Analysis Overview
SHA256
5f6a5d42adf080703cff7aa75957bb4cab53064d07762eb05414f462f38ee59b
Threat Level: No (potentially) malicious behavior was detected
The file 91b5fda20625465746008a0e380a52b4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:03
Platform
win7-20240221-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ddfcb8adb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577903" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2AC7E31-21A0-11EF-8FBA-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082de3c144c76d245b4358316be53a2e700000000020000000000106600000001000020000000a50bdd8656beba048f3340e7406c1d0a46cafdb773f39c7ec2438778432f5ea8000000000e80000000020000200000005ec59c5f4ff3c1bd677c26d0dc118a1ca8ee97d28f53971abd1b9c889872beff900000001023ed3b71cac4a1970d7b1a88960a861aeefb42b197c6f29ed8f91f1cc9bd208033d468261db7f3ab3f8dd368649ec3c69243e95c2ef92a8f3c495cfbb16819ec2268f2af817cad1b3096860f77148e9c3c679ec66714d5ce829ccac4cb8ced80951338d4222de236b612e60c2f170a338d2634cfc6c966ee005ec53d08c8c39237556e571f50597aa532efd9083c6140000000d0649561eecf04e83ad4f0da7657c418a4459e10f993e3aecb365db3046f2601f4f70f5c3483d23992117ff665ce2e2343dcd0e6da1d38b4b3879388a3629f73 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082de3c144c76d245b4358316be53a2e70000000002000000000010660000000100002000000007bb67dc1b3f1c8f4bbe7a3f551330dff3ac1422fc2968c888b58fba78f24ec4000000000e8000000002000020000000917c8c1374c5c53793655037b1d2d4d1f9896b1f2490ed4e93c6776e8568e5c120000000e2576122347474550bd78c2b196755fa2bb55436fff891097e1dd00f4992dacd4000000049bb5696fced9462f8a5f72cdc7fe1e0fcf8941aab0e53e890d5a7c2c62fab577c9cf293f0dcb6a3111086b035839a4b052896356275c9f535b7decbcf9b0cf5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5fda20625465746008a0e380a52b4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | crypto-loot.com | udp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| US | 172.67.184.223:443 | crypto-loot.com | tcp |
| US | 172.67.184.223:443 | crypto-loot.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | crypto-loot.org | udp |
| US | 104.21.15.254:443 | crypto-loot.org | tcp |
| US | 104.21.15.254:443 | crypto-loot.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1D14.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1D27.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbf608fefe45d36a26101006a87afbb3 |
| SHA1 | 3bdd1dccc10258875ea0110cc4df4b85626f41a4 |
| SHA256 | dffa7d02be424a4673dd116022c954650e5b75d80fd641e26cc1df3f590d2855 |
| SHA512 | 58bc3c68a2976a8fc2db477016a41e3ac44e6b2f58047f69f62f497facd79918435681c6ad8a7e3f0d4d5e45919c2564d8f412fbb0d2a3916a472ce54980e03c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E55.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27272baeee1ad01702312db3c605e286 |
| SHA1 | 5da7cebbe85329f3bcab59f001636ebe0f797940 |
| SHA256 | 966cde245479853cb66f5d733fac7c6cc07595d14b946b6feb6ef10d45794279 |
| SHA512 | 523f82bb0ea054092dcfff517c7dff6be2bdf613e5bc902bbc7eae79c4da84af77e83e0505fb4dd7083033303a617e19c409f5dbf80032f6104c0c3aa41ad504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cad743d1f73552aa051aea5458654bc |
| SHA1 | ca2fd3e4ee779a434b37082b7c71f4deffbbaae3 |
| SHA256 | 338312fbdbfd9fb94f438f8b8a5116f37b51fc82137a381f19c4d46046e91e60 |
