Analysis Overview
SHA256
86077dc02b039e818b4267599e8269e589a62ebe6fe453e08749f845ba6da33d
Threat Level: No (potentially) malicious behavior was detected
The file a356389ab6dcdc4fbf89292d6b5789a0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:19
Reported
2024-06-13 01:22
Platform
win7-20240611-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903521ff2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F81BE51-2923-11EF-AF9B-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000052bf9e9c2c263114e3ec6911f82e7c6a0013d5f67e0e490c9018c1cc4e0693ec000000000e8000000002000020000000b746a86002558dfb61401053e2fbf8228bd022f3105469527e6acfdecf457a9b20000000ffccb31d8b1ffd19dff3822e0c979723efd3b69050550598c1658c1fc9c6058e4000000031d5e8edee29b1a79a8d7188dcb93cb386f59882380b1b781fa8b4dc044c36f34ee1e8bf30f9a768a4d6660dfb2a589e2f11d8c2272655388ee634939d65ad65 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000070ee925a152ee9be73012900d4fb72ff2d5b246e177fe21068dae7ede05b2339000000000e8000000002000020000000745f2a0a0ca5ef4bd2faf81cfc7ac9fc8dec46178493af3f146e79407f59badd900000003e4487c933fdef4be670e7aa354ddcb2ac2a16588362c0e7e2a9c17f3bd8b75fcbcd9c21bbca3719f3c1c3ac2ca890f9b88920174c46d7464428bdac3f055e302ddb9fcc19086c3a53a0c065e0db47e347db3f841a5f13b2b40f5c5d37502980d29f12ae36b5627c969c9d8cc1cc19dfc4ac7b94c04702e4ab040b99cf40bfd180cb824048722e42efd08335fc2aaa6240000000e03a242b5bb68fe97e28c0cd62ffe1a5d3affe79a1f8afc67eaa1d295ffb0555582f031f9369aaa1de1554b59bc31ad024457cea06a2a8fec53a44311493e1b6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2152 wrote to memory of 1904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 1904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 1904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 1904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a356389ab6dcdc4fbf89292d6b5789a0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.krlproperties.co.za | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| BE | 104.90.24.194:80 | assets.pinterest.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| BE | 104.90.24.194:80 | assets.pinterest.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| RU | 193.238.46.6:80 | tcp | |
| RU | 193.238.46.6:80 | tcp | |
| BE | 104.90.24.194:443 | assets.pinterest.com | tcp |
| BE | 104.90.24.194:443 | assets.pinterest.com | tcp |
| RU | 193.238.46.6:80 | tcp | |
| RU | 193.238.46.6:80 | tcp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5572.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar55C3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aaa57477601b874625a34ec9d46d1ad |
| SHA1 | faf4bd39c1fc28507c52ce720c32441d17586f53 |
| SHA256 | 6095eb0985cd6fbc7357500ea50af10893a1a653395c155c32326cc0172a0883 |
| SHA512 | 705a61d788f6096e725a96afa1651e91bfbd9bdec0e6094661c5b99c06e375d39b67f8f51e2624b64831beb5573a5b808cd02c48e433fa1dd34425a74a39d784 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dbff038e786ab114b899f5c31a63a97 |
| SHA1 | cc20ee9ffe28d644c5e113eebcdc2ea3fffc6aab |
| SHA256 | 8c541f9e9b00d602549bad588e162207ab5a219572a85cce505f12b96fbc81d0 |
| SHA512 | 707ae5830f7efffd7a6a4d018f1cf18ae544053e1d249d101e033a17920e258c7163e5cfc9f42184f465133a2fc1aa25382e40093ad0cf7bb277183198aa2ebb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f92edc83c15adcbc0165d4d37956f75 |
| SHA1 | 5b29c391781b363db42648cac3c103925f3ba506 |
| SHA256 | 9ddb2b94ed5a330b099c197e34e98fd1eb9759c24b759fd74a2ff7248442f3d5 |
| SHA512 | da3202e171527d28777cc9cb80dc06b91e1dec7ecd60a3ad26de8d15d46aad7dbbb9af499c058a9b4d7f9cd3a9300bc8ecb10690e237626df05c123301f5ad5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94bf39c51cd63c1e517ddf2aeb81b63e |
| SHA1 | d7477617f74f846a96c3084dc0ac4b104bfb3d0c |
| SHA256 | 57451a827283ae68237548738b0f0805ba7ad07c027530ef8e4bb49aae9e89a9 |
| SHA512 | 90f90fe51ad50c8182819e3b882b2b1c430bdd774fa1708168f5ad115ad7b9bf881e33fba1c0a08ca5a9ef4fe820977ea489f569b7dc923b873a1569bf5eb861 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b907311593282a9bc312e031ac307cae |
| SHA1 | ff031f2b6e235707b693dfa0158b3d25e16d4aea |
| SHA256 | be5dc15d906fae371fce315ea0c0defaa6f09ad0e09c705c97bbcdfb022a8a3d |
| SHA512 | 437dce0dfd3073b9773f722033b447217f337722a3834996c71124e40ee9d9af57ff0216edb85ec33401d29cfc10ad3ffc74992853aa352dbd5021a7c76dbf03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05612f59148540d0d0d56ed6c51e98ef |
| SHA1 | 4553add96706259da097eec2c0b50b8945d92a00 |
| SHA256 | 19b73b639a292e01d01dbb72aab6ba3ee353893e410b887a14a9498bdbb639fd |
| SHA512 | 1763088193ed80283bb277c62bb5ffe5b28d29e150d26eed2f98ed63a80385ecdf25d70f1393ad5f162340154dc556f38698445a53725ebc5a9d8385963a301c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 191eacc312de02af53fb52aa000526dd |
| SHA1 | 4f6a3901e5240bbe8a835164213235cfc05f919e |
| SHA256 | 2bc06723b2480218a85b505dfbb9149dbc5579d9b82d31b6eeda24ff7e3e747f |
| SHA512 | 50505cd188553ff1196a86f2544de7bb0b4c00be2580eca1ca849ff02b1d18e67a439afb677dc8a307e51cec721d1ab97b41ced1fbf6ee5eb6df19296f36f2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f48a75edf68c94a5777407d74420093a |
| SHA1 | 18ac2e8ed6b05b3ad25b9ccf16844a1bdda9b51f |
| SHA256 | c696a2bd6500424e73648ea59162fc9fb3a183804b46ac97e4521922a56534e6 |
| SHA512 | ac7b103eeff5a5574cee6e92eb4902bee4e225a1b4ae00ca65b4a11a3d5b07418232d8cd7fc5c4d63f0ec0fe42807696a42975b32687e35d4525f12f51b2c768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a15340a979381b6501db1709c17c2023 |
| SHA1 | 74cf45e8d504cea0c97a568e0a489b127580560a |
| SHA256 | b20d83e6231d8622c629dc371075d3096df9f50f4a6bc7a0fe2e36a66821ff90 |
| SHA512 | b1fa4826baa2729c9bda1f783c6d35aec063fe26f417bdf9b6c0cd7e6bf754316b515eba80686377a26613a84f09048a90175d296769dad32463773e0e563e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b383ac58f46afafb80cd4cf1d9473d6 |
| SHA1 | 952acd3eafe3b64ec7499eaf2ccce5e8f58e7783 |
| SHA256 | 29d1f9f3d5a82913032e9c37721fe6b95710c061939a4cb609b4879cab4ad441 |
| SHA512 | 383274cd745bbba92097509ea092acd1b3e99c7b8cad7d26bde53a41a2f3fa9dccc19d9beb253f07e0b0d1bbf2c7c9b5e630a57f1a2b3ebf67154f3c07c15883 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92de2d83aabae44234baf3f441996712 |
| SHA1 | 44621f03208f214936fca588d59f182cc67f02dd |
| SHA256 | 650a8cbd32710f6eea99162ab42577f7cd1f77d4e7bab6adfc7e44e2157cc6fc |
| SHA512 | e2e290b356a80cf4b32b2798352467aeea96afd80f6a72381baa3939548ae26bb8ec090a82b433b9e3bb226aa32fd4b69fe442c4f65a4da1f68bc742b4ca0227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bda744474a3c157beaaaeb46e986173b |
| SHA1 | af152f30f430d58a814d3322d87ae1db964570de |
| SHA256 | 2431954751940b912acb0402208db06e58d4f514d355db9d345c2d6256e1a1fe |
| SHA512 | 1a70af3e0d30669a9d7e1a6b3ff4454f4be8efa06eece6b9fa5a4c6dacf189e85755ace7ca872b721e1504fad9093ce40fdcceecdc2210158e503de90e7a7a20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74bb8792e306226ccedd302724141213 |
| SHA1 | 76affc076926ee5aedc5f3acebef173e5d52232c |
| SHA256 | 6ea6af0b049cdda4ddf345d8a61357ed3ede370c44d5a015587e15a7d034a650 |
| SHA512 | 68f1e2eda74d1dd07d4e7f4b69be171e1f9b1a5e27fe5b947ea05dd1d3977e366b71d3e5fb5e6a300c2925d1fab6a21c6984603b7bbe86f1cb807412e028317d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 136f51d1509b7bbf20b1f2fab8da7602 |
| SHA1 | 3bf92355d6bdfc4df67f1e9bf86c74e40e033d51 |
| SHA256 | 4e26dd8ce6a17a277197e700e2c609a61529491c188ea3f8798072a839c1361e |
| SHA512 | a91c19341d9ab92680092a7bd5412f1aa63294a6d64e0899ab1816f1ee924e8243f42151861ff2f166b65e68f713ca9c1f69f72980f026a28c6acf7fc51f7050 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f67b03e5438e6fdd8d0da7b9083782d |
| SHA1 | 9b766122e7dd6d1ff626d92a10a085d2fef61951 |
| SHA256 | b84f8e1c30475d2d6e292e0a2116afb6568efe857dad31921abd983b2315f9cb |
| SHA512 | 3dbfbf6bdf00c9b7288e7e58ae3f5e00b3597199f2534d1bc466153b3070d9ef449c98b57634252be9ac62be7fbdbe301839d555926cd0a9894b5e009e986c42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a009bde0732428ae0be28a035951467 |
| SHA1 | 0d546f0edf243ab17aa69e4c5bc756a657fa9961 |
| SHA256 | ba21d0056439472ee3cb5b0a6c9a5a317e4033c60eb14cfe5223698072780417 |
| SHA512 | 3108ba04cade05fe93993564c38b1c5dddc16d7240ed50ae29af70c627996927a47e1466d3a69369f30398ba770ff9f3266be336b146fd9ac656ebdebcc9eda1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de7a8c66844e89aec63cd518f36d20e8 |
| SHA1 | d385eb92d294edadf987e491255c8f101f1af50c |
| SHA256 | 7020e0158ac74b23212baf1c4acb89bb3e2448ab4171feded66f0b54fab54d28 |
| SHA512 | 7ce88c39a7871a43adce8d7fff6afb5fbc56012387f679b302041968901dd87e7ab30ecccfc4b4eba78c2116fbddc87668d5936a4284563d0c617618b94d43c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a17e1af4e082add2f11a2dfb0bb014 |
| SHA1 | 129ac904a4248e79bab4c80a25701e48a9be998f |
| SHA256 | 511f73176874b5f1f7cc7718df7790b814e5350029135c73f04264d41933978c |
| SHA512 | bc1ab4fe393fd94b8521f31a2eacba4fd8283a52f1b9d0c1b22747c42cc22c4cafa971d1a3141d4370bb6b826de0e9cad45ebb418be93e9667e4f39c9323c250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2a16b0c3adeb034215ca91c89afbe20 |
| SHA1 | d466247752ae7998b0a3822b96ab787d71111f11 |
| SHA256 | 015be1bcfb3409592236d9732537e49e28acb9aeac9c2b87946334b9c1ac109a |
| SHA512 | 2a20e349c1cf63f5bf1bf32325f613c2400552d474c0ce9bbcbbca733a5067aa040fa39c68ac6ae84a0668d3715174b2c0439b8a08be2323a5feda29cc64ea06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3095b6ae362cdd1f58cf3517219562f8 |
| SHA1 | 746e0bf9a11d7c8fbc281d7d4d5aa31b8bf4d5e8 |
| SHA256 | bd6f0ee644751c2dc0beb440079c0e8c0bf39730677e03167d0a1f7a3f1ad955 |
| SHA512 | 9135565dfc0880b34370bf78b6be5bdeb2af65cfeb5f240ab8145c2f5cc357fe1246f0640a56877fcc874b340e1a254f728cefd6d454d7f7c8276b0c8b07cd77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a5700d21a6ba8444e726e71817e4be |
| SHA1 | dc6e7e3a7bc21498a66a55e74251d9dbfa0f1762 |
| SHA256 | adb67984c9c15f98152ba6b33fea9bf578d96e5b9871083495637da5891c5066 |
| SHA512 | 51b3c0067026ec94c7b8d831f48fd3b1ae68ef74c91b1aa6fb8c981df09f55b74966225ecc0a0df134aec3e118c47cda2985e635a0cae3706ab79ed943e5fe37 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:19
Reported
2024-06-13 01:22
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a356389ab6dcdc4fbf89292d6b5789a0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd894146f8,0x7ffd89414708,0x7ffd89414718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,415065980552022447,7709626157407055570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| BE | 104.90.24.194:445 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | www.krlproperties.co.za | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| GB | 199.232.56.84:80 | assets.pinterest.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 199.232.56.84:443 | assets.pinterest.com | tcp |
| RU | 193.238.46.6:80 | tcp | |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| RU | 193.238.46.6:80 | tcp | |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.22.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| GB | 199.232.56.84:139 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 151.101.0.84:443 | log.pinterest.com | tcp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.issuu.com | udp |
| US | 151.101.1.55:445 | e.issuu.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 151.101.65.55:445 | e.issuu.com | tcp |
| US | 151.101.129.55:445 | e.issuu.com | tcp |
| US | 151.101.193.55:445 | e.issuu.com | tcp |
| US | 8.8.8.8:53 | e.issuu.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| GB | 142.250.180.2:445 | www.googleadservices.com | tcp |
| GB | 142.250.200.34:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 151.101.188.157:445 | platform.twitter.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.krlproperties.co.za | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4819fbc4513c82d92618f50a379ee232 |
| SHA1 | ab618827ff269655283bf771fc957c8798ab51ee |
| SHA256 | 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c |
| SHA512 | bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b |
\??\pipe\LOCAL\crashpad_2916_VPWAPPCRACWEXLXP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 257c0005d0c4d0bb282cb470925e4376 |
| SHA1 | f9b8efb511ed64292568977c9f2ec255509e8f7d |
| SHA256 | 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22 |
| SHA512 | 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6a2bfd2b4879959183ddad6e7e53a9c |
| SHA1 | 40a7f01f97d3e931804ac31bb26a12886532cea3 |
| SHA256 | 9226e7921528584c0de029cf43433ad8ffc783657b17df01226a4c517a660ab9 |
| SHA512 | 35376e3a5ed0bf3e15dfd0342b4d233b88cfc59c5653f4da18434ebae99a5056c41667870203901951eab45c2b206d4e50bbd2df0ba7b09572d45d380f875b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7a12aa2677135adb79995693cc57168 |
| SHA1 | 267d7ece4105dc858a3569ad3af1b1fd3ca89ed3 |
| SHA256 | 31941fa79a61b3ba0cbf7cb145c82c6e0d4cb8b50d68154ff6c8622d9eaad338 |
| SHA512 | 30018a1c8d4fb566ed37f33bbca572a0347039c89478c8377d953292a813ea2e144519da0a4518c0dde1844d6f577b1e7c1a4ed0a740d19326e97775efa34f7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c6653030db7c5b70c188430d11cafc2 |
| SHA1 | 3cb1f55c9b5f57af8ab87037226fe3c6b5fa576d |
| SHA256 | 973e1c288b62125059007f8baf653468ebe61c3f22b8e78ce617e6882460dc3d |
| SHA512 | efff6767e714c0065d9999f8a98a1f95dfb2f44be8f2b11a091e0393e087154babf2d8cc4424b4e6ca13d7a9f90eae679388115351536c7e2edfa0ee75fa2f1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 95cd1581c30a5c26f698a8210bcab430 |
| SHA1 | 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86 |
| SHA256 | d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9 |
| SHA512 | e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 683d03aae810c79b52b7825f8015ce0a |
| SHA1 | 86d91d6a570f4a1b84ed7a2be6ad8d426ddee8e8 |
| SHA256 | 466087117de44ffbd294f9669d1b070f36122a9734775474bb8e9b112c15a551 |
| SHA512 | f54781f16e932748db35f3be37a5f44a4b27e2105c1ce4c0d3474622a7e76a5ba1f3e339fa40eb0cece3d9370c747e89753f625eeb28f781d95cc6ff3359bedc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eea6.TMP
| MD5 | 05cfa65f7c5c045857adeaf801bf1a4e |
| SHA1 | 2df993bebf93141789b53ec92a0425aeb0a811d1 |
| SHA256 | 5dc77f7bbbe1091e5d75cbbb5f9c25d74bd9e7c7ff2c3f6278b27ddffe1065c8 |
| SHA512 | 183741a13e80d69e4b9aa095b23ed7fdfa8de7733bf2014280b7f062e90834c75d30677e97437f4975450097059ba44e784e863fa44bb817e0738fe304e94155 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20b1d8048322419bfe20a414fffe2c9b |
| SHA1 | 1e56fdf909df0eaf5bf439ea2a69c584d3c6cd90 |
| SHA256 | bcca7ba8c660c1756f39b79adba548d1229a962a98032b655b521a1ee48d2a6b |
| SHA512 | a07ef0064ca16ff728ae1863931c27cd510a71748adcf6db01c77f3142f9819db7d86ef44a343e67fa805d62806ceb04fb73daef22e0e82461aa17b305ce764c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8d438e32da685b9062e92f3105fccf7 |
| SHA1 | 816a8120d2d35aa5cac1722cb1a0001101ad9c42 |
| SHA256 | 17f79d78e4ae0a3a325db3d192fe2deffe969c32e5c53e14e3281ab7204895b9 |
| SHA512 | 05b03fc80bc05f2b1ca4e557b99d66ae909158a2ebc40d650628efa582dada4588ce585c0fc35f9a7518e822ea319c435a7e888d4b1ac57df8ec8e1df40f9b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e4bac997e4c5bb70ee4af02b5693fd71 |
| SHA1 | 824e8b0d1e9f039f82d4de129a5efde3bd636379 |
| SHA256 | 359268992d54615ea1fdc13bdd10aac2ba11ac6bf019c56baa5f0fba8986b17f |
| SHA512 | 63a66bb3b5127c9c514050b42319282b3d77b8039705da80af0d3f1f677cac945fc28b74bdcf8fc78e3f750b738a717eb0abc6d432a4093afcd2959403d2dfda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 67fdabf77a54157212927477500bc53d |
| SHA1 | 42ae4ecdbcecc145bd35e1166f40cfbb7aae1b82 |
| SHA256 | b7b15795bc78d7e5ba85d6d2d3c1b9b8286fb25d02878d17d01fc76762157269 |
| SHA512 | 8b157c26cc71a594c9140a3592c542a22be294508ffa8c3d0ab4a692e6b4933ef6e6e7b5278722b389c44a6105244c627f6164ee29562dc6d5d4271fbfa4ebd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9048b47127e38daa2cc02f3971ed03d0 |
| SHA1 | 20ecd6653912ad4adf1bb1d30a5dc7398a514865 |
| SHA256 | 635bf7b69c50751f22b00d3b2f956177925baf665f93f2a87a94bfbacbd53928 |
| SHA512 | 3fb67e1c93d7528338d4602a82e490f9d55c0d7b97fd1f901050cacc6618e8caf22ebe2e2cf2ac165ffc923988dcfe76f1bbbe9df008c32942851a39374c403c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 848534a6be87488f3d874969a6ef00f1 |
| SHA1 | c03c7f382fb1e3eb9b36a284f0dc42069ce89fe7 |
| SHA256 | 1ecaa7ae78eaeb872405528c5a58bbac594592e72057b081485200d3f31775e1 |
| SHA512 | 7fafae9d2a4af099fd6e255a572dca12cecb8386d23de390a5458efd5e8b56b583bb1b0650b329022a883a067301b7fc0068c0bab22aaeca5740f159ae1c80e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a0cabfedcd32362eeca669bc057d183 |
| SHA1 | b58bcc1a1f67d8c31138bc7fd4e92c928c4d411b |
| SHA256 | e64e00f9dc9c7b0e7be68e4806e355073c67d69c994e9785b6961adcabc9bc2d |
| SHA512 | 66a60a089f40f552722bb71b9de34b453a3438ab24db272161d4f972d6e79d19265a86ffce762314819d4386d2dfcfd2445ec2dbd1b034af68378669825a0aef |