Analysis Overview
SHA256
53b4630d9a3e7bd1d6d4238dd1d948649743a977b000ad66153fabb50de9d722
Threat Level: No (potentially) malicious behavior was detected
The file 91e7f56d15a569ce35fe4e69bbcfd12a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:12
Reported
2024-06-03 13:14
Platform
win7-20240508-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000081aee4162e348cd019930fcccaa6ccb4e6f18c634f512c51b86f6f9fc5153d7e000000000e80000000020000200000002bec8ee442a3e859e37671ac8e166ba4deeda3dff7a0cb04881bfae5ad967bbd2000000030cf4b38287a48f0913b3a0ab54b5eb1b96cdb9afd58e31f42ffadf39fd67ded400000008a3875cc438164441378920fc62836eb09a00a972ac9140246358903377ed8c5f3e9e95a509e9031ccd31d17313eab81321f56dd981c44ee0ecbb57711d95741 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000be080ddf39a058eb8751493e0fb64df3909bc052733447702333f2e33a9fafc8000000000e80000000020000200000009dbef47bc60b9572b3d1772f0bcc9d202fee2e3a7dcbb0ab2bb799bd2a6be23890000000ce331d74a55399b713ce1e6ceb0ced06ce36d0c21e1e4fa71016d55ad04fb0a62c086b325c8284df0187f2e2ec2d28374f776359257cff9a5734e5886e7fb78483d790e0e8f100e6093556d63ff9f7f81af0a98bbbfeff22b0081a748b717bb18711afb0f2a83cc02c2dc2517b2d9b9d04a8e904b0b4d200670d9e5bb957403b2c7cb0ce8111b0f0b1bbb9ef975f6623400000008985a61787733c10e7bf9269f0844545a5ca45dc93750c529c3f6add00858791f0bfabe3b340e57bdc4d9c49e08a9d86f928d1579199fd2d94c813dd806756e3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5AAA711-21AA-11EF-A1BA-6AD47596CE83} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a0b7bab7b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582202" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2920 wrote to memory of 2304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2920 wrote to memory of 2304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2920 wrote to memory of 2304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2920 wrote to memory of 2304 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e7f56d15a569ce35fe4e69bbcfd12a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cpmprofit.com | udp |
| US | 8.8.8.8:53 | greene.pl | udp |
| NL | 95.211.219.67:80 | www.cpmprofit.com | tcp |
| NL | 95.211.219.67:80 | www.cpmprofit.com | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| US | 8.8.8.8:53 | ww1.cpmprofit.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 3.33.243.145:80 | ww1.cpmprofit.com | tcp |
| US | 3.33.243.145:80 | ww1.cpmprofit.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3164.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47bfd86669f1c3f7c526f20ca599f3e0 |
| SHA1 | efb9e6854a89e4de716c580933d24553b04aa58a |
| SHA256 | 228136eeb4c7d5b810b6d49f4e7667c0b5fd233dfd5fb7e303484f3da07f557d |
| SHA512 | 00cc95f9f0e3f70c11bc823c596918bece69ed3b6fa93f2e773500fd7d297147840080ce456bfe6c1aa8c30a4c0e999e12dc6a83f1a9f155a66bb1036282bf7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a7720fa6b21bfe4a31534184717ce30 |
| SHA1 | fdd5aa4e9f8ade9a9d068c37096cd624cab76123 |
| SHA256 | 3beb14a597596de763232d643510dcd19a409b9a08d53243ca14503983388060 |
| SHA512 | d51983a18562147b63b30ff5c7244f5ea4ca119314864c3a49e5b0e4e8359904143e7a90f6cf8b747d683bf57ed9b253b0b427b9e10cc4d3dfc6b8c71a3b1ad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f5cb17c9399ed3b0ccd4d4419fb2de0 |
