Analysis Overview
SHA256
46f12d68d57635386e1f2cfc31be160544b835a42007a7796c6c7b31a8732b8f
Threat Level: No (potentially) malicious behavior was detected
The file 9176e8a0a1275d328b09efc7b2be2dbb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:35
Reported
2024-06-03 10:37
Platform
win7-20231129-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ef443df9872e34ebb09740ad67d337c00000000020000000000106600000001000020000000997aa39c131163db64dd9b9b16a645d5d55b5f3d8fd97f25a787c86015f88979000000000e8000000002000020000000e5b0d12b7729c981c186049068cda508dfb84687a70241c3b0c48dff875b3f5420000000efb4d12346e36c1130b67a780ed92a5492ac722727b83b1d0f02bba52e017a3d400000001bb260d730d1108b328048d3634a8b07a6e357137103edf551af217e783ce0fb6846cafef725832d9b21839aa4d688ca6739190ace8a81931b05dee6322b17b1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308747cda1b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5B85731-2194-11EF-9479-523091137F1B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ef443df9872e34ebb09740ad67d337c000000000200000000001066000000010000200000004d896c76990a9cbe865f1567b1ab986f3284850b79b5c8b398b03723a13cc3ca000000000e80000000020000200000000a9cb35e1f54be49fcf928edd3781cedca11a31a8f76927270c36ca5290f947a9000000046182acc61e5ba86996be52644f94a560177154580955689ffda61291908f690207a8f57dce9146d5f38a9e66a76a6ea5513f9712ae5a8e095b243e03d844397b8a2602ead02c59a2c046d712c7e223c3566201834f2786b5ee2f8cbe8f1f6bd62db71dd6ab0f96bd8193001fcd47a27b214a9a9ad5bb8588d3411dad1c2d879e10c8673fba421cc06567b0c544d7b3d4000000015005ab12f24b83db37d9a6c9ffe30e17768017ca757e4b6fb6140eb4fd0403bfdca57ded1b9011b208e3d374b39af1565f9c885c72c94e74faaccb2df9e7c9e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572781" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2040 wrote to memory of 1972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 1972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 1972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 1972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9176e8a0a1275d328b09efc7b2be2dbb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.cjcollegeprep.org | udp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.204.74:443 | translate.googleapis.com | tcp |
| GB | 216.58.204.74:443 | translate.googleapis.com | tcp |
| NL | 23.62.61.75:80 | www.bing.com | tcp |
| NL | 23.62.61.75:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a7e0a6782ce1f2e6525ffb1a9f45e0a |
| SHA1 | bb16ceea54cc9ef8776374dc119b17345eb56f63 |
| SHA256 | 8f39caceb2e9dc434e5ddd7a2667c0f10470fb0dda2b083aaf0d2f8eb6ff85cd |
| SHA512 | e8edb4a3b64f47331c64e07b025a82812da68413711addb4353d9cf602b998deb5aa6a00a62d86adec6355157c086eae3c8819e8e22682f54eea4bf81fb2dede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5dadc4704c628eb51f2d805fc6e1b701 |
| SHA1 | 22684d8e148068dc499906e959c86ec28d61ae4b |
| SHA256 | 313d6f3bbc8a5186663d09aaca8c45036b726d7d811889e05098c5e14fb5d53e |
| SHA512 | 61b233bdc2428e003cd3043b4d9e1d6cd092207fee53ff1dd5de1f80c8a33c9655ef4e1f7b9742e772f678f6a60a02f1c07a67c4acf516b6ef7b7fc69d6a2565 |
