Analysis Overview
SHA256
c16c22fa028a796a73beddb9d4fe9d4910ec7adfcf24738151f52a2e9665ac0c
Threat Level: No (potentially) malicious behavior was detected
The file a5d2022038a68069ecc6d9760d28b1f4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:39
Platform
win7-20231129-en
Max time kernel
141s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000076de7e75642fc04eaa84c93816910c1f000000000200000000001066000000010000200000006c9f30d615ad2729e9285ba9e5ce821f0239046d34702bdf6c316d19e47f89fb000000000e8000000002000020000000553535f7a7f53ba13ff14ab0b332f67a1a985f7cfef58c60c6546189950e993c90000000273d0abd54bff23976ce72630a6c47f0c3b0637144187f1260eb072c15613928c4c2582af597a592b546e113cf54efa7626133e9a538579bc01bc674d2591993803f59a31ad8c28464e9f11001b7545fcf8ca3ba89be56d1506f23cbbdd37d3a99bd2cea611cd2fef5e2d9917d124cf818379aeb581ff68bab5ebd41bd1c81ade0319f1482f682e07a51766a16201ac140000000eb4853d3c0ed8ac732af150b15ef5c859595a40283f14be8fee5d20bbc057cbfb66f609c37625e0869409a4e18b68d430f03ddad18eb0d323a9a4dcf2494f5ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0087230b97bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000076de7e75642fc04eaa84c93816910c1f0000000002000000000010660000000100002000000001d550d0096bd2fad3062b4ccc5b5536b798f04646898741f40ac9e32df19aa6000000000e8000000002000020000000944c266f59504ea5e01bfbb839836dc36b1801b49c7024cb25df256aadec804020000000b642ed980a85c08abcb6c14d0e4a1025fa52e45e0807702d8fb8e39155bf369040000000dac5219d1f82fb2f4f9b170479e8b9be5646786d6d6c58693d7eeee6ab749c992bd296fdfd762bb2956ad894dc9e8f265b214b90d94665d1b6ce5080aa675733 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7BA3A11-2989-11EF-87B3-6E1D43634CD3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447669" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d2022038a68069ecc6d9760d28b1f4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xinhaoam.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | chdadd.100msh.com | udp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.232:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.166:80 | ocsp.dcocsp.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 88.221.83.184:80 | www.bing.com | tcp |
| BE | 88.221.83.184:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2CEF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35901aafa3c1a5694a777987d6ba5a1 |
| SHA1 | 52e9bc1d5dae685b3f9cbc8069532cd5b6f173d3 |
| SHA256 | c0db17a707d90465f2b2a08d72d4ab72cd3be25fac06e5ade896827247d16f0f |
| SHA512 | 1b47ecffd4ca68132ce7d149d0f010cc834b1c839f81bb917988c01f4c258816e13a896c198d778c714bc078dde2ca9bd7e16a519d8e4d905c6b99b62b7084a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7bdf16b89d43d1974c08d3441932885e |
| SHA1 | a2c4298803b159a073e3af326cbe04f4abd94750 |
| SHA256 | 22dff388f080e91f83f7d580e550dc3985ad98fc347bef828bb5c53db1352120 |
| SHA512 | 9416d6aec40839cb0eb73eab21068658b6af9303af79feeb7da9afdc8a92503646abc68b768ce61b796978a35ca50872888d415b21fb41aa10a12a20c46b216e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a64a44474b3eaabce34711f7ce089b7 |