| SHA1 | 1c7b4dff64b97bc207386b5b21d4c035c2e0f59b |
| SHA256 | 1ba32859b4c7bf60c286b681fa48c99ab86adca7057b2b068571df886b596998 |
| SHA512 | 291071b0931709906907288d66d0bb575fdb380c0f57db11fb1cf38a488f5d9b8d16b912d35428f2e7c3213df2699160cf1b67d28508a60fdd060fe92002f081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bad64a2490d61178e905e9c8a008a05 |
| SHA1 | 924983b2a817d097cd264563dbd64330acfb5f0b |
| SHA256 | 9d4ee948045f88c744cdefda08e10aed667686b17b082a9940fc96c544af6898 |
| SHA512 | 0b0c3e244ef7502b9239492653e3174067777a3e7a57423a1c1a79b33f69c5f5a9a39da3f4bcc39513768fc7531f0596ed7fc6bf8de36d6468d20c35addb3496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 550756b68ece1dbf56b0de884c17e8fb |
| SHA1 | bd17f51ba968cbb1ff72a0e97a561694c57f9ee8 |
| SHA256 | 624efb08e2163f6998e90d249cfc53a93efdb4335543c5731f27b8f9b74eb9cd |
| SHA512 | cce0eb011f26a17c945327f0e938023ffe9940ac84cb1021b00ae2f59cdc67b821cf7105d5c07ed07c6b806dff7a1cac4816afb5a259776d5fd3eb54a4cbcad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e193f3b073460cbea639b6907171c11 |
| SHA1 | c5a908bf4ac998e61af9a5458903f1500b38c8c8 |
| SHA256 | 9203057a353e8c8b55ae737d7d3383d055d94ea019ecbcf54b37af2247b7015d |
| SHA512 | c586ae75638cba93613354f94c32a3678d9893acd41c8bedf57b17f41501428035dd4f535339b2a37374ab0bace6a204f8f71777ff7f28c65402c5639fc9cac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ba1418de9fe92500b31478262f39585 |
| SHA1 | 476f944fc26867056b9f0420d3589eb633870521 |
| SHA256 | ca1c37f200bc76df7033207603df02c4b4dadfa74c77a4bae65ec86dc33bb853 |
| SHA512 | e7a38e0c9c56871c095a3eafbe5b761596e7249a86c51b230a1d87f284f597c353b57ec413ca2c91e9c87628597c0613bc5903a1fbb5c133a576d6ae66590183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b14ea7fb83fec6ddd499df4810880c3 |
| SHA1 | 1c3d02582a4f737db26bf2c1fcfa352b311f9cb9 |
| SHA256 | dcbf486c68643f81ffaf76012ff7dfc76ff9fa112662f52d5b447f5d310ade7c |
| SHA512 | a8c146eba0e1f04fc1d5890a5bbc9cde54df03ea34c29a445ee76f9ed71e0a21a21facfaa26dc596156b181509d1f1e5b6abb9c768582e2d5a82770dbaa66016 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b181392b3c5430ec3135ebf3779a044b |
| SHA1 | 457be448413f941efadaffeaa72de5ab44465aeb |
| SHA256 | d62df32f11f4be2701bc13f8d5da8c03ed155c60219f41ac58626ecbaa2cc857 |
| SHA512 | 795b6f740b8ca9d6559a78d3f5c98d800d092a85cc45e3c5c5a5c673af8a4b029aadcf8c968f1f4ad30e7aa0d4595bccd7b45cb41ebc3eb2ba2dd0faea958bd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0740263637209cf26a0647a84fba90a |
| SHA1 | c2961c783f9ba9af4235be7f7422e5177471bf72 |
| SHA256 | 4d40c20e715f313d62649d12d4718c1ced6a33bea799a8bc87d2f86c56d461cd |
| SHA512 | 823c18fbf578d04a74be250dc6583f5533f02fa09c7d390522c43052632e9e4f196955163ceee2510d62c396d0151cb190eed62db951c16b2073969b6f13d6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 698485a98ce259a3a74f6d00f7f888b1 |
| SHA1 | aee9d31886b8d9f4331cd47254a668ad5d226b6e |
| SHA256 | 6196ad94453f1786bd03371bfc3d3b7e217798ee99d926ee57c990908dabb58b |