C:\Users\Admin\AppData\Local\Temp\Tar3D9F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ccff90a4255b5a64212a007bb4700e0 |
| SHA1 | c58ab383895a79eb1f334f68b93f9fa6291bc035 |
| SHA256 | c2674fdc0705e632789864245044b8e8560152fe0c8650bfbb527fe695ed6835 |
| SHA512 | 09b0d0809369eecdf6f289e010853cfcd7554b7f7a6f86f6ac65d587d4b00384b9270dcaebbb432e6b64de3c92450e18320991e688af05497ce2006ee29c567f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d3f41c6df7c670a8f581e519e89a771 |
| SHA1 | e19bab2f71421b4baf63b8b21fef255b500f96c8 |
| SHA256 | b3b6d3813f60a325e754c2c5c08798ec11c661e203f6b16f04307374f12fd981 |
| SHA512 | 38c86fff6f1e0624f446128f328a529f7fc45ceccbd4f26dda5de19f33c61c648fc5c3a3d4d8f94731de7d4f1ca31cd1a19f64177eaa7e95d3f5309063bafc91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f3983f230e8bbaffef8391741bfa7c9 |
| SHA1 | 9c6a3cfb605def4751aacc7fd087e0519170529b |
| SHA256 | 4415792de4a98d6d3ab2279cd19fa2b637f27cc6009c9ed50876d02b5dac016b |
| SHA512 | 33016b03b0c982ef1dbeb608f61a7c7e9c7f595ba5446cc36bb576f2759ede7fb1d08ea6d6b37f0a6b6b0be00a6ab59056e12be7784c3fdb49f9b815c9f2d6f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8c947e905ee3db13c2a5a312d5cda5 |
| SHA1 | a75981a38a158b76da9e6588074c142267849ab1 |
| SHA256 | 118918d51934567e7639623afa8c160f8234d72cdda2907449e30a4328f56d96 |
| SHA512 | 6256d9eddb3f820b8ac5cb758ec40b4638e117300b6f8de3275ca9b91344c1d757d0ad48489af81e3096347c341ec936047778b09238cc306ee8969157b0feaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0efe2e3d42f10df0f95f9d1abdfd4e |
| SHA1 | d6ad0498abb6ac4d9af98a956c2940d9d722057d |
| SHA256 | ae88d73b7b6dee3a473aaf2f15f96e4e8d054be2927cb6a42b37576e09225a5b |
| SHA512 | a998ced883cbbdd56044ea383b7732b0df39a936bd990c9c4a3f14b4305e9b06ac38447bec235b9f4d44bc5e8db3cfa0b10f02194fe2916943ba9dd7f6c52714 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65e720fb450289bdc1f95c41fd33d8fd |
| SHA1 | d4466013384c9b2d004bf7977fd837f4c736bb09 |
| SHA256 | 5c88570a118e1a7ebd2591e3558761987f54f8da0b1cebe9fc6756fa3844e43f |
| SHA512 | 4b3e34a025a76edb8f334f14f071ae7e51329a16265c4499fd798d8ae1b84c555c69881c259587ffe560fd2fab374dbabe22aa2407de7c46f8fede82c9cbd079 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b4fa327761441ebbb937bb543cf3b34e |
| SHA1 | 99fd0ed1fcbcd732c55242372e98f73b590784d4 |
| SHA256 | 7a0744f6b05e38d36162c03ad84e76e33d03255af439003e1bead48b480c1149 |
| SHA512 | d4df310828b1be5d2da4c60691348bb452dd4e07bc7366ac23a2ca4d8eb79587a7a770d23ea1d3e86f764bb8f82ba3cf593b81664dfa2e1628b8be9096f41ade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ac27303c9980641cf53da8bf7e0258b |
| SHA1 | e9122c1e3bdeb5f561e5614ee4620c5c11abfed7 |
| SHA256 | 4b49b37ac1ebc874eddae3f8dc89aacc4457883dc6a1c99e303fb3e0dbd50bf0 |
| SHA512 | d0d476d530198c5911b1e6ca3bb950b75522be3c5f8b47314d9c680aac52fd99270f23af523718c443782326111b4350eacd5face06d38d80aa7deb446aaf8ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f116d1a0ce5c541edb9891c475842a6 |
| SHA1 | 4f436dc0f2d6758de9a29624c03d6a880d2f86c3 |
| SHA256 | fac43afe99b5c0d92aebf2d1c39733e9ef1eeb8d80e57308cabb09bfa3287122 |
