Analysis Overview
SHA256
d9781ab99c5eaa24b5d0351c48f7adfc22c0bd5e1626ced8a35829b201f6ceac
Threat Level: No (potentially) malicious behavior was detected
The file a3d8af431e64fc3964e5ec68e5d20a71_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:39
Reported
2024-06-13 04:41
Platform
win7-20240220-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4B9F4F1-293E-11EF-9BF8-4A0EF18FE26D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305554d24bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059b56f000bf00445ac4edb6d31fc68490000000002000000000010660000000100002000000007998b726d209f2b2bc579ce09efab43433d387520e68863259444c26e0ccd48000000000e8000000002000020000000b40df014051c1a6b6579088e2637702d24403006b8ea1ffa20752ae433c79fce900000009abc9d136974f903986fd966ad756ccad5f4db63ff336c750b89aef233ae5d2182c91473555b4a64752bb69c0321a8d8fb45080a5a3dbc616a3dfb5e8672f778e7d444fc1f99e8b4e72822fa80c55e498243e91548d0799a6eb84528ecac3a99cda6b311ab98d9edb027723c89595dc1feebc8666b9be38b9fb4d32899036094cc189db77c6cdc055a8fbcc8c85ad21f400000004c404de275d3646d01755f1b03c3388ed606ff43d927fd9a1d4801ce08b6a208d9d353596e2a94a81adc7701eadbbb64066947ea14e8e662969ba0170f29f40b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415425" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059b56f000bf00445ac4edb6d31fc684900000000020000000000106600000001000020000000c3506f6c17f473e3ab3bdbeab07c904e919e1852261f7ef0271bc2b50a809d97000000000e800000000200002000000092b363550233fd2db4ac7126c00493b3d094e3ae2f40fbf3968fb85ae04609202000000003dbfbd3e06afb11a18879ed702ee6de85c151063ed6c36caf6851c7506297dc40000000ca1b7db5de9d9ba6b6918d1430077b38c520fec4b50e1cc19c916b02c4f628a789f7e996059fab134c727fd4795e35b9b9c86eeae2b42ec0a3ed2301ab9e5d4c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d8af431e64fc3964e5ec68e5d20a71_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | btjdesign.com | udp |
| US | 8.8.8.8:53 | www.osv.org | udp |
| US | 8.8.8.8:53 | thevirtualinstructor.com | udp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | www2.seminolestate.edu | udp |
| US | 8.8.8.8:53 | boomeria.org | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | www.gifs.net | udp |
| US | 8.8.8.8:53 | www.f-lohmueller.de | udp |
| US | 8.8.8.8:53 | beaversmill.ieasysite.com | udp |
| US | 18.245.199.62:80 | www.deviantart.com | tcp |
| US | 104.21.4.138:80 | www.gifs.net | tcp |
| US | 104.21.90.109:80 | www.osv.org | tcp |
| US | 104.21.4.138:80 | www.gifs.net | tcp |
| US | 104.21.90.109:80 | www.osv.org | tcp |
| US | 18.245.199.62:80 | www.deviantart.com | tcp |
| US | 50.63.8.12:80 | btjdesign.com | tcp |
| US | 50.63.8.12:80 | btjdesign.com | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| US | 203.29.75.83:80 | www.f-lohmueller.de | tcp |
| US | 203.29.75.83:80 | www.f-lohmueller.de | tcp |
| US | 216.120.208.20:80 | www2.seminolestate.edu | tcp |
| US | 216.120.208.20:80 | www2.seminolestate.edu | tcp |
| US | 18.245.199.62:443 | www.deviantart.com | tcp |
| US | 104.21.90.109:443 | www.osv.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| US | 8.8.8.8:53 | globalconferencemanagementgroup.com | udp |
| US | 162.214.73.201:80 | thevirtualinstructor.com | tcp |
