Analysis Overview
SHA256
1c4e741c7fa70bdb9fa8c96c883fbb0d59595a40e2a0391d5e0b270812d40b1f
Threat Level: No (potentially) malicious behavior was detected
The file a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:27
Reported
2024-06-12 18:30
Platform
win7-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001cf757f6bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c23233e2fc0628d44058e9648a9ec9fa3ddc4166cba9d2566b0091a834087075000000000e8000000002000020000000c00cfbaa37dc5a361321882e8bfd24ada26715ae684c7e98e7b3d348c46d2ba490000000cf19f2a465979225db1b52a4dc5bea6abf9d9b41f3bc5511445c355f6271fc068719279e99cc429181a7da092b757bdbfc7e074f40727c2f0938755f4100eba0308ac401ecc1fca18893cc3d6c46c0899b7221c5a1183064e0d2155816fe0798bc1fb7ffe8bd86c9507d48ce50aaa77fb499ba11d7484e9d77998da3fb2a0c8f0f60d04221b651c036fa9e7c419db46a40000000b7fd003c50c7d8dcf56d3edc35f06396c7a02ecb92254c481037c70a23c3760ff4e902addf89574643df1c4fc52cb7c9100915d023c45f13863028e21286a8d0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000285fba0891e8a67c0ccdae6823b1a347d8c5151688e9aafcec3c08809987a1d5000000000e80000000020000200000006456bd49c076f7ed32d55f3c30b80989eb3bf9a5b87664910ad7d69a9d3c4e6720000000752caae7113720d3b887f56265ab5f043a2e2b1eaeb1a7704f3c4c048cd3dab340000000b3537e4042e4c77fa2a75a13028d63df8d732a2abe4d7c44b007b013583faba17b6e32dd03695d26bc26e4f0fc93ab1d0d79db43d753ba603a0bc35401275b31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81BC4101-28E9-11EF-B489-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378752" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1444 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | oesterreich.vendano.de | udp |
| US | 8.8.8.8:53 | terrassendach.vendano.de | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| US | 8.8.8.8:53 | terrassendach.expert | udp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a9ff1315cbafa3e76d38bc27e65677b |
| SHA1 | 48b075120ba58187dfe768c4d9c56c71d3397520 |
| SHA256 | d99f6e6916655084979b444f2bd28737cd3a4df3be56fb3aedca005943a18b48 |
| SHA512 | 956fac2906dd05713706ba25010d206beebdff961209c2da502b99e54a48774675e52b451bd745e0b3bbcd1945c39f33c85345f8f78ff08d581e02ab44910d16 |
C:\Users\Admin\AppData\Local\Temp\Tar91D8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab91C5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10b2b95e2558372d2ffe4b52cbc881a |
| SHA1 | 6c3b07e40d33bfdecac6a6c81b0889178304ebf3 |
| SHA256 | 676b503488f39e8535f4a7a158498642ea7ff15ddb46e161439126c985f49dd3 |
| SHA512 | 75c8b150df890c1bdd6d545cc7ad28dd63597e066402fc02803635f300f4db0fcdf673f264529c7a78dd779eb5b6558f79496c96f0c8a4660e65b2613a0d0621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93a7bb398cd8b79faf7d6ef68bb63653 |
| SHA1 | e6dbfde1f5489090e04e7bb95bf3ab7881bc12a4 |
| SHA256 | 3ad72e14f44d1daea3880709d5d181fef939bbf020158abfa96bed5d5a518007 |
| SHA512 | 5bfb1737e2af511f3fff50ab8cbba5a7879a92a7d37f916b3e18a0e7b09abe565ab6091a873d3ece60925e67116f624bb9052b886e44c50c85bb9cd77ac4c81f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da62de7d61d730cf817db58dab590b91 |
| SHA1 | 6e03f368517e88be6bd3983b2b7a8c65769cd135 |
| SHA256 | 8fe4a893f0f175d8758cefa7a2bcb3e00d9d2bb79f4b699af7ac507ab1496b5f |
