Analysis Overview
SHA256
3d608cdc1457111503a0df4ea7fd2c6640c0e46a01a8f418ae45a2de22b18dc3
Threat Level: No (potentially) malicious behavior was detected
The file a4d534abe3cd2af6ea32778aad7607bf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win7-20240221-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000004976d41fd4cf54cabaf938e42d1acae00000000020000000000106600000001000020000000edfc459d3dbff0161c3690dde0962640deacff039f27459b753c1521081beb03000000000e80000000020000200000006910a9a164eb36702e9f45ff9b75d847634fcd9a647f0157a9cdf65cc9f3b8f8900000000258f3ea696ac16225b329d8de674994a21a49ddf08207d71e64ff44466af7d9e137368637d57161565ad5fd26665f2d60bd62e6c3191dace7a903330a767881aca26533481586a636135e7baecef30828a1d49e53e60fa10933333fa505f71ef2cf1b4b400e162cb6e56e0029b006fa5d467b3a993fa5f96b4083a5d92e8b020d28875976dd1ba77724d5ea861f128b400000007df82c7c3b8fa6a5c614f1aa6d728a8350544b4ff8967269f7ba6a4f9c3551d1d1bdb14600fe9512ebdf990985b06c705d01314d32914f4fbf4d754d108edf95 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432499" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6010487b73bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5933DE1-2966-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000004976d41fd4cf54cabaf938e42d1acae0000000002000000000010660000000100002000000015ed45832c169c3445a11042ecba9d3f8f2d474a912a7da53892f34b2becc079000000000e8000000002000020000000d3d4c2ab19252bc15a454369bd12989cc79feb053a587d0ca223a82e83503c99200000008129c629c022014eb58a772ef7663486cc339a593fb85a67fbd772dac4867ad94000000044c6a9863cd634e306a884b2d68c8c686876cbf3f4b1986be271bccba9dd5ddfbcde4cb46a61b7ea9871f7f2ec602d1eccb4e5aca3a828957da81c1060be7db7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2952 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d534abe3cd2af6ea32778aad7607bf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mozicsillag.cc | udp |
| US | 8.8.8.8:53 | video.vid4u.org | udp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 142.132.202.70:80 | video.vid4u.org | tcp |
| DE | 142.132.202.70:80 | video.vid4u.org | tcp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 91.195.240.94:80 | mozicsillag.cc | tcp |
| DE | 142.132.202.70:443 | video.vid4u.org | tcp |
| DE | 142.132.202.70:443 | video.vid4u.org | tcp |
| DE | 142.132.202.70:443 | video.vid4u.org | tcp |
| DE | 142.132.202.70:443 | video.vid4u.org | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab194C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab1A48.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A5D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a07911f5cca4ff0972520775f296204 |
| SHA1 | c0b05bb8f948321c365f01d3472d1257351b1592 |
| SHA256 | 05a74c5bbcb7654dbc219977f5f8d2fdd8704ea12023114166fb48e4b9ce3bbb |
| SHA512 | 81c8e0a4505425e6148173b3347d459be6de43e2d8658a54e3027c31acf80b4c760f98f7c282847576e272b14ef9c3078e7db49bc8f75ce2e6a646684a241873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a90102385066430ef4fb239008d2d1a8 |
