Analysis Overview
SHA256
37ab91fd3b019fb2a415cca21a7854018dce6478c237b6d7e7db377e8f99c8cb
Threat Level: No (potentially) malicious behavior was detected
The file 91dafce75a0069862b662fc56d12c790_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:53
Reported
2024-06-03 12:56
Platform
win7-20240508-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000265143966b5b98d92f87a4ad040e728f0a0111a5d3aae8a8222d12d6e14c7928000000000e80000000020000200000001e4f6ae492ee2bb90ff088ab470d1e539c2a4368913c80e073e896dc3c081a50200000004c18a80537b7bdb8cefbfbb1788e6d7dfd64e82efb32ed11f6bbc6753e2c757440000000040440271139369e922460e8288e7da350d315b4cf379498032d393f0e0aacea207e417b4613107b2d0d3beaaa7cb8a3abeb12e943a12d1759b84b8ebcd8f5da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C7B2D51-21A8-11EF-BB1E-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000e151996f0501761f473bf60fd7b1774f503e181c61b5d002122185854b484ffd000000000e8000000002000020000000bc44a263729e37ff776553c65678bf4f7fad3f8acb6ee2ac2143b8d029c634329000000078317f3e5de93cc5b6f79f867cfb57f9c2029a05336178ff1d07561b742b0acfcab257bd841aa744981682e8bdef6e338ad4f0497509612350f499701efba4ada04a14b70090a8342f5740ee97ef38f95d7072690a0efe3aefa5523fecc952b06aab364d6b83259f58beff118e534a839e1394500749715931f194fe9b15b8dd2fa722853fb19b8213d96022e7a7d8df400000005f8f5ba47aeaeaa17fc8bc40dfc2c960c1e0a842d792f4eabb94a9d1946777034a378b577852b9f2dc2c808cbf04feedf6fd58a6e007cecf86b3337f01cdebcf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581086" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60482022b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1868 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dafce75a0069862b662fc56d12c790_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab16FB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f57a3f8a603ab83d6f8e3049494547ed |
| SHA1 | b7e65efdd6f071e8f7da24b66449ddb7de593478 |
| SHA256 | afd5a5b3bcea425022ef7958d4ba648a565440bec9c25e1c03b4ac9b1a6d34b6 |
| SHA512 | 814e5ea3036f6e348676ebe7349b74f8f8ad702cea73ec953ee6367911720472ebecc50dc090b8b881c7c2a28c159cee0703f300343a8206a9bd2eafdd0713d5 |
C:\Users\Admin\AppData\Local\Temp\Tar17AF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1002dd04b627dd4c0b01bb1eb992029c |
| SHA1 | ac4999d8b6377e2a2d4a3ad09ccaf6de26d6fbef |
| SHA256 | e0bc17a2e61b8c46351f13684d4d959fb6bdbb7675bb30fadfa68503b25e8c38 |
| SHA512 | 555ca0e85fc2dd5d5cf99e309ec9dd5803b89c0e4e1b1a39a882761a1a29c2f610b49a3aa105445fb3fc126773c32716b93d9edfa309c2c483a767c1968f0d4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379369753bea589f600982a0968024b8 |
| SHA1 | 8cb2b65c7a06e7a85e3b146cadcced8be09b48bc |
| SHA256 | a238e7cd3aed05e6ef198234871f6099f207bdc1caba5425eb3ce2fc6bc26101 |
| SHA512 | 74367e9454102854ce98196f400639765ad7d7ed902922531a6c318c7fb70c9754e769f375c1cf032ee0c63a3cf01dbde29dcc993186dc3761d81842dc00e51f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb7b8a0c86a194d35faacc3b1e55383 |
| SHA1 | e98f71ed56720af385911e5c9964bb2984ce8c5b |
| SHA256 | 0dfbbce08486ec86797269d27ec393ceb9674132faf76ad5e6c998727e065020 |
| SHA512 | 304936449a9ff3e7add65064aea8f8399c3c54f5ec7c31e92da76726afdbd3b42fd69e7f909aafb6ac1a2e620bca734c5297f4d094c16d92e18bc9bc093b93c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57bbbce884cb9850590e25759f0cba12 |
| SHA1 | 5ae71407f0b1612a47f36231e8a11c5330334923 |
| SHA256 | 151baec89d4ec898e01afb64e1703583ef0ca6b4ee84a1ab576f9547b8cbda2a |
