Analysis Overview
SHA256
619ebcf5b1d486dc435142c193d2d1a93d09336d708fb912f1665135cce04618
Threat Level: No (potentially) malicious behavior was detected
The file a2d96ba979ccf8d529175ad4ebc7d7b3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:09
Platform
win7-20240611-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000011cfba4bd7168f684d0f4c861d0f9cc79c094fa4d2fc742bfb26ded335d70d74000000000e800000000200002000000060c6d8e79f9b864a09f34a99ef123e6389c9ecc30dab2beda5ef013a6a81722320000000a2b788c428cd869e20e0dd6cd75c03cf5c84117df84f8a8ce0cd5b4e21e25e68400000007399275c39a949bb075aae8838f57148df11bb5c83ef1c1381aba84bb2eaea4cd76bf82243fcd7c8a37a38d60019aef9466b90953344124c182bfb64e74be1ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A54BCE1-2910-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006ffcbddd20ad5ba2e8c5a33eba02735b95c3fc3258d1f3e699025cd67a5692af000000000e80000000020000200000008811e708052ed50207eefc45c95a621fce27098ee5375ebd4f3d2e80ff19ef0d90000000594030ae665481f1d797193dac36829ecf10becbbbea0f0701427413196289863520e5ee7780455284bc47b5fbeb6fdc39fcab9195d07f5250e85ccc9715328ca7a233462320620686b2457a09547a47e2c9fe492a3d3088ff7f8167d60de6cbd90c17582bf3db5285f557911c6aa24770998462ab38aae5d589f1f63fc3db918d9545dc55d4d40cdb00cfafaebec45b40000000e2ec685e96c670bf9c22f3a33ae7bd9f35b5f6c961f397ec36c89bd6d7ef4d8b4da33166c039d5d539775ce5a1987b451cfc79b8c26659cae0ff72cabf52fe9f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395490" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30857d521dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2860 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d96ba979ccf8d529175ad4ebc7d7b3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | googledrive.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | yllix.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.checkpagerank.net | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| SK | 185.66.200.224:80 | yllix.com | tcp |
| SK | 185.66.200.224:80 | yllix.com | tcp |
| US | 96.30.9.108:80 | www.checkpagerank.net | tcp |
| US | 96.30.9.108:80 | www.checkpagerank.net | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| US | 96.30.9.108:443 | www.checkpagerank.net | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| US | 104.20.19.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 686a80cfa6060130ada9284e4151c9e8 |
| SHA1 | cf584fa1850311a84aaa1053bec4318b92d5bd4e |
| SHA256 | 3a236ed916284e681b4380d578e4af7c2078f3beacd3655d305dcd64f500e589 |
| SHA512 | 67ce957eed1791a8b89c45bd4946486920557feb76ad3fe87bb1c04308dc522fc4ba3eec47b4c20dfb73bb04ff4d37f4e697d4bd967de74aec3ef11e2368b19c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e56e8a78c63bf428e8186c359188db32 |
| SHA1 | 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366 |
| SHA256 | 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59 |
| SHA512 | d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e5746d90cc24ee027f81eda59158f708 |
| SHA1 | d1732333d26d3aaa9d30031459e43fb34a200ffe |
| SHA256 | 38ea46d16213d56dc2d6d698da07e755f0c64b6b218ae3a73a313fc215dc2f91 |
