Analysis Overview
SHA256
fea31177e5097ff89f0ce18a1f781074b431acd691a6cd6a3ea40df79d82362b
Threat Level: No (potentially) malicious behavior was detected
The file 91ed825a483adf364db34befdfdab93c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:19
Reported
2024-06-03 13:21
Platform
win7-20240221-en
Max time kernel
141s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40aac5b9b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f28a5aa3042884584cf487a54ff2eac00000000020000000000106600000001000020000000218d84f31383b8251ab40015270583963b39cc8af20bfc97c8e554ef5fc96fb5000000000e8000000002000020000000e77d17dd721d8be4e24d9e929e6e130b4f4e4d39867ff07e975c54c0028c8faa2000000047ceba641b99f960ab5feb5945424bb8616ee47a93d46f638ebbd50187afb07d40000000874968bef67cd162f3aced9d2fee421564f06265acbe432efb191fe97a4d9551982e5c980322d3d850d7e825254954eb4e6075ac3cd2893378c5258e5a815aee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f28a5aa3042884584cf487a54ff2eac000000000200000000001066000000010000200000007a9eec5119a7e81a82f109463f194f64930ac98dbcda52df7fd2005e8d29281a000000000e800000000200002000000086686f1bdfe6c5085f272ee971956eeeda17b6d095d332f861f49dad727e4aad90000000cebce193e8074192cd5de530e6b2311fd91720a0369ab12b5ce550b65325340a82febbe667d1b79f38ad08fed9525cb92a77f9a0f9101afcfd3f10613b47bf6e6b1b55fb5c9a6ec824b16174a0a7bbcaea6ce438507fa5b7c797817caf98f887dbe935ec4a55e5295e063c48581409f32894e73e5dbbffa17ebc20660a0c9cef267616b595a2935ceda0c3df0ce3bf6440000000a802b03792482dd8d50cd7c1f721803866c29786b7f108d6a6e34391970ee6ac135a4d9c459cca323862b86a0689644901b0d1835134bb3b6c4c5ab559f3e0f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582628" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2FDF891-21AB-11EF-8DE7-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1968 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1968 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ed825a483adf364db34befdfdab93c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.condominiobahiaderosas.cl | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | igroflash.ru | udp |
| RU | 109.248.222.212:80 | igroflash.ru | tcp |
| RU | 109.248.222.212:80 | igroflash.ru | tcp |
| US | 8.8.8.8:53 | eve-space.ru | udp |
| RU | 109.248.222.212:80 | eve-space.ru | tcp |
| RU | 109.248.222.212:80 | eve-space.ru | tcp |
| US | 8.8.8.8:53 | glazewski.home.pl | udp |
| US | 8.8.8.8:53 | weather.yahoo.com | udp |
| IE | 87.248.100.208:80 | weather.yahoo.com | tcp |
| IE | 87.248.100.208:80 | weather.yahoo.com | tcp |
| IE | 87.248.100.208:443 | weather.yahoo.com | tcp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 34.251.70.36:443 | guce.yahoo.com | tcp |
| IE | 34.251.70.36:443 | guce.yahoo.com | tcp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| IE | 34.246.21.121:443 | consent.yahoo.com | tcp |
| IE | 34.246.21.121:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2B5B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09adcf854e16c00d5690d9f9a3756242 |
| SHA1 | bab02330007b9c729675054d4070f2f9467318c7 |
| SHA256 | 787ecf908d2c38cb8d71fcfb468de7100f7ba72ac274bf98847b49021883dc74 |
| SHA512 | 7b7dbc52224de87f32f6ce1395447a57194904a4b446c62912ff688af56dd82b01c24a6ef8e5222c6ed1ae42d16438cd8cb1ae042e13661923e8eeacb7b8945f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c29e41b458084addca02a0ae1c02b78 |
| SHA1 | a7a47755814a56a3ef283f300c80c39733c691c8 |
