Analysis Overview
SHA256
5bb20ff3974de1a9c659460b2a66d9a2bbc32fcdca035c49e8f112f81c4c0f52
Threat Level: No (potentially) malicious behavior was detected
The file a510767ca7dd5cf7e5be6f422b4c26a6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:26
Platform
win7-20240611-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000057dc215d7b14a9acc3abee1703988e0820886216c50469886633c84719bae248000000000e80000000020000200000004c3b6dbfdb9661be275c05534307cf24dbd7992d52c9b46f93a16f71432f0d98200000008fe6b28b0f01f7b0b4172d232815c73a3062f80d09836005b726474daccaacb940000000b647f8c2fc51b5543a8981725d8d7f22d63d9f05f5cdf46219430586ff56e874abc937b262e8b30032b31dcef935088ac92f2552babfb710d356ee9661eb9571 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406227d07bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA3B8201-296E-11EF-9586-DE271FC37611} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001a7b7d2357ddfa5279f33567ac3fee941d86d025ed96680146593f73a1edc168000000000e8000000002000020000000f1604acd11d6ace2ccd49f6ab30b665f652fe590da2630d3c5886d8df51fe687900000004712e03e36e9d29d6312a118ba14acf39aa04eb4a5391183369cb7328949d15037bcceeaa815aa1de93a888308a7e6a32396c8fb290717ca7ba2cab677fd710ff9686abafc960d275214eebe84e588b11e4cf9fc68d7ec7f0238990f47d11d65666bc4bf6f9af7e9aa7db0614d346e5b607b40e6ad1dcd5edf7cee28d81c5d045d5f99672a7faba051063117b9ec2ff340000000398ca1cea3ecc0f327b9f21ba6ae88bce01da20da0b4b359c5b7099d62a72e78966c69f1795eb378900c1602e0c779b17187aece374f946c7a32469d04cc596d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424436077" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a510767ca7dd5cf7e5be6f422b4c26a6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3f571c7111afc51e9c1939922cad3835 |
| SHA1 | 1a245ddb26dc8db434d5063929ffb6a1a04cbb96 |
| SHA256 | 97577e263570d4bc4ee954c552ea91387e4ba65cee9acc8334e5954abe6684fe |
| SHA512 | 0a88cc87e61805b46b51a967919ec6ca88eaa73d4dda60739215428f3f677255e13cfcd6a8ff85d4f1ad8cb878289470bd538e46a67b269695fb36e80ae9f72c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6d2e9a9fcbc17a16d912d2bf687c07ab |
| SHA1 | 20f98704a2d8bed11d086b0f5710346c0bbf30a2 |
| SHA256 | 3b9185747fb9db373c06dbc09821a3e275d8dbe65af6c4eec7b9640cb759ff7e |
| SHA512 | 95934ecff06f5f7ef501899e5778eb1adafb7a3514e98284e75d2d12c5eeb3765441a8f9672a2be8fc1d112c0aab56ab46092d709722eb17c6c910b3c8538ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 022b158ff706e50b4319f317c7d7a3fb |
| SHA1 | 8b06fef6f23a96eec759b75685f42adfff4db6c1 |
| SHA256 | 124c857820c171d04e9723f01af8f2afce127ed5a5804a29c59f47c0bb89cb97 |
| SHA512 | 30b98af52412c0a266fc9006d9f18c40da0c381ae81e629728637b5c7af8f804a5ab3c3cee57cee968c2f623092ed5c8702e546d3051d0e90e6e65a94646c87e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 250cbd1b74bd58deca527c7f4f33394f |
| SHA1 | b7c17ddc2b43b1ee64377f35a079a10bcd3fc10a |
| SHA256 | a42697a30536a38edc1b983771138cdfcdf65acc482260b68267069ac2116097 |
| SHA512 | b1cb3f4dd3b84905c066cfb971698a58b28aefe8a06deecae7f6226f9e0a7ae887d69899143fb6d7ebaec407e765f1e56b7110f8b634d2dec8ba235b3f032f81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 31c72108356bcbb5569409aa463923e3 |