| SHA512 | a539fa44c6c3034a4a8eddbe99d5c6ffdd6d08d27677dcb042fc1f2ae574a9ae16bd133f66c230cdbe99d1cea2f6bc7e404cdbf3b8c813fdfe1599a0ded39e47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab6C1D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6D68.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18755d0b203e1772476dede6b3aa20d5 |
| SHA1 | 9e67571dc9d86fee01e240a51741a29cab3cef78 |
| SHA256 | 5024cb346e4579e0e14499067a4160ed512994e49ba87b85ed1a011be6967e36 |
| SHA512 | 3e3e86e5772309b60d2f839cb7b1001f2f412b72c402be815c77b75c471fc33ceab9959608c716803b80d15b35220553d049431f84f1cd0524292a08b9434f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3227c9766f6c606f7fd4dd881568cc3 |
| SHA1 | c406d2c47535291b328e633ad6e3c45ffc4d0a04 |
| SHA256 | a74d00429eec5153c9eb88d9b64c418bd041349e77f0c12109abbaf89be09aec |
| SHA512 | 78ea7bd85683e5c6e23dabd637014bc2a042c7647c4d6f8017296114b7fafc3c2c3e6fc19141e1be1a3558b5bbcc38a08b4313f1ed7c0d0984c5321cea4e2d92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b444091b9097cb6e48fed9eed9139a |
| SHA1 | f04e235fcb8722e7a181aeb8b0aad9bb39cab9ae |
| SHA256 | c1a499cc90f01bb3a2b0f99802b1e370a90d1530d1a91880e8275d8a5e9b9499 |
| SHA512 | b1ede6345a9a41fea661536ffceecd313941a5f37caec09f4549d531daac2f4424858d72891101372ff6eb6fa717dd80b9a5b7532ad9286244837ae947e812a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7775d3d84fdac48500e368a3548a7e22 |
| SHA1 | 0ef855a326515fee731b5ab2331a341fa80613bc |
| SHA256 | 6b06e3e928c1bbdd5c89ddeb842fff528f1060b551e0bf1a933c13654ccbc15e |
| SHA512 | 67a1d2211be0b7e925ec1a0f84750b3765a0536d35799863e1e66937141b4827d1bdc7fc5c5d29f2a055c31f15b1c23c0696af1e025e30d634f8eb7cf7819af4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f20be6278d6471469493b296c6e360c |
| SHA1 | 605f72e1120d07ea359768437748419f7223cfcd |
| SHA256 | f690dd7459613cf63c0dad701f4551d30b824c966e6fe37e846e4ebdada711dd |
| SHA512 | cff60c36cbde0ee5ff5d7c4449305307390df49930ed7f3993b3022b7a932035d5d4735527f7097c2bda8d534214adb24e3c90334a2781c24544d60ec9f6a932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb11ae7796fd0b783e41431e9c01269a |
| SHA1 | ce948209f8daa610cee8e1ecb371e348b5e095a8 |
| SHA256 | cbb96207e424e963a5ce03880ea4347e50c5de5932306e0697e05369ff62bf5c |
| SHA512 | 13422939f0387fe50afb95b5c1655e1515022892f0c8bddac2467ed3635caa0919d9d82fee7a8e97df4d4edb4204c1367a6e543fa6c9ab1df9440a900b34fe4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7114e2133bf5e14e1df10cc21b042993 |
| SHA1 | 3ba818b70656b1dfe26ae2380bab3861219bd151 |
| SHA256 | b8fa3d2e8b7f657905819af2c1eeaf7a94756bccddf5f42776f70021b4ea3ff6 |
| SHA512 | 1da6f23bd7b6b0852b4360a6bdaab5a2d8ef880d95bcb0fc856458ac8492718223b81f657d6c44b41623246884bd66d6d0f9a0e3434913bb948e6ff9ed70a75d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04dce997b6aaae9ec6b7ae36203f0166 |
| SHA1 | 76c25922e82527d40f2fc5cb4807da582048e36c |
| SHA256 | 7561523d0a9ee2891c3b34d1a8e719814f5e4fa921419f9e4ae0e31ae13eefae |
| SHA512 | c189346f6b2521dbb90b6acb83f3ba6806b0273505a6d131341b32ce15f6a20c1f247543b52899603b720a20da1004eb999fd9e9e54ad8c86fc9af9eeafbc4ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca1bb443721196e77c3841c1b2fc151b |
| SHA1 | 4ad14db7c9771cb22a1cf92ae2858bbc88c55a66 |
| SHA256 | 5db2de5b8bc682092ca3f2301659eaf2c7a2eb8751decbce5de6582f007f50aa |