| SHA512 | 7657631992370944f5d469a66138bfe0076f47028c8167c64907ce13ec438700976c88169f8311765d18215ba8c78860a406eb54529d409acec75ca914d9dd34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f575c8817114782489c3a6dccd88d1d4 |
| SHA1 | 95b5b1dcf359db3314f52ae99216e91f00696c5b |
| SHA256 | 19b26c91df579c02451a7cae30a6f30ce8782e7630b06accfa51d5fc351dae7b |
| SHA512 | 8be143a2c5d5fcd64647ccbe123e5618cc21e3132eee99a0125fad53058eaa803c4a96a5438bf667c5b68b54e221b27d782962dc2e1e879a6bece06314f36a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83f9d1204fb5bfaa722a4e4ec2d901b3 |
| SHA1 | 359f600582c12558c4e1afc90fa78b77da2402e4 |
| SHA256 | c511a0b7a1b7fa3874018641392b2c22f1dee50740520912f448e173c8d2e5af |
| SHA512 | d60075fadc055e0afa8a47a5dca7067f5b7ee69230daf6ff3ab5ed14c6c31aee644a93e523348c11bfedc518e458d3499b819c4823a634ee0c92a6520940186d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbb9c6cbc651e9adbaa42ad67cc88f33 |
| SHA1 | 35d617ef80e59c131ba2835f883a3e5ea79e0d65 |
| SHA256 | 3ace5845f7c427b96cf1ec4668d36fbb34e1e2dbaf00797abab977942a5499a8 |
| SHA512 | 686e96b909e49b515f598601b914e08688d0c3fa3a77d4c87d7023ed643e22290e55f9f4ff1746635e73db13bc8a0ff6d49375ba95866dba017c67e9142c7d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d499d4fa9288fe37883245ca0690aa9 |
| SHA1 | 68776c43fc78dea219c94c2c38f9a2e136125e0c |
| SHA256 | 4dcb45f6bc75ba0c2b8f85c9ba886b8455e8b92613685c5921490a2eb3424727 |
| SHA512 | 11e48a977dec234cbf658ff76bc0dd48368c678398969e47447e9f61c6ac0dc11abc92ecd4d48e6430ede427f8359b8d8bf03e709c7316d23cbaf22cf70e2ab9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1195b5f0ca77d79d2025cdbb6a9f5d9b |
| SHA1 | dc7612144c8abca6542fadd3865137520092bf82 |
| SHA256 | 28b564c16030c0f7cfd7326fac81207275dab32a8654a8d86b3a8eb777bcfcd1 |
| SHA512 | 995983e680e7f3cc7107414bb4a31cf92fc592fa64115e7c1f481cb3a7136141e45eb3de384507f55058df68e9d3e840244c5bd24fa7c3953c18888457f253ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c0e43f6650c0856e284985d0aa8905 |
| SHA1 | af69c1cdb32ec79436789b14a4c8af11a057ca0c |
| SHA256 | 18be8a6d3fcef2067fb84514ff5974d08f60e19a530c2fdeb763ecea9be071d4 |
| SHA512 | a8210b0f23c048dcf9b54643ed8e4b7a175f0f1351739e171353eba9474a580e3182950a7c0cf30c950e44cb6361f58948c2f4b772b1ad3064b22f952002f412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b8137c69b187fd6995f410a04dc211 |
| SHA1 | bab728816504adaea7acd2d46493ee538b0061ac |
| SHA256 | 6731d805f2a436ac66f66c5fb3c59b11499e23d76944076d44ab9099758f42e0 |
| SHA512 | 180b07e5616ea31ec1464bb39a925142b045626057836dd2b2a2c71fedf9be99884cfccfdc8b42c13215b930432313d09c17482a7b6fc61880e0572b544026bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d65405dbe86c87e1d9755af57a90d1 |
| SHA1 | 283a01a46787a9e3e74807bc0eee3e535f300399 |
| SHA256 | a802d5af0863f9fff013746eda60ede49a94b121b9e17ce8b6bb9c144d0dd2ba |
| SHA512 | 32cafac7bf9e97f8c40e3e509998e9c99f8da9cd8523395cc69dd3c0a71489ac735604b2af5acd9127520f7512b8ed6c3d8ddb488048887113b287ac6c971e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe136dc0d37ba40607863b276c9a86a3 |
| SHA1 | 7a34c906804f350afe551f27e92891d8296967c2 |
| SHA256 | dd5d8ba676c496562643cd4fb5a46cf5d37c952ac5d928a717a136636f2aa325 |
