56850273a025496d516806aa43aa18b7ecf23f44fa3e0a14627b0a91334401256e2fcbc4a7709364ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11c5a8fe7f225e1ac00c65f85a6dcd93 |
| SHA1 | 2c5cc35f772d73fd0ebb6897aa91fb8dbc4353a4 |
| SHA256 | f93006989ac2e48c1aad186dbbd336d188cc883f392359b69c9ecca778c9be35 |
| SHA512 | 50bb4a5b33f09f0efde4d9b954b9783e9593de0e968bd6badbeba5b4fa6fcfca11abd60e5fd50cca9fa3f80e64a07e3b36b798fb644924cf53890d0a146ea575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb9045a2b7dd7ccbf3ac054ee1b21e5b |
| SHA1 | 3895e5d813ed4ef4687d23b0482604cd85b78934 |
| SHA256 | 792d23d5cd6dfb48e01f4c29e8cf0c6a53f85fd5aea8054251120c3a65a1957f |
| SHA512 | 301392bdce0c2314db0bfa16d85a2539d8576620c3bb556ebb6b5b20480a56509552ee3f9f083679b67345a2742204ce7e48a555ce7636b5e6623f676593c30b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:37
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9176b1450f38b24d0fa30c009d531643_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb8546f8,0x7ffcdb854708,0x7ffcdb854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2079862898380467240,14732443674215791869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mytoysgroup.scene7.com | udp |
| US | 8.8.8.8:53 | ozon-st.cdn.ngenix.net | udp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| GB | 2.21.188.75:443 | mytoysgroup.scene7.com | tcp |
| US | 8.8.8.8:53 | fast.ulmart.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2456_GBJQCNIAQSZQLYXN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9baf95a191ec31f9e7aaa84c67871f81 |
| SHA1 | e32da78cdc6cb642cd914792e9fdfd5cdfb9c4b4 |
| SHA256 | b68682f50f67d65c59813080aac26986b63cd3439f631a953be272e73ec37e58 |
| SHA512 | 001242bd66600ced78d33085639b139a0e98df4334850201f4a1d39f0b8140adc4b62abe29a69807682d187378fecd2166c072b0f24d8f4de78f3ab479ac90df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbae44f37fdb13d9e6642928baec1706 |
| SHA1 | a72374c113f4ca70f7b81156936411087a1d0e39 |
| SHA256 | c5098dc864e57ac6ccf5b0790f8a58f7af7ad9534563991bb0ff63c817fb363c |
| SHA512 | 72c322d10907eec4cdf95461b2876b56f5d28af6762495fd98602a96da2830bbdd50387e3d0c337f2a1dbf66340f8c64dc19dbbe942b841fc46dcddedc4a6ecb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 222fd6a63753ed3df2e6cc5ee3ff5857 |
| SHA1 | b2a8dc692f37bb20c4cc28b959278ed10bcbb918 |
| SHA256 | 570f8c06df68985c3826da970fbda91a4bf1039fc9b7eb58931607280dbd7ddf |
| SHA512 | 158b1994ce2685430df279b7840f4eb0a5da858dba0fff54323294176e8543181ba6f57412743139761c02d8220c7d0b8ee4c744ddf81449dee46e1d48a60b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4d98cb860133b5dab012d10da5925089 |
| SHA1 | 6e7b34d42e49ecb9e0b4e022e8b071e674e0b5f6 |
| SHA256 | 4b0d3f88b33945b6b0e9e8f8d61a1c3207ed3e279e6de3a18db21127b1fcf016 |
| SHA512 | 68689d9686f133d055e9b5c3825362d4717863fb40e3dd0f5b71102d56961b7bbaba710f096cf72cc42932fa24aa9d3d37a1637b2dcfa5f5f1cb6fc0b254da86 |