| SHA512 | 9e5316da5019c387eb8d5e2bc17cf31817b33dcfea7dc978106759ef3435be21a929880c495d847f2de28aecc0f05777e41b6064abfd28a1671acc4190facf5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 989d120ef765bf0e356a596fd8f01e34 |
| SHA1 | 5fd2c660b3611d0946939e7ec698aed643234407 |
| SHA256 | 00d519e9130254da1bdc99857c14969f842cc06edc08c0c1d6c573aa4563132d |
| SHA512 | 8285bea4d6dd7cfb9d0ae68d23c555f3bc88f9bddc766cefafabffb6ad594dcd45de6347da20b92a8744087db6211cead0c43e6e3762bc93e37d29432f1079fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 623efed8e014465ea289e7c5e6c6b281 |
| SHA1 | b556324b12fc3113107b0da1cfed1c3882857ac1 |
| SHA256 | 9ce31c9376d3dd25a1d19674a9ca219b60a049516d5236b0afc9912376dbf219 |
| SHA512 | 1f8da1ee70fa3815d58a9862ee19af3351be408d9670305581669cfe8b86ec63360a1f4b5a67ae291c79ba31d60607cf7d13c6325304114056f84cea474a7c21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3d031174f6807550bb24d55119cd65 |
| SHA1 | 42d14856446d38c7ea3bb757da6d874f2e1a48b0 |
| SHA256 | 11d07d0cb7599b9e87bae34d6c970de776665bbfe2c0c1619b2632ee0363aa8c |
| SHA512 | 8e673d1dfc486871945c2f3edea741e891924867accfcd888ad15f2b6640806a2f4eb67d4a8435ab7a892260c95df2dbb3fe9f77671caa1295f48825bd5a67f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b8c716b370f0f527f098f4249a99591 |
| SHA1 | 188659e4f657273162afca77a56993804f838f44 |
| SHA256 | f49283dc5dc25964abe6f61de4f87a9a726d5585f8a681f960f6e427d2957c0e |
| SHA512 | 66e46f5fcd31c5e686f8254e7bccdbbabc517ad3a20105ea9f40c21ef255e3afd70d8ff7c9738a70a7a6fb719bbd0f350943428ff13412f09f1788597ee9887f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 973e91ff8e89a97b9ca9655a1791d0f8 |
| SHA1 | 871c4ed9d6b8207388bd80c1636c0b08c21ba407 |
| SHA256 | e3ed8f2c6568af87662d42998e4339a390105749f204a94e84bda0405308ced3 |
| SHA512 | 1b48de8592ea96499e00128a1a86e3f941a5b30e0ca319d1c76529603b7b0c603048cd7183d0375ce1ba5bec255c455f6c4696d7d3f033e4a24691814d8e978a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad166399653e3b78836564bd723afef |
| SHA1 | 048da7ae1c8415d94f409eb5968ca8504003e6d7 |
| SHA256 | 1b5ac01b5ba682c9714ce945e4d338eb55a9b5ae5a1e41fefe3a080c31346922 |
| SHA512 | d52452504075781dbbf74161fc2e3ed1bb8ddef3bde2ae90bb2f5052c1ab18ec3ec3510f6461d0a573836d02523086cdfa2c804fdaf91fecf675a65ca419636f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb798f31a6363b29f49e62a613bc5420 |
| SHA1 | af9c1a405121b3fb483317b5c30312da4f21f5f5 |
| SHA256 | 0a7e4e7a9d00a1338f42316028b263805925c5f0843a569db19cb03a576c4dea |
| SHA512 | 1dfa287c5e2f921fed699d85114fe7796dd559646a841600ae1892b89080a0881f488cf0e4259ca7a99f9609903e5d856e5a03243463075f0bfc9fe6786da3c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4323d6c58c8ec6590fe23e4b7466c06 |
| SHA1 | a4f7ec89e0f5e7cd63dc23f239ed2d52cd8d02cb |
| SHA256 | 30afbf1a9b37c32abfac796e353f3feff4fc4c1d89cd45b39f8a405f64f708bf |
| SHA512 | 42576b2739178ed4f0df8ef195afce68deb5f5f2a949d16557a3a86db8d001f823ed947a33d0b04216ad3c0329f6b17f47d81c79b6a29d872214f0f467b3d12b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 637c7eccab69373c2685f03516406417 |
| SHA1 | d3c8bec7c9163fea3e6e26d553bcf9835caceeb1 |
| SHA256 | 209e4195dda4363cb288c4ad6e67eb638e6011dbf07d9f1e856f4ef52f1fd78c |