| SHA512 | 61702bcb010a7a3b20f06dc6f9d9b944d61f65e767eca129d21b714371c5eed63a21c39d7f1c242b998763d5232dfa9d8402bef0860cec1d80102387222bc196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53d4adae765e9c84bdcf759481e0c9ad |
| SHA1 | 8d95729f19e0141b24d9431f8d96b514715f4d6c |
| SHA256 | cdea6820dfc99fe4988a60b23172c76050dc062affb00b8d7041ef0f24350fbc |
| SHA512 | 1db39e23f1ea9e623a7fe13274b0a392ff29aa389297a5b4ea51a2803b83c16b352d7268d95814c17ee136fe33137f650a4e9481f0c40ae2b6c6aed97fc0c5de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 985dd5d61008649a2d018a96e4136dac |
| SHA1 | 1f4054a099bbd2d0aecf76c68e02c7a63ded4d38 |
| SHA256 | 1583c7af3c047fc1031bebbdc763eee130c128a376a749178b2c9f8618186acc |
| SHA512 | ab8e255c2e0f1fc16c5f58c36df33f28cf99ef29a304bfc2d33dcf221c6b6d9160d2322764a3e3e2bdf241aefdb058b95ad6d110f5551601656239c2b5171ba6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6a9a03082827e26a8976b25182a023d3 |
| SHA1 | b86cb94ab0d03d3a27e881e98ec529bf5a11d31d |
| SHA256 | 258167c48384a02ab5dc73a6cd6efa0a4185a4d20293411d8cf0420c7ebdd445 |
| SHA512 | 1f0e45d2c13c5dfa9f55cc2773ae235fdb6cc268334da19734e6f7f6cdae827d6ebbfd29301394e0e24a187859085425ceafa38245791009a05b4a9e9a822e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f886c24b6c77f58911757cd7a686ac7 |
| SHA1 | 2f2b1215f703911ab00f3dea9b39d0412416de1e |
| SHA256 | 68869f97a04616b69fe785a9599cb18f58d03ab788ddfa384ae94e6294dd8025 |
| SHA512 | a4c92b37f8cf62460ec1a5c6cec68db30bc8a314609010081be4031e752244ded3ccf3561d17ace4c17e1d8d8554bbd589f35a52066fd082f4c8ad9be437873e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b486664b3412d0b301cbd296149fff7d |
| SHA1 | 813f9dafb82f477391a9d4bbe39c9c036581bb7c |
| SHA256 | 25b4966a3352f7329a973520223ab97a48ebde0af17dba3d72fb174a1e1ca8ce |
| SHA512 | 25e58085016009f4128c24c3920464141260910aaeb6337f0d6fbd6fd4c44d1e9a669e419df1b1f233a324b5b65bd96825d971c9225a4a7a9f8edd09ebaaa071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db42d2f09ce5ef6a902a4d853ac138ac |
| SHA1 | bea9b6e3e663c1eb89c3bd932ca7dfd72321ebec |
| SHA256 | 4679f6fc67ff8d3b0df910a3e6a1326f2fe2ca62c2dce1e22376b73133587f9a |
| SHA512 | aea55ad49ef1a45031efaefc631fdeaf5493043ca40bdf906444afedf721170135e5628ab51c69823bac6e5bf0e1db1550ed86664ddc8f2f894213ed940aa29c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff06fde05e6c4366a04d0b101c3fef64 |
| SHA1 | 313aa0f94c8c7c7c523044ef81618be968969e28 |
| SHA256 | 526a394fcb5bab04afd35202aeb452c23339131981df8042bccb8097f9fe3add |
| SHA512 | 894f6585c61aea9709c85681338a760ef6d71bf2875f8ea9c2abd0b04f2ef5a9a267ce478c6f20f0390fae5d00c32e748500f6604691ece12c5a43446c232e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b427b53f261b9babd4b7de2e123e2af7 |
| SHA1 | 7f92fa80a966e9cdd7a7829a624112edd546d5cb |
| SHA256 | 5a892bc787cfc0c5ed1423827d24ab265cc04b735d9f6990ddd2ffa054032541 |
| SHA512 | e661f4622ce5358c0026ba770b431d19573a5d4454cbd00b43fedc3e2bedaff78d34e97da6a66e1743c6a950f1e991f96101eb884f8932e23ddad238f6fb31c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c43ceded43d7b6138d49c7265ea20a03 |
| SHA1 | 58370f00183f66eb0d1f5fa8dfa54f7047fa2b9b |
| SHA256 | 1f2bcb5d1fab972f11a2d20c0e18dc985cfe0d6dacf41e9de3097568c97b637c |