| SHA1 | b7388619ec2ed83d16ccc99bb65af89958096564 |
| SHA256 | ec7b67bb4e5ac23e614c605077ccd5de3af7000de7d41945155f1afa3f76defb |
| SHA512 | e274cc8c0007ae40a7c99197c4b5d7dc19c5c85c0b3d1797bb9c0f6d3f2aa6ac65abc0f135bec1f4fb923c929c95c5e705becf013abf8fb18fe67bdbdedea264 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 355e8195a59d84b2bf62150f8194c2bc |
| SHA1 | 2653b5b08118edd08cafea853ff1f3c655763cd8 |
| SHA256 | 8fd797cc091e9dd24ee28b121f4f8249d14e4e9ca1f41a84cd209967cbe42d97 |
| SHA512 | d0c95d2c0e526e62ff47261a43feef35c8bc64ab14487271d7d369ff4d5b33125e5b398c9708f490fd0a6a464841bdae856b44daaf797304becb65bb1a46b155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fd5141390fb3edbfc01cea5ddd98b25 |
| SHA1 | 7906151dd9f355e23fd5c83789e604e93ada5c50 |
| SHA256 | 85f7adab0065878eedf2d1387676da1aa16518127b5bdeb049e7c674a733ce63 |
| SHA512 | 038b04ef0ff51d9d2bf7899f7e78e3bbe6f4eb05a8902f2257925a6c60d2d6425a43ea8db84f53282a5a6d53b1ce8a5c0fbdfffef6bef0ba2299878b91b6331e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8621180239c0e44a0f23564964695c |
| SHA1 | 614c7242169ad2afa2acfb95e32072ec420327e4 |
| SHA256 | 534be46293dce1a7e07c5a41f8fef1e8d80e102dd0d68e2a99e5b0df48d35ee1 |
| SHA512 | f1164d5cde4c173f0e2af798dc1ec2c71f1c7f4825bacf1ecc57de636a830b6d161bf578f9e074bb746006568bf32607d547f41c2293d18071c002812b19351f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c647c7f48b3a425db182f18088ad8ce |
| SHA1 | 58634f15e000d1414f46cb3c163e39f51c374309 |
| SHA256 | 194b49009b2c5645e1416e5b8f4e30bce92720af74c257fbb3c286b12a456966 |
| SHA512 | 427d469ea898a0bc9f6f906cd1007006047c484b4b3dc5ad3a75ba81aa2d2ba610b052f209b180e743f114386c82790b3e9816bfdf73b637668f7f2a71300d04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 342ad1c1a7e5c77c5e5ba57fbd9e1c3c |
| SHA1 | 10b6b93766f4b9b2e50f6e3a37ffcc3e3c1dab4d |
| SHA256 | 02d0c7b16f1d7b7f741fac25101a4430b90c584ea25fb6a82525df719e89b1e9 |
| SHA512 | 251810ad246c6a9d8d9537c68762f246e712bcc10f888cbc5e97fb2a9217e299a8b7477c0bbdf1dafec95cc8b235897b832fa13709a2263717b0684f8d17ab9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 387f97a50bc16f612f175db8708053e7 |
| SHA1 | 3eacabae90487156911b0b2563c93f58fc6a5414 |
| SHA256 | 5b6c1eab2afb450a1d71161153649d24ecd23621474de4878d257868d104dd17 |
| SHA512 | cf91e806de4e57dc5df4027882b8013798c9fa295737cd36e802e5eba7bb92db9a2aae9d119c7e032c5b8f3c38944ef675680f7ce80375ea9918b88149eac5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ad7e7cd9741c4e038bf05ea1cebb3be7 |
| SHA1 | 7ce2e615ea54ad8e1bd9846d21d0e72a5cd9c8e1 |
| SHA256 | 8f43e18897c733606ca47e4ca922f4aa36bdc1dbe617341caabaaec561646206 |
| SHA512 | 9d52ec33ba4eb31f4b4685f3380dfca4a28fd49daea2ed1e072527b0598f39d24faa764ff2d4a172c42844e857e8b71f4c0c33737e3d9232b2ce27d602b09dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42c145fa16bbf8d3e1cbcb9f7a84cfc2 |
| SHA1 | 723408969472ca52d41058fb2aca76e65e50ea19 |
| SHA256 | d53d73f4f0f88d21317165e6b16f8c98cdb3c712e8976349072e85a9a645eea3 |