| SHA512 | 0558fd499754a4573cc2eae6c0c73d5622a3fe7487a98d4d060eed291907eafb3cac9ecbbcd36f884377dc1600988c793154b4da09c29f3c8dd353e74307ea65 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:12
Reported
2024-06-03 13:14
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e7f56d15a569ce35fe4e69bbcfd12a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb84cd46f8,0x7ffb84cd4708,0x7ffb84cd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11897890261841512396,11980979288515579723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | greene.pl | udp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| US | 8.8.8.8:53 | www.cpmprofit.com | udp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| NL | 95.211.219.67:80 | www.cpmprofit.com | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| PL | 185.253.212.22:80 | greene.pl | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.212.253.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.219.211.95.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.42:443 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_2644_KGMFYXTTKAXKGVAI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 974ca27d93d4afcf87afe197d035a74e |
| SHA1 | 1846d38f52790feb4eb6a04f03a08f6fc7cb35cd |
| SHA256 | 6f3a93426a923ffa4d2c007241ce56ed691d5852881134194fd302985a226499 |
| SHA512 | 03563bb2af78f0e479f774b92491cbb2c5ab068363238242f09f7583ca06e89a0c43d2a9e55e5224eda743fd92db21fb645d0457aef8a1b2377ec1fef4541111 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 297c3c7f5037bdc5b17693ed6f12bab8 |
| SHA1 | 110f8275f8a48d8edc627b9bc3ed2300f5f0a5e8 |
| SHA256 | 9b263995b22cf6d5dc3b01bf448001bb69ce0b92079351ad3a091773066f6da3 |
| SHA512 | c2828f77272ed186a5c59069142e5522c869f51942888b4a3b8ad4ff6ad29c844e0b3fceb2b689c5c570d6470f4b3a001eb221ffb4fda31a660d0c2de4e14f31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca67ea4ab4051dbb92e25c097ee81eb9 |
| SHA1 | ab5529cbd6f25e26030a6aba8dbdffd3596cb03d |
| SHA256 | c5fef50c35dc309d0b00b461c1939d489253e1d663fce12772eabf4bc7d0d729 |
| SHA512 | 037000f0a6938502d4284ad83e8c62f89bbc44b39f0b51f950a6fbb4af8d51d928ea8335f0225ceb0cea3c6f9cc2e1a505c0ab216c086d5c522052cf08174268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a848f362ac41de99c10a9e324ce99644 |
| SHA1 | 9df0d4a8867211cfd28344a2ecc1149edc9cd69b |
| SHA256 | 3c43ad090b836324269ab7ef546ed7e680692a9d89907debe55a3c0435189db4 |
| SHA512 | d758bfe425f7827d64b0db62849b3d48b14263144633a90ed23bc3abf3ab737ca8c3477ca2944a635cd1b97430885e10881d8b0a704319b0195fc4f76133c5bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d26115dbe5c5d19cabab5cac443ce54c |
| SHA1 | 72d86ac777d2d3ff8d344f7376c4f0fd475ac78b |
| SHA256 | f19e2236c2e2b8525411628b8a608d864c7935fef85f9cd886261dabcd28e7a9 |
| SHA512 | 4ffbf9426af0e9cdc9b8e8a18f8bc4239dc5b7e56fcb562a1b00086719dccfb8014efdfac9e9ec856b999791a0e1ded3c1eda8180746eb934f2cd412d78df0ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eda431027964b5ffd7f9d1e13c96dd18 |
| SHA1 | abe2c2e10b38a7f23b6298e619dc40f1dce34c6a |
| SHA256 | 3ddcbd805470f1feef418e3548b4649565cedbb0e67e318fa1d7885fa4c93ceb |
| SHA512 | 6522fc60d29b75a1bb7c440a5e7a630613f80a471fe9c7536201478d66a21426a3372333bbcd171525aa4043f2b929817a756534043bc20f3fb3c1791f927a00 |