Analysis Overview
SHA256
821fc4b105fd036785f18e935f193bae75bba0e68669872f478e6e8395eb8c2a
Threat Level: No (potentially) malicious behavior was detected
The file a3e6c9ce6d85dbbd25359ca4b4adb159_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:03
Platform
win7-20240221-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f5e5d44ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000054bcbd2df51d8e4a8229899961cc4cbf00000000020000000000106600000001000020000000a2a22c28bbc42badd857387c325be65ffe60ce37b2b18453b294cf6ed4f37aa9000000000e8000000002000020000000bf58f0076e8fb638bdc1af73941b0000052a987a2590715b7b5cdf50d44f962b90000000560b800211c3a711d4097bd61489cffc1de3f62f0f210287d9ef5a8e5888872c203b9404c031ca30ec60c775c952ffc45459fba41bb392bbf4c975a476d196873929d177e6430ef6afe4349304998aad9b36f31af62eeed7062e081305a032612a8a2643b8ae082f3516254f14d2df1b026cc4ab70787215ba54b623511a20c768a9453d8cc99fc9e530a0f486b85590400000007486a13e8273910fa24659b2a7dcb73e47a3cd0d960976065ce41d3eda028a5831422702e0803b25c2a0f962cae6c692cd7c6d48bd34444c7342274dcf3805f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000054bcbd2df51d8e4a8229899961cc4cbf000000000200000000001066000000010000200000008533317bd243f9f0d3fcefeb3e578df2c78e330a1e1066827c126f8de83ee03b000000000e80000000020000200000007e2be02e0bfe75e1ab247c503bbc97bbc32fd80d43faec350fe7eacb604b2674200000007bb425195cc3f8de2925a3f10c94e56d4aa25b3e568c1b50b48f1c9ce19026bf40000000153d6f9b41e10f237297c4a5be95ecee913877860f02e97da138fec6d1b562a1ab35af3af6a24a3997c5bb8fca90f6bb6ca78797e7ce8659171860f957c0208e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC4FBD41-2941-11EF-BAF4-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416753" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e6c9ce6d85dbbd25359ca4b4adb159_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.flattr.com | udp |
| US | 8.8.8.8:53 | www.anddev.org | udp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| US | 172.67.70.66:80 | api.flattr.com | tcp |
| US | 172.67.70.66:80 | api.flattr.com | tcp |
| US | 172.67.70.66:443 | api.flattr.com | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| JP | 160.16.125.228:80 | www.anddev.org | tcp |
| US | 8.8.8.8:53 | anddev.org | udp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| JP | 160.16.125.228:80 | anddev.org | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C57.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3C69.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f5302416abd97dbebb8c27ceb469039 |
| SHA1 | 2bbfe2db7df71205ec798cfd7204498129115921 |
| SHA256 | 6034f790b2b1fcf60786e8f72446abf9dbf1bfa0088b63582bad0f7d06a66f5c |
| SHA512 | d305a5d74537ea6f27fb1d7f58fd19c9809cf3977ca03a7e4f5b631d63e6cb1e03d09a34c6c732a76533c8647871cfa685e14d07c1973015c81e493df5d4fb4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D3A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0fa23b636f340aadf22b5e4d444259 |
| SHA1 | 51b4f871c2dd73b785f487ec10a3dc36ae929815 |
| SHA256 | 9e923ae0ac13522015ee36bb6a64358bc811bcd950ef4f52f2f4d70b104c2d19 |
| SHA512 | 611c511551e6e42e2b00809a1fd293f82a513671c21dc8e3ff402c1fd7af9bd8cd2e437f4cf13c7d0ef7f5f52fd714e01549b617441ccc8057f87ab24ceaa0e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bafa2a9959715a2fa58208915bf692c |
