Analysis Overview
SHA256
8231bf3c2fca0a4d80b7e2fd2d3a03a472b65450470162f66d1309b179e93920
Threat Level: No (potentially) malicious behavior was detected
The file a43837f6e07b05de9778f3fa68b2975e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:32
Reported
2024-06-13 06:34
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002eebc904feda74439599e3bd221b7923000000000200000000001066000000010000200000004b245a467db78736fe3dd1a31d53a0a7af85b3802e83c777fadf43b364bf2576000000000e800000000200002000000043012c7742cd81e179fdf07963833bf7fcd6aa9ce074dad1097040601fc13aa89000000093b684cbd3240a078fbffdffd5e2c19db69b1ca52a44fff43094cee5e20af2a9fb2e94ad6d8b13f43101267ae5c17c59df84f9a18d21716929b31648eb1f83a6424cfd04300dcc90f3c6580f900580b00743eff46ad50ee5ae48022dc289bfb7f29412dbb5b960e05bf9912ac899ea1ee906d222c5c383ca77e26a7168b6a298244c9bdade202c7cd5dfb5382ee4e4ac40000000d7997fe53697b0c21139207f69df37724d1327076decba75d20ce64ead71169f3cf4c1c4a023611a3ab789f333269e776347abe678934d7ed86097cfbbafeb1a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC18E011-294E-11EF-9F86-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422202" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002eebc904feda74439599e3bd221b792300000000020000000000106600000001000020000000be2b73e433114f8e7ff62822f6aedce5b8f31a3033a0789a47c955696918ceda000000000e8000000002000020000000faf4785dda44d43abac5f0d526c5baad7c4f3160cf6a614244a761306dc63c44200000001d06ff21f8c1a298fb5e78aae4d833d1b0c8787371d8ab3f59ebdd504435885640000000b6191ac624d3a22f4bb3b90551be710d84aa2f0d5251c4957089225ff5dc462c6d7d10c07df25d2b889f7e661fcc44d08b77e019f8ea30de52a02a3849a20c7a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d022f9825bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43837f6e07b05de9778f3fa68b2975e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C9E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2CB1.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\Local\Temp\Cab2D7E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2D83.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c0e0430bf2a4b35f0567860a2f02d5f |
| SHA1 | ef368e14be1666ff847bf0dad0d9ae08dc6375b0 |
| SHA256 | 91c494ae00cf4cc46e9def2aedfb08595d63c9059447bb59ba5e891dcb7d771a |
| SHA512 | 4c610e45953d35ed43053305730d5da93650a46a20b05883dddf20e02e0bf8d7a7652f88bbc1007eaaca95470fe962871bf757adbacbde0ff2d2cc65baedb2c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf1db853a01c921253b0cea5197f0a3d |
| SHA1 | ccc412622f22e9c0c166c28166a9e9ca9e15e6b3 |
| SHA256 | bb8c84a84dd30b9a4ad4afd7aabe1e4ce89bc03b9718fa9b90c48499ade80f92 |
| SHA512 | 28f89247583cd04e25b662512bfe1ec40246099969bb883e149688ee4b9854417176ee3ca4a49c32f1025bd4c0a32e8cc1c625d1429a500eb48b1d37ac383c5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bcd01d4f56e32ba66b777cd51ef1dd2 |
| SHA1 | a8fddf6d4eb812d3c6260d154a2167ee639f308d |
| SHA256 | b92f2b72fff21e3e105a4ba1c637958594534b3ee011284cc9524b62bc7bbaf1 |