| SHA256 | 929fbeb1e1d0c69dcac009ba72c33b09cb31921f3b32eac561099d7320a525e0 |
| SHA512 | e1851f7662e31912ce128b1d80f8d0b82177fbc47ee0c9115497ee244d9bff0694522181366ec076c780ba32f6dda0ad6ae704f7b0742172de6544d8b4b5172a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6cf4a86791ecb210f26c69036abd376 |
| SHA1 | bca297b8e4b35ce68cbdfc0f0e9baff3f8950646 |
| SHA256 | a221b1a1d58ced9347d17e1ce4558066b4e7b39397c413f61c4d7d86ba96ca2d |
| SHA512 | ff2e556dbaf97ba18098d9e0f6a8cbd12d30c85800ab84e3e8298c9eb20a5dea8f2255ccc1055b23965a9a2fceec905ce41c6c2e6ddc20cbf5c4bc1d56996041 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2368f0492fca078f33a093da89636ffd |
| SHA1 | 8832ae148c78973141113ae681e45ef8ed5ec451 |
| SHA256 | 800d534effaa731f9c3acd5fe53570c874a9f4108981931c9ff27318904cb953 |
| SHA512 | 068c1c36ab6192811eb35382e886286d6b43906d1c696d6079d6a08c1426e00eb3708b447ad9918b0a2b0bc0aff6599f7fbc71af13cfe9461bd503aeb264207c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7fc8197da06c5cae054ef1132821516 |
| SHA1 | 8cf641746be191544d719651a175ab8a004661f3 |
| SHA256 | 590de77825bc33e2e2363a607247335e346f6684b36a63e2f538d74ea93397ec |
| SHA512 | a76f513568aba3e75765bdd0e2571a3d4aad2ca4e73b95cb6498b9888974ea45a5ca29542202a8890c881b5eb469b12df991e3575d6bc58417c039c8eaa0d305 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a1915a318c1c118e28d69f6e9ba45e7 |
| SHA1 | 0079e27657feafb2029acf6340b9968ee21a770b |
| SHA256 | 22c5d8dde1039d6518d81099ec5273783eecdf6c4bcd988497898143cbfbb4f6 |
| SHA512 | 733b6992b4d537aed5be831ddc9bdedcf74f39dd4cdcdea99ed35d8fe3e0126cc2a35d04b80a6ae70dd081ab3da9cd799aa783ab48ab386b398f1e037f4f9d37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a611154eff62765a9231d3f8d1df00ed |
| SHA1 | f93095832590e92b7a597d7937f59746538927de |
| SHA256 | 95806ffd4b10600e538b54890c3703821fdd1d70f0e44cc984c8723d172856a0 |
| SHA512 | ce49f68e62f70ef5fa7cf22d9dc458a050636e26638cad033785809f3d033b6b6740017e46d61d76149035c6cb1e1c2d3b210ef14eb5e8bb9f228672e4e83b53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c289040a47db79b7122e7902d0cb78b2 |
| SHA1 | e041d3d7ebab3d3a226129e62cff90e29cd1a0f4 |
| SHA256 | 282ce6e8d1c76eea64ab0b342d229ef2fb0eb59b240e69de89c36ffc1c8db983 |
| SHA512 | 8f5c4331387e0538419624bfa5435d7b74284f8546ec24bd51afb52bc483a58fe816b6e2b67637831689e7c31e74d4d74b29be35db20dafbe31bcc4becc67e8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c35999c7ce64e18b60cba26c40efb3bd |
| SHA1 | 049f0c5377e3289d400a18dacd1578bd2c79081e |
| SHA256 | a392b8d6b2157ca9573ed1c748b6e675a7752c393ae371bdb1fb1aff3d4c1e0b |
| SHA512 | d50ae34174afe817e4425eede1ed25a17cda820ccdda43dc6177cbe74ed64c45b7d097e068b083835f85c8d1a9fd7243be9d1e02a48a160afef28af3270a8941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e89828d839fc75a075e3efb58261cf6 |
| SHA1 | 9610719797b04b98d290418bccf1f4d1d449cbc8 |
| SHA256 | 73e7a275b02e490fec9be96b00bd55d12be6936ca644d578df2091e9027714b1 |
| SHA512 | aeb1c485061bf078345f9a1e087c47d6e407dcb0f37bf634592293a97825a83c56ea9b26ccef9d1cb71fb2bf05b5038792659ae7a1f10fb37a0b5a85df6a4ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47df41a1e7891cd0296b2071144b1307 |
| SHA1 | 36f970b3041143473dce7d0b334a06a26cdd7bcf |
| SHA256 | 5d3436fb02b58fa258b3583161ee676046614359871df39f58578cffdd426190 |
| SHA512 | c20ecc5006cbd3c0c659fc73a76482045e4cdec7e1804a160cd979b5dbdb0d51e60be17768bf78369d61ba73e9c3b4e91abd1f4226c15684e3385190059aaf7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3f582a8a24877aaab5a99143f0f69a5 |