| SHA512 | c094fd3bc499002cb15c02e901adc13b33701c3f3b0c5067f8c89c930fd1032f064f74f9369ebc3fa3ddabe0788e512223245bbfb3499797408a51b85bff3d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad1974e79c353e0a45c39cb8b18ccce |
| SHA1 | 9ff418d0eb184edef0ba7c5932063302d6a40f71 |
| SHA256 | 110f9e0debc294ca749f9c883d331cafb3d9ab22d56d7a85055c606fffcb0e08 |
| SHA512 | a8e68c6ed7a75a41479e920cb9979c5a72b236a916a32ee2f1516f728dc32406650f20da73b90e838de0e894d28aa794ffc7b088c5110c952b12fe235280bfab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416adb023c1ac993c6133c246c08650c |
| SHA1 | 030cd6c0a851a3133343741d203e8a4b4ac3b244 |
| SHA256 | 9aa2182bc35fd8e51e3ac615b16540a389cdfe105047624515d845b8a135a242 |
| SHA512 | 4de2054adbdaef312178b082c78c9f1cdfc147065f771cf4bcd226c38108e93b1c15f2c3663040f2967a8213406f82fe85caf23233386bdf5340515f7a57fe69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab8a162868182bd872cacee8b05a2dc9 |
| SHA1 | d9e51052b32b60b2921835d9432689b8fd10cbdc |
| SHA256 | 973f6d3ae391ea51e17e33486edb1a2113af7acd3feb0e6d08b5e26a1f5f02f1 |
| SHA512 | 4d793fde7c329f7438d37ef2a33ac88772d38794df15a46819319d472e21020754026fac493d5db48f6843a09ab09f6e381f35dc689a8370c553fa0275f854a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 542f0d8d462a2b727d30ff1827c21e94 |
| SHA1 | b62e1c2d3ef81a0f575213d2b0c95281c466ee2e |
| SHA256 | ecd5f87635d02a726e016b2277a927ce644f75781f62de4c6f7a3a204571e988 |
| SHA512 | 7de5ccbad51eae12a62bc746542c4d16cdebcbbfd0e5bcf42bf6410182e731be031f6eb580dcdc717cd9bf2edbefb751edc1ea5ac0a1828f52cf69ec1b85d038 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13fdd4309c338c63b443d6620aab949a |
| SHA1 | a3f0a4a86f3a03b431ed10c39895b4bb78332ba0 |
| SHA256 | 7933ced64cdda2f40418ea556065fbcfd009a76a6551cab1448a3750b6253ed2 |
| SHA512 | 3793af9d0516ef8f815af0d24c5ac0eec87692ae7a2959515e8def7b7e7617db6e9ca560a6fc739ac48f2e8106e3ee7e16b2d5bb9e85f28b9a1c23a8b64b84dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38330ab13172d0fa5fe5043982962f7e |
| SHA1 | 2ecc21040c5015fc0dfb48a51274de02ec4ad070 |
| SHA256 | 376a3fd0434c4e4c84ab49ae3f92f70a2140335d3c9a62c7959c08342dee9a0f |
| SHA512 | de615b097d77bcc0dc0b297d0c1aced9b821315ba6e6fd6ec21335606becc02bf8bde783b713f2cf379feb4876b9667026a26f1be48095a9cc0c2bf63fcad967 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ce19aff2a521226184fd139fc26e87 |
| SHA1 | 05d14f08bb12668ce24041469e3039795cfa439f |
| SHA256 | e62dcb863b11f4011bf8665c4aab5df8d62c8d46ec431bbd6a56f800ed613ae8 |
| SHA512 | c7b5fb4fa63719773d76c512267d79c5dd03452881e9517522597fd82754ebb272b59ad3e4d93993ed8a4812e148e3f3d305165abd91cb76d49ff4b131c5949e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bed8d6d1ab37cbd739578ced972120b |
| SHA1 | 3df3fafa42b8e1b6ef7f077e2376eede6b286793 |
| SHA256 | 8b08b9b6b044cc20f18244da19b7a179869057b4ea7b9ed7913c5749f07fa889 |
| SHA512 | c4100616bde83dccaff5ae9fedad0732472d3f1ef3b37245b1191dcd96e2af1040ff0ad074108b70ebe07adc9be28c23f82e1157a299013f0d68ad11be7c6e96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c97df0f08b70a23363525b8777a138bd |
| SHA1 | 9aab2b5927eed16b75f58d42e764c4495733863f |
| SHA256 | ae5241f0dd48d5c92d6848579342ed7e4e7046d890a8806f1ad76e22752c798d |
| SHA512 | 508ca5d6c3456b1270e527b0138a2ebd8a85d24f77092b3dae13e456ba222bafa9600c0c64b233a79e577022959fb411efbcb458ae40ea7507a5c4d76271d1ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e2530a89662d6866dd1d3e1c7959cf8 |
| SHA1 | 9dd4f6e837ba12423aaf5c4bf18b0a1afca72f19 |
| SHA256 | 83b9c4c0bc96882c810b96e3506909e24949d31e903403acc395b23fc62bf1f9 |