| SHA512 | 6e21bde91743062813714212a5d98d886c83668528a12b16f913baaeae07bb31bef42d7a07c637255a717234f593123207540eedd6a0e3d41bb1979829780926 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88dafceb22c70de287082c42055304a8 |
| SHA1 | 7a748c5fec934912fec0fc9e5a67a50c2d9de7e6 |
| SHA256 | cbddd11b39213f70710016b7da6738877b9f6e5549797600b0056f03c10a3bc6 |
| SHA512 | 63c627d9c71fec8371ef51a58e9eb377fdc8fb653ea0c57d6a18c025d661162b0925b0b9c1c2c1adf5af002e13a8a977dc720fd3ff36403faac9ab5d22226ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6284785923cfcef06427ea81cd85f0d |
| SHA1 | a1f9ae3fc898e9c8780120e86becf34362fbcbad |
| SHA256 | 97d52a7972344f621906a3193e0716228e79990a243361f27ace89edb6033161 |
| SHA512 | b1f504b51d2d54ad78fe6445611c2f9e094f59a4637846083215084136b5ebd2265e21c83107c9891ae6d4b6c28aa9a64fa58a3443386baa5d190c5d97f9efd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d63702b3649a6447d3f32233a25c9f47 |
| SHA1 | 145433746f0d673da1eb6bb3d3e8abde3338023f |
| SHA256 | 78b8eeb27e5f09a95dab049cb7f40555d270c1d88dc0e38259760d0316d51b96 |
| SHA512 | 0ae97ba240e3eed5fb9baeeb1e3919cad6474f5b5240ca82b7e515d0e6b45a4ca057544eef3a7d624a61de73781cc0d42e7e22caba11be22e7cbf959ad9d9b0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f83f20cad3298d8e2ab5b1a8cce8846 |
| SHA1 | 4cb81f40753a670573948b367de844f8ffefe776 |
| SHA256 | c78790b34226222b1a13acc4c3371845d5109d00402de98d7a4c81d8e3192711 |
| SHA512 | c5ae247f4570f511a1b3dc6d13f9e98e08c003bfbcc1a3ab79b8151b84e7b869da4dd72f6afd23249b20e5eb02aae4ee98622255780ae28c9d5fffa0de567f43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9b429e74db94f9b781c575d4e00f331 |
| SHA1 | 89200eb20eedba9b5451d2cfc0f4b78c50d99549 |
| SHA256 | 660086b798363f4bed9dc979b0f5502ccb755a49099eea7f8125bfd5a0d14b83 |
| SHA512 | 3910ac040deacce55cc0c846f702719feab34209240313507012b54b5483025ce96d419912fbaedef294ea6bd0ab215d4b7961a206b890e70e7f927c8decd9b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24789e4fd9116354cb04fc6f1413d0f0 |
| SHA1 | df368eb70bf8ebdd3385aebfdd45386f441aa010 |
| SHA256 | 5761ddef431acd02617a1ab1f73e15d5e8bf7723c500661c2a961710d2813b1d |
| SHA512 | c0c018a6e682edc189b309431d2b52e36bfbb331c1e281f8ef98c848438cf7f34d4f7775486d3d6dfac5939c773967597e3e05f4b7f8198f9d691c183d51ce25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48cab82832a037e3273269da0e1deecc |
| SHA1 | cf0b91009d82606ea880aa34fa6b7dc1c2f11bfa |
| SHA256 | 5466b6e899b7aa86cc6dbe6c022f0fce16a88d6661ea460955ea71f095821d8a |
| SHA512 | cd812cb86bf1e5a18bc0f0c940fb5d78a673b6382b0c262a11c20fa1746139033166c84787383335981e8ed38694cdf21c749951ddbbe5aece73849ce8257c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cecb1113de454528ecb186b0adf2fb3b |
| SHA1 | 18b927703f92a7609b76e94013682a53c9edaad9 |
| SHA256 | 209a52e8db27a437ef6615a6ac7794ab098934508fa5f84f8893cdcf10b07431 |
| SHA512 | 9c8fb3d13c0eb1914b4d99b7a71eae2fc76166d6dca2e76c1b1cf7ac4e1fb2278cfb5b8de613306fcb64fb7dfc1f4c234dcf251b9617333d9bd58e1210a7cd75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b252d9191a32bc21b820ab7a6c86430c |
| SHA1 | f20ca288626f946503bb456986768f9961bc9474 |
| SHA256 | ad45ccbff53b1ccd3091b118d5f96ec4d1a659b6e53c4526a6aa92e2ea7dc38b |
| SHA512 | 2256b7206a1c0358087d3406a145fcdd020185557fa6b9ca8f1a67d4af8aff938bb6e26b34dfa3da06baae8edcd7490b01ec87cd301515e058629649d4220897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fafd1c29e810315cfd7ac4aba230e7b2 |
| SHA1 | 5398d104854df1747e32cb17e077480461e47f40 |
| SHA256 | 0beb24ed3532b5281e393adeec4890ef4c94c8a1d7b368bef6cf19fd66730137 |
| SHA512 | eb30ac56cca47dfddbd8279da45bbcbf3f448fb19450afd9af02bd58ead233f62f124519e6d82492787227eb0863f799ed0652ef81cae5c33ff314568b34542b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 33a98b918e298fe1f4dcf4e3fd535e13 |
| SHA1 | ea690809454c8b0fcea54c7659cc2ce9726417dd |
| SHA256 | 0a288faf3209ffc72b3dce016b5648d11625fd9e025f2c51d2b91a81b4ad7665 |
| SHA512 | c45b804075b0f8ebfe75de12d80db1211d48b87bd439947b2428afbd138a8b176cd4be13c083a3ba27b8072caee782ae2cc3635bb84d04ac0c8f3c4b0529ed65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c34a8d0a56f7619687acced4b277cf6c |
| SHA1 | 075b14419600fbf4fe025efc30f0ab138151d768 |
| SHA256 | 222868e32249467022bccbf9e4c2f56c2553fa8afc8d223456f7ff36b1d72721 |
| SHA512 | 37ebaae764486f8a5b9157a912c8580e7384e56fc344f02c8212906b81a81e8d3990bfcd6fc8f7ad692e3ca99bc23c9c3cc9de0d16f78d71be7dc1bfcf1feef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e67bf940bf75997b7fd903cbd900199 |
| SHA1 | ed3ccdee02d02c6788b6af418c4a4b07cc1e2c40 |
| SHA256 | a1069c4b083ce700a812bd43bc40018842b4530bf837f8fd2eb8429ea0f6c75f |
| SHA512 | 98aef58663a7581d317551e8be0135ef2e414c36cc9eeb6998662dbee5508823a173fd893e4f2337d37ba903ae35e4b1a1155e31e02a88557da76fdb71ad7382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e018d448592bfb96e78bc46bfada6e8 |
| SHA1 | 87d431844293948466968718e5a266925e8cd208 |
| SHA256 | b3fd3ffddadb9b3661533f87320ef42e1201a89d34b8d6b86c9b51b1cca9cef6 |
| SHA512 | 1ccae85eef187259409199e9c18a700910dd59ce52c781bb4a563c3434b381799fecb4516617183f4c0525f2d13b83b7fb07dfe60c69285624ba5f48759ddfeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1c3ece9f485c8e7c23fa77eaed82de9 |
| SHA1 | ee77dcff602d1681e25adf8c4746e1632cec7364 |
| SHA256 | 81b8548b9863223fe4674a2b2a1f044a14833615782ce0fab8635222aeb86af5 |
| SHA512 | 6f9e9b9498cdf18c9439a204ccb029a6b05fa49a02e25eb38a9c1425c2fe7d377714d5ca63c8d008387d502aa68a1caf92ebfc2ad5810376188161a5e535996e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e495f451351b6c07261252a3443593b |
| SHA1 | da96707610379fc2a16082bf3667e966693a5c82 |
| SHA256 | 937bc5d999aa6b46d5412fd6a33eda3c111578a1c36c07ae3a16ab3ade1f6802 |
| SHA512 | 587eaa408ee74a474f3e84bb5f6daa97d02ce83819bc216986f054f09db08d575deb41e17e10112ce4fa92f65ebe478cabb04e2ea21cd02b44676c7f93c2a7ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 425bc495a8c8389dac6c356ca4242a46 |
| SHA1 | 5906909d5a18b92c3c7b527fec0c23d78dcb9507 |
| SHA256 | 18613d7ca435656cb97d4f6ab20dc6086c5ac1aa26214cb507bb083306e15e47 |