| SHA1 | caf5c9a19ccfafce043e0d3824ab7d0e31d2f3f1 |
| SHA256 | 8fa53bf9ecaaa2973e197a74ca0dc0c1a933a13de14ecf02b83117b5ca6fbe96 |
| SHA512 | 94ecfa11fa1eef1139b4ec232985176852c8495347a7c2f7bfebeb807a0b785fa00c58c8f63556683f4dabff97f35b37ea4c83a22297e256baf4e1eb0038e418 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6cfba5dd2ff4ae165a03beb12bcc2448 |
| SHA1 | 749d08288a02c7cd097c8854c502bc355073853d |
| SHA256 | d3ee465fa25942fc6af021fd0d324ac111c756a0dc7cb4b02431bd01cdb92820 |
| SHA512 | 0d6ec2b7e2fa9ad945f2efe4f2b19eccd222a6378ee6e789aaf09d4e303a432db302c0c9bdc5843f856c8312fd0d65134cf3d57b6af842165a5471b14b793bd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3c2d14d73e8b01a33f0c7c41a20ab0b |
| SHA1 | 76705f5aafd48b245600fb7c3d6877a71e7c31bb |
| SHA256 | ad6a65d04a63e8d9946604f252685a8b2dff9b3d62536263cfbf5006713aa8ce |
| SHA512 | 14b2bde32e66cb76498dcfd311f4c825ae72ebf335e047f42dbc725c028d68e9c2b6f75c36b397a28857da9dc766d4b05de5e99b4b66d1d0783583fdfdaaa7d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ab345171f0612cbcdadb5a4ead1f049 |
| SHA1 | 2ccd1866ed59bbe820e5babeb3fb23f073b0c9e6 |
| SHA256 | e0bb2306c8dd03e73264f6828e3d644b31e2bb413ed531f6e2188b02f18fa1cf |
| SHA512 | 69902259dd0c787d2e539f5dc2f24aa2e38aa5efc6916bcf48f2043d16b8a0cae41a911b4f10070743afa53606791b1f07556a914f15dbee3f255d8d68d6b5d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e9fba7e4198f9b48f6c96bacee872ec |
| SHA1 | 483009915f5c6c8fb04c1ee0779aeb54758a2352 |
| SHA256 | 2b6ea56abe3027ee015f4813432144ccb67726519235d245aab18bd4f292d4a6 |
| SHA512 | 4ea6bc5140f1529b9d6ecf61ad24d0c1d76ed25f4c1d4e249206576b6e85fecc15c299908247cf4a0e7e87ec8bb8f7cc6e118e811fefab6f12a0fa5866c1d28b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa0aadcc4772f3195ed8c8bfe04bf42 |
| SHA1 | a34ed179ab00da96d671fb640ad371e9f1fe86a0 |
| SHA256 | dee0325d5ef7132ead18ef104ac746457dcbdf2664d1e0ba7fbe34bf62144c42 |
| SHA512 | b1f1e72a157ce247cd8dd4c71bd17d9218452f08a87d7b19d5954c142ee61d491afdd27d51f79f45e2b7250b2bb6e94e9d526b68c3aea4eb34ee466637c6e915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8136ce9e52b76795a429ea287247adbb |
| SHA1 | a71dae3673519d86db27c6234ba68cfde29a27f3 |
| SHA256 | 866eb1cb82f60ee1db8bbdde4562f149db969f5a71c0261b458f2490116d0ae1 |
| SHA512 | df3b351057b5bd5a3f2cb518cf81a7aa27b989af1f646c87c70ee66c30250dbd22f451fc8b3e70b243a64d267c048b9722338f13e10ee96c2e3e1411d12e1c23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9933abfd91bf1ef9d19b567857ba2a8 |
| SHA1 | f93ca34d9d288a9d20cc998b69e666ab38428fea |
| SHA256 | 7b0ebf12cf73ffaf23e3aa18dc9a9e40590f8799e8012ac7237402931eac65d2 |
| SHA512 | 8461ff24759c5e746e1bced7a13f31516f27257935c4f03682559ff094e0c9bb825c793488ef9f3802a5bdd5e5c8dc64f9c8739fbe064e5f23626eb15582b70c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6b9b0ece4f89b99b446f2c5f50d31419 |
| SHA1 | 52e1e7d5fd2f7461da10e91654c64cdc8d3f78b1 |
| SHA256 | 0f4dd1c7824335398570dc13703a6040af9a46ec617bd6e7aa15dfa0f28b578c |
| SHA512 | 63dfad52e9f8eacb45ad37f58ec08083d339253555718e4772bf7f8522d769bb432ec9f79f8c82873c7a4245db72f7be3c432e7aada6b9c43a3ab24f60be7b62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80af201cb9a9d42d6476d2dc3cd79099 |
| SHA1 | 7724d92e3a1b055a3d55ec7108fabd44fd9489c7 |
| SHA256 | 4a7607356ed1972c8a771e4181bca67d7623595b0a7b09063d9cc51d5404ae98 |
| SHA512 | b62926d3e48c2c044b0ee59ffd71557734bd66c099556193cc99d871b802135cca407fd405c611ffa6a95145645883afe9d5ef7880fd37fa14bf5c461932390b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8de1870fc9fcec821d9923ba456b6c3e |
| SHA1 | 128c3085209a7c420bf38049d1f6f0cfa1ab3cdc |
| SHA256 | 89c3c170574abb6673440e196cda4fcb61e5ccf5e3c97cfc8b9e5c4a6f8749c8 |
| SHA512 | 22a648dbf16001d956e69064314572f70669c49097f5093c8e136d505253f8d7de793ba33505a7dad143941573411aa755f9b0bccce98623cb29dda164fe8ae2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:19
Reported
2024-06-03 13:21
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ed825a483adf364db34befdfdab93c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd092d46f8,0x7ffd092d4708,0x7ffd092d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16611884855173062412,3700424342243284135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 8.8.8.8:53 | www.condominiobahiaderosas.cl | udp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | igroflash.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| RU | 109.248.222.212:80 | igroflash.ru | tcp |
| RU | 109.248.222.212:80 | igroflash.ru | tcp |
| US | 8.8.8.8:53 | eve-space.ru | udp |
| RU | 109.248.222.212:80 | eve-space.ru | tcp |
| RU | 109.248.222.212:80 | eve-space.ru | tcp |
| US | 8.8.8.8:53 | weather.yahoo.com | udp |
| IE | 87.248.100.208:80 | weather.yahoo.com | tcp |
| IE | 87.248.100.208:443 | weather.yahoo.com | tcp |
| US | 8.8.8.8:53 | 212.222.248.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 34.246.52.222:443 | guce.yahoo.com | tcp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| IE | 34.246.52.222:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | csp.yahoo.com | udp |
| IE | 188.125.72.139:443 | csp.yahoo.com | tcp |
| US | 8.8.8.8:53 | 208.100.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.52.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.72.125.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_4136_BESZLUWEHGZOFNJH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0b1e3bad-c842-4635-89c5-a58cd35e7e19.tmp
| MD5 | 76793c7b06ed59927835116852d28948 |
| SHA1 | 751742b27a255b6b95ed655247530447e75be497 |
| SHA256 | 4e6f5b0b867c12b26db47463956168152ffce0f7cdae9b61af65a8371b2ab80b |
| SHA512 | bf443374518bd154c19d2e0150c3d5d8874f7d0932410866a4f8982ca649e0f28f81e41d2f9c66110188648ba480c5da7c31fd9287b90ec4b2210ead5eb036f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81c43e5a80bd75580335b17fc780525f |
| SHA1 | 860a4803a60e8d0a573433051200ac3de0d9c3b9 |
| SHA256 | 222b117a44fd36a6e325fde098c48bf9e30be5888cd6d855494976afb9aaca6d |
| SHA512 | 5bf5986806d8a06017bc0c318f293a4d236d6ade7eb1eaa7e82a1a05b6427b820a6ab6af69d3f88c1d72cc88912518e216331fb00a433d80753cead3509822f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad885e8ec6687f18b683d76de35af5ff |
| SHA1 | e055e475cc614b54bd5befac0870f3a7a5c9b97c |
| SHA256 | c10119f941429915c6eb4a6f42272806183fa0e8cae6b8112a03e3d352a34e0e |
| SHA512 | 1129cd4e888bed285ef04116fc0a71a9db94b66cea58be7659d686a85b147fef3f4d5118abf34db33eab77da997a3b5a005a32e745ffa48102ac814c135ff70f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ede3b754a2eb7ed70f2f206f5380d1ee |
| SHA1 | 8f8db9a8b5daeb5ea7449ee0323933ec95c071c2 |
| SHA256 | e22c579be8da27ccda1d1df12843a64d53a84c136f9f509b1b00ac5d59de8d26 |
| SHA512 | c8105db8fc8eb44202c8c76112d8f06b5329bfbe29a6d60d4e4506b653360b549b136fed34385ebfa320af5bdfcb00fc198477b6469241a8dad70fed3ee8cd74 |