| SHA512 | c53868eed547bf0f69d69c23775d5c4e188902291b4a04cad1ec342105e8ea277a039b422cf4a5675c3210f2b80048ea4dcf3f087d4df1446db433970f057306 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db548a2ed623880ec864190d0df9f945 |
| SHA1 | 077f689ba276178c086e5cfe731110ab503b5a72 |
| SHA256 | 26c733ee0a81ac1ba939619743da7dca1d5246b92fb94634e546c7a9fa8b4d13 |
| SHA512 | 2924dd0c85f7578d148433680ccdc054db3503777fc5d0febb109b1ce3c63e338fc0cde90e089e0c79d060babb74cd6617a9fc55c162f893685acc4a28841435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f9d528b0578c382552c94d9ec43f858 |
| SHA1 | cf956eb7a85ea44a24db92dd0ded4653cdae2882 |
| SHA256 | 236d950116af43cc887ee0e61318a3b320919942510406451223ce8e42ddb442 |
| SHA512 | e627016dd83cd983b7b5f5e257ca041896776221bed91af865c659026510272d49f7ab6ca191579dcecf4252a8aad8544cc69010140865e6ec1f548df61ada43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afd97d65a9b05e08d355cf12e6450eb |
| SHA1 | c3125fdd4824f35154d24e15c41fddea68652b44 |
| SHA256 | bcd5e73ac8e7aa18ab7176c3344b86b33f0c84b9a1dfee697799976df797257b |
| SHA512 | 1650f19baec9e7f87cb5a0ac2791f52faafde7574f5e0b280dbf24f8859de8b1bdb009654f04e71a6b8a8d6c5ec5ab7b88e6bcdde56b51867f57574b6025753d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2883fc39df49a1a8c47153c5ba6b18b8 |
| SHA1 | b7bfbd18621fff2e88dc4a1413a1d4fe2da87430 |
| SHA256 | 11b738c0aab8a64ee8dddad028f5eb594422e9ff9530e78b595952b410419ec8 |
| SHA512 | 3187b9535aa2866adc7c21289249ce3393da250bad48457e47e347aaf40edc39e50a1638c95aaf7db08d259c7449a8f178692284673f65c6b10d47e6db34e17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e40fb87c4e8bc009b64fff7311e3cb86 |
| SHA1 | be6cb30cce31874bd85d53f6655d76126d2f7853 |
| SHA256 | b234caabc890e251789be291b5668df2b70e0b235fef4527ee5cb0ed31b636f7 |
| SHA512 | f39baa2c15b74d0388e8860edc4eced2053d36efd2a6f766568efce6ec132b2b1e9b046e6d5d71d41b1931e3442bec2163e2070c5027680d4674733bc5c4cd91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba666adf172e81e0590b74e273f9fc6d |
| SHA1 | dbbad1b03d204cf0b94c08013248fef420a3fb41 |
| SHA256 | f0242a204a8cc049fa3f337cf2cb7cf07febf0999c63a1d09927cdb4fd1c8ef3 |
| SHA512 | 640a5112a2dbbdbbdf198bee8bc7c74f9d31573071077f6ea759144cc291004a82ff223f5d7f688af42cdf2afc97e34ddccbd44f2772ccc5494cb52567a28acc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b3aea237943224c7d566725f592b1bf |
| SHA1 | 3e2374ff7308e5db772db637e631cd067a763fa8 |
| SHA256 | 649fe2fd4afe4ce512e04777d0ab638d1af1df312ef93edf53b65b39745d5b31 |
| SHA512 | 26d9ddde39cb675958d996f430fcc54652b592db0bf0eec591cfdbd7acf8a13d63cc9639dd49deb42eb797b9ff88a27e81790fda3c078bf7eebccbefb913ea7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0837d1a478c75f1548e81284d9d6fb59 |
| SHA1 | aa7b5cd795bb665afd6c57060e1d5577190e7d85 |
| SHA256 | 11568aeb6e1ac6c344e8a8ba60976115684b15131c87be8915274563bfd40b27 |
| SHA512 | 65225161c0f60307e24b33c78326de0de8cf89d3b5412b04d9c548d6ad42cce6c4bd620de6e1a509d90dc3c24233e752d06e73601522c68f38ba6a09e15b30ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ed7bab9f4c39704696e42d00c1df755 |