| SHA512 | f70f7bf8f9a540f180282509924c2cb8fe40a9619f9d446c38be4d5ea7f4d22cd7b5f1b74346ee00ab36be811187be52ab1b3e1131ba13b4f2e493aa3045c7ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88c5070a0a1b6db0752d12379ca6dc2 |
| SHA1 | c6d76ff9b55df24e1323600a075418e8f65745a4 |
| SHA256 | 5ce288ba895e55b6e76689cab9caf9b4eee0534d541d6c70db5a53824e3ef184 |
| SHA512 | 5d850946133627716ee73e3a904d2aa559491b3ffc538d400aaf897e02cae6ea7b44f9e1a0a9c2b979fb716a9c4b263893bc26b056273d36b4ff13add1e56e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc4c459e11264362f5aa7716b297adc6 |
| SHA1 | 224abe1a830a0cd41257c4989dd12a68b7ba909f |
| SHA256 | 041edac79255119465e10f4000fb9fa39130cd5d3bcfe45142b6d314a8396804 |
| SHA512 | 6dad63f80a7d4c662ba8c9e139340d491a86cfdc273bba88f9445a6c6a8714e60d9a6d35b08e074d32bbb0891deccfa43aa69fce2fe1eeaa8fae6d5b40241c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e58071debe26076d5c5215e354c2fe39 |
| SHA1 | b5259c133e0d9bea0ff84671dc6f55983733b6af |
| SHA256 | c315a006b0593bab64ad210b330e98d86d0486ddec8c0259be36b39b14238e7b |
| SHA512 | 6066fda118c2324219826710309cac42f86c127e4a2dedc727b3cff62d45f8cb9cd9455e10db8c746cdbec900e3a36451e6d038db003ee953bd34927e17ac8ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21c4ecfcbcc08336b99e46cb0f16ade5 |
| SHA1 | 133adbb77cce16927cbd7dcdf3082d9f133c88d2 |
| SHA256 | 6e22b013f53fb6980f11833df31d20d7bb4c5853643f7df6e9f2c450263dc25e |
| SHA512 | a0e6eb663eaf00ed831cda9b2b7c10055e031c9d61b508d45c4bc259bef61b29e01c6f4705cc91696ba28b526c577e252ef158c634734c189b0281a5e5b52c3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32bd86af8982b96aaea23dbee0465826 |
| SHA1 | 640d81626e11b5d917cb6ac71415fe915d2602ab |
| SHA256 | 64e8826d9bcfeeb7cfdc263d82902a7daf5349752ba0e979fdb858efbf68f5fe |
| SHA512 | d1b43414ae0396898b5e8ba53eb072731f518b1514e5df0e3ffc90daa8469a2b71cb50e3fd77e5dfb14bb4eb739bb843c10cb105161b90ab5071f091731f1802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 343812919e845a37182ebc61d102e828 |
| SHA1 | f9ff517fc6678a342a7ad1ed25568097280bb70c |
| SHA256 | b091216483d92af24e06ea2443442e68f31b84fc8a7f7eeed5f899eb151166a5 |
| SHA512 | 3223372aba16dfbdef6d0f548ded433236a571de5bd8c70be628e9c0508c01cf89dd596656898f7aeeef3620f8eb9a7506a71ba49d4d14a33b7029d1005eceef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 151c60fc10737d2f490e7d748fdcec0c |
| SHA1 | 08959cbc9ca850623aa2d21b06dfffc6a0c40d86 |
| SHA256 | 91ccc3a4ee3805c2ad02a968783e4302fa7ee3606138210b943c09fd75a40598 |
| SHA512 | 4a86298011a6c01f5e886ea30a921d2cc614b7d469a15072341bee348508e69b82fb38d1f7a8388bae138267688d76b87cc364694202db0e19319d416226beb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be09b198944d1eb1a0101c0cd627058a |
| SHA1 | e765d78795b4c4f971f3d1c9d286ec9c3cce45f6 |
| SHA256 | 7f142929c54a00cf5749d880257dc2cdca7172dafce10d8c77e0f32e52b432b8 |
| SHA512 | eecaefe8cdd4e092b7cb9587c59322b883cc53090ca2d5a9ce2c7851f8f71425c2aff80674ce0b5f1113af47293f3e8da640979a1fbe68d3987857e7ba325585 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 478e96ce0dc2b36f25e5b0c966eb7bc4 |
| SHA1 | 1032bd1021a7bc87b7f017cebb6a29dd3d654331 |
| SHA256 | 2826fd468f0ad3c3c26c79684dd0512c72a438f84d57d7988f99c14d86f9cd55 |
| SHA512 | 8adc8172cb26bf7d679b85491a5c097d701c32b0ec79254d1dbf66a3192cc3cad01e13aaa27898139236763283cb4ff9590c2e5d1fde1a9a0504f2bae7278b9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a3664f646f4b20ebd70629114e1ec12 |
| SHA1 | c34f8a006bf9dfc7be52ea22dedf73c645712c38 |
| SHA256 | f81c539034688c18e0070cd74116d75993b8f0bd1675b0152f4789ae906513a1 |
| SHA512 | 6bebb67afda45ab8d1aba4ae59ad4c90e59a363223f8b8329746083be9d5e8a8cf63a01383a395dfbfe29e663ab8c02b22b23cb5191b6f55551863be102d3268 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ee2ca6a16985744c34c93d7fa1c3753 |
| SHA1 | 628a8eb8eb7eff87b2cc18eb6e357cc295de7075 |
| SHA256 | 3f7074c21b494b224bb70e85e9d7a779b5922ff44ff73112f6fe32ea8f3ca9ef |
| SHA512 | 1d5cdb1729d673dd5dee25cd4b9132e85d5de302c9f04f6d0ba944539da26c0c104c89963e90bede7edc6f253281119a3617c8d8c1cfd810f222aa3e9c2655d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 882e8a78dc103a9d9f5585fc4c2b084d |
| SHA1 | 7b867037d46d49905310154f658456ffbe113ff9 |
| SHA256 | b1df3bae6f3b743b7e2352b50e2971aff63bee56951308ff8ff89e35cd65b603 |
| SHA512 | 9bbc586483d72e782939762f30cdc0f1ce496e51ed79db0d3bcb2c33fe2b73508084cc85e8651cc813c93b5a92767a0b73300191a461d0267513339f57b12236 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 487e5ec8f6f2f8aba3ab4f72619ddb1c |
| SHA1 | 2c23e097818a78f71689f700f23eef64d3d510c8 |
| SHA256 | a2707981c7e9a0f242b07f0120507c5f0d90ed64676829e699680eb51c21d0a5 |
| SHA512 | f75a3cd21524e220961a7b5eb4a55579b280591737011639478ed7f8576642af2c9821913308b5020a92cfe341a5518cb2f38f0eca57b03b46940848952e8419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67b1635b3b45923743dc67ccd25a9f2e |
| SHA1 | 6cca2728897e4ddde133b5eb80330a51264b8f93 |
| SHA256 | e65891cfd62a1753b6a7d84e980663bc74358c0e652941e3bb0092503ef08f16 |
| SHA512 | c77208cee861f8b42fdcb609a0c160b0c2879e6497ab842dd6655452121f5bec634e598dbed0767a8f563a8c119b4f21bce517f79706791a349340f38744e4b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ae3ad2e3c0fd0784a02b85c0a43457f |
| SHA1 | 684811597ca441a820d2717943a2214629e9a5a1 |
| SHA256 | 8a778c744e333376ded2213667a02bc66d83ca5b0d763bcc626d4873c8d5d8cf |
| SHA512 | a332baf1a9b5c63c00522116077dc930e5f098cc8ce3f363d085924b463fdef6bf0b126b4e1e720f400bb6f7f589e2539aa37f62d57c58beb796d7a926b05191 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434858547a341f2034788dd57dff043a |
| SHA1 | c2910c9bca2ad0a6a2ef72276547e30da3154e0e |
| SHA256 | 893a7fa5058cc7b8703149ef38604d17e7376da84922f8f8fc9968d47ce0668f |
| SHA512 | 089a46ec4ac3e97c51338251a1d757067b945237adcc0e8ed636d66141f01f2820f9f7eac8c6137c959d4cc66f2b771da00f5f7fe660daef9a11fa89024fbd10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab5a2629fe604b5f5c68d842b89950ff |
| SHA1 | 6221cee591a3d775a9b6a7ecaa23b210ef3861fd |
| SHA256 | b0211dfe134546e01369c3254b5971e1f81d141e619c4306d34ce91e72021afe |
| SHA512 | 572f28de7d7d0408e68f84200c69c17640b3845f9fbe80f58a2c3c85979ee8ceda7b21fc0e7148a61fdc723542f628af93aae77826c3471fffd894a3a958ae99 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:27
Reported
2024-06-12 18:30
