Analysis Overview
SHA256
24141a0f0afed16847792d194ab1cddc1caae137cb21376c80fa4729d10a72df
Threat Level: No (potentially) malicious behavior was detected
The file 91f2d235bca238718eda7df4c29c9a91_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:27
Reported
2024-06-03 13:29
Platform
win7-20240419-en
Max time kernel
140s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0119E5E1-21AD-11EF-ACD5-DECBF2EBC4E5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d002cef4b9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583108" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009fa1fedaa5d2b3e7cae8d0c2e081bb51028a26180ee8ccd916924e932dfd012c000000000e8000000002000020000000154e2f7ef1205701c87e3ceced0832b0e4c11501c0c45071b68b1e5368ecdf762000000030ded42ee554b2564f25abbcae847e60541e972abd6daadc3b7d43254268ba95400000005c787984b8de9d94b98a548c5733df6d2d2ac58da1c8e5529affe0d4017ac9375b6a01b0e9994136828cd21aa7b34f8b26d01f2d0a4dea90a447512738dbc82c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000be45bec5ff70843bebd01605f83d68e4c6b77b10275ea07d8a1e648cd501278f000000000e800000000200002000000023730c97f701c6cfca419ce76eecb6c7e61a1c18bd88dc973a357f4b1fd7a0f69000000070996cac48f311e8c44d710c7c8e5455e4339b933d7f8761307b56210826a7557aa931b8b978ad4b2a99fcf9a623b6e4ae1c930421959718d5564e82ae838dbef0713e9a6fa5fba6492924e68e6d357d41a3d4a114795fb8010d748d1b62a3f574bfa43c2fd731f9cfcd9a8838b1168de242919a06ba7719cd02bd67150c0232867987231cc6b60f5e3fdf2dbc5fc06e400000002b7b3a22f394319636699a0149083d38eabf10768683001bc6372cf09dfbab2b70c742f5693c18c2268005e6ffd36b35366cdc9e987bdf2f827c80f3108b6f68 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 992 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 992 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 992 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 992 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.limadetik.com | udp |
| US | 8.8.8.8:53 | i.picasion.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 104.21.235.82:80 | i.picasion.com | tcp |
| US | 104.21.235.82:80 | i.picasion.com | tcp |
| US | 104.21.235.82:80 | i.picasion.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| US | 8.8.8.8:53 | pictures.picasion.com | udp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| US | 8.8.8.8:53 | www.bollingtondropincentre.org.uk | udp |
| GB | 88.208.252.9:80 | www.bollingtondropincentre.org.uk | tcp |
| GB | 88.208.252.9:80 | www.bollingtondropincentre.org.uk | tcp |
| US | 8.8.8.8:53 | www.bridgendcentre.org.uk | udp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\style[1].htm
| MD5 | 1304294c0823ca486542ba408ed761e3 |
| SHA1 | b2a70fb2d810ca13985882e6981f33998823e83e |
| SHA256 | 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982 |
| SHA512 | 67430e967118d2b2d8a448c583bde082bf512da88eae75b0501ec5a6c2b0bf46936306317bd3ddd956c5c6e01fe0c7dbed43927588efba06c5f84d8a557f7b8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66e67a2090ad90c51659868abb665bde |
| SHA1 | 10b38d8847ca2211a9e3a337aa4a12cdd2d1fbb6 |
| SHA256 | 390db138b04920af4416aeddbc4bd9a9d474dc5faf408377e067063761a40d59 |
| SHA512 | b1a954cb263e577e812f9ddf0ad8a5bc7118746ebb876ea3fb087bee2bd26970991a07a31ac209c200afcae7348c5dcfd8c34604ecd09a772befb7df7935f94d |
C:\Users\Admin\AppData\Local\Temp\CabFA19.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarFA1C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFB3A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6ed72d31609f6484b4cd6fc307dd73ce |
| SHA1 | 8023bbeed5cbd551587ac481b53582281feac23c |