| SHA1 | 0e4c135ebe45cdeaf9d902febdeca1c15c35ffbf |
| SHA256 | ac3d95f53f4eccf3a39ab1f35316e0a958596d03c075336f272db708c5e2c5d1 |
| SHA512 | 9edb540bed8091db688b21bb28744e857fc14dbc74446d76cd430684c2951fc8ec31cdaed6de68f34b99c9d2ba6090c6be0735533cdae5f8b5c85ba5ccfd3050 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dace06d06d08bf5d94eefed2d609e2ad |
| SHA1 | 5865e21ab972e78742a26ca0d9a8f4c53162dde8 |
| SHA256 | e2706080dd78542b8e5bc373c9f02cbdc340fd6315bd8534484d468518955fd9 |
| SHA512 | 2ce71906c520195f974cdaacf6517ca34b0393ca9494542e4f3e012f94947aaebe8023beb7aa1120d1598fa19f99843f462b75fd14ac70fd3eb69f1fb52778f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d17a1f9fda2e3fe1ce37e62f9e922b9 |
| SHA1 | 63574eea52dbb26a81592b27433041d9a4f410f3 |
| SHA256 | 5d337be7d93f844e694d7052a708a4610ed025b6edf5fda5f5b301e984be04ae |
| SHA512 | 7ed10d70665ecff6b9cba3df22862e1c77db2bed24090609aa7c188378b38eadfe70b2d65cf389d89bae109b9b8c3d6dd5b8cd092cad35b43affb6f6a72df1be |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:35
Reported
2024-06-03 10:37
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9176e8a0a1275d328b09efc7b2be2dbb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16176811389888016072,15459619537166750743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1376 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cjcollegeprep.org | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:80 | translate.google.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| US | 172.67.143.68:80 | www.cjcollegeprep.org | tcp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2696_EXWEHJUCGCCBFYWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 742b3b0b78dea272ad8355720090577c |
| SHA1 | bc94166c6ccd9f6ca50d1d6f4fa81b0cd3979cce |
| SHA256 | 20bc18133f8cf8740f529ea78aad5a816c5e2737382ea9d78f06fbca1fa89e9f |
| SHA512 | 4c32b186248a2dfbec0e9e371c4874d81fffde8c8d077fceefbf9de17e35e77f18960ee09dfd76d3b9da7aedf7bcf37c673470f816c9956fcc4b1a7188935dc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13aa44d5cdd3fc2809e871fd97cc3ba9 |
| SHA1 | 3782a2f81b4b344ad4b08d407b4acd8a67b24bee |
| SHA256 | b8729c6921dc9271e61c9234d92952c5340b0374768a80ec20879a0cf9dee201 |
| SHA512 | b43df177ef375fd2a16f6d28c314babc3f287a0108882435567956a8bef6b101d5ed4e622e65231a2f73010724b9e3ca97e9e8ea54021a059d31ba0348bcd27a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f423245fc1a4f71f83a8bd85db82bbb5 |
| SHA1 | 8f54876aafd30b92a54342b58094a333fd8e2704 |
| SHA256 | 9c0ba0f96e19416239f38bf8d4ad958305c55bcd41540e7a84b523e3800dc814 |
| SHA512 | 4776f296d08a0cae06b0d8dc60e96effca7731448e42efaaa9481fddf9d57a321172bf7d5f8dfbdc0c15a1d53481ead4ec2ae5c49f459b2ebaf7417edc0bc88d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 133ef66f70cbc7e0918582c84f423834 |
| SHA1 | f5c553767674fcf9e47665bc6afa20d14617c658 |
| SHA256 | 9f0cc548ee38aa9a41348d14f236f129a2bead91adab9ae8d99d7518e25208e1 |
| SHA512 | 48fdf7b855665f80a2276125a4bb64c85ee80f2f50fbc555fee52f26d323d7f75b91d0e167f3591750224b812455c6b1d08897137f79c88b47615927143e1667 |