| SHA512 | eef1fb239c94880948fa635bd834cd357c6c0d0bdfe3d8b5ca5155bca02ee877b3df06a8a5ba2b2abf6d68f795a118210a6bb20ddda0d37d59150bbc2a70e9ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d51a955fdfceb868183b73520b71f938 |
| SHA1 | a7a7b74268b5aee396c1cade8495e4feb7a39a61 |
| SHA256 | d27a7f9b49edc99468b52d91f7534921461f41d631d5853de5d2f8e12b50293d |
| SHA512 | aa06f8f6eaa80d7d2e861ed6f7c8806fcf284a19ce7cc6021f478a0a91d0f7b7dba29ef7b7a1cebbc776156d6bcf61b352ccb6cffaa1f374bb1a83eb8143997d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1635b06c994ae2582b18391f8acc9e03 |
| SHA1 | 04f474bd5f4bf178716e2e7e1f921867b6f3454d |
| SHA256 | c8421ac59626ecd2d2f492c99381f865c07dc9c6009b340e93d232e44a479543 |
| SHA512 | e51efd18c22912e3b7bbacd805a11b08d0ac7a483f3856667e6b11d948203cac179911d581cded429aa424dfefc2e3073f91adbc79b4e8848e3f1f6e8592275e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c286014d23b3a1e8ceff5effc8024bac |
| SHA1 | 4f324886955a4aa2c0b52165980b38d9963eb998 |
| SHA256 | b2f4280fe2ca35889b0519687858d272d3bc0cae62cbbe33324f0e62204655de |
| SHA512 | abcb8e3ac57366a815f88d3a8e0a815263d701f8dd0b73bfe6e077fccc149b41aa03e41d559968efa44806d007d02e4aae7d9211106481ac07652bdbfbb57656 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:32
Reported
2024-06-13 06:34
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43837f6e07b05de9778f3fa68b2975e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf84646f8,0x7ffdf8464708,0x7ffdf8464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14055286572216645904,9369997458026922656,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_3196_QODAFXZSCCJDXPTO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c3b4f2a29816f29c55a72bcf0034485 |
| SHA1 | 3e6bedc723a85848434a3488920f649d964c9bc9 |
| SHA256 | 418e07107013745acc1b1e4579bd671342e1c7e4848a505d23c2b2bb4a06a65c |
| SHA512 | df2d850eb0ce8117af50a319f3cbff412db965f0affe17f5441f014080e9cacade3a8e05ef6218c8f993451dc74b22aa3cd70d5673abaae4eee155666f08ec7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb24ef8c9712ade329388e096309afb1 |
| SHA1 | a6e3ed0d5070c1d208ca953ba4746d1d6e080d25 |
| SHA256 | 562b5cc667cefd91501e8151ff4da6c95ab4e6056a77b58fb27bf24a6bcf2bcf |
| SHA512 | 1dc0c195a5e5ee10c39f184ac3af0e3e39b38b1e87d4f4a778124b87c7c05be2c9c0e6d35f4eb789afb3a3eae47665d3519e4e37f9354d77dbb1f555a12d6db8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7cfd6387c24b4d9a7aa501874390601e |
| SHA1 | 857704bd9aa4856ec1f1133fec5a63755e0f3e0d |
| SHA256 | fd95cbf4212eac75a05ae2c0c8f19c7b6d943609c8320790023ad7990f018fc3 |
| SHA512 | 538e5588973c84713275b9ede583d3af6b627a517e2de33f4a56c949e7fb58840b67b746c813c70110334003861f6747ddf486dc5ad1ef8e6c75189353c95bf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e42499b9a60ebbef1721b4df5234d150 |
| SHA1 | 2d5769c5ed1c78978dc0d5daa5d56869f7bb66c3 |
| SHA256 | 60ff90da33a5168b1c3035a2509c679fa609e39367dcfbaf1ca722dc587e6920 |
| SHA512 | 4585c2bed5af9e4515304b007a3ad09a14a5397183b140ebb422914a2711816a598593f9e26ff6ec5a543d9460567f285abe5baad2e585450c138c5712e5778a |