Analysis Overview
SHA256
8af884c39c226b24e27ec6fb274cd6ee95bd1f699dca499edc5bc04c989e5435
Threat Level: No (potentially) malicious behavior was detected
The file a50c65ffb08b66854ef89ddb028892b9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:19
Reported
2024-06-13 10:21
Platform
win7-20240221-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435818" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a024bf347bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b000000000200000000001066000000010000200000006b1e9f2659107d370c0123e141c7d943431bd38d44bf5d045bbfc0f55b7ce0f6000000000e80000000020000200000002bf9c1cb59eea7f2870ba6bdf63ad19af4c9b5e41f15c397259d008678a1f237900000000314375b3948c0f9788c0f4a0ae6d9a9a2363350b37f61d0ed85c6f1c223ff77ed89b4b6445e34af04579ca5158ddc2e549dee8be6844c868a3f4ed23721d46481a73e2f94eefd76eaba684b3dd5d8882ba21baef1e84677a8a6c2cba3d096a28bf3eef0c52f6618d6f63bf28407813c284da4ddaf40dcc6309f82aea6f1804b470a52f9c84e30b671086420e697436440000000a98c7a37549f19a6848dda7d4c5310b96429e8b5e5c05f2794ba77e89007eaaf49a9d1701a23e489ed6b53c77f74416fbb5db1189f2700cd4058a612349f562e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F4D8541-296E-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b00000000020000000000106600000001000020000000ea56552c4f05979e413ad6e6f70933ce91129ee0498f0e3e7e144dc90600cfcf000000000e80000000020000200000001e9ccceecf7398994b5f37934a514f355d544937a565afdae54362fca6e0e353200000008ceba1552f66543678b5f02df469d981cea97cb266c9d2b65b39080ddea1088240000000b32c9a8d9603dcf1ccecb46dcb1d36abba457d95f2eca27be8ac341a89e7193c674b6dc95bb7c0d7f2c6c7a43a25280db2c45e111224ee0cae295953b47b4229 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 832 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 832 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 832 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 832 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50c65ffb08b66854ef89ddb028892b9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | www.myvisakha.com | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| US | 3.130.253.23:80 | www.myvisakha.com | tcp |
| US | 3.130.253.23:80 | www.myvisakha.com | tcp |
| US | 3.130.253.23:80 | www.myvisakha.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\domain_profile[1].htm
| MD5 | 1a438c5c8852e0b721c830e9c5a83901 |
| SHA1 | ea6620e904cf32988de4678ea854853337653512 |
| SHA256 | 82a0a334a3e27f2464f1898da8655e3217f652026667378baac0cf8f93002530 |
| SHA512 | 90327cace36f65aa877a31a7ef27f4db05e3e7e373c15581676ed8aa06eff34895b2c30676f18da7a615ea142095d22c46e58f69d94e21b345f832d974a407d0 |
C:\Users\Admin\AppData\Local\Temp\Tar39D9.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab39D8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 756b3aab78f58a63d04c35701798eaea |
| SHA1 | 95a6efeb370851fe78b5e15904e1016da39c7e13 |
| SHA256 | cff934dd1f6cda7c116ee177b5c99c7f7efbacee237d96c153cc5bd1c9962d50 |
| SHA512 | e35ae2d0a55ceb827cbf367ab4a5e006175b8e99a2e3ce9152d4f153a4bbe632e0dd3a3bd4b99477cf546c0eb13bb6546466ca7dda84e45ce5f560586e865214 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3AD9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02bd1261d5ff47fedf2eb60a0836938c |