| SHA512 | 21cb74844b0c9cac3d4af4737ea9f6fe86b2ef021985ad8e631d6abcdde58b75b320fd705b9fb7483a0ef4567e57f3e3c0e8e131d1f4535930f95f838bbcae8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67202e568a2a1cb0334b0f1a55ba98eb |
| SHA1 | 4a45e5b3a436d7e37eda70f27512345dadf6ce7a |
| SHA256 | b3ef04823c47ab973bfcd2af4c0fa76f44104f67b2b631a229be53ec18ceb0f1 |
| SHA512 | 9e42223152be0c2164667d83a99e43f7e2535c05741d9b91369d624745aaac5bcecc08827f02b15282547375e687b2f19c16563e095c6b44e130969a41509b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39bf858260278b850595e9d8602fca78 |
| SHA1 | 063eefbf84f7dc9a0d743647161bc2e89966b554 |
| SHA256 | 8628d339311120ba6eca877030633b69546d04c55d54fcad20f73b4ebef581a4 |
| SHA512 | deec46f2fe189bdeb21e05eb373720b05a30ecf959ed3a2f84a58fbe4c0cdd763428e97042953334ee0e14be357a9e32c0079bdbb0434ef9fc4274d3602f72c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81841ef7597f4fd034c3fcb95bebb118 |
| SHA1 | ae5f3b595324ee7f2b24c8153ae5f86ac37224de |
| SHA256 | 832eed57209ff3dfec6267da8df017c1dc1d97c86d25f895cfe049928513b342 |
| SHA512 | 7407f3a7d9b5c3a088440b3caa734b78c5927ebabfa88b8d557ea04cef8451a7fae7c55e18bd76c877898a3ab603bc0d31f9012d7c0ec432239ce1789dd70ba0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e798bafb136005e9926cdded0ff41c0 |
| SHA1 | 37016e41b1ed009b59ceef5cdbdf46d9ccf2d1d2 |
| SHA256 | d32bb7761de860f527eb5d67144469eea9709d0576e5f65aee3c43810c107725 |
| SHA512 | e963dc17410754830a858162df00bad4f8e6b723772acd86a5097467a3ff434516087ef92ce665156cf2185a014277d3b8fca334fd63a8e6c05933eb22149354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9e4bd6dcb6b5bbb819bfc48e20cd431 |
| SHA1 | c500e74410095b6b17b95ce6c06f67ff2a0600d0 |
| SHA256 | 8b793d4563ba031fdd39468cf58d624ccd4c7ed519a573fd56060a9622a6b37a |
| SHA512 | c3ca99df4150fb9bbbfa4ab01a78efeedc63cb81556f57bf03c8822a68a8bb37e419a39a97d9d3c30def6dd27b40009c57c31dcd9aef539cf6ef579538e35237 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb4cbecab2d106632d11e29a6279343 |
| SHA1 | 812c1458bf1e1bb7b4aa979567464c0975248b2c |
| SHA256 | f5b447f86900e58f35ea3eda0e9fe5d1e824906bc7d9267a1a3a0ff220c535d6 |
| SHA512 | a74b8309fbc5f6e45a54b20403d117fdb6789dd061e82025915137f0c66152a26b7660ac74ac549edfd9796e7c9f17f6d782804f1910407e8e885e44a46f5a16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587043c32b64c1caa9c319f84b5bddf1 |
| SHA1 | e65d917982c933f673f2e069948c9ac22c2bef8d |
| SHA256 | 9f53a400aaea1f820e80106036c028d8146a726c31f2e1f61225402b2e95242e |
| SHA512 | d278944a38071516f7e19ac5e37a541e476935f11e4bbde7994b55459a34f27a6bbb3c0e684505e4b1f0067d74395261da4f30c94b3f1243f61bd3ac3000bc60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3243321e5f8f572d5be29c6f6771df5 |
| SHA1 | 6ad0053f12127b85ce833a8d4238c8e170044431 |
| SHA256 | 9e8e0c5edc356bbb7633e90728bb9dc8d9725f19ca1ffabb4c2f982c1353d2e8 |
| SHA512 | fc49cc5fdb3341789c49c372fba292b28629b5e74e984084fe34264d92207727356530ea1e3b165fba3083be7de18f573268deb61fdca73d4e6916826a24fac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c57a78f688d75ef70ca1708ded6333e3 |
| SHA1 | 1143723df3ee76f83a9c4f531d42f669168f97a7 |
| SHA256 | e4f73207f7b4e661fd9517ac60ce7bfa7e72d0587b7e61e73cf1ebeffaef89db |