| SHA256 | 1609876753b57c435fe3aa2cfcf16a5b44e90bbfcb3c316915f0959dc3642f27 |
| SHA512 | beebe932be0ac85a3eca58b6aa1542f696f77eea2ab783f69547de93c4bc59c4951cb380691a575e31bb48812e86584b26da6c7e3e137abe691c6ae1d7ff7061 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f107a3da117bbb0f08a4a88729bad16c |
| SHA1 | d52104c2e6eabd260616b53c0048ea5afe99bb98 |
| SHA256 | ea17f1e2eb4020b8bfad3b00feabb980a40bb10641b3b8e11930482ef8367b5c |
| SHA512 | 03c0c17147c29687056654452d1748c258a6707ebf3e884466ea621f6747988c34876fad925e4dc06178ce1b35197a11e92e1c52724590b15d05c77694a3a59f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41718c3b09ff54314aea126d5279eed |
| SHA1 | 8b8fcbb895ec0f2148d214f019fba9bbf1d44d7d |
| SHA256 | a77961e0d16feb7066aa6d422b199ee0125d120bfaa5bdf560180df189f42fc0 |
| SHA512 | b1ec695ee936e15db2ebb46511557d1c6440d5443a9a056af14a403441d025526d992994ea6301319ac62e7795dc390e2429741394702a3d0af73d0e227cd23c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1420c5803d2f9a93e50288da60a80791 |
| SHA1 | a3f6f83122e5aebf61e5dd7b693407ac076a8984 |
| SHA256 | 25b5dc1117c49851ea35171829f31ab417714d3eee1c9e332352ac5fa2066393 |
| SHA512 | b6d769ba522913f68c7246c91126a96de5c0dcf4b64ec162fbd2d5be7209280acddef152daac88b2b7b368ca10a09d471f765a3c98a86e652f3737f1525d9aa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94cac7a2df13a8452bbbc6e1720bc7a5 |
| SHA1 | 51344849fdf0eff627b091696fc67254abe02e20 |
| SHA256 | 72fc66d5a686b459ed0f90c83b7c12de86a740182bbcc14fafa9f02742b085ee |
| SHA512 | e1802c1dccc4d7621d85cf01a7100b969354aa16b83e74dae6eed5544655646387580f52c9fa786378e9af37f532ff17b3dbad99bfeb6b5e754fbbfb909745b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fe6d76227c18908cbc1a7c1713a7923 |
| SHA1 | bf0946ae0e4d0a62c535f94fb11e7b3a060948d6 |
| SHA256 | 3289eac451592c8c95c25f85a81a17a3d584f51a44315774d6eb35e542690a1a |
| SHA512 | 09381ce66fbbc9e76eab75ea1fc25d32c090edc7e30dd1ff40ff5cc05369feb7de2632b8a4a2f0b74f5e5caa83bb169491f2565ceb6128543ab43eb6cbb4a372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 011d5886284111976a677483ec09bb7f |
| SHA1 | e3ee350409e1aa23fcf68b0a6609c647dcb9b84e |
| SHA256 | 54d8bf034724107f5e94be06c52319e9695dcd5d5ab7f0adb4063e6079ddfa74 |
| SHA512 | bc8d680855fd2389616ae16a22d70315471926f74419bd145b2e941aef18158693c29ea51ab714cf8de9e1f2fa537ccbe4635be59f0a52c93e566b4ed3032e29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c9d3c9067ea0549ce28414dbc92c0c67 |
| SHA1 | b2cea83b1ea064b3cc54525b1ee93e922ceab465 |
| SHA256 | ede92ee60727b8c2cc42ec2db1a9903094ce473457cb977f4723594767399764 |
| SHA512 | d53466f986c21d8d76b6d717cbc5ecba7d8d764b32481b54db500762f156dc03a5925ee86c470990b14dfe9673b4cccf0b042f3d331dd3e65c2f6546d811bc75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b898cadce49d3021fc250a04b8195ac |
| SHA1 | dd6f9192ae11103884eac9db25b5c4b49d1a280d |
| SHA256 | 162c30137f28c266393bf42ed2a5719df01e766965c240e4b50984a439a7d2ef |
| SHA512 | f53e5dc59fab7648092e5cb5afbff06cd37b21af2c092f89b0359544214a8353ac5056df54c46404a568cb0859092c2302f25b0dcc60982055abdd1007a67d82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44dd3ff81eedeb841e73606d3b7ce56a |
| SHA1 | 4bf118d9ab5a38a1f5c58880ab6ef03051785453 |
| SHA256 | e69ed8b99acff00522af9358f71ddd0fd914fdc56d16a90ff083876a59ade2a1 |
| SHA512 | d00805b8e86cbd7971b614c983f572b1ac1d0313d968efd52f1cc25ed757944b4864743a7914636dc53646800ab63118d000054720ce9cc7c8391c2d03687448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3977bad31d6a464c5449371de9970fff |
| SHA1 | b851dccaff19b7890a6d0b9be23af9f013a339f1 |
| SHA256 | 71db92c86b09b652a06203c99179185d6a5498f0f84e8c14e0529b4b8d994a48 |
| SHA512 | 8c989a84d877edde95568a33510e54e30fb665a2b214f68a8560a8875101b0e0ab15bd02420cafab4266ce7ae93ee95df15f7ca28c8d7950fd3da2e037d20d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24b4375641a658e6c069a492a505c515 |
| SHA1 | 1d9eeefc0debbafc8b7bd6515396c84bbfba0bac |
| SHA256 | a4ef2dd10abbc289b978c534a22848b4bd9117a17a1c8867f288fd8310f3fe3a |
| SHA512 | 2e5dced5864b2120a5848e7057fbd1205214f107ee1547f9497f6c5d763484a789e457cae328de39b22da2a3c5a0379968566ac96b579f9f95120120e6721a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23bec98343bd79cf1949ec0f63df09f7 |
| SHA1 | 356709047e434785282d9c7482d4c956f9ffcc59 |
| SHA256 | 20c8d5184f840b5af3c554a8e149e5a8836d22d32a69f42d489f8bd81dca6c0b |
| SHA512 | 34d5a98435e2685212fdf00b15ab004b9b4937cf22e905628a8d4c3d4d4cb168be69c627307f3eceda5e60cde78cdcd3875c63c6f555d4d06def6b69d7bea180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76958792eae6cf30bc2a8f9380cabefc |
| SHA1 | ac5b12d0ecb8fd5949c3851bf7bac5eab3e44281 |
| SHA256 | 607e7b6147e3966c237840c0ba03e0fbb9fca70f4af2d055e24a64606256e9d2 |
| SHA512 | d9cc51d2b983215db8fd80e065f19103968a4fa805cbac19ecbe74e7090e27eb36b3abfd863bc453d0a5ba170701c73ced4275477327bb3ac430da6337e64456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff65502b8f47786cfda5ae1e1ec5b9fd |
| SHA1 | ee5866317a2c59b4a3cf45891839d45dc6b7ae7d |
| SHA256 | 593874aa9f9f827de7fbbd8d80782ef8f05d577857a799977abb364d96f04a61 |
| SHA512 | 8632930f0a56e4e11537d342cee2bd2cdbbebd7103befb9f9b03c83cf62840eed4ee90b18c941f2cbd61d1b3c48515f5616efc2a71c0d2c9f8d912470b0925ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cc9a77124b1ed3d4b61292d0354a0de |
| SHA1 | 304ba7e9d6ec9298207484a4393959d138854d98 |
| SHA256 | a3ddb00a929bb79e2cc8d571a8fd0b7cf37d8798b1df7e4b43d126305b7f46aa |
| SHA512 | fe6c8a2a372a99cf2b1243c209966aa5df59b171965af12075311966da31748f7af3f2fca198f671c3d3c2cecc7615bb6192267ab517c7001bb3b04861d87060 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac90160eaadfe46844152841f6886d9c |
| SHA1 | ee174b2e0123fe3252f209f858d6fe6c2ab083f9 |
| SHA256 | a72014eb03adce730edb0505367f9432fa8f0c5a4b6201409968e4d66fececa9 |
| SHA512 | 8a5914b2f21b6712948a44e9c47fbb172a41d231f6a52fa53ae8c4028e7c498768b03a4322b854a726a43c5387dd6cb1a1d0d1b494cae3effff7c578c23a7957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1ec129644f2f714df1c76cf73f25d84 |
| SHA1 | 4979e3d16d822f7bd5d0e4bad6d1f41980ce6014 |
| SHA256 | fc3276228dc8811470c7d7e22876fcd941546d7593d7be66b88278685019cb9d |
| SHA512 | 24d8220df9bab8f00280584ce71757de7bd780a722c4df4c2644eba8792e6dbc5266254681e619c47d62f69181df11797e666d31e9c09b37663e93becd41dc51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7927c91a3d9173e4a5dde1866b5f6ce0 |
| SHA1 | e0594048784b98b501ead56011baaac6af94167e |
| SHA256 | d8c65c74f9ffcd822622e2fbe292df080317bbd5e2574845e94830900cc16b1e |
| SHA512 | 097e7762ba489db162da7de9d7fbd03d01fcd1c031f17e115893857efd88951156ebf8b1210346329fd7292e758519def1261233e3248d72c9799bc9255644e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:27
Reported
2024-06-03 13:29
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f2d235bca238718eda7df4c29c9a91_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ff746f8,0x7ffe1ff74708,0x7ffe1ff74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15944794810076102376,11841520854715845396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.limadetik.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | i.picasion.com | udp |
| US | 104.21.235.81:80 | i.picasion.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| ID | 203.175.8.82:80 | www.limadetik.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pictures.picasion.com | udp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.235.21.104.in-addr.arpa | udp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| ID | 203.175.8.82:443 | www.limadetik.com | tcp |
| US | 8.8.8.8:53 | 82.8.175.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | limadetik.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| ID | 203.175.8.82:443 | limadetik.com | udp |
| US | 8.8.8.8:53 | www.bollingtondropincentre.org.uk | udp |
| GB | 88.208.252.9:80 | www.bollingtondropincentre.org.uk | tcp |
| US | 8.8.8.8:53 | www.bridgendcentre.org.uk | udp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| US | 8.8.8.8:53 | 9.252.208.88.in-addr.arpa | udp |
| NL | 160.153.131.203:80 | www.bridgendcentre.org.uk | tcp |
| ID | 203.175.8.82:80 | limadetik.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| ID | 203.175.8.82:80 | limadetik.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| ID | 203.175.8.82:80 | limadetik.com | tcp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| US | 104.21.235.81:80 | pictures.picasion.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_3620_JIRXBNFLVURGHIIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 065d3aa9682a9218d26b3199fc23bb74 |
| SHA1 | 6ea48a0908f856c4cb37fd213a19d0783a348958 |
| SHA256 | 9718b46257d05c2f7ffe1a8a3cdf45479b54e4b8191a5e3e4c9665c821026ae5 |
| SHA512 | 33b633b953f365c2dbf6734bc25a29b1516d097dd27c6f22551191a8a40faeddcde2d92075480f1ccdc253f437e6cea203da16a592cd488ed3614905bd60f5fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ffc01001889df0609e1d7b62cb81936d |
| SHA1 | dd9d52b55aeb738ca2aaba23fda29664d75d28e5 |
| SHA256 | 0d32f2b5716aaf84a48fe77308bb71085e4cb83ad21a2c58d6506827fda369d8 |
| SHA512 | 1e228f3ac33dae0eef0f9a87f9671e6513e0f7e75fb3bb8571d32ec188eb5466accef9fbe1bede98cfc51fbfb8e3617f65ab072b3e058e43dfd9d7e507f0275a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 110b9d3ceb946b22454ed4b34c18dc23 |
| SHA1 | 873007af37c8c44c0be5637e85db243f2dfa1629 |
| SHA256 | 517ec3b6dd100fd40ecf6ec9e08796be7c6514d562422c52b0752f2a85d8f123 |
| SHA512 | a34038973912c46543f909ffc3fdc5d8fedf7ab19410b729aca4e7d0dc8b8bb1418daf162f9c9fa8b2a815206d0d01ef8eeb8bdb8a8a38fd2b84779f7699c614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3876e0d764830f06fbb5ce81a6d8c8c |
| SHA1 | 565814ff29dcf60f213d40b249ea93d73d90306d |
| SHA256 | ee8de0ae55fd34fcdcc3c40b8a97896b6bd09f7d1100019f9d1f589d69f58548 |
| SHA512 | 039168a37f2601e363e130b5f8a02ac89dd515de8cbbd987eb1b9b8b096fdafb22e7f32a57a09bcae5a78cde4948186caf11438250da0373305546da0a18ea6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4940bbef016d1af5e556dfb81880beee |
| SHA1 | de68680f84be968f0d4950ca0d145ca5d4c31a87 |
| SHA256 | 514c6d3e2db0f7e20b498a460bafbd066c70f6adf83b23488b3a190fbf23e660 |
| SHA512 | d1dcd2945b0bb831ff873756eeb3f0378c8a564e151024e251af4a222744e69a30546a4576682eabbbf6474f0c1833a9c392ec23bfa4f2d83f030fae95f3b7ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 122bb0167325eff28c6fbf0e1952f0e8 |
| SHA1 | 7b3ba44f80f6e669efe1dbfd9f2cf7bd4a03c495 |
| SHA256 | fa9f982dbeb27108d0a038f2041e0be92d7b76b021195bf5adcf47c735897df6 |
| SHA512 | 9535e8331dc9b2b319304fead18d8be68750cfa8d4017d37ee21fb62ce89696aa66ff0b861fc6f53254c68b081850b164848795e40ee25f414f9e975db1783d5 |