| SHA1 | af9b0eb2b3690783e6b41e04544d8b6e42fbcfe1 |
| SHA256 | 0d71bb1e037cffd7b9bcd836dfe3f1d720b5fc3a42915d1284f4890974ac898e |
| SHA512 | b478d60da8cf48fd90021bdaf52a478c5e65993f5f27c73a916c076ac485ca489776a45114465bd3a0daf818aa5532f7f7133f3a7adb672cef714c71bfea1de0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59a383c75c7eef0ab196b3264259f968 |
| SHA1 | b785b56a34d8ef0195dc7ad6e1d7e8b87bfd2b42 |
| SHA256 | f65f82536d8327cb84eae5e58a1f6b4b995976ef74df7bf415318573e8531b8d |
| SHA512 | e9191fca14815398230eebd158aa3de158dce530df051e24459e543be19911017458cbc6c44bb478b3f74dd7ab46b246d7ac5489cab26fa8f7783cc880d527fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c806f6d6d241e324bf912bfdaa5db023 |
| SHA1 | 35b0e596aa1cf00acbfab1726f90ac4edddfe93d |
| SHA256 | e6a54d5c013e7ddf013e4ed5d4e38a8b8d7487855cabf8d0dec4a2a9bd1f0a78 |
| SHA512 | a5d0c47b512a1b42c1832d1495f2bef87756c44d7cd91c395af890a79093c60921d929cd38849603328b3658243f21cdb677346ef3f6101593d48f8b6e0e8368 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 264411d715ad98bcd805b2fafb4c8c82 |
| SHA1 | 505e4b2298b051b8e16d1b0d9215165a5b0aca57 |
| SHA256 | 6e2058222cc113fc46c921a05ef2bf57201e5b3afaa7547f3046e819b26da742 |
| SHA512 | 519ce6763fd28f99a6887093525619a50a1c07692cf04ea9b26a5e31f120e54c994e1dc3072eab5d7bc97d6fd2e4a4f1dce63797075660db734b75d0de252277 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a62c6ff8e8d104ff95d6e245bb6bc5ef |
| SHA1 | da794d88bcfdb0f09ce0f85ec69518dac892c47b |
| SHA256 | 395eed2123325d1144da6a9334e19da8c6767d3b76fcc69537c2ce499730ba8b |
| SHA512 | f3e0eaef906ed322e3f3dee2d7cc7863836eb3fd997c0f6180b0cc9bee7ab82c68424d2f4a08b6f0516f7f5dd2e92ee3fc536302382692dc13ccccaa9e37de29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13613e3bf44f63a13b8d4ebe2bc7ba16 |
| SHA1 | c38017be912b1218ab6d1e26b2ec09136332f829 |
| SHA256 | 479af0d7c332b5261fdd47cc191bbf7d7ca773428adf40a663b59cadbd6ff8d7 |
| SHA512 | e62cedff3c9b1401901e29a306201bb64f63672788182912831e9418aa694d15c47a006cae7f645f879dc20f776f9000e0957acf240cc4f1e8a8b1dd78949853 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c07bdaefbd59f82501451945d22bc25 |
| SHA1 | 6a6f44472881f844696d336eb28367defea04af1 |
| SHA256 | 9fcf13d664cbcb5a574f2699649d44551e84c996ed2939f277a38e501f5674a3 |
| SHA512 | afdd9c75d669442fda37418301abff80791cf7738dea01c3f4dc4245f6a2d106a03dab82c17d75d1a317119dd54f7cdc979afdf3ea7a0a6b49e7f2214698f683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a4da486d242e59c91f4a402c7901ad0 |
| SHA1 | a670db7e1ad74e2b55542ac7a8da1e37243a52e3 |
| SHA256 | 53265fabc7e5adab8fac9b05bc1bf052aa52fe2f37d95b2480b83925938258eb |
| SHA512 | 69f8e78a8cf35a6c440082300fbed91fa7b3474eed817141bff8fd0458d6373ca14e89b638f19aa24893b549ea3822e1ab0ca38f31997beeb48dc72afdf37b91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 589fc51a0ddf81314828a05db9a6a2fe |
| SHA1 | 4a36705339251ca6fb7a605f4379894fed21043d |
| SHA256 | f599e0fca2184e947b4245efdee80cc5be96c483f1f3e8c2dceaf3171e336143 |
| SHA512 | 03f94320fe0dceee06e5fb7e7f094a2889a801d28021228a68190c088b93016ce83df4d7818d982aec5c84209690b3b2a28ac4e85de10a8e2057990e9bfb2f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e35014e20fa3a3572dbe70711fe9e3a6 |