| SHA1 | 260a56c68250b24bb9c0399c955417b979449d2a |
| SHA256 | 4c1ff2ee6360c1ccc151434ebbb567718e0ae1a092a2c67bc1ee0977f349871c |
| SHA512 | 0871e66e93160547b66716ff7551b9c72073308c38aafb8438cf8ecf4732967b8e44a83a5567b46f6138394b4b6b0acbffc6e65e93c5fc4681418ae7ee9530b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e55c5778bbc74bf367908fc869ea86a3 |
| SHA1 | 1857a28e83456ea85fa67f52d714175c1fbf1048 |
| SHA256 | 40c6d688eb645aacf1c63d2071624d99743e5d2d2fa0fac64d20b5b756a64dce |
| SHA512 | 6fecccc44a8e07a3374362831d4952996ff5785f0f04efaa052a54862e14817474d023de120c700013b0ce80efb640418e57e2b0afcfd1a7c90586eec66ba735 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12e1e49149f60016ea76bd662bf05d3a |
| SHA1 | 1faa59c8dff0eefe7a78672804fd68b294e14296 |
| SHA256 | a17f4e2f3a5023badf4a39efee9eabad6258c61438a0b9d7f5b3049a5da0ef1e |
| SHA512 | 833887796aaa30f484e250f2a92b532a9301c73de9ec0d01f2536588c31e0a66bc9d0e933a3fc3389bab5e68a538869697fdd4fab0cf38af8f1d5ccbf25a5da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adf26f7d1709ad978c93dd55be94cadc |
| SHA1 | 6d08ac1a287caabdfc9fe79873b0a2c7c27e55b5 |
| SHA256 | ae7b2747ed07b22841ac922d52e96fc52a1fe6be77f2bfe253758c4c7b720a92 |
| SHA512 | c4daaf265d0368357042f21374b62a71e04fe23b78322b3f032265e5275203a6d1f7c70841dcb301806cff2c541273845b879fac86597e4aebde2a02603f29dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 765ae01de6353463c04fb0a3b08979c0 |
| SHA1 | 3b87094a38986a8d727aab6eb7239650640f851b |
| SHA256 | 921a3dbf7df02c28842faa49c9d07aea312493fa0435f4709bff459766601620 |
| SHA512 | 42bfacc4738d6104539ab01e804d734b00063968c36dc313e8142e7987bd6eadd3372177e34e14561834a18cf973010e20c9fe2bbb10391989d76df07afb76cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53377832bdb4415bef8c4501db042949 |
| SHA1 | 85a37f932cdf17e82c8c1da767710dd69dc0d010 |
| SHA256 | 30c321fdabea0f4e63cac50504433e654786c77e815dc2375a6fcd5b4f2ad2e7 |
| SHA512 | 165a3ec63972e6f5e4798f50fc01033b9b5b321ca51384f9bdb06406d078b970850bcc244f99d4a74af87d197de0be1978103e28b7b9ec6bd6c02b095501cba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7182e34a6589c4ad095f53068b8aff6 |
| SHA1 | 4d8258dc82de73046728eaca8b09ded6ab19a3bf |
| SHA256 | 0ac22abf26cf2461dfa51b680ef99fd059857c5d71056b90b188164c8f544ec3 |
| SHA512 | f6ef9a99fd7f213d43e48c4cf1b018e89aea98967056ee59d5cf1c25a9ac68ccd5d3c8563621ce0291a3633bf4568148dfa90028e4705875b2e5bda47bf1cbe3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f525b6ca17c1beedd96e9431e82204a1 |
| SHA1 | bedac48a6da2ad5e757bf5f38d73e707269d61b0 |
| SHA256 | c312cd29dad5d54b05b4452709760c2c787ddf6cce03776edcc66b459d55c98e |
| SHA512 | 4892ce96aacb70d78b60145b4015044c46432f7f9104753dd1375b747f10aa4a126fb265fb4d499eaa30727c412878ae971112e5336abad293dd4ee9b537ccce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e03ce2ea34a2f3ee0d6ca711c583fa7 |
| SHA1 | 5aff89c072f1ab44a928a25be89329aed2909d3d |
| SHA256 | 1b92685cacfb065af95f0c8683986b419e31323fdd1e74351d9bf56d44467f6f |
| SHA512 | 4a6799d8c6c7e97e50497020804c9a87860e0ea1430047ea8368e5b3c8cf32915088ce3e642bcc9709d214e60088a1a9690fefecad00678a55add7e84bc7a1f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29d4ca940d81811483140fdd33a0e3ba |
| SHA1 | d8a2dbca84ff538e501fcbd6b49c7c4e21b8611c |
| SHA256 | 193cfc91efe9b07c79c268f62a2a4477a5bc5a67b3407e5192c57f8e7edda3de |
| SHA512 | ffd3b582cc6c849843d08faa7c4d036570c7d819863e76e84cdee93bc157ac7232b863792612aae7cb0b6a9713d4cd63d87959cbd62abff492f8e955f328d740 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71ef8819ba8faa5c90219ab419a2fd0f |
| SHA1 | bf9bcb06b2c032efafc2ab19530f490f68902370 |
| SHA256 | adfc776d8b3895a3f25d91764ac55ab5b2eb58800f04d9b854bd5f8bc5b8b469 |
| SHA512 | 9c521787f926c30e081dbb8822c90fcb50ee7e1af7f06a6411d0f4a4d09dab5ab8e774c62a4b972886b2e0698d302e955191fab6eecdea3e1940facac1c2805d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f49f8749ff18bf5b88845e22c974803 |
| SHA1 | 639641aed78316bedf74f662fb845b408b21fafb |
| SHA256 | 5eb0047974981eaa77c514936858493b3c887ab765a330a2aadacf3a2174d790 |
| SHA512 | 659fe29c1e256e383e4bc50eadd2dc8ae15c5607570f2ce8902ff926170a59a33c2d042795adca7e7925911c33c783a68274524e8e23a7871b091707fb8545eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24faa9082e71c7c5b3becb75dd13efbb |
| SHA1 | e1a9821e277d0cf34e0157e09a6094027e1cbc6e |
| SHA256 | bc4680e396c880e960be5c2baadaf2a852d602a18257896ed87bb18663c1df7d |
| SHA512 | 5bdaab8e2c16e1dda68e8de2d1ac2ed7f5a5c1dc7633107e6c4235a374772179611ac83da99ae7eab43a0bea138a595a709f85b60e75b8fb9828ec3647e1ad35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e76489aa160184879171c6f028b5cbe |
| SHA1 | f4bbc822e6f78a5a2d98c939d14bd2394dd0eec3 |
| SHA256 | 443e51647ea5a66a33d5b89518389e01bf4ec8b0fd4892045a8a09c52817ac3a |
| SHA512 | 4d428b2e01194759f527f62bc36516c7611e39967e63b7d9699ffc125f6a8a043a7e204a95416c4b5e6770999c79d2e57dbf40cea8c431a695760ab20d09bc49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f57bafad1a1871ee573b9492355f664 |
| SHA1 | f823d5c3b3d8a7903913a11fd8a89a89b0571cd5 |
| SHA256 | e8ef5e7696f05f1a37ca56b20f17b4961999c89d7b92cfa181a0e90a02b3f3e0 |
| SHA512 | 122918e3670b2f4905d2123dd172cc75be96e0b559eba5caf135079218333c3aac34d455adb35d1ca0982835e054d9411ed0f2ef6d33ba7cdfe1d11db7151a2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8196c0f2f4dd462de3eee99bfad736a |
| SHA1 | 7a6e9bdb3781cbfea0a921e4e50af6caa671f6e4 |
| SHA256 | 22057bbb1a6cc4f38ad8dace01c1a4f5b09c9b839f48c3064a896b112f8b5614 |
| SHA512 | 811b9fadcea128eea41b6cfeed9db777ac20c0f9965208095c3c1802b1d23b34a129ac4062319dae1a9f336115cd3c69d511ed68910452f7d5f98fd017b4bba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b3e62a947e46567b7e48826388c577 |
| SHA1 | 46c49becaadec2bb19cd19f4e09cf4ee5f528619 |
| SHA256 | 7523054099cf5a4af4c8746870f0fc2405100d8ba1d9a4584b80167fe1c89713 |
| SHA512 | 6e1ad2a7c5338422b6fe95d4fb0a776a9b9103f9733fa37dca54df6c78bad7d6144313f7560c8be29db3fa42add50a117315e166e50fbc3791e790cf7dba729c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f852dddcd2cd1872a8438f7c406e3bc8 |