| SHA1 | 647712555d187d6763bdafc3e9c2ee9645bae56a |
| SHA256 | 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb |
| SHA512 | 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60 |
C:\Users\Admin\AppData\Local\Temp\CabA01.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f76d46af0a48ace58ed3b7fa6c93930 |
| SHA1 | 4e1015c6fd9e3ff29382263172c2d73679248c14 |
| SHA256 | 6d61f552e984b3836948c8fad1e06a20b0815697eb4c107a27e0adf041b9b887 |
| SHA512 | 3e4121791207edd4fb7e2dfc405aa251d7cc05dbe1d8d2122f99f6a13984f34c82a4ec0b01ebf065db07a38c2e537b4fd1ef5486e510800b5e1880e4006a9ffb |
C:\Users\Admin\AppData\Local\Temp\Tar260A.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17b8051ca06b64857471cf11a381891c |
| SHA1 | c7c4f2fbac5340af159a654086a500341a3f3c0a |
| SHA256 | d86055e09c885467e7b3de0add588f2cf754379c1838831f23b403ea51b8cf6a |
| SHA512 | afc108749faf6273b9f2b114b3416cd21804edfcaad8e4ec5db87b821ed96f5396172a9c0ac84c3cabfe745aa337c9ae51bf9de9d2618b17dbd2882f38716da3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2581fdd69f28a50b9dc4436f9c731dc5 |
| SHA1 | e7dc0201ac73ad9537e7939fe2d9d58fe8463445 |
| SHA256 | 5d230b46b06137f23ad8f4de58423fa4a09b55d3dc7beb50774cc25308782e77 |
| SHA512 | a73408cbdc40a2f839ca25f6845a07e8408aed33e8807b689651f9f306efbd69723aa28171e89bf71442d3af5ab0a0e8c5edf9027e8f749679ee9966db212632 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a9bffea12f15368b0574012a31ba8c |
| SHA1 | ce388b06e8f4cd060707923fa65a4bdd2c4b794b |
| SHA256 | 2c567c1783a9e6e60b67b79e0085051c8b5acd5913406f5af31704b994ab650c |
| SHA512 | 784b629d71dacf1ff97ac4ae35f5d66d6d883284299561b633e154f386d6a9e8e7e8d526580153ad71d7436a06ed029bda104c6618fcd040f2726d5b77e37daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 938d93aa1c6c3d806da1a949f8976943 |
| SHA1 | be085a90c6ea3eb9d20c3081bc03552eb9509f97 |
| SHA256 | a4dbf0a4ae68e4d65a9b952d267bdfdc7e94150f52bc9e134a6f35b7a3a0b1de |
| SHA512 | a4f1050b5e72459dc98d802e5d588e38db694e5e6e3c6e4ffde7d87b578d22b7f20b3fcfacd9950934523c4ef96d44246a036fc7a3240546c9cd8ec21dd07f96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab507b8dde57894ca45fbe143d7c4e48 |
| SHA1 | a58b1587088d5988ddfa4ed850983969a108b0d3 |
| SHA256 | 65b81bc42a13ab4c709d23dca6389fed04d602bc95aaaa727379e5bb48a16666 |
| SHA512 | 98e1ed619397051c4ece79c8424b092a6661ce105ec4a3791e1fc518305e5e0fc34677024931783177eb7b13c16acd66dd479c383686ea389b0f122c7de7d6ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e4a315e7ecbdb36c66075861f14e07d |
| SHA1 | 31d6337d0e34643f7fbb1d26f9dafb3e07dec269 |
| SHA256 | f7a3dd516ad7cf2b2b9bede8a113610daac0f7a3edb9aa90b406a85a70f907ef |
| SHA512 | ba453767f4a695f12714af7651b2b9562a5f5cd67eff344804e15cf55e9064c7ccdd3b9c5b6801072e5e36264100b37c45bc6254734cb06cef79aeb8512bc006 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 424047d3885cf6532fe6a2563e6f4ce2 |
| SHA1 | d73b4c3f3276a8abb38985dd6b50f114c80462f8 |
| SHA256 | 8e1f6c14f8fad86393aeb0f4edd0aeac624869f5824a9d8ff286d35b5abed02d |
| SHA512 | fbbc1a51f3516f205e29de36a1ba6257f83bced76aa6a833bfb425791c5eb03801349f51a728fc27de8606fc7ba43f2b6bf4fd1fff7fcf6b5fe688254d543026 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1d18751480efba23b29007d26d95fe |
| SHA1 | 8880c99bec92c59c4ff534143a0952eeba737ebc |
| SHA256 | 176fe4471693d05cb42b7d13d8de6327e18e6f2fca2036cde74cb931cb6eb10c |
| SHA512 | 73ff63ec8b8cbdccea49e833cff66c3fae86f351f0a3e5c6554fde5e862d49711b864559f6eeb32780c44dc11eed40f3b75f9ed57084c2d2d02a3a8ec88aa861 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d320fca40100302d6246c7d1a70a6d |
| SHA1 | 61d4cba52e4f6811bc9cac0b5be37f3821a6e260 |
| SHA256 | ad7c0f842b1c12215fda4430678dc5d1dcc73df80c6327968ba263f965143b21 |
| SHA512 | eeded782bd3c4faf3e72ff1265127b9d536ecbe3ebe39b28e1a0db63c432ec47edd0768516187beef525cf9638bcaf6f11df9c82930167b3766ecd336723818f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\e[1].htm
| MD5 | 419d216e3399ee3f21d193fa4534e1dc |
| SHA1 | fe0f1bd8d35aeaba63551f239c2bc4a5b8696c03 |
| SHA256 | bcfe0387ab3435be3b2fc659cec617cc458e7cfafd480144d82d409f3ff8a18d |
| SHA512 | a4874a28a02b69961f7ab76e746a0cd5daab593d1da6f20ecb2e89925b4888f546684d3a314a26752d76976b300945deb4b34f559e109937ae663fd41446dac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac42e3dd5b9dfac5f9b84784c9451fda |
| SHA1 | 745ac6a248b02250838d3ff2b92bdfe336b281a6 |
| SHA256 | d60874cf42894609d2d4d51aa0caf6fb2b7c5c75ee209090434f1526c109e35a |
| SHA512 | 9319ef7e6e191a032b8421ad205f44c77744791f4892bfe5c44a5d6e8fdc110f8c6e30d2341014ed537b839e9031be67a9901cd74f99d711f3454d05d8e01dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29445965a8ec6f562889d6b791595af6 |
| SHA1 | 5b64dfc97a3accb96978731c428921b88de1f101 |
| SHA256 | 6f30e99b01c09bca10cda7b3648062501b6063347ccc37fe61aae4e750d05fb6 |
| SHA512 | c60163e5286886cb9b744a4b1a068d8d6b321d316266076983b91c0fc5f72f9485cc8b0c3576e2733041fb7cf855e9e1898b2c9d8d8dbe1376c04e731c4fcc17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d7bcc19984a0c975586c0b0af5ae215 |
| SHA1 | 63133bf233925bf44b9fe4c0b4ebdbe4f0d0196e |
| SHA256 | 7d6d47fdbc25c6e6d3d37afe51c7237f961296d69ce79c22be5039aa9f3a349a |
| SHA512 | 9612fdd28534b90b8f127a090a7fa9f20d85fab0416c0f80973595703525ebc56a716c52f6177ee9f41d117c33862f7ae7b2926b289189c6c88abd27600fb7d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 693a496ebd1041281110f4e5cd85f52c |
| SHA1 | 115efd292530a02e5db65348a8e6c18d7e8b4360 |
| SHA256 | 66735e4c8fcb0ba370614c96178dff30985ce165b3c79afc5584455d281fca36 |
| SHA512 | f52501233edbd523d94ba54a09e59dd141dcdbf48eb81ac73d33e1e65161c2abfa46b1000a95f84ac4063441c885d2123c5ec8400430cf41253cde8af74f4366 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b1539288e24c02b74bdcf3936d04b68 |
| SHA1 | 588926c91132a3fa88fb8d9cafb0daa6b68ee1a7 |
| SHA256 | d64d248fdc9be952889b63ad1fad22b829f29c6c59187199ddf5102775419b23 |
| SHA512 | ac4e2efcfe9216d94af906b1e011a299c9db895a4b72c5aaf1493b5cfbb4f2c35d2c331349fda1692b3841fcf3db039d945c39b3f79712ebb9dd39437a09639f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56a263aa1f913cc5a6a1886b5e439b4 |