| SHA1 | a1930a3094d992deaa8c4d54c451f085f30ba456 |
| SHA256 | 5c7223dea80f86c16ccb8d31b5c79c799b6a02fd9b9a503cf106229950cd1767 |
| SHA512 | 0083718998f72ef72aa81dca08161dee6094d4ce0db259839abdebe173f0775c2ef60052c2f145297c48c4eb383b0daedce24514f1d03ac268adc04b5693b1b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 26e4bf5563d86423b8b98d4657c4be89 |
| SHA1 | 6c8168c5deec658cf7048e4cc28b24a5641d2ee1 |
| SHA256 | f0d25bb05ff96dccd1d7574b647acc6fe9cf6e8a1f251b909affa7e8fd86d5aa |
| SHA512 | 2a267f446dde95adea6b9920e937aecfc21cc9e8f92cec6d7c0832e6625773bb43b2a765a5ce9476554c8a098f296cd54ed9636f4cef48b70527939c01f91de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b474e4ecf3517a7fdef019d3f4da74d5 |
| SHA1 | 9110c9281971b28799331d7c14e545123958e40f |
| SHA256 | bbfce11ff0d8c4f303a378d244a0d636790701da36d64698ad291a41f127f7b5 |
| SHA512 | b37b0aaf6926553b0e19570ade71888c8ce46c259d38f9717fe331f6e47195620b673b6081742752aaaa5a48dde7def360b7795ae19c74ce799978f8999943dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4036184576cab3f25cf546c0eec965d |
| SHA1 | 21ae23f4f5b19d556fb67791acc950bf0df795ef |
| SHA256 | 96368145c2f0af17aefcec936ec54ab16a026fe6a23079344e4b0e101c56c1be |
| SHA512 | 753c8edad835d4cba17d7832c1dfc5497aa76006b0ff4532c7d1c99da3e8aeb24b46bc64f7e28f37c30bc10f89884d47ecc832b4ea2e91424d2d0cb2758f46c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e56a2ef1c8fbc70ed1be5202bb651601 |
| SHA1 | 17ea95c4d5240a4e24e9da866965ce83ea58555e |
| SHA256 | d246dc0cd12e604e8945f133311786866272af8d0212fe40ed30af359c753466 |
| SHA512 | 85c5ee34156da20b6d185f421d4a0766d893d75e3dd6363c91ae47594d786098cbc6b29999a90b7bba8312da550182ea862311a8fe44b10b8b21501ab34ccc82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a795c5faea166419ff76dd8923f334ac |
| SHA1 | e3285a0772bf7ab92c67f2338bbfab7ceee8d19c |
| SHA256 | 2944e0005d52e0e693d836aa80f51b2a36268cb5cc4a8cc7beda2b1ec885559b |
| SHA512 | 9c54d2425b326726c05889ea524d21f98503d27d6a96ca175889c457771ac2b6f8ca29c0bb094226d72a34068cd3886bf1bf8522484b2821b689026bd5c8f1b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d0d60738404c5ed1a8e5a76facdfcde |
| SHA1 | a88abce95be32b1c74bd4b6c501a4e9ab36be434 |
| SHA256 | 375c035855c361c8f3f3f7e6ecf4f3b283cc597a7c7233b95f90d154324ce505 |
| SHA512 | 6c764f9dd201603f7735c01c1ee8cc06651691a202c47243c4864785b620d5a6cc1e644bcd7c734fda30742a7b7cfa1bbca4fc71c88661c2868478dea6513bfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef0f935cb085b0aed87fc9b4459c829c |
| SHA1 | 35b8617869cdbef9d856ef4f84073a5cd6462c88 |
| SHA256 | a235c5529d2cb5f67f6fd58945157ad85ca62beeffcd80f159d543a1565f407f |
| SHA512 | 2e7b6e4c9f72b8615e20469baeb6cde6c1733b8db6e4d83d9f4c879568abb51e96ee73a180a4e31ecdff7ce9c2dafc75ea3d66bb40ff308f2f041f46e6540917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3883eb758a935bac80216229328ee220 |
| SHA1 | dcb1e7b5eca53693cd1133e426f8adc19ba6d834 |
| SHA256 | 8e20dd3f98cc1f3edc9b6a8d84bb2c1033e42e5e760bcb7358b601af24b46b86 |
| SHA512 | 7d21f58b840063f26158ebe100b93ae5cab17b21fa23be174831521261d777f8d9cb1ef08a8a0540daab23cfe5cd5ed1697960426f8b33e1e9e3441f141f9f8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c082b045fbdb2c523508ab1bb147710 |
| SHA1 | 5f1b685cc8461428ab69004684d19a44466054d8 |
| SHA256 | 03f2b73b73c680b6cb814121b07e5987b6fe84b3f8e3529d2d08661e5f855b1f |
| SHA512 | 1b17d89f4e1620cf00cbbdc2fc426556c0bc50b649f6a62d10848d2ca3042910d0d17600dc1b7e7060fd7e3a1cf06870f16a54a40d581ae92610168c4c727a08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cf5f70a50612d58fc191588361fd246 |
| SHA1 | 081de83403cd458e68ebb07b593f3f6d16a0fdba |
| SHA256 | 2bfd8bcc48f773ba2b31b5e1d2cbc6ee15f6a42f7ea529cbd95dc765cafa3347 |
| SHA512 | 164c94d59b15f1abfc24e4bbde0c31d78c0575ed2d3c46a942794e625f3f436f1219064b51660dcfc9c4ca455ead5b7755e1044dcc7875be6e81309f4160e8b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:19
Reported
2024-06-13 10:21
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50c65ffb08b66854ef89ddb028892b9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8637f46f8,0x7ff8637f4708,0x7ff8637f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2756543056773584305,7589634143971441063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.myvisakha.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| US | 3.18.7.81:80 | www.myvisakha.com | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| US | 3.18.7.81:80 | www.myvisakha.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.7.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 216.58.212.234:80 | maps.googleapis.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| GB | 172.217.16.227:80 | maps.gstatic.com | tcp |
| GB | 172.217.16.227:80 | maps.gstatic.com | tcp |
| GB | 172.217.16.227:80 | maps.gstatic.com | tcp |
| GB | 172.217.16.227:80 | maps.gstatic.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4004_JUCFCOYJCBCKHEID
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 591be40859b91e5a77a8e772e9becf33 |
| SHA1 | 123a3b85ff043deb8d98a4574e659208a18b4872 |
| SHA256 | a76070081cdf4fafcfed8ddba5a6285a547617f0a3f12ba96eb26ef8e4c9252f |
| SHA512 | 0930669123da08ab1fd3c2f130a87ac66d58d843e42f5085989fe2ea2653b4fb435a116de588fa01f59adc0da027bd5e3620b0302032d774a57dcd3e236ebd06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3a069fe9dc2c5719dafeee972ccf06e9 |
| SHA1 | 69be3172cb0a0752985b322922aa6ebabafcae84 |
| SHA256 | 4131e20a6ed4961677538be599932ccfa93bf74645541fdf2daed6c42b3d02e1 |
| SHA512 | 5287342e293acd8c5594e0b9eebe646cfe272220f03872cba6c47ee126801656d4a9043111c335b8e7143da2919e07e55c4466d9505457d437860fa07e6c367d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b5eec2bb1ff7720137f5ee14fc9cfa5 |
| SHA1 | 14cec1362256df06c745f16c74846f0b97ea0c56 |
| SHA256 | 82b0a734c79d5f261c9d16634a650700b487acced0833508fe9b93b68c28a4a2 |
| SHA512 | 632c65a6926c388930e7f8bb7e9b6af05d1f87f4756b587d238e442659d0edd2a1ebc2c309e946eea4f3ee6695bd9ca4d489605a0e3b40592e8c83b6611fefb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3327e07c022a189c79e9938916fbd33c |
| SHA1 | 41ad876ac7905c0be4b7c0548b4ebecee0f2022c |
| SHA256 | 47d713b1e81179e97ad78a0fc61eac87b61d1c588c963918692f1282c6c0240d |
| SHA512 | 37da25cad13680c24f43bf4d49aec0b81e07deacb56cf5c34dee2879356d5e485533f2d2519fc8225b80636762b13d593b3b0c3af937d952882a879da00c107e |