| SHA1 | 684e33f7b31b80d4cb3a58b4d652627b9a20daef |
| SHA256 | e62c533a70ee802b90bdfdef48fb5e35fd7b29d1f94cf0ef067861b28aeb8243 |
| SHA512 | 4ec654af3a4534e145319657550641d17489cd817c12ca9f6cb4a0fa3d58fc43f6d83957d7ee613412d0285690d42618ca7a5c73121b782e06e5939f93a5b1ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1349a667d877ab858f7fbae597c991c3 |
| SHA1 | be68a6bda2459b3ac67a31c33d3eaca890f22772 |
| SHA256 | 3278fd14366b66306bc1360e61718d0fe8f36dbb79c1dbdbb6abd43a97afb24c |
| SHA512 | 0862bf73b209df99ffd8c2cf7b982f715bdf9e82b9b110a630a3a4f348d1602ffbc4f1a4cc4304322eed3debf60d044f1cacc311cfbf9c5383e21e7cc7c1c6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93dec2098a6634fc2e3776e361b9f33f |
| SHA1 | ab8ed0b3f2d92c7c115d187376da50e12988fb5f |
| SHA256 | a2aefdcd436c86956a2834ba5aab68337493c57106e35588d21ae33a36bc3f6e |
| SHA512 | ac44d98bd157518710efd0d0a98d79cc53b1972d1dc59a115ff601296c01e49fe72ee0448eb24385ae83059e9756f91914c8944b3e6617e916c5e87e6be6dbe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 919dfd10498653f017da8e1031e359a2 |
| SHA1 | 3e4ab8046c7fe92c8b5a6a2d0cf2c0d4572f4cf3 |
| SHA256 | b5efe4f2330e2d97349e8f38ad215c0a64de6ab16af3a45af0c7333fa1aebccf |
| SHA512 | 0e817214ad3cd273ef6ba0d74dff47787c54b936f5f1e4a3576819cefad363712132b522d231afca25da8df9f7988bc9bfa180391dc8a3a2423d1b6068217b0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeaf346c79021888119ce737e071534f |
| SHA1 | e02ffd37376a9fe574fa5b98d91184fb18615ac3 |
| SHA256 | e3d1f3d2dd5b4f6fc71e9bcb47486f28fff1e4ca10879fc1f3f01694be94b872 |
| SHA512 | 2402a91d06e67432dbc323f655f2ad48b0873340317bf95d3e031f6b78a284ea90f529438c29e165fb0b1fafa67615b97fe0a232a79bbcbb6973851c27542bfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b985dd664efaf4f5063a61229aab7c |
| SHA1 | 2b136c0b7afcdfeb3a87f7bd91f248c7247642ae |
| SHA256 | 60ba81515abfb8c13bfe370438e0a3437a59bc3474126b0a8b04838fd266ba8a |
| SHA512 | 8acdf50d2880f8dce95337756bf4e245b07ea2aa711e012af4ea75bf42a6365bf6772f9a5aa67ca3d9c7ce42be85566a7558e61834a86eeb3b820a28aa6ec10e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0577c82b730c53284194eb06cf88323f |
| SHA1 | 07dd5601ea2a7688d8ea7651016fe999bca1e97d |
| SHA256 | c16ddcd0778013d2d7932292758c034a9a99f8fdd6bc621fd6e399e16a339207 |
| SHA512 | 9699c9c1b540978623af56ebb3c7bd771bfdd607e18d63cc4f5fbb780b046dca18817d477f5de1c0a283cfa6f6efe14ef5785e0f8ca6c6a95096691c401c1fb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8a41cbdd6d3f24987f852e02e122ed |
| SHA1 | 971f54b5a280d05b7d22ccef0b9aaa40d9919842 |
| SHA256 | 287c9ffa06adc2d49ea8876e29b4e575a5c172fdf88845f4b135aa7661cb09e4 |
| SHA512 | efe0456fdca59247e4465668c7b9f05670981a0d4593164a1b81e202e6b8843bfa129fd8d635ff0eaf4966ddabe54146d168c07a7194c286532dfca39e5561e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1105388685b2ad398c9ff1e8a5baf9db |
| SHA1 | 04bf9f46f5f826696eb9bc15192cfa71110488e9 |
| SHA256 | 233d96c77106aa92e65bcccbd23467ff8d7e8270e8187867b3b0785f52d16af4 |
| SHA512 | e3a8435bfb7957606978e084f01054eb3a5df7a4db0b33c3d46b7c4f010b7cf554a6c0cc286ab13a4afd0f55e54c117fa5a7b07c8cb3e061e164321960655df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e888ffe1188879b42c69bd553004b85b |
| SHA1 | 61b8bdafa6a26f8c9e6aa4f03c55833a25a7d0c9 |
| SHA256 | e5ad9d3042eac0232ceb16f3ad05662f45048ae398007aeeadc1f3be087a2e21 |
| SHA512 | a56b0d1cdaa629a7eac60b6d24237b1b8d7fdbbe1d56474025552bb46548b40371dfab45653b03aa57dad1810403fc2216b64017d197df664828a5cf4f12e1e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f413cbed9694034300d0ec628ce44f60 |
| SHA1 | 52b2b6fb9b91d1f5b4bc016c7294aa2f95f12567 |
| SHA256 | 73a2398010496ac12f937915b33044c5bca9c7e693ac8c1275ab34b0db98d1dc |
| SHA512 | 96911042c99ac137b22272e92c4333ca013bf12f58dc70df149d25ddffbd721ab1f6997daddf51ba45e535d49eb9583210d73bf817a9f0390ca060332c0f29a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15b5c7e153ef5d4d7d45d19d307da1cd |
| SHA1 | 90ad8208c240ac4061d7eab574420b61b6df2ee9 |
| SHA256 | ef41d3b05ae0eeb954219c1b705fc5a097401b2dc276d47e6fb2aa173525047b |
| SHA512 | c96c43670e032a3bacf74c1c7bf7c9427a2ac95354852b2215a4f22845e3238c2b1057197a7330c9a67be65e546768552c916394f19e7605d5d0e4a8cdcbdb0b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d534abe3cd2af6ea32778aad7607bf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7108337633575154318,18187917464660705270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3608 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.adverticum.net | udp |
| US | 8.8.8.8:53 | mozicsillag.cc | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mozicsillag.cc | udp |
| US | 8.8.8.8:53 | video.vid4u.org | udp |
| US | 8.8.8.8:53 | mozicsillag.cc | udp |
| BE | 104.155.51.226:443 | udp | |
| BE | 104.155.51.226:443 | udp | |
| US | 8.8.8.8:53 | 226.51.155.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_532_GGDUTPHDWRKSPIGU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab85873c64b11e6a99fc6b2862377ace |
| SHA1 | 7e35c279a8b9040332504b443befc8406fed5467 |
| SHA256 | 8fdae2aaf9d3a7119dc1a919457a20f5e16f8f815539c5b5ce26075bb0d03fe2 |
| SHA512 | d029af895e6dfadcbdf84c05e10cb4e1d069e9ce54ba61f3a25b867198e46b549648d15d1b4f8febcfe464f9209a5123fb18734c9c07f2aec54216ab6ef6e848 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5c59c12cb1ccc7edb8c0e45cae49476d |
| SHA1 | 14043e137186eb4da5fd66b2ba512a894430722a |
| SHA256 | ac2538f2600197cccdee50b71e4c12d44b18cb0d54532ce834243a0934c213ea |
| SHA512 | c733042f1b597db7d800c8025f407979eaa815d6fad0bddd96837bdfc1a48d962486a80e6e158d723af256938821aa7e002c1c62c27a19920843ed2075d07de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9bebf01825b26a508165bdeec28340cc |
| SHA1 | 36c8633a42bba33139b8029598e8dbe8f826f37f |
| SHA256 | d15745509461cf4205c58148d9452d6883f42577855761b541339a9d6d985636 |
| SHA512 | ea82abdf98dcb1fb12926fa8d62dd9545fa08f9430b8b9aee66973e43ce256bf407eb310d3ed3505cb183a52115cd3a01367155a1aa726e335cdd08bdd17fa7b |