| SHA512 | 3c78ed237317f4f1036551a7f892e7b3217be24693504b16f91f209a22896e89209fd0c62415c122ad8bea0cfbd1a08050c5c6850bb36fb56cf62800ec601400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84c97836233aaaa3408ad1a6ced99f3 |
| SHA1 | e41bb19b8ac925f157d83851eb2c539ee4f01d4c |
| SHA256 | 3d6d981008ba38f9a7f133621c7c8392e259884b35f94ab66cce0974f1e85cc8 |
| SHA512 | ff10bceac1324afb86213c21e44ec80284f7d793cdbcfe2c1c202945ac44c5e058775a874146a48bb8f0248e85059906225e20e717f0327c26ed54ea24f36c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 767a86fdb2c4b871494d99caae3d9540 |
| SHA1 | 1788577b07a5d675854d7ee9b5438ff571cdab63 |
| SHA256 | 888ec3f81ef8e2d483cc44c717c6f665428055f36ff4a88d67607dcebe10b31b |
| SHA512 | 2a4713490655908dd25337e29f754b8c355985a8ddb56d7a4e34f4eb851c915ca19c57b33a3ba458172cf03ecbcd467ee6b413934c90831684bba69cf1441213 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df03a3c66b432a4937bb1623153df06e |
| SHA1 | ed32b6e65278442f3b80db4b6e3980d24d7e37e6 |
| SHA256 | 44162903a4083330f6cc96f58efd72926d8adc27f1b2e9c08e804be380951c14 |
| SHA512 | e6f0a821f3674df8823bfc483391dda7a5ad80babe8a9ec8230da2ac730e2a094855a25192604859e7dca599e21f6b67832451ac8b1783e713eb10cd2463183a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:03
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5fda20625465746008a0e380a52b4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8205269496982535338,12090733228433009731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | go.oclaserver.com | udp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 172.217.169.78:80 | img.youtube.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| NL | 139.45.197.236:445 | go.oclaserver.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | go.oclaserver.com | udp |
| NL | 139.45.197.236:139 | go.oclaserver.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4700_BDJZUHXFHZIWMYPA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28a4de8ca322d5c07f5c943c2a2f5508 |
| SHA1 | bfb16028900edfc2e2400b7692f43d3da8ff532c |
| SHA256 | 35fec86f529ea40f8c9b40fd3cb4c5bedab614a316f2bc851c50250898a6b0a7 |
| SHA512 | b30dafe6ed97ead8b45da2c140ce453f42bf3e9097ad9cae2f2c77af5948c8b51e6e6d9bc1fe86556a0a0c43d0927f5d89772dd9f50eaab0a81fb7e25bbb20ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eec313048bcfa1825866a83a94cf650e |
| SHA1 | 80be6e1dbaa26219ab0569da6c190d9be8ef286d |
| SHA256 | f6bc2274fc8529bedf6d5f6d02c8ec0ab7098dcb1e10a9202a5747277046ea7a |
| SHA512 | 66cf0568babd78a5d8aa30bd8a9ec4f51a3694b42d1ba0c515f9a32810ea575cef73193d986cb7e7aed2c96a2dfa25240ab7bb9a5d54556a8544d4b4f09a0703 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db6fecf97a1630a380c5c9f5cc2a9cab |
| SHA1 | d95da2d8d06226e12e21003aa1e21aab425b7ab0 |
| SHA256 | 060ffd64ef049870ac0a2f7972bd78926e7657c6fc914c4ff91eb40902c754ac |
| SHA512 | 3a3baa5fd58dc58f51858004a9337e85fb5d9c2e9dfeb235e057cd21e5dc87bc7727c942b24750e0db331bd6519491635540492abb66ca15b7c6053d19b458b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11457b9b3669bb6102787326e6c5578a |
| SHA1 | d2ec7b344076ce21fafadc7ddad1df9fcadb81da |
| SHA256 | 5f01dfbaac882293ecc8f4d986ba9d0645fbb57e24cae00fb0ad4c970e83840b |
| SHA512 | 7aa0682ee2c745d38ad92ffc42968376ed7fb7f423569e75e0c1186f48d97776a941497f06182ca69b236e9dcf98b327bf69cc05f42c104ed2cb8269e1d50150 |