| SHA512 | 2bd54f9a88cad6d430c4e73756d6401a6b3b945fca2fdcd81d66aa621f65cf584950ef5608ce33dadc7dcc4260834bf7162b33629ee19a951471c675983532f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed01e47da6f9095dbc7576d53b98266 |
| SHA1 | 0c05aa6fcfe938e3bf997602e00bdab0021bfd95 |
| SHA256 | 379d9ffc18ae105ef66190f170656447c9876607b4a34bed4dcafe7590b95b3f |
| SHA512 | a6c3973f1acc59296ce8e148de1846047bda0e01a367bd5d677305c674743d28c22eb1ad947bac887b0150e9bc4f77014a6c7dc9318cc9d663aff07193c87933 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65737bc9a09ac89b33ea73a74dff3ef7 |
| SHA1 | 5b48b4a13c1d08624841fc1e16be51fe89693eca |
| SHA256 | abf8db1ff44153dcfd5b0def9a0da6d019ed61cc4355aaf155dffadf584546d5 |
| SHA512 | 65255ba59e1fd128910d001e3b786a63a4cf1f0017c51edd8412f7ddc29ca93dccda6efbc5fdd091e6897d72c28f509a465d31ac892da8dfc550984362f29825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b61010b597560cbf6037d0afebd54c1 |
| SHA1 | 0d5cef2a377488204f1dbc5889316e9477d0010d |
| SHA256 | 599fa939ae2f7d2e288e625f2c0ceb8951ea4b17449654f391665b714ac5c48c |
| SHA512 | b2fb8dc40cbcb603de3040aaa4b35801758b0c8be9941c51391a6246529a9109dc0ada4cc49b22536f01bb733fe91b77dd9d9362ac6481c61a7a32c369f7c5e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 847029a8321275453b90ee8c9b20441c |
| SHA1 | 30ef9e8a255d98daf72c34aff11ef378f7015628 |
| SHA256 | f4c2dc5c049e44a5776327d47bb7d212ac2b323af48c2f1327714ac5f450f5fb |
| SHA512 | ba258239d130ad170e623e3e7eeb918243ad302294da5e8b7208243ad67f9fd6c87f342aac1c8352acc5d140ce9e4b604b6e613dd382f0b7993a95477f2d3dda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49fb818e80c402eec30054e6ccbaf258 |
| SHA1 | 7eff8effa314843b2e88c1717d30c45e434fac2c |
| SHA256 | 8aa490afb94ac1cc80129f22bcabcdb657f641fec491c20a8643f7f2b9e1b30b |
| SHA512 | bf104384be265d663f8d40df0fa12929ca68502999040c8d5d314dd9dcf2992701c017500670b9e5932f992180ab56670f09a758ed1239d798d92ca79c987d4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62e825cdc203bde2278af134ae8bf343 |
| SHA1 | 1212bc7e721fb74b28803243bbd08f4f63ed8300 |
| SHA256 | 3146110027266105442f6952ee44513c4645418918d2704c0c920df54a770858 |
| SHA512 | 3f2720206e2b0663775b4b1441fb01abcc747cf8a3e90cfdf8978aa43dcc0b8b04b4ceb0912bb4df35e1bdb5ee879cc8635fa43638f1ad1873a0053dae06da66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 559567c41a52ece21ec4fad66936529d |
| SHA1 | 5535ba0a8995013daed6dc647bd4406b450fb98b |
| SHA256 | ce65e14ce948317c8c13fa1749a96b90609a3c3971657c442c4b7bc0dc40fc27 |
| SHA512 | 6656db4bba833ae3e8068b386107e0ab5e37ed28eb7f4e2ee3777b54f5be93f81b7a0c1128d0192534a37c6b83550b03f41420f1c87122d77fb8f1f7480bb711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 888703e4687112d6895fe5101639a524 |
| SHA1 | ce83bb68b398556250baa083c1ab65871aff94e0 |
| SHA256 | b0bf8d769c1d7a8abcd8062de655662be77db8c3c541cb830a3588259db160a5 |
| SHA512 | 6d2730d180d0b8d2cd47460487a52fe94608ef936eeba86bcf6dc72fbfec3397bb42b6ffecbca41ba79c0b265615351f1ed35b68785a5fc872a9d6ec8aaa3677 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6da63e94f1c5d2b8c967c197a7e83c50 |
| SHA1 | 483a4d9b69792d70f014f9286c846c953021a749 |
| SHA256 | 00db4fe53473fd53e7a0d6c7b05666ca4144fa43597237cdabe7a299b60ee2f0 |