| SHA512 | 04030cb172db3fbb7fcae47438c970130a7a2d5df515fa1ba406d0fe3908d86f74cbe8c48a51332a15d060c380ca6b0725e584dad3e53f6e63a1c6b743a0807d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75a01ccc0054f6d02e33a72cc5d8e78f |
| SHA1 | c02325c5fc184b4db9d5040ef61eeddc4e64fc33 |
| SHA256 | c375a9f6e9bec6786d6d5ab90107be891d8dbf2f86d0626c70d9513c5af6bb6a |
| SHA512 | 274f0c286e621751b4be85562ce3cbfe2cef5884845e1b550d0ddd59876241b1df3a15372da828f3d322699f037b225babe6848977f45bf2284bd27a7981b049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3c395ac5f87a3f672959b870e5e4369 |
| SHA1 | 54e4f067ce966af7ecaaf13567eaec018f8b837c |
| SHA256 | 385644bc28c8ceec0a5f5e0baf2981a79e2df7e5167356cce500c9c936285927 |
| SHA512 | 8b1e9a49d25c50d983b4bc7ceab4a5f813b8f8c8309fe799bf68634741a429e8e94412fbdc95f0e6aec1cb978278acd749291084bd227c4b9dc2cc2a8cf723e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d3ab60e21bf37af0a490eaeb45e62f |
| SHA1 | e68839eb2e77a583a07b5a81752f96396a1d1704 |
| SHA256 | 7ce142d863038f98a58401461a74cb71d31d870507f9ba7a1b3d5de77d79d9e3 |
| SHA512 | 532712287cba1dee5f3abb0eab5971100a020dbd46cea548665b79a72cf946d2c61a621692fd9e95931d21cee7b7c99fa0f241d96e1fc2e980d35a58b5efceed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11b10f2e9b4d0cffd7d9acf15c45a7f0 |
| SHA1 | 4738e710d5043dd6ab48cc5fa1f164ca8f935943 |
| SHA256 | 917476d42cbf8bbe9329c1c1911e5becd6bcde145c875590a6a6223c00f4697c |
| SHA512 | 672a51d013ee43c5cc210141dd0be715310710b0063339459a6a66526798031ae6d169f003d23679db9fb36d2e49b0728e78dd614c90ba019145d36b748d456f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:09
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d96ba979ccf8d529175ad4ebc7d7b3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7e046f8,0x7fffd7e04708,0x7fffd7e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13702309681598701168,12639914429284984202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yllix.com | udp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| US | 8.8.8.8:53 | www.checkpagerank.net | udp |
| US | 8.8.8.8:53 | yllix.com | udp |
| US | 8.8.8.8:53 | yllix.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2984_JHNUGDKNNTASDFJP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5db4c5626b017893548792d8c8207c46 |
| SHA1 | 61b1d461562bd3bb4311810c9f57f30be01e64da |
| SHA256 | 5a49d13503c17ebdf9eefebea27a0d8af4676b2f123cd4789e65b102d381c51a |
| SHA512 | b5021b9b059bc556afe0a5a8a779d0e00b4fe24ff4fd07281066434a8a899f8bace93638c2276a6f9e83b87d718ba4cc7bf0b4893584bb5c56b6f3a17328db71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0a8bac5725e965b9682a0e518e26161 |
| SHA1 | 3388f658498a0d905c51756ac5d5e8ad767513a7 |
| SHA256 | 27105707df891b7861888877bed8de370fac8bc673791839ece66752b194de83 |
| SHA512 | 231ce70ecab497fea1bee6d52bed6b6a1e732950445a25e5a59e7ebb9f3ad147f4cf3e45befe84f020f0238f2999825ab9e1cc7bc8253e075eacfed3ee42474f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c185cddedd3f0ceb0b74ec53a3d6a3fb |
| SHA1 | 2eed85563ad517feb3dde6f7dc9509d2eec4146b |
| SHA256 | 73b6ea51f5de205eab0b0cbbd923a9a5c5ac57e3fa83656ed453e5121f9a5405 |
| SHA512 | 2603dfba6edc6c7cbd333b8699bbc0fba4c2e687ebb2405de163abb7543de3de072d0d0fdf35a9ae8acfa039c391e17bc9af40f2c1b7f66ce130ae7b99730aba |