| SHA512 | 23714d91cbd449faa6bf4bcd5c9b4daf5bc4f2183fdecbb71d229c9f2b11efcfc9b5a677f4d2438ffc02ccdac9722fe4452d2f0e3f21afa7bef4347638254f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3557250c53734dba23d7e28b04a88047 |
| SHA1 | 30efc7863228b2214daa237501a2ed843de3bbbb |
| SHA256 | 0f735ff174a243ea58f9b40b41e68b79ddd3473a955294c28062db6563a7c568 |
| SHA512 | 2e127aefa5a11b488f42d471dc0b9816aa1ce3202df73f48d610f47e55183138b6500fb3b2d981bcb777b20bc94b35832cf636c8b0912f871c8915faa19e6005 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ad71dfe97dd4a58b3baceed33264365 |
| SHA1 | c0399ce7d7636167c54a5aa47b81900040775299 |
| SHA256 | a35c00770a17cd17e9c2432b4b659ea625835fd0bbb9c439ce73dffeb688037d |
| SHA512 | 031793e8578aec8d5b81d4c7ef933cc215e035fe47459bf928c479e944afed9748309587727de56a558ed68e718c5fbbe99f459f420ffb7b3189f9c38f723537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d39478ca62c1c3f305500e9100b21a42 |
| SHA1 | c29063b7c24ad61d7db586c37738374e8e7b72c1 |
| SHA256 | 2916da295a82e0a7bd6b4efc41295bbca45bfa95fda495d66ee253f64613c16d |
| SHA512 | 76187003a32a4e89bcf4d15372d23101d54949e920a1e4633d929e467e36bcc0da5d142bcc06aa44e89c6eb18b0c5f05196418acf99d29b2144eb79dcd061e13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d7c81c0e94ca3c909ff9bccecfd2d82 |
| SHA1 | c87afa09a655f6a27984243fc663de70d9372c93 |
| SHA256 | 3938bd805c973516d6db29ca39d462511769637e7060b126af88899a14278153 |
| SHA512 | 1dde333501088f6b97b5fd8f30a02f7c35669692dadf66cb4054b778825478d64fced5d43e272c374c0636e6ebecf4eb6d7fc12922216f70095a8816bcf17f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04647d2696e9b752c107564820f887fc |
| SHA1 | b8c8cf0add175aaf14d31b3192769a5277c2ebd4 |
| SHA256 | e60e7f3de84fe5b106db5c660752f2fd932579424b284ee9ce734543b7190fdb |
| SHA512 | 49a63ae6b83bd6cbcf85bc8807aab9eb711e79e480e15cb5a9c57de6af1b556d0891b22ba6b20c36265059f10f65da9745dca89fa0b67bfb4aa9a4f2000e6da0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee48c785aec2656b6f609e61d8031ce4 |
| SHA1 | 2ce3ff26ed9949a31180b7ffce8b71423c2a05c0 |
| SHA256 | 991824dfa3dcef72f69b6ca8b99095cce419ba8beec9f584841484a861e3a690 |
| SHA512 | a61848b04850bb2349824e240ac032be7adbe374ac60c14cf229e90b9efadf7d209c6306adbd445dbebbe2f14d93ceeb0ed6cf717c0fa821601fb95adb2f263f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31cbdec1235a8b13d1008a86bcb061a8 |
| SHA1 | 108f20c8ab3a93a8d7cd7b181440cb8814c16886 |
| SHA256 | 8e976ddab30563c8d5a90f4098a6185e70d87ad24018b7cd0709822b9580d52e |
| SHA512 | 8bb55c05909fa7bae47de39928fccdcf27a210bf67db2d95c84982c794729eb8885a7f5cfa81499f212139615328c0e3cfb4a079c0ee3fed3e8c2c5c7494bc68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf5dfc65b770f815a1ac4fdbcdc5361a |
| SHA1 | 1046f8bdf39238d8972f951e45092b1f4df52438 |
| SHA256 | 0381a7573d713f1b3c3c1874b6755abc8a6c024fbc82c97ab0c568f3e91fa4a7 |
| SHA512 | 2a49699228495096f15c8d7cf23faa43bf9bec5cf2e99efff62b3105fbc174434d7d45638ebe2032c620af768f588ae572790d3d8356cbf2d74081e5fc292584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be667aa19842bbf72ee39d934ef2cf8e |
| SHA1 | d9b3fa5d35e9a0de7409cb49384a065d55566c27 |
| SHA256 | 67872b1dafbb4d7329035423b04d6ed4ce439cf8ec2d2ee405c839e300bf7d13 |
| SHA512 | 3af66c2ab1ef1fe7292c7f95b0079ad7f6b067ca525574b6b93020aa7d0e8042ac812bd238043d82d6c34f2e47ad61591dbec7c33eda6a8ce2946bd52a49574b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050117bdcff63e1b844b4da1b27785aa |
| SHA1 | 5f2c7fc4e5e3f6467f02f7703184dcb1b47cfc41 |