| SHA1 | fcea47ebf4cc040407fbb0ebb1f85d5628bdb297 |
| SHA256 | 739a85e5fe84c87b272e212f4d74d8c2df903c084ff73b951866ae40646a8adb |
| SHA512 | 5943f04a0a4ea4bf7441b85e00291798174b98cf53a17a487ccac144e97ff2c8ff92ecc08ce453f52021b1d0189d378125bbf3156e813cbf7426b11641a0dba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b867716e5ff4136b00309e72e14fe26 |
| SHA1 | 1f501ff531c619e87ef6fb277abcfa9b94f7cfc6 |
| SHA256 | b1e07292ce912ac756da880c78360295cc91c379a353293a907822bdbd708dec |
| SHA512 | 879802ee76fb1d30670547e88d57980fa72d09eaaa24078ae809fa70e70a656667642c3902911a1d3bc2d91056080ae603ecaa38b6a0962add8edc04adab71b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3db25ee9f07921d7d843086bcfc7dea |
| SHA1 | dedbd987ba3e3109137d5a1f06a8073acc1f8f07 |
| SHA256 | 5a79ff364bb7e45a983f64f8f2d7b9b70fb72274dd5c91c2f8e0d7d3f966728b |
| SHA512 | 35d477da62713478e80e6987371a2e4aaa9e067b3139ea63d3a646456be85a72a41b8f8981fac589c526f832ac3089cea94aa877c8addaa88eaf162d05f35463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f002e708b32bc69b3fbd9546462abb5a |
| SHA1 | b45bbbd7f384ff245d10d9b0a8eb3e2f4acb7db0 |
| SHA256 | d891cd68a83214a710fd0c8110ad582f7a5285b439a82adcd3739724cc48a43a |
| SHA512 | a2dc9e30c95bb09751069e76f727b1a211f3b6ec258cd598277e90111b278b3de298552e831fb87865d378992be7d420bf8a2705c2cab1f33d84df9e87064e4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a952cd818e14488e159fd6e8ce6896 |
| SHA1 | 88b57cb08eb1b5a8ec5830fdf5beb1a27b3dee10 |
| SHA256 | 5e5256063600563b7b878c4e9ed763ac477b430fc50479f3be6eddb4649251df |
| SHA512 | 42ed9656fe4cd2feae2566620bb2f9f3fcd65b792e3779c50737f3b8aeddece2d0c0aabfc0755bdbbaaeeeaa16a927c6ac742a6465d1fa45f1049feb9928fed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e460aad325d0fab3bb471a7ed342bcd5 |
| SHA1 | e9d4b6e43b285237ab71ac924f6959e7bdaee114 |
| SHA256 | 9b0c61e7f6b8b037a4630f084d5e1daf97eade2ea5a95314d510a75390ae1899 |
| SHA512 | 15d7e6871503cc102d78f515fd9c5acd182636460a084b1ade29d7bf28d1fe213d25db26d9042e96efc746ff7f9136fc14827e693b8a29baa0da89ae1030b7f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0e3c751d4ce91d6dd70380ac9f2fea |
| SHA1 | e909e26c56bff6c54c5cad9932de0cfdc3e7c388 |
| SHA256 | 0e2b51d6a9c1543ae4b3c1766b03263c6a2faf37e80e536c16d6d1830768ba3e |
| SHA512 | ae56e29abd4f483138025cb3ce030cf79547f0830831e9669232a97c14678af67c0e377ce016bc8360f59f01100d964fd218c37c60eb57a71b57435cf53f9f07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ae70266ef6012cf9b11d9a94974dd99 |
| SHA1 | cacc0272f0c9a0291fbe96cca75b0f838b4d270a |
| SHA256 | b18ce38b4f17f24195cebd34d84f80a651345ad63e4834e8de132d7231cdb7d2 |
| SHA512 | 9091eb7f3d01c45bf38655494fccf4befec452d63fd2e1f927b08c29612f680e6466d7082cf3a964037159c4d6b5e053b94eeb29d3be78ab6420bc01c6513cab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 151ee71983a4cecfa2b4c23ab4fa0f5c |
| SHA1 | ac2332c1b44478fa2bc3ee6a3be7efb5fea55780 |
| SHA256 | d57e6bb1b48b18100fdff7581a178a9d8c93a21f3bbebf590ab39f905dd91c8c |
| SHA512 | 765f64384c02d55297dfe6d4915672ba53ee68a5bc84c77e4b9c7b968b5221daf2bbe94b12b491afe8da8c37b70ae4313e1f82a39ebc4ecafbe0666f1f68137a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5f396b3641eee4ae5a844a80045c826 |
| SHA1 | c405721b694c2f9832e38cd9c387f78d7cb6e7f0 |
| SHA256 | e4452223410b8e9c437394a7ae589341c9c5c9fd0aebdcd2ce1d9e6c2d3b3f0c |
| SHA512 | 0530a08e0e1f1bbe248a0cacae1a81f30e26d8425f13fd53bcedaf7bab119243e27ac4684547e0a34eaa5380421a8b876055ad21683bf1628bd6a31050485ef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f08a6bd9588199c15c32fa5358819f8d |
| SHA1 | 549ad84fca5970dc1bb4054da4eba92088573d95 |
| SHA256 | 4782b64dd2367240f4e6b2eafa4fb097c19ffda2f5fb17a30a6601332b89ad99 |
| SHA512 | 52967306a132b2df1c8fba04721b3bb908832ac76da5885dfc7951916805eb9291e6004e51958872da91a107ba769b0527c05ba4b1a6e4fee4ea8e7fed8c8a46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fec5c904736df936cb46d60f4b39d88f |
| SHA1 | 64d1054397d987c814cd1963f406d7645c77d52a |
| SHA256 | 5d0f8b3404251074cb59e0d9b3bbfe995901679f6174f25ae79ab7fba0df2386 |
| SHA512 | fc61810e91bfc1b7655adb6b694a87a8a4cad63d07eacb358208c78c7f0a4e377d34cc0b29d60cdce10cd2501979cf7446ebcc72b2c0d610a81e6728b1500772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ede71d8eac86d6752cc57b87862c5cf0 |
| SHA1 | b5718400f2034ba62f8b13ab7566479743891c0e |
| SHA256 | f10670943e0d3bb80a3f11091306f8de4229c2c1bb2c27d93920f402bd04ef60 |
| SHA512 | 4bd852015865ffaa91bdb7b20582d804b3d6f4e41cc94a28f6a3106358fd8eb2dacfa0e97f2c6605128dafd5ac05e94bd678241dad2e2bd6ed0187a4cd8bb544 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f8304f79ec93af49037e27a2e17870cb |
| SHA1 | 441d3cc31a9768b42fa2fe40c574be890ebbd8bc |
| SHA256 | ffb6f5063988fed70f49a538c006ec63279635ef3f2c2e82686334cc43b1b729 |
| SHA512 | f071ccbb5be8ec294fa1e8e1b169330757abdb51dd35d9c44fb57ef4804cbef79756d5df2a8627580ecaad7b3e889f831635702083b2014c814cada4ad89c407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c8fea526672c2acbe88e7a7efccdc68 |
| SHA1 | 035a7fda9c7a0e4a17e96b3ad9b694ca4ef343e8 |
| SHA256 | 38bf2bbb20c3ff0711af5f1e7ab11cde52d337396accf2855c6347b573a9422d |
| SHA512 | f98e7fc5502c8c747569d2946f171e77aac6b1b2cfa60467a3531fb59d72af07f8435d580636ec55670ceb9f3c297b73a914b6a25bc2bf22dd40f4b840c35d59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a37c056458031fdbd37bb6dc4f0a9fe6 |
| SHA1 | a2a9d571efe39df2d5625c6bf9f0086e8703f59f |
| SHA256 | 394d7e1b1210afed2fc91dcb48eccd47172016ef32d1d04b84b561b9015c61f2 |
| SHA512 | e0bb108c34f981ff573833c87f3c1f45903e7c0e3de4b6fc48cfd119254bf8c440a08cc34cf37b95126b2655a2ff6c342d764a6e673209f6634adc7d263c44a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddcecd1542c922459fc8a6120079a0dc |
| SHA1 | 24d3513c066ba72e5cb945104de1e76bcfdd5112 |
| SHA256 | 739a6c6399fd6e44da2aff9320fbc1e6e9d6387bbc6194382a8d3146a3bb6dcd |
| SHA512 | 779689bdd7d0f8635947676256bd9e220280957e371894fb16a57a93b07f532ad4a17815fd64e808661e864f2417548c87801450140dd05812bd624b11ec2fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de46d78c1c374a4d501057dbe045863c |
| SHA1 | ef63b34cd0135b19afbdc3a4aa11a83c83e323ae |
| SHA256 | c11248d09ed2c08cf13426ea817f5dd083d59b8cce0f1b461c89995e1759f36c |
| SHA512 | 1758ce2b15a67e3606a74a252f406232c1f58b4494f5f4faa7c35153e49c45ef98c213229da56d0226ae670f27675e11fb2f8643d677ee3b0d027b62b2ca3ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae1b8112ac0a1ccb7f7e816f7b382f2d |
| SHA1 | d20796d4c209a752f59ecde0e83ccf39cd161d89 |
| SHA256 | af2376a76bd66847691abd30702910fe0ff866333a52d6bd2122dc797dcec217 |
| SHA512 | 902e1d3f20a6e5a9dc4f421057b743bc99b7dff00d9c82c426ca61a814953a68430611f3dcc45f860b27fe5cf6081302eca80f19fac457b0b93f6b7282604782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 18ccad5412b4bccadce603f172d79da1 |
| SHA1 | c6ef56a73f88a0d63bc683d9d1decca8afdc6044 |
| SHA256 | 5de96901535dcd1909e9e4cf9e4d32fca664ab0721a36c14cde6923d4968affa |
| SHA512 | ae82c05e8f3faee540c8ef6850647b026e1daa46ce3c2fc8753406bc8dd6057af039ebd378bb89fb331ff349b852e585c0cd4d3027e9919dbdf51ac41ed274d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16c2689935883e191ba702cc9ac5b3d9 |
| SHA1 | 2c8e29a4919404da09ab2c891b63e2a272ebac9e |
| SHA256 | 0b2f209406abca8204e6302be319beec37135a0dbd9a5962946667a86dff5a7c |
| SHA512 | 9e2cb161de51d2918db7f15614f3c591567c264d81b400ba9fea6f82adc614823c63995bea2d07b9643d7843ce124743fa7b6a2db0cb0ec145e0040ccb1859e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0dac263aed0938ad6c060f4a24c686d |
| SHA1 | 7162dc27bc9b24ef85bbbcaf871c150cdbe7b227 |
| SHA256 | 532c6dfd5c802ec0d5a6e43da2b38da1143448bcd32db3a4edf599f3603f45dd |
| SHA512 | 604f62c8f51ae1200fb10f2932106a14159077a265a15181d89ffc7c2a5329897b09aedbcb050681211ac09a31b029a758bab85753b9a4b6d7c6f3d66d49b1ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:04
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e6c9ce6d85dbbd25359ca4b4adb159_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2a3446f8,0x7ffb2a344708,0x7ffb2a344718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13609449778175075777,10410471250298495106,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.flattr.com | udp |
| US | 8.8.8.8:53 | www.anddev.org | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.anddev.org | udp |
| US | 8.8.8.8:53 | www.anddev.org | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3876_HPUGHTWBKUCZTENX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97aef4db030a44eb92745a727f241af4 |
| SHA1 | 0f1244055725dac48a90859b909af097b707e6f3 |
| SHA256 | 85bf892d1536bec04bc7603dcff66161e6fc004b683690cc7177dd5060106300 |
| SHA512 | e53c750dd9e26d7a409d2615fc7638662228a46e159946d84aacabfca31eacbe94b26bc46d570d70240c4a3b5e39299a6c399c3d92977e7b729ed61e67a79b3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 693e3cdf75430460200b1b8ea82df2a1 |
| SHA1 | 52f21103dbdeed3e2f59bcbb7dac23a7b37747e6 |
| SHA256 | 3457162c898d7f2d6796ad6e8c7f11c713ac1c1efc672cda5da04d7988ee243e |
| SHA512 | b488544f9006ca1942ac9dd5323c9a2f6d557fd66d6574052fd63f6f591dbb5c600f6329c9094270f1d1c0b46822bec2999b0ca2cd50a3a675a9f33f281a7eef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 603999365eee2fe02c53fa74971b8110 |
| SHA1 | 6e43458c792514d466d60fc53bfba7974e76581a |
| SHA256 | 155274eae60bbdef216c98046c58d85e5a5f02e1d2143c66a0ddd68ec57ccc19 |
| SHA512 | cb49795775b3d5b1d32f6df1bc1902cc587be718922a45d559ef95823a3a211b9a8beb5c2132ce379f763b37d362ea5351d901a2ff520b5c1428c8468ad67eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |