Analysis Overview
SHA256
c7cd8724afee593e428059a3c03b7d4ff710894baed2a111777ac06d6dff67a3
Threat Level: No (potentially) malicious behavior was detected
The file a43af66dc9ad996858e3697330776a6c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:37
Platform
win7-20240221-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01a8aef5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005cee8f2a1b0f3d438e415d880fc2673900000000020000000000106600000001000020000000708ec5977153e233dc6ce39d23cf8e219927dc2219d76f06827aaae859888588000000000e80000000020000200000004cb7b37991929e9c01e4d6263bc14c5cb54ca4671017019f2ee64f2e8a69f72620000000e2722656f66e5b03b5f2f279b4f89d071a6b0f31b6609c86b84127ce15f422c7400000006d8fdd1d17c53261ab2510974974127902fb83fa8e9ae96181a0afca5f59df8db04dd6c5009e17bb83fa6e27ea4aed3a590c8a26780de6a8793f697bcebd3db4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A591E51-294F-11EF-BEEC-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005cee8f2a1b0f3d438e415d880fc2673900000000020000000000106600000001000020000000439b7c5a7feecd85a441439b132360a74dbf3adae89aaddc22397f23483cd750000000000e80000000020000200000009f2ae635062ab7052a3ecdc34baec4117ee5b992f66735c9b514dee4e36be55190000000e69246695191b456bf5886b6b945bad26b3d2a7c650ac4b3aa73855e92fe1697d8afe3c0852fabfeac772ad71d3543d371fe50c1ef2c85c17f718118c6285c7f378a9be9cbfb9f3933b4cf235d54b11b2dc570062081612c56a2184a5fb77c22dd42a3ce26fc389c20b598c651059ec959d25b480d6b9023422ca0f4cf0d5ddd8a04cc0af32a533b976484713b5883454000000037aa3ae08b19ab0b625845f61b53f6ebbb9d624868dd6ed6421c7d7f112ab36b226bd2540ff16e826111e351eba4974d0204e82aa02ab4a7eb35734ba4e81984 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422387" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1924 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43af66dc9ad996858e3697330776a6c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 684eb027551166bd41c9af950fe6702b |
| SHA1 | 838cc9987d4a3c4d6ea3e9741423cd513fa522ae |
| SHA256 | d2f6f65b8d2acd02c8d11dc12f1a24972c1327283907d1bf2702783b2ea26dcf |
| SHA512 | 5e702a90dc7f06942566e81ad8b53f6eb806961df515b385ec6f7f6177679c72e8b7b52b869764b8aba91a8c806cb8dde40f6faf0683cbfa03ba28fd7e4ea273 |
C:\Users\Admin\AppData\Local\Temp\Tar3019.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3018.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar30EA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce462c806885bca1938a924baa0bc31b |
| SHA1 | 660d7d9d6e73fc6f379b86e5ebb2f4c9e4e7e00e |
| SHA256 | 55bd6ab9a9a34b406635c6790297fceddc19051534c3417e7e381052c9d12457 |
| SHA512 | f9861505331cc9274d51859224ab98dc7ef9e06d5d5a8d842c3f5e5a857f8bde4a3c513c1d89a7b443c43a07cd4e9eab7981f837fa7b7bb26f929a32353488d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c45c6a6dd1327b9aea5cfb6d1dd20a00 |
| SHA1 | d1b6a95a3a67393a6a4be71bd04ec4a32e72bc60 |
| SHA256 | f2f13212dc5c6128cc8e26b1b167f66b9848e81e0d52d4b59245d894579a6a82 |
| SHA512 | 150820756bd036d8960ce8b530c934ffe429b5cb2c7365327654819ee3294f2ab019a52118b735f56c6b7b85d33cac64a19d1c7af420498c81e6df67671967ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6f2d753615cc12386083cd502dbc8e4 |
| SHA1 | 459839f125916e9477ba6bcb76372d4275cbe9e2 |
| SHA256 | 7b840405c12a26cfc6deade033b9f809e56f06a751a05b8a111895bc24cecfcf |
| SHA512 | 9a72a7c2a1defe8bb68bad782bbd5da18d291c7c1db055bfb0d2dda513dcea437f44943a190d4f3c1fd93159cea7744ebeb050f5147c8d1001ce2e8a8848ddda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57747ba87faae9c5b7018a09577993cb |
| SHA1 | bd5c30ee0e4dbdef296c9e43cbaaaaf65746a7e2 |
| SHA256 | 30545a2867fc5a0b4bbfa715923feb3e26926e87ed20cf506730477a2628ec88 |
| SHA512 | 8a139899f175c2bb32fb952ecf93a7fd4b62b1ee9c6610b8dd208ee68ccbeeaa5b50ab55f08fdac382c43b705cd38b6de3e5cc07c697cbf20dff8a3bbf142c86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58865824462756a44a9409d29fba134f |
| SHA1 | d0c631d6d80220de5e9721324cb121d70688d344 |
| SHA256 | fc13dd4bb5a2b51f7630cb8da9a05cb067eae850421e395d5b3c548c9f5fd0c5 |
| SHA512 | 1805e867198d5a880c76fcbb11b78014d1b6010af41259dbaa12c655a9ef0f472ce1ed84937e5ad69760a5c59aadbb7ac1a31b6ab2a71a5691c8fa01ea547825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44059ae9f3a8f419357cb529b6261b25 |
| SHA1 | 777473e670a77e97636573c1151fa99cd69d6010 |
| SHA256 | 231d3ef1f4ce127f6769d9e8213b3a614ace90990bc071be9f95aa6125b8507b |
| SHA512 | 84de627ff02b58a1c689b775fbea1218c7af01cf3da5f45def5d71136ae81925cb2283e1e3e893fc291439321f77e351d5934fbe02677a03a2b03aaeb2908e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ab6cb7ace632cbd9e0afa993236a8aa |
| SHA1 | f0dc2dd19d64f1e2b18f3ef34b4a3a847670539b |
| SHA256 | 24d7f78f2dd5f549afa9de32cab0e4d5141cd469a27768c07aca64803b2f8a4a |
| SHA512 | 4e2381e3003fca0971c7ab1adf1ef4e5f075dc8ff8437b3ade9590b22b0e164aafd224fa38a1c6c2f1cc620a38eb3d56ffa30673bd2de8184b1ad4b7c09a9fc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f656f7f0a15f9e0f173dc017c87b0a9 |
| SHA1 | 61a5fb54661f085d1dba9442ea4de0e6f41a45ed |
| SHA256 | dbd4096ded5e6d87ed9aef7d56f25f957e7388f40fe3102eb7a2b28aeb125aa5 |
| SHA512 | 01d546fdfee6336e3bedea5a71d46e30e297b9fedc0b170e4c7b4e7823f2da0ed4d4a5c45000b49cd145b86b5b03c5b723e0adf0687502e67f155805a24900fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c81c29cbc1efd77fbf12e031f33fb0c8 |
| SHA1 | 52213fb06819349d2c540106186534ca0d9fee4a |
| SHA256 | bac6b4ffc945c9c0f0ac15eeb06fba02617058f0e0dc9f7a1445398a9b7d25c2 |
| SHA512 | 8eb219b2112b91c9b8154c18c17ea5f526c4ab8af6bbb32434dabd6953f67a0fa103c0e34769cbc07ea44d8123c3badeddf4c5b4622b039be86d4b05faa0997e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962c540c5a8c6734290f567a859c5a4f |
| SHA1 | dc6af1d995d635d3117ce38cad723a14fa29c5ed |
| SHA256 | c2c19a10e24bbaef569d166a657e7f71331ff689b7e447df9393029447b7df45 |
| SHA512 | 582034cbc197e29ff5d9f20253cb6bb76aba7f461b194117d94a3d43eadeba94dab0ac17d67d8fc1739b95805e391f6486883623cac2c8a1a99a8714b6e5666f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f9cf6f7b26537a59dfac70fbaa4bf8c |
| SHA1 | e6408e20ec7670b2f54f01687b1eb28cda382614 |
| SHA256 | e2109d182c790fa4824aeb7f3298bdcea95447107af48882fbbc8c653bbc7718 |
| SHA512 | 871d8e69152bc198eca9590594b0c38eb7c780492557beed668c5948e13a58cc9f727b2c1067b1d5d53be7467195b1e857d841e8bfde9c182b7ab4fb44fd02f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0d882f27fa1494dc77b64761a070ef0f |
| SHA1 | b8228e6ce7fe345c3d5436b053725528d660df7f |
| SHA256 | f2bb9e3de25cdea4751fcfbc1f215c19ad9235f94fc704fc145e890553c669fc |
| SHA512 | 38f3a6f94a4bf3c1c093eef12872265d32c73bbba8e9589bcc9d91a4e0b802c0a31e8a481bc26addf4b88272a140ed2a3fbd66a56cff832d547063b78927da32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11f4bcfcf65d5415ffa880d7a10e1544 |
| SHA1 | 29bb2ab468583f7bc84a5165d82afaa5d28eb391 |
| SHA256 | 0c50377f324df70cb757d370b01c281f52a752d7689a160af72089dac513443f |
| SHA512 | 42016c8180e502d1997a1bf3eacf69a55d493f5173bcee0f622b57aa9a4b0cdc35c03f51ec34bc593c3d444af20f3c36a1b6408b52eb4b0656648a37b87ee749 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e595920f67768792ac9f5990a7909ff |
| SHA1 | 4ef3075e50deb3ab8a03f03b640e387215578cf9 |
| SHA256 | 28405f08a3dd60063c33c2f56764909b96872cc7bb96c042a5498ac5804165bd |
| SHA512 | fb3a01136996108be20fd353f9a28ada0a987fdac055ed0eb7058b515fa3e51b42593167ef980040c8a97c3505c16046d8439d4b732a6d116f9364b3b08876e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cde709af9719fa1510557d50181238b2 |
| SHA1 | f8870de9ddc343f0413edbd43f1724ebacc8d3d2 |
| SHA256 | 2281d599c67647c1f4e9d121fb14bac2d9ee162baa9470218e0eee9283b22c5c |
| SHA512 | 2ced56f440928936e97065c43fc545085630fc1a2577f5a5564717b5cf020dafee569c54f7fe139e112accf2ff4652d7d30957edb52adcf7e1105b3e2a71a4a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9801fe1f9b2a2d69668f9acd1b7bd98a |
| SHA1 | aba709d46473ea24d0edd85ac5974fa5fa23ba39 |
| SHA256 | bc5dac22b56b38f649e2698f15512917a6fc342c75f26544270fc934d248cb37 |
| SHA512 | 8561c8b56962945f8d33625bfaa2abec7a8464f274576118112dcd772aabab6bc34a88f66df10ea0dcb4dec68d88d93ed1372464845303be2d0cc2ca5c66c7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7caa096c7de173051bf19acad159d015 |
| SHA1 | 4d43f97d715cc13f8685a74b8fb71f77d10833ac |
| SHA256 | 6d1965a2e434f5d63bf4627116b3fb698a039e39be6f38cf683656b6314131d4 |
| SHA512 | bc13994ea1e5badf7012cbc93a58bc8d5a636505c1ae95dec95c3b25b09df5f1d73e053d5379ea31b9caa8eecd72c5611e583e70998206cafe14f8e4c30eaf2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 354fa0b098c1bed36fe6c7a9dc78304c |
| SHA1 | 59a622876215ce742b5490b6c8570029f220eec5 |
| SHA256 | d52195bf2910daebdcddf58b0f7f05365455599dd810ae5f8a27695a093f0ae1 |
| SHA512 | 1c7852f8d74bfbeb633f838047d056a90c37ef6f2266bea9e3b17c7b06ecc39ebe6c1f6e7795f1feb7fe04e62c463033038c8f23a547782a6e69db5d8ffa26fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 580cbadbac21832047d50f777f401ef8 |
| SHA1 | d40d69aa80d575eace2355c378a3137a161a87c2 |
| SHA256 | 79aab2e22d2121589c4d0b7c9e0399a45309e0b945a17b7ddc6e09ddc44f61cc |
| SHA512 | 81d2af91cfd0f7091f1fdc7857c872c609856762a8249694b84fa1bf77566f347591d482df682c44703c3c55bbe75ecb3b9afb9fbfc80344e6cb3d2ebaa17e59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0d074bdc57ecdb79846317c556029eb |
| SHA1 | a3b113c2a0c20b8d89709839ba2e497d74bf2c83 |
| SHA256 | f7c1568585901cc1f1577c1116b12c6f332fd2246bc673e44b3aa47db41ec427 |
| SHA512 | cacc8c751caddd9c9ef773517d1ff5dad1c14a528bee9ead8666596f191c413081a0d2388f567cea5bebb65200d469af625c0cb4e6df920e0e8e4bbb262b79b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bb1645244af6e21b11e7757b4f3a14d |
| SHA1 | 3c3d3046a698f11812ef07e2b96009ab18444b6e |
| SHA256 | 049aaae3c263837b214e7a6764d8bf4fc8de6db4f357fccec6d423162978fa45 |
| SHA512 | aeb97497254e96f4bb85194df874864f11649f32ce3690888abb3afd967d9fa9f96ab2628873e69d7a5513cfc24739dbb4a8037781507b2b730b31c1a5098d58 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:37