| US | 162.214.73.201:80 | thevirtualinstructor.com | tcp |
| US | 18.245.199.62:443 | www.deviantart.com | tcp |
| US | 203.29.75.83:443 | www.f-lohmueller.de | tcp |
| US | 8.8.8.8:53 | www.animationlibrary.com | udp |
| US | 63.249.103.219:80 | boomeria.org | tcp |
| US | 63.249.103.219:80 | boomeria.org | tcp |
| US | 18.245.199.62:443 | www.deviantart.com | tcp |
| US | 172.66.43.97:443 | www.animationlibrary.com | tcp |
| US | 172.66.43.97:443 | www.animationlibrary.com | tcp |
| IN | 64.227.147.219:80 | globalconferencemanagementgroup.com | tcp |
| IN | 64.227.147.219:80 | globalconferencemanagementgroup.com | tcp |
| US | 18.245.199.62:443 | www.deviantart.com | tcp |
| US | 162.214.73.201:443 | thevirtualinstructor.com | tcp |
| IN | 64.227.147.219:443 | globalconferencemanagementgroup.com | tcp |
| US | 162.214.73.201:443 | thevirtualinstructor.com | tcp |
| IN | 64.227.147.219:443 | globalconferencemanagementgroup.com | tcp |
| US | 162.214.73.201:443 | thevirtualinstructor.com | tcp |
| IN | 64.227.147.219:443 | globalconferencemanagementgroup.com | tcp |
| US | 162.214.73.201:443 | thevirtualinstructor.com | tcp |
| IN | 64.227.147.219:443 | globalconferencemanagementgroup.com | tcp |
| US | 216.120.208.20:80 | www2.seminolestate.edu | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC6F8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a6fce774ae7852cc6af3f56b1a4b6b |
| SHA1 | 9702d93d0ecd0248fe83158a8b9a6d5df10b96f6 |
| SHA256 | f5eca840221658b5c4ee32f38a9d82897b657027f1eca64d91a352f1a56aeac9 |
| SHA512 | 46f90869c9755e16613ba36b896b4979f39b84b80b78097706d7acdd7941cee783801917edfa8be9a972b107d7f9631f9c6a69bb3677721d22aa6522a9be3f8e |
C:\Users\Admin\AppData\Local\Temp\TarC70B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC887.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8dfee996bd891d5a3d3ffcbd6b8c6b30 |
| SHA1 | f73a5dd66a5c1cf6ea1491db75fc87021eca1c19 |
| SHA256 | f27a9bbd663256c574f468856b61768d6a70f6d6695e9d2745ed6a19ac886997 |
| SHA512 | 399a6c8bd8db1afd051fc2028919a095a44054d4cb75346bfbba38b2b3e474b600794582b98b17c57c871f69e55d8b45a3f06700acefbd1dc7bc05f30b446702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1686bebda15ae9050082f108610f9912 |
| SHA1 | f947de68fa88865ead2dfe8f2d0d0d91c98f3b16 |
| SHA256 | 1a09c1481ac7c1c96263065b2ac5683e27a92dd33c9ea03b0f33cde12a21f43d |
| SHA512 | f8e82007efbc2ec16b9c9a36e82b9076c1884e6b58f05344595e227ec3f3bd922ed0005631763aa8416e79af88ca47806a8d7ef0823e57e72e4541681f92de18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f2025c24da89e9c1b4cc91e3e69032e |
| SHA1 | 2cc8d84120eb6ac6d22c5b1d040bf72aba4aee19 |
| SHA256 | da045c92a010ad4343310fca2c11c72cd400926e33a62721118e5116fa6e834a |
| SHA512 | b133090a608db4cdf958485e7bfa92a4cc69990a855676255a15acf10de8d635394bd00a45d0e37ab0b91d80f4d810271fb43bc11b25dda3e4167a290dc3fdf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0111fb9ce2b8f824a08de04be95f9d31 |
| SHA1 | 973dd47045ccda3e6598073794a1526dc07cc04b |
| SHA256 | 0657c39ba7b1d3f3d1a38df224c3d263d35b19201d6e554e331f7797e19c979c |
| SHA512 | c0da274dd52d843c8bf0701802e119e0bf20b6592dc27d681682604086140abcc0d62b8f483ddd931d4ac3dd301e53925525f7a59be5a66567095c9803e14427 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d6531063e08d2e4f9624c2fb6bb45f7 |
| SHA1 | 04ea006b806e41e84d50c0207b08f63cf9a81120 |
| SHA256 | 3552e13a34f0eca2411d6f190bde0229f5e4e00b46bdc548b798c3ef3be38d2e |
| SHA512 | 2381134d933765f1e4d0d41c2591d34735cac87e4b32c6ce54e28871b3a36dffb67ec1ab25ed9dba17ac79909e47adb78a89d253de52589333926cc1de86141a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d4087f178371a8a570a31ece5f97b41 |
| SHA1 | ea0318106caef9481348813e968f9c26890c3cb7 |
| SHA256 | cb86c9045773808d58e892ed017bffca318663e8e655ca2ad268ef850da4b644 |
| SHA512 | f697b1b6b8e88dc095327ed3b7cce33966e00f66942aea2842ad6b03fcd618344ea12f2f2f6d95d10976d1e5ea5ed7e624beb12c49c3e44f3e906935844c8a58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26366094b2e07e9022c889ab8e371022 |
| SHA1 | 4508f307ae1150500b3ab8f8473404304a4a08b5 |
| SHA256 | fe9f76399d1e521b43442c96dcc99b650e9f54b2ccedc00aa2f70904795870cc |
| SHA512 | 5b33d4a0f8b5c1b458af488be94b284865af55eac9f025e4c6f85ae00cb02be1a084925905e43f54971d6009986ed6285a4424b82998583b14531b916fdf7944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 49c0fb64d542824c4953bdccedcff509 |
| SHA1 | 16c8356b29e144183a9fe9680afa5c90514e99ca |
| SHA256 | 8fa6d00bcb9b99ea481a082096908ff0e5f6c6dcb916976bb7a8355984d98a5d |
| SHA512 | b0582ea246763c56faf9e51048d738d287251d85bd9aecd9d9ebeb3090c5b7b6f5c4630b278ae6c356622f0da95dd978e92250c022813974c76d22b02322d8a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1b0898d481062698224ac79c09f535f |
| SHA1 | b6d36879e9e704e96f977ebd27272551a2619ac4 |
| SHA256 | aafc99b766a6c771dde45fea2636f0464adff12173b6100350c5b496e17e2540 |
| SHA512 | c07fad38a935557d1d663564e100da9e5b95c838e81bf024b5c63047f13b8a8d30498c1e6b130cbda8966f426228cff7f9daceaa4fa3f82bd95d99291468a792 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20d5254df8b122a979a95a3e9e8e135b |
| SHA1 | 2b9117f176739a064d9d4027dded6a9f3b532a4a |
| SHA256 | 4435a6315bb030bfd15238693a8e7335c2840aeddd6a72436afdc9e5e9644d60 |
| SHA512 | 973d6a436882b01f82626e3d152169d3f78c50ebdeb4a2a488b330e87804d9bde40b8e360691db9e0dc6d5b103f5d4267444c727b4cca9b45f28d5993c9fb348 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdc3fa9718202e9ece22abdb46a0cb80 |
| SHA1 | 1983a5ede474f2870bb184c840c4b705e5c9b3d1 |
| SHA256 | abdc14e1b4f819b9fc835c4e8a30b24df1afeffab704eee49d612ab89b783410 |
| SHA512 | 0f51767d2431963520fc7935818bfaacde78204157973b2eecbf05794667e64243dfab68ee4b25c1eae86765bf8ce143133a6f056010c16a8d8c42aef12ea1e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6406cdee1f1c690002e4e8ba276757f |
| SHA1 | 0a5bcf8a5fb9633b0ec7edecb1344fc2a39f9dc3 |
| SHA256 | 812f73c496f9f43e4a008f1232da2b0182dc6b1981a91320c4a44e6b4f244632 |
| SHA512 | 90fc7cbd194f04dcad0913baf74fd065143e195998edaa85a56719bfa0efe97acb0c14f8cc9c09440651e6fffeebec23cbf4b8d5d96579e87640bd502c09a8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19310447aa3306966fff81ef229caacc |
| SHA1 | 2d914217997897ad1fbe8bf213821c813eb787da |
| SHA256 | f30ea4a57379db302a3c9a7a450eee4f417b086c167010ec5da46af61fd2157e |
| SHA512 | 7523703c40886fc2e1aab8f8cfc3cf29c3917f2ba034058dcc606f3ffa3f80c2c3a32a4faddf4bd365acc436bcb875feb7247dc65c6b9debf69be0034533bab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b415f54ca66b6e918b415851b5610c2f |
| SHA1 | fe258ac17f9f81174af0a27d0ca27f3ff8b2b7bf |
| SHA256 | cc5c21ee141c371f3e8e25155995152fdd9aa9060857925f90057fba38054d84 |
| SHA512 | b0b1e5d18f16abda18c59bbe2a4bc412d3c7973b418ab64b67ac404d1381dfafa7b9d72e7c8b1aea5c5c0574bf86c8b3cf0c12ab1c3c9e0fdf8d5376ea031892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae4274745a0a2902b9db7d556fa0442a |
| SHA1 | f8ad0ca419b5000a9a1afa78115214471dc1e5a0 |
| SHA256 | 23ab9e32c4ae3ddc5ea8753aa5a170fc0e4cc23dc032429bea997c15bedd6324 |
| SHA512 | 7e026dba75a1dc693a5daf286d3b3ac7422bb2baf1dc97653b6befd6ba6c433a77907e52cee5f3d233f1bbe2cbeef82e43e6c26153d868097f02c5a014fa2a3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8cca5851e2424a1712ee256e4e032f2 |
| SHA1 | 0c281086cacaaf17b553818f79029e58b7368ffa |
| SHA256 | 61b65b97d3fa63b8727ae097a9c4b6c448d4d46783042327636e559543314e05 |
| SHA512 | 23ed1ad1635e6d3fe3fd0fc0b9b7078d3a53b1476cfb50001f1d6135d3cb059f2d96da715adf6759e6c4e4d538a4e1dd21aa04a03a359fed7d705081f964ea15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e78a8693ff4b321fc620904405e9d8 |
| SHA1 | 76ed4ddf745febe88cf06943f505eededf8b3763 |
| SHA256 | 5e6293ba8d4c48554e8e595232d2c54f025499059fa325949f55374a4d02f4e3 |
| SHA512 | ad529680920306420a93369e0f7c4a5622305424e578aa03b6bf5a09430b712bd56262579bc631beee6273f66d83119a8f137d648c2ec4301022cb3b0c599b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afe7624a1527d7ba029f1ed23bc08525 |
| SHA1 | 62999d5b12894200c2e4a166c4d5c668b82567e6 |
| SHA256 | 10a92cced7c94ba548e51df09a7034def4169a0323ceccc9e1cff7af9ca3c554 |
| SHA512 | efba2dded60017257c4872e29d3a755b364003d83756d82bdb42c171bddeed255029f112aee5cfb957a586ded47df23116ca6d052364c0f43e47a5048bd1f02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d77dd874a9e02426ced96125302cfd52 |
| SHA1 | ccda9121f1395a545f1c714ee34370a193e14bf4 |
| SHA256 | dd70b31124802adb15262175b44b716185bcddb679c94135c326455a0d9d80f9 |
| SHA512 | 3c276e2fa62825f5e7b0751dfcda24a33608c14dddf9a07ad24d474bd92039cea64260e08849304b609044fa42a302b4fd810b8abb2b2f9550fcb6c48b645382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1646664b7fd1b9609bcb151faa3db45c |
| SHA1 | 983f2ce5599df5e062fa9a48a292f92da7957110 |
| SHA256 | 715f848aadcb8587908b344a18bb29f62d7e1cedae17bbbb110be6f3e14e0109 |
| SHA512 | f05c7800ccfc8f6af259816fbcf023768bd3221537911f0a2c5106fb20040957316157ac537d2f509da69b5c3333a8a075b1442ccca352019011020b16ea606a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:39
Reported
2024-06-13 04:41
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d8af431e64fc3964e5ec68e5d20a71_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9671846f8,0x7ff967184708,0x7ff967184718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1453295847152033808,15034941237930686679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | globalconferencemanagementgroup.com | udp |
| IN | 64.227.147.219:80 | globalconferencemanagementgroup.com | tcp |
| US | 8.8.8.8:53 | btjdesign.com | udp |
| US | 8.8.8.8:53 | www.osv.org | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | thevirtualinstructor.com | udp |