| SHA1 | 245ed6661d1fbe8619133c146315d8e7bfbf6add |
| SHA256 | d414cca9ebfc6ea7fcf0accb2f667884842010700264b28dfead789ca9b53cdf |
| SHA512 | 4ec561087239c2221fbc3ed65bb098a8ffcf7d2d5b23b09a01a1d3104c28ca1852b09270c94ce1b579186f34ea57f77bd8d82ccb926e18254a63f1abd58e6bf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47a081821e48fb1dd88d9208fd7d74f9 |
| SHA1 | 72c6431badab361c29169a9008a38bdbe32ffdfc |
| SHA256 | 15b56b0fc28c442cc65f4af8e55be2d2107013e2fcdcd9e4c8be369f5b8b8c5e |
| SHA512 | f615fddcfbe787135a15a4b2d1615d2f7c02cd87d372cd34ab55c1cd8baec0c402de3a36d3afdab286fee91dfcf459cef10cfa01dc5fd9524e001655a91cfb52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d98b4af3f0a97d4a4e1d3264c9c254f4 |
| SHA1 | 44bdcfaf2640a296ac2d34c61bbee128e9f756bb |
| SHA256 | d7b77cc51e385ca8c3cd8fbf0bddb3f6b6b0e180f9c6785fc10ec6503d7fa367 |
| SHA512 | c23a20b4d76f8e6d1f94da388d90442ee5dca7057f3104f3dac9c314d085a93d8f1ca9cbf96b88039bc979c5f14965c03180f0ed10f733b81896f80de25c4ac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ffc59644f58cbd9575d318697d640f |
| SHA1 | a387f4d180adb53dbf7c0fca06d3ecaf0a2cb555 |
| SHA256 | 80535a581ec29ba53f48a04cae3e3de637e9784baa08b5260a6276d34542d33c |
| SHA512 | b22ed5c26edff43ff533b5307330ad94334c6a40a93befab8a0fc89dd1e7be3a825f03aca4dc649fd5acd40ae0fecda3523ec0ac4c558d3cefec1502bc509f93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84f80ddec67c32ef04c15af983f08ed8 |
| SHA1 | 996fb438281263f8070c22cd41f8c5b0c92c804a |
| SHA256 | 2f32d097de00a40d5a1df182e69b849bc866fa7d0dcb800a1487b3fb5cc7ce35 |
| SHA512 | 5bce90191bafa6fa893079038239d3ed45c2b1a91c64a962da437c2b68e3d76d9c2661f43ea370276b03c68acf5e223ba5dec3399e87ede5f384ae9252ce4e22 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a510767ca7dd5cf7e5be6f422b4c26a6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a6a46f8,0x7fff0a6a4708,0x7fff0a6a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1155793782402868071,14900168665658601663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2512_KQZJYEXBXOXOLURK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4903a7ddb18eb21c24c0878777e19d6c |
| SHA1 | 1cc9431bdb60fecc38579d84cfdbe4d6648f9a22 |
| SHA256 | 7aa62243498b1efa453137e0eda3933da69df6aba95a270265ca3b507c5f07a1 |
| SHA512 | 585b9466d139dc00c0e9c4175aa13a1e0a536d8a76f281c9cfff407ab5a49f61ecafb01efa10024c3ead489782af7230e7a9fa89898297cd64a8813423f3a81f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42d7dfbfaaf32d5f73e9e09d66fb058e |
| SHA1 | 4aa853ab2d1cd0ee0fd900246933125fe2425109 |
| SHA256 | 411ebc521543e760671fe68c14b96fb02c6576d84c83fe16ea9bdc33742b0490 |
| SHA512 | 8dfd0480769b79817d0fadd1a88b3a000787546b6dceb4e749427668861baae84a17f67b0b964a58c7924c3c39b16bef56b6c10c6fc8330fe9d8e070695f545c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e489a3684112bc7e86ded7531eaf73c3 |
| SHA1 | c56b6c6e3eaa9c6bc55674bc590698e7ae77a782 |
| SHA256 | 15667936c010cc093246335c32d27db7bc24b81f3c512befae82c6fb3dd37d9b |
| SHA512 | e06cb56a64d89f08cfb473d774285beb5d8e05e84e28985eeadd22ae653e5d16fe8c42fd039f773868d7fd97ad90b5696f20066ea27d93a2d3661781c018883a |