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43af66dc9ad996858e3697330776a6c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb08546f8,0x7ffbb0854708,0x7ffbb0854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15835497583268100171,1673463607966015218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | waterplusmaroc.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 162.241.194.14:80 | waterplusmaroc.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 162.241.194.14:80 | waterplusmaroc.com | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 162.241.194.14:80 | waterplusmaroc.com | tcp |
| US | 8.8.8.8:53 | 14.194.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 52.182.143.211:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| PL | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4819fbc4513c82d92618f50a379ee232 |
| SHA1 | ab618827ff269655283bf771fc957c8798ab51ee |
| SHA256 | 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c |
| SHA512 | bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b |
\??\pipe\LOCAL\crashpad_4800_JZTYUSBITRCXNMHS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 257c0005d0c4d0bb282cb470925e4376 |
| SHA1 | f9b8efb511ed64292568977c9f2ec255509e8f7d |
| SHA256 | 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22 |
| SHA512 | 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6f171e2fa892091131bd828b0016ecb |
| SHA1 | 1f53f5e4f3ceea2f1fb5d37a9ee4ad3bcca5cdf5 |
| SHA256 | 370a47697fb91938b61b798a1561f58c65f3e87f6645a735b98eacdb9b849cdb |
| SHA512 | 875ad7bbb590f751f50cb3df3254b6ab047548c3911b21588086801b446ddc05435612bdfa9b07fa6717dff0eaa98b5c5a6c5ac51da136e74b4ca71404e51c3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c735d712438aaabe232f80662eaf4a2d |
| SHA1 | af1711e1c94a7f0da86bd742d9b158357ab93af1 |
| SHA256 | 692bf233e3ccca0a0a6a3e749edc5949ef300d4fc8d6a1f5f6f3adf8f3f615db |
| SHA512 | ecbf5ba2c890bb8339c5790960a82d780700bb6c30e6099e12afccf71f3cd33b0c9ef41b745a2cf922def087c5b2a53fd92353087d79f3a926a4a739c13e54ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cde2ad59d89064ba4c0922f3c25b960 |
| SHA1 | adc11c66e2e0232b77187967f88b7fd1cfca4793 |
| SHA256 | 8a746f036f0ea9b8430d4fc41e86a7a2d2b185d81c354c9d88407a0a70629baa |
| SHA512 | b23d0075b749b327164a98d72f9e91e9cba0b9824faddcb34bcddbf0ab7e5d8a24df21737422510d1f79131c15c795780c1da1e3baa66deb3322f12990dd8d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 95cd1581c30a5c26f698a8210bcab430 |
| SHA1 | 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86 |
| SHA256 | d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9 |
| SHA512 | e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3f8bc8dcfb9e6da0a53f291c4e2e0dc |
| SHA1 | 270730cbd1aa97f14372eeb06e594af7c16b3f26 |
| SHA256 | 6fab66fb62c897c5afaee7d1c1b44f3faad461417a5fd210fd6e17adb8f0e22f |
| SHA512 | e8239d57403e8a8ed7321f28e66d6cb8e99fc8193b30b2054c19f0de563ae29c4bdbcb895f5bac0efd80becbc1af0928d2b6db8ffa17e0b791609a78d5ab5a48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7b34f304c99f3d9bf587036540988391 |
| SHA1 | c899bcaf9857f93afbf56a985442e59aaaa3812e |
| SHA256 | 674f09953e49d680c298fafc199510696a0a5aad43047803047d495ffb77b548 |
| SHA512 | 03620aa4ebcf67b833c940498b8e66307d9cc21bae5beb675c075520ccf5e684459de75f970174b39adf6e997221220870ae4c866efc3be31ff767ff3b0330f7 |