Analysis Overview
SHA256
978116de1f90778e39e0c2bc1a21e58cc7a07bafe341f59a93cf46693cff85f4
Threat Level: No (potentially) malicious behavior was detected
The file a3920c0effc010c15a0c443cbb160614_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:42
Reported
2024-06-13 02:45
Platform
win7-20240611-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007095ac79dccf7d14821581d9731a7278eff8e1d2c63423376b8ebacd7811c4e7000000000e800000000200002000000027040711fda88617a0acdf73196068acf8a98d1d61e1ed31b5aa1d743f0222b590000000577c62da8e3ab4fda092137c9424ea4d180aeb25374045ee531e40e37e9251fb14de6c8ac7af23ff11a2107c2b8e00fa40c75041a250b591d5f0a728fc927b1f56c26a9124d1c89a7b1b5bb958f3ece0d16bac1eadea1df3139c276a4bb5a473f52da9864ad9303dc455489963f07bf0fc9da8aef5b0ff595f7c0412a05695c5a1e5bffdddd0c8e92124a885b86cb071400000007fb11d689e0289a49e46901b27c6a62f27d7e9d29000132f8548fd6647a6db6623ac82ff6f0923465a55306655dcfe088bb70a36b60504452f9378f8b19c10a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408432" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9BC04431-292E-11EF-8F1B-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c04805723bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008b6ea9f47b6dcc1b06d5667f0580f1054870d3e0310771413916866d58fe6a87000000000e800000000200002000000048f4487c189c3e8728c04384925e127f30b89394fb480c3b6fcdd378461c433920000000d566c658ab3bc594d17a570f0c29e579c4741b47ec0604b01873a3a50ed0cdef400000002ff015860c94f12730e577ef9245ccc6620d535e29a8ebeb801bea590fdeb679ba4cd42f14a5349f2424a43f279b537e80a8803f2be6fd9740376bb238053481 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2960 wrote to memory of 1188 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 1188 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 1188 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 1188 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bcea06c8a4b0d6ca3ffe2dbf4eca4a1 |
| SHA1 | 76fe599d873ea7d3e5c053cfad36c48bea91568d |
| SHA256 | 3339468f1ad65abaed85bebaacce7a6141c59f136a89081455f386bb25595f90 |
| SHA512 | 13e85ea11755d3d7152c81ed6abe8df104ab193f8e0b8153ccb53a4dd3396065720eba027824d5417a75347b24ceda32a2d46ad7946abc3435f612dc506799fb |
C:\Users\Admin\AppData\Local\Temp\Cab909D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar90AF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dc006df5223d42c9da62ba755d789e6 |
| SHA1 | 77b1ff41687dbd10353ec26536d33a40509aa034 |
| SHA256 | 5ae8b3c5574f5d9428675231d8ea23aba41bcefce9d010797e4dcd1cee532214 |
| SHA512 | 233df935f37b3f63449cf23509e731991fc0547c59b7baa56a53da79db7dc640a46499469413e030d0254f7aab1d454c5d68fd3c4752ca8f0088e13f1127f0bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa2f60d5677514f8f8d1efc61f6d1f9 |
| SHA1 | 5b5fa397f2164022399c495d70fff2afe93902aa |
| SHA256 | 0c440c014227a7f6913deb9b3047a0da99540633ed39f23e549b466d068be942 |
| SHA512 | 6af71b8b79109c77306e49f223449b6112ec5878a8796362cf9285d1c1d2d151dfee460eea264918e11ba11d75beb15324fdb0ee665554c49d58b63dbe194e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc1b8c547f4a7748095412416ccb084a |
| SHA1 | d5c9eadb3dfc5c4bf1846a1fbac1435e5f648806 |
| SHA256 | 3ebc5569850b30eb1d91ddbfd5e6349e9f4e2e2ebf96983b56c4653ebe82e027 |
| SHA512 | 48da192cf50a946db181b87b3840354a70334f0b1834ef6ebcd7c4465a6e8cdfde957b42f7e7ffe5c1c3a0a6aeb4830d78a95d5417e83e8d144b8bb2663aea03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28255d889b99fcb8d94ae584737e7254 |
| SHA1 | 6b071af39c5d89c08c864c9db560dff48909651c |
| SHA256 | 2c4959ad8745214d39d82022b508a70ec09a1c8bccaaa076cf1b00632bc06c13 |
| SHA512 | a30547e6c2bbb5044e49dd25649fc9a2dc4ac0f2fe3425d2b8dfbe22f8cff013e0202a9ffba6464dd6a5bb5000c624b3c973407633b9ba47b8b294580b45e512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aad8f9e416e6a0741e228c7b965417f |
| SHA1 | a612116ae5af8242e42585cb01b5d1e84798d1d6 |
| SHA256 | 13428612a83fb64da416be46d01569a86b9666e88ea4e2602eb822859a4f1744 |
| SHA512 | 38ccb13b1576a4e8eb1e59db75c9cf495ec241684332c0865a24bfac0cf44e5127438c2557c04ed1e15fbe08f8b049600255c188c07606de4eb001552304fbdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 794818816ee346dd1f2004cae78961a5 |
| SHA1 | de1232f2cd6836d2fbf2dd7fc17f6aa315b81b1c |
| SHA256 | 0a8722c9388dac767db99a046dd94d2a6d8b5b97bba281eb5ffa0292253117e8 |
| SHA512 | 96a61f541aba938858118faa2ab6c6805fe6e81568c5744654a510694fb9cedb0ac654b63f46e3f4bfc1eceb79fae9f8a9d342a130404cb6c95547b41f5d727e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52bd68ececd9d9d86099e68e76392527 |
| SHA1 | 2337aa2ce12a983358819773f1514b33672385c7 |
| SHA256 | 54fde8e86fcf7dbba90351c8051ab0a8cd05697f0c97eb2c44ff6242640e7b88 |
| SHA512 | 5a360bc8de57178ef0f4f7043aeaf58eba060fe212e0c4fe5f84cbab6ed0b5d3ec72997e6c0370f0ccd6cbd50e3ea31d2a13238e97199ceb96b45d285ed92e33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1446a7ad7c766c65735b8b1e31cbb9bc |
| SHA1 | 79386f41130056580e8aabafbc0d52198d36fe2e |
| SHA256 | 1385ae7d83ab42cbeddd8e8d79398cf7af9c014d03b5c219bfcb09bd2fd884ad |
| SHA512 | bad8d80d1798488f63e7bf411c86fd83883f55c3d8a1114cdd9808f2088afc621cda40ed1d39dd98e8df1f7791d18d412fac5e944bb55b14eb9caeae6505a5e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9384d6dbbe87ce4d8c341a6d70a1ae43 |
| SHA1 | 95ed466ca168a4a42a253810eea9e19449f709a0 |
| SHA256 | 98c278a2ddfd3d441b9099cf13242cf83756a0220e5a6f51f7d0c58dd85417a4 |
| SHA512 | d19899ee65efe73a3eea58400dcf3ead68ff917fa086c0dc016aeeec42d3d61e0370ab3484a8c1d8559c242c60503915061b22b23bcb1af71d738994cd1b10a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2c6df4d802e98b6ced0bfa1f3daf847 |
| SHA1 | 68fb6c62019322f4d27f10cc7e5f82fcf410f34a |
| SHA256 | 344769aaeca0aae790f507a7186df9894f56c3484715ab2b6339f41929d11b42 |
| SHA512 | e8c89eb39f06ea7487d849a2ea7522fb2cb07eac6dbfef70c9bb745b77984ff9ffe5b3b99d5c3cbf89e2e6ba6e85f1ae0559634bcd852fe2d370da425e3207d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17f429911c72da2f3ba9c465468e502d |
| SHA1 | 7d259ff1c1ac8dd7373e403c44a3e3b21e2db835 |
| SHA256 | 6a501ddef598d5dda5c0dbae8a1183814dab66f82bbde6a864a23be4f9b395d1 |
| SHA512 | 381dc7d38576d37606ea841a76f8733f25e5e34731b8fe27b50919ee4860b8cd455282dde6f9075902b6eb5ca40416dfbdeacab67180e604418590e793f365bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd55e3a80518ec134765510b99fb60f3 |
| SHA1 | 0578dfcf13241686d0ccd1b5445d85199380d65b |
| SHA256 | 6dd39813023ed4cd8f0a761c86ceb1edbcf5e3df185d7538e1568d730da14c6e |
| SHA512 | 4c23a8f5e50041ffd899f8013282f5d8fedd0ca507ee529cf09ea3cb0affd9e6438fb3e092957ce0f7977ae0830cf11647613dbe7e70f8c07350fa3280ea0f94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1b2314a1bfaee388b147b22d796ec63 |
| SHA1 | 144b88c520569fc73e47d94a3b49e52d5b037330 |
| SHA256 | 862787cf1707cb76e785f17325efeac032799959c83f4b00973c11a3a88b77e1 |
| SHA512 | 28cd9cbf1e29b9cbf71399519809a6abf951e21ad86d8b1de5e25f8d4598c044de9b6e4a39c4d932425f37d466ffe88b8696ab39ad5bda2eb590043f0754200e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 453ea22033d78a03031c1fe81a0bfcc3 |
| SHA1 | 6a2027e3072dafd970aa9da4ffb892e3bd447ce7 |
| SHA256 | fef3e92b6e5e29dc5acda615707490fb65e5d648daf7c5a0e2e6da59f4fb4d60 |
| SHA512 | 71f1ce1e94d644e8dfcf73ecc34cb340b46190ed4d95d15cf9378b503684bd18c0c6280747496343b388d754d89e50de095b50372e9a0484f903cd5a1a18ce5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78d6b4703811ac15b017afc321dd5d83 |
| SHA1 | 337871e5ddb698a4ab7aca281e7a70518d8e553e |
| SHA256 | 5a8819436cadbd8db40b30f2f92252bcaf7a36eb9a90171c5fa3a70f8c8f9139 |
| SHA512 | 9721db258b64bd7286f505adca4acd9aadebdb5eedb716325726105399d43260c7df9dd364a5c584b90bd506f1afc0498167c1a592ef03cdebff07392c83c699 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9782490311fecff6b37130196c51cb97 |
| SHA1 | 4b7b29fee82479799bd932502f63cd928bd8f50d |
| SHA256 | fb9492c75e56339690d9e50aaafcb03c951780d74c52e254e64ef4bef9e82baa |
| SHA512 | fbebd86242447c55b2994c5317a442b74b1aadfbe551976238b5bf007d65150a5116835736d762e610065bdaf30e9b21c00506eb4f6958eee9ce541f3a2752d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eee7863fabeb724b51a8d1e1b322cb02 |
| SHA1 | d97e093fb47845384a59ce41917f92d5d015bfaa |
| SHA256 | 09a76a9dce602b8e2048126dc5c69ed5f29bafe60e25792d9fae158acd192769 |
| SHA512 | 5f750e504539f71f72aef9d283e8a69e8f6c7d4fcb279978f1a48175c3cdbeeaef2864a0869da7654c8b5e33ec13c86532d9236e47693dc19bc754d0f439b82d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29808a194b697a5d9d2fa8fed358dab6 |
| SHA1 | f3748052ed72d687f57aa1591ad57f32c049d638 |
| SHA256 | 771536e71466716913bff6a84e30b6b8117037888efe3608deba621d27ea28fa |
| SHA512 | 34423cb245d0980a362bd6a2a7c27b87401286d48320d012b5fb973a05e4e4903f61dfc7fcaf76ce009c7828c7b0a8514abee550435197d5157fc9212364f98d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36fbbc69776b4d019fb94dc33dacf750 |
| SHA1 | 3b782f65915c6b76c073585f75685cbfa690e47b |
| SHA256 | 7c58ccf3b9340c276ef40f9c5990428ce19405af3cf74ba643db5f33be22639e |
| SHA512 | c75fb4e0a293fd61672058deb76f716452abf4d3e705eefac520a9b2f10eea0ebf3e84a89af13714082277bdbc75765187e8549b2fcb44946386a9789237af57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89c725690f6e3ccbcf43b8c0d3207baa |
| SHA1 | 8a490cbc985874d97f2a66424c89383c7138f492 |
| SHA256 | 99a51de99e2693281ce79b26ec21474283888a085239d38238c01787f8c014ef |
| SHA512 | 65c39c73fc264135355e31a5d589211a80352332988ef3c124880add641b63dda7251bc446ed77f8ee43b0bd3813b96d769bd50cdc7eeccbc1a196de5491f458 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:42
Reported
2024-06-13 02:45
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabdd646f8,0x7ffabdd64708,0x7ffabdd64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 216.58.213.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:445 | www.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | allwallpictures.blogspot.ru | udp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| GB | 142.250.200.1:80 | allwallpictures.blogspot.ru | tcp |
| US | 8.8.8.8:53 | allwallpictures.blogspot.com | udp |
| GB | 142.250.200.1:80 | allwallpictures.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_2312_PHQYWCAWPFWPFURV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2320266a755e19e418110ba5110da28 |
| SHA1 | 5fd8de3d15372d292ef29c2c11411a2809411d48 |
| SHA256 | 16b6e5aa4af846aaf6809c5d685837532eeba6e73bee694c04d78fa6f89fa6f0 |
| SHA512 | 08ab88a20052085e515811e2ebce57b83054a4848a42a8d496468a434aaa74d0b4abd3a3453dbb8e9b98f302e6d4641a59a4a395351842d3a39359706af48534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 799e782249e9a1e41c04c6467c9c4ec6 |
| SHA1 | e82bcbe65b77452425c172f425b84bace7bc5834 |
| SHA256 | 3eef5c23280c97899a9c3b0a78bc235c8fec7f70a9513723c1dddc1892b2a61e |
| SHA512 | 944371a20c958587230354d7a5318a57b3ed21ccc5c6fc20b0774d2d09fe1cd2512982f12671c706677aebaa2ef97916d654effecee71f9f09afc5f35f6d984c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 411e44954f85f81f940b1ab6f1cca549 |
| SHA1 | 727cdf97e44babd0ef3a052e4ad3dabb938a62e4 |
| SHA256 | cffc60ad9b42f98e4c788f5ce51d217f3f6286356c74109788161ee44fb2e76f |
| SHA512 | 76b77e0dc9912fadde5d89107a59f71d22d3657a149e7fbf5cf7b038b7c7603257df7743915c566eda8beaef9c6eaf2a9b3f592d3b73ce082c0ff17277ead0b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2560ca7e7a207486a79a9dff6ab10737 |
| SHA1 | 572ac28672322503099595cb342746fa06e52511 |
| SHA256 | e46d90f8cbedeb2837285360c6c43c2bb71b277b81cde1cafb3e17c3d1a96d1f |
| SHA512 | 398776eba80921f5e3648d5a0bf5caae486493c49bf2532e5dcad318536004e5bb284023d298bb11b7a128bdaaf47ce1d8a309c69f1222c884cf5bc1312141c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5273034401731f747d683f80572bbc08 |
| SHA1 | 5d089e1ea28e5b1ad0743cb2fc5705afd9f6c5ee |
| SHA256 | 7817ed012682dbd47a62e00e0e8968cd9c9ac3d9897abbea3fb6209ede925527 |
| SHA512 | 3c9b70b0bc8d251b69653a884dc2807eebc9b826c96ce9db958243e539b4795f6355f4445229d581956b8d2c5cd8b4181131a2df285537079cd5192f1b341f3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 69a57b6822edecf68e1b0a69f3b9c462 |
| SHA1 | a1aeade90c581d74aa51cfa02669075618af6c8e |
| SHA256 | 7f43bb504dde58ebb07df9df809cdc1acc62c3f3997be54c10b4fc8f53bc83b0 |
| SHA512 | 1d9117b85855a71e4c7689cf2a7962aaaf850c15215c6349283e6409178dd51c1924f6cb52850d48bf1c4b5c6d57af5fa997f29aa7f0a61650e7a2c6fda8626d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5939b2988b638c5835fcc039ff2b283 |
| SHA1 | f3ff63be2f782bd6d6bd8a7faea0841b2d8e6480 |
| SHA256 | da209cb4229d5886647c4983ec3dcf24902b1473eaf6da9563c2fb5692fc3b2c |
| SHA512 | 265a8b7eb2be8755141e9b6a5603a77ae61396f6777902b77ef7b6cfb0ca557ac4fd03537beb9de0f8dc025fd00bfe9b50861a078a1d90eb0521c9580d14479d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c232684a912b9ff9113d8ced1a7ea50 |
| SHA1 | f3f66be274f3e2d6363e6036531e2d51f5492dd5 |
| SHA256 | 8391b0d57c2965e327d23675a0e06afb2b87f2666a195bf467b732083a018232 |
| SHA512 | 21af81e3307d94431cd357ceaef210cd6bd75c81d7130b5f48c4dfb48c3c55395fd5850dd802132cfcb304d19bc178fe42eeb12cb03c926cc694234979712e2c |