| SHA256 | 4beafe8fa2ca6e6e7448831b2d42fc9fa543dc8c66b764325efdbd8817de30f3 |
| SHA512 | a15682e6d40414a76e40da9daaa0cd455ef7c2ae8171301b7814281e69b501339f00fc5e7b8a493aa4ef36b9e145811788a397cdab2a65030da19a0dd3e21cee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e0ade325c79133054806fd2804f77e3 |
| SHA1 | 42e9fa73f07cb2c21652e0c907371bbc2fc74ad9 |
| SHA256 | cb8b063f9b84fcd7e6f2795d8516af49a0fecb5d6b2470c79db232a6050340f3 |
| SHA512 | fb1280067711558d539b1b99edfcc202363d8031b50d20edbce9e9888e32e30f917ec94982ea881b533c5f526ece945c8967e1ec28c93cdd26d0e45a89333faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61ffe85e727469e5c98c563b5cda405d |
| SHA1 | 4a7cd1c051a4cffff7592ee65d0299bdea5f3840 |
| SHA256 | 921f9aea5542e79fc40bb9de7cb85d85d088b2f9b7896bebd62a76623b6d3dab |
| SHA512 | 73a5da2b87f8955c34ac8a1c8c52e983610039999bea397af22a02032c7ebc7e10fbd326c0c0492605323895e5b1839eb89c1c8b34e41172179666cdda3cadfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b407dd64a87fc2e1f36123e5b7bb02a |
| SHA1 | d80f827ac2876e444b58abc4f1106f5af7f17717 |
| SHA256 | 1a846c4f4da95a07ab2767141e2dc2fc309c9c323b48b2dde4715bc7014b8c47 |
| SHA512 | 7c4843da24b06c80d12ed9eb8b474de7b8f1efeb3536d92a2ed6e31ee2b29700a1b263b63b45a5aec20320a96b33ea8ad1ed13b62d53c3f77eeb9df1e387752b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:53
Reported
2024-06-03 12:56
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dafce75a0069862b662fc56d12c790_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1378077724522431426,17685428067614212939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.217.251.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 741406.shop.ename.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.238:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 238.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 338123.com | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.226:80 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 226.160.166.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3492_PBXOIHHYNFHQNRLG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75e8a5038730d6cdfb05be1f4473756d |
| SHA1 | 85beea4b2b257b062182c24c9b79771ef539b9fe |
| SHA256 | 9bd304a5e3203a3b3234758d1da0b563cad7df07ee7d24589f3d26a71911a17b |
| SHA512 | 309a9acab5887f9daa0845f13c4722936adcf1f5af63d85ac2fc8a7704bb3024aa22b524b779d2bf9599d91912e22119ee1e9f828d30f8efefcdbb319b1b940b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4499a00b178a9feb473959f4affea909 |
| SHA1 | c404c14e8271ad13d95a1f4ec7dc1e4ef6ef8243 |
| SHA256 | 35de981a1eaf4a469a3308409040d1ecf44ec3a9f560d494afc68e9b9b41a707 |
| SHA512 | ba0096c12861d42ac8738e5eb0993fae13be2a127e554c78ff89a28563709dc446a91ce216340cefd493a4de9cdcccd26ef1f7eb4b8a628eae6d66ae6fce41e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f5c1b41ea2d8b8a676154c50d185ea2 |
| SHA1 | 54fd8bc6aeebeaa91f66d2edf3d859c0d12fc2e5 |
| SHA256 | 46f1fda1b462569a3a9965d127eaae2e801c0edc46a0dbdf7a016243c0666969 |
| SHA512 | ccc147b20e5545cb78c56955daa85544efbe0b4c481512f0dfd1c95b34095840892efb098bedab86ed926964ed3ba9630da7e16c47c9d226453d457a06accbe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc1d00db0a7284140de251aa72da52bc |
| SHA1 | acc06d0995ce143ff360c856ad2f0e7f955d173b |
| SHA256 | 7e4304d3caf268ad4d5b4b0c8f15363dafbe66eb8b17baa87277676434eb7c86 |
| SHA512 | 16bec52f1fb0b9a35019ae06cd286e2ff4834d6a0cb175edc5a8a4ae3888d64eb177019b7f503d1385f4e506374878f4eb4eaadd4ecd61343224a1d50385b85a |