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bd25fc2c30f4a7fba4380379291385_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa704646f8,0x7ffa70464708,0x7ffa70464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14712714629399635035,7981791124184992039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oesterreich.vendano.de | udp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| DE | 89.200.170.73:80 | oesterreich.vendano.de | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | terrassendach.vendano.de | udp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.170.200.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| DE | 89.200.170.73:80 | terrassendach.vendano.de | tcp |
| US | 8.8.8.8:53 | terrassendach.expert | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| DE | 89.200.170.73:80 | terrassendach.expert | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| BE | 2.17.107.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 122.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_876_LLKQCTMYXLXYFIRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d77a8511634ba17336bafe850cf4df13 |
| SHA1 | 4d817facea8150a003eb12eae2ee40d882730d82 |
| SHA256 | 817c3618cc34945cc89804ea73627871d5c120bb22ea431b401c87ed48615e71 |
| SHA512 | f2575f42505d13c63d4f7992ec2c19e9aa10e19a9a5b153aaffe1f2a23f59adadb6e11a826fdabca8193ec31e99a976e7d56f7fdf8cc0040cc0cb4b8e378c206 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8ad7cc13-50ab-480e-8385-5cc1617546e7.tmp
| MD5 | 37387c238076bd289c585f34e9f3362f |
| SHA1 | 217a162bd3087ca6db2a8dc857ad40e3ff475893 |
| SHA256 | ceb631380aa2884702c314176eb1699a4aec4775ffeda8f6ceb65c9ad9e1a7b7 |
| SHA512 | 7638e33a0086be7b896a69a43d7648682796a9f992ee8ee2a3ba55a3f6e0ab477583497e95f14eea1a52a04a25f973f9978bd0041a3aff29c91b26cd9654a7f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8da609df112cb1307ba7038b6c205af5 |
| SHA1 | 182b6018e19447e15eb6d3852c6037b78c8eba29 |
| SHA256 | 29a61f866b9363b8be8ceca0b36da99bdfade47df75015c317721278498abd22 |
| SHA512 | 6340112244d69c5f7b01884667d712686311a4e3341fe034727adef5a2619e51ed505b8f0943cdb0a9fa300326c19d399295f68bf80af23652a1d14b59c9670d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d15d39f3e8eedce781414d72fd20327 |
| SHA1 | 40b73b91eb8db2c272dec21dcdad3525f0dc9d78 |
| SHA256 | bff4925f6e65a338bc3bee93353e697e6e221ec29969b6c6f7415b6f5c2b3691 |
| SHA512 | b4b109c5f31b2dac5b26f8f2c97b9a17319fcc064440c3796ffb490f5663a05809ec764ed00ec8fefd3a79a6252b508f21a5c43f5819d9fb0b62ce61e92e612d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3cf8f7f5fb88a68c6b438fcbc7f14f1a |
| SHA1 | 9a3df5faeb6afeb7f8ae148310c1ef983c9dfca6 |
| SHA256 | 55d62a1564436acda47e1ade73789e22a98788c68c55c856819fc704c0e21072 |
| SHA512 | 28de699dc0d70258c2efa12c4c0edd35873e300a39bd5ecdee77753a9cbc9590b3516db3085d456167c9ffca17d8a87f50303d632da0c3ebac712b8c5b31b1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 557e8f2688905a444aacf4f7ecfb0d74 |
| SHA1 | 69bbe27382a8f42d5dcd6ec3a8353a9d75e695ea |
| SHA256 | 8622f8d29b1a22acd6a0114c9fa8003fc4be0c721352f8bae95e0c042923bf21 |
| SHA512 | b302f2f4f05a5b5d98030dfae693f15360c6188293c15dfff6df391b1c29de74eac86136b7574d52a95dd1218ce40825c3344be0487a358a58d6b56a2e7be6ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d295fb937c8344e27fe2aecfcaf96758 |
| SHA1 | 80f86a838aeecbfed83524cecd45e1cc3363f113 |
| SHA256 | 875310888494808b9608e888d8074d75cdc24d25c767bdeaa930c1e06424a6b1 |
| SHA512 | fe7d4778d3716eb69c1f978c93e53700d3a02c87bc84bc3d78bc86f9eb08056787714447ff2b238125c0e1626024d79b3cc27b8a9c6b113788f7aeb96535593d |