| US | 8.8.8.8:53 | boomeria.org | udp |
| US | 8.8.8.8:53 | www2.seminolestate.edu | udp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | www.gifs.net | udp |
| US | 8.8.8.8:53 | beaversmill.ieasysite.com | udp |
| US | 8.8.8.8:53 | www.f-lohmueller.de | udp |
| US | 203.29.75.83:80 | www.f-lohmueller.de | tcp |
| US | 104.21.90.109:80 | www.osv.org | tcp |
| US | 104.21.4.138:80 | www.gifs.net | tcp |
| US | 18.245.199.23:80 | www.deviantart.com | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| US | 50.63.8.12:80 | btjdesign.com | tcp |
| US | 104.21.90.109:443 | www.osv.org | tcp |
| US | 18.245.199.23:443 | www.deviantart.com | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| US | 216.120.208.20:80 | www2.seminolestate.edu | tcp |
| US | 162.214.73.201:80 | thevirtualinstructor.com | tcp |
| US | 162.214.73.201:80 | thevirtualinstructor.com | tcp |
| US | 216.120.208.20:80 | www2.seminolestate.edu | tcp |
| US | 203.29.75.83:443 | www.f-lohmueller.de | tcp |
| US | 8.8.8.8:53 | www.animationlibrary.com | udp |
| US | 63.249.103.219:80 | boomeria.org | tcp |
| IN | 64.227.147.219:443 | globalconferencemanagementgroup.com | tcp |
| US | 172.66.40.159:443 | www.animationlibrary.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.147.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.59.15.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.75.29.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.8.63.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.73.214.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.40.66.172.in-addr.arpa | udp |
| US | 162.214.73.201:443 | thevirtualinstructor.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 219.103.249.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4324_TPLODQGMDVBVHBJM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4871e520b1a78c451830dc52f5eb7d8c |
| SHA1 | bae34c6e2ef18a7099fa7c8d7c2df1ad34adcd17 |
| SHA256 | 617cfff2bde058059c6d6e2526162ba5a7737011c0526fa335fad91675a4022a |
| SHA512 | 10b66b58cc85f51eb816409a1d260b0254aae4db4697864eca6b4a96daa7f1493ccf39062cd20e54bdb515192e58fdfab04d61e92fecd1ce6c311578bb6cdbc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 41a2de352e47e5301842dd14c704222a |
| SHA1 | 9c8f4e7602f83c3eb54f42cbf6af1f1efbee0ed9 |
| SHA256 | 008ae32c54e281d5a2e0cbae36b6fc362358e3e18151b06f9112bc64c4290555 |
| SHA512 | 5906f3c0ea32a97e6968e5aa736333f5471f21eb5faa16443fcc3a7e8f0b57af44402bae48c0937810071cc17c3cd3965abcbf9d70cbc6ff6799cfafa8662287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2646b44b88c966af01a0127095703241 |
| SHA1 | 893c153f2683c7c35e3f046648b23c98e6ff7f6b |
| SHA256 | e3369d2e58cb60c0ac7779aa4a936ef4e763f497cac4a2e95674866da9e80db3 |
| SHA512 | 1f826e1cd9ce880fbdf73741e565cb4017a6789df1d29e5a8a91c603c871cc9cf63e24d83bbed90d5ed3f95f0a3023a92a294938d84432caad0e0f7ea7339662 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d330de56f2ea2edc37dc531113dd1016 |
| SHA1 | d317e3331463aca9441aa1aa2c66831fb97b8edb |
| SHA256 | 7ad54c541ac2e2fe40f9feb1954ab915a760d7e51a78ab0d7d0bbd499e6d50e0 |
| SHA512 | b76f3109cd64ad0382743c15043eff8d0ed1e36c396484340bcfe3d599a7ac2ec815bcbc12ccb97d3bc9ffaf258464a04f2e1ffc121a177afc0cf1549131e72f |