| SHA512 | eb1d9e4c5049c2d2d9117fc8037c70f91f1285f76592c68172d1bc8db7a4de26466d461b304a3226b518fcf53ee4a70363feb7420ffe79ba666c24ad29e857fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e5789b73748791929924832d87ba690 |
| SHA1 | a13c71f3c7ae515f233a63f604136ffe8d00c096 |
| SHA256 | fc449c1ff74f7924b83b7e7b526ba2fa66b6671d757eb7a3561c8e8e97f78cd2 |
| SHA512 | c4b55b5b6032b93eea214fda1d5cce45dfbbf1e171297d81b461dae35adab9d6b98cc006e30f79d89b43e0be42ab16997ffe1ae26e4cdc636c08be9e4f5cc9ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3379daddbadd2f322f3cc96fe1c2f3a9 |
| SHA1 | 03b48f0d5bea8997a1dc5fa5f833f5d6836c5c94 |
| SHA256 | 885bb7f65c819bb1883ec220c91d17f2fded06bf2b1c5009440f1e7cb5df65db |
| SHA512 | 2dc77d4eebc99d5359d637aad7ce57986590f45e3a7630b9e507a120ff3a2fb7eb11ee1dde325a58cbf311a371a53e2603f9fe7268762c92c1e8eb54c0dac207 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:39
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d2022038a68069ecc6d9760d28b1f4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee9746f8,0x7fffee974708,0x7fffee974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14871549007287919746,3498043586466025807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xinhaoam.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | chdadd.100msh.com | udp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 8.8.8.8:53 | 172.234.159.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| BE | 88.221.83.251:443 | www.bing.com | tcp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 251.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.137.205.203.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_1528_NGIZSUTNTUKJHCZV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce84135816a0fcb716bfc72a8bcb67e6 |
| SHA1 | b51daaa7f1c3d5a2e3093246cabe01d96f1fd08c |
| SHA256 | 565f25fca88a362292d7891cab77701e0fde7a4f66306f19b721f50b1aa64660 |
| SHA512 | 98da18c3653a456b9a4a196aa8746452f3e4759a336183e13a20cc88b184e460475d3790bbfc8f643c5ad37f8e11b60f048a2c3979138dba8a72aa8e3586da20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2ca18a8b3b021577c4dc4d6e77be73f |
| SHA1 | 21070362463a666c73ea598cc11581b010ef2c82 |
| SHA256 | 9beec9be96834f7a2fe280e1ea22d87ac4bdc1e0f9db21a82dce41148501cd38 |
| SHA512 | fb84cac3fd095486e96c9cb92ef1c8b45e478e7a81640329995bb5b60f47e416ca23b9dbe4e1665b554fa47200ee237cc4c8bc90ee524fa94d160cf4c6c41390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9d6d4a0661f0cd2f9809c69a7f062101 |
| SHA1 | daa27e93bb79a87bc595688ec42bd422f2a76b10 |
| SHA256 | 83b65b6844765c5c43a87fa7480dcff5fd2686aff8d3bd8e269772fcb509c18a |
| SHA512 | 2cfedb6439a014dc331a74e04ae629e17ed2ffe348d53ea0a93925e3d4c713478217df96779c006961d1d22b0e04ec28fee3213f6231863599ff91e6327383f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a28fc8c7b408c9fec7eb29ba72319a1a |
| SHA1 | 2b1815d04fb077e076a7c078db984304b82cf50e |
| SHA256 | 1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65 |
| SHA512 | 6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb |