Analysis Overview
SHA256
1790fc9c7fdbe4a2a19950510060583afc3971b25a7f1961bdb150a79c144eb5
Threat Level: No (potentially) malicious behavior was detected
The file a5d26dfd77f0231dca0a747b0cb9ff1f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:39
Platform
win7-20231129-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447689" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000035398d0814bff4fbfe7073d8895b51600000000020000000000106600000001000020000000a80385646decaf93f4e22b6677c3864e5df6de70a0cf293797804426c4cd3b8d000000000e8000000002000020000000d1cdd34dbbb6d9f1d2959b0a69a4bddd3442669ced053a45f32b270aeed9a1ac2000000005e98d8199b84573f21b5492bcfb1033005a1b09a277dd46af620e1bea772bf540000000bfaf689f2c4d2e152f11326e3ed6225fe98be5acba9d2a4152fa42b04c90ceee98e733b6106c35cf1fc016d11fc6c61093ab3f3f9b849b817a9b0a1434154312 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000035398d0814bff4fbfe7073d8895b516000000000200000000001066000000010000200000007cd494f812e8ac20370ca4e73e22b34f6c4a2d1edd58ada7f1bfc226cd1fbeeb000000000e8000000002000020000000d5001895bdd86dd87ba12e5e532b3e2a4362fe002a5acbc5aa6395c068ad72d790000000c5aecbb2071b34638052e4f29269205d126e93f714569e446355c83949aee13e883f006f808ee3bd512ef1c91acfa0f2c9b9af3ea3f83b8c9115a81f8d0836f44e026adc3d0f74f46102645d6a2cf13815b81fdefef351d63f9ec731c0e4690c2e88cc8e4070d2060192713be8aedfd8355637b0d9f64f535830391d535d5439e6c05cdfd33401dfc2937f44070dfe3940000000d6adbd41c4a8dc6be919a2bca7cb893f1264e813673071832b75880bf15e307031bbe0bef4d52594d665da39361fcedbe55350f62c55103865e87c9711de1fe5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0389AA11-298A-11EF-BDEB-D6E40795ECBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30df45d996bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 2876 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2876 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2876 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2876 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d26dfd77f0231dca0a747b0cb9ff1f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mp3hudba.sk | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| SK | 37.9.175.187:80 | www.mp3hudba.sk | tcp |
| SK | 37.9.175.187:80 | www.mp3hudba.sk | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | mp3hudba.sk | udp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| US | 8.8.8.8:53 | toplist.cz | udp |
| CZ | 88.86.101.2:80 | toplist.cz | tcp |
| CZ | 88.86.101.2:80 | toplist.cz | tcp |
| CZ | 88.86.101.2:443 | toplist.cz | tcp |
| CZ | 88.86.101.2:443 | toplist.cz | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| BE | 88.221.83.232:80 | www.bing.com | tcp |
| BE | 88.221.83.232:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar968.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21b5c49d0d6f1277f7aa27aeed5bd151 |
| SHA1 | 32bcd34783de346681775ec438ca0665573c6a8c |
| SHA256 | 79ecafbc01d255e764cc60cabea4728a934d5760acf1b3ebea1de0776b909486 |
| SHA512 | 05cc7f20c559d5a5c956fe0605bd91202415e52288c3bd30bae3d75e67401bd61a6fbf1bf62e949c250ca2832687f3a13a9a8b9f02e18042fc26f897b947d7e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 546527b48b965a7ab2579aba4db74329 |
| SHA1 | 90d3258fecb9e6cab55f5f2411706ca374938484 |
| SHA256 | 8fa58477a3c18acdc81cd9feeaf708387b7bde797e696b7ae111ba7c444ecd71 |
| SHA512 | f3b5a4a0f3a3205c2306f741758c80825cf1e03a05472bbb8fe0705992c1ed4d9e876b8bcc9e6fa3f002ec0e9eae9d4bb3fdb003c4a3f3c77e412a82500e1ac4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 387700f8f16626a37273b8b0dc543db9 |
| SHA1 | 747c54338382adacce8c694bca862390433e6b98 |
| SHA256 | cc7eb3cfc7e944f5dd62c9d9df25efdb5afbd7d2ecc54f0bd37fab01e2b323bd |
| SHA512 | 556af5c3220f1b6ae7cd0d7c812eb93ca12cfcc300c79588faeef056e05f62b5ce28bdd607680b4f55ccb1b8f79bbbdbfc4f3b65f2f1909f8b0dd65443281db3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db79252e0c7763eedf2988a62fd5bb28 |
| SHA1 | 0ebff0ddce5ea93f9d9630b64bc892875326963b |
| SHA256 | d25d620827ad8bc2a30dc27d76d4f9cbf4ef94338344747d9bcd06e2e1b83cd7 |
| SHA512 | 6c2f8d52ade067b907598890c9ecdf905689bb68d27ce66da48473c236cd7018a7836a10361473e541a5108d0b60dc4f80193d2b91d901d889b6f69559ace3c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ca006f0c8eceab5d0df348d23c8fa3 |
| SHA1 | a576a2a9513351f585ecb116e428b134e5971263 |
| SHA256 | 9cafddbd9e253f72445661a3728961e768b2cf8b1e2748559f3b3d52b02f8d0f |
| SHA512 | 8706dc76fc0a0314d18c5fc864f418bd9604bfa420a780d8e41aa85dd88665e807282729ed2ee945cab08fd223e8ed486bb9bb80980e5f18cda562a56dd6454a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0531d8bb5d2ea7c16660fb29fab61961 |
| SHA1 | 9108e0e70cfd52cdf3dc3fec3d3739316c7afe56 |
| SHA256 | 7f2874edfea7fcaf8800d73d86db62129fa882c6574266d3b63a68b721bf2f02 |
| SHA512 | f54219c7e180466b06ff043c8f057099fa91cfd2a350415de9528ab1de9761e7918a736744c398489497bf46bfefd38551e20cdb8fe143137e72af75e9e4c7e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2768fa6e916832ceb0c5b53dd3f6c69 |
| SHA1 | 25485fafaf8b61e8e00bbd67fa9c2b5d5b587a11 |
| SHA256 | d0c3bafda99cadce05e0d8f0127144905de414083734db52f3605e6a65c7e852 |
| SHA512 | d6011c28b2aa881fe6dfab5e6bc82a549d1062aff077dec8b56ae679f0e73c3476fd5476ddedc1b81d7926e06ffac1dc5da7e86165fb4503599c74f5c6f24fd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15f832c83a3b01fab4b282b743785cca |
| SHA1 | 6c2b60a6e79d87061b603d6f6a1636886cb869c5 |
| SHA256 | fa6065a96796934de6719dc6ccef6d54b4bf603fddff7a979b4c8292131e1e13 |
| SHA512 | cb91c009b3bd06de4a39075bd43dfed0a1e030347dba39939dd938259b2936b1060cc2825269c476a9746fa9ff7c4a26be9b6e3663cd8aaf721b0284493326c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | adcefa523bd90bf7f9a8475ea97aed02 |
| SHA1 | 55910a0a665ac8521e974c97b98d329c67aa2138 |
| SHA256 | cff29836fe7bafa5bc257f3ced65e408347ffc2f0a17ffbb8de94461d4b2d450 |
| SHA512 | e170ee7f621845d430a343512221855e6cd0f4add1d31a46e9f948fb67c051f05794b519b555352869e3f9f53d2a2cc6734b1e82784a3907197c23229925dc68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bd3ce9f99f7da5c072858bbb535467a |
| SHA1 | 9ec74d37c74ede6de1f3224f1bc94fce2eaa5ca1 |
| SHA256 | fbffdac8cbfa0e80d3b919ac81cab1475f523a8620b999ed55dcf2a7a28be102 |
| SHA512 | 05d740e4c79ecc5ae31e3354c715a85e7f48b80df32fd5eccf0f4f7b0550d736778d97bbe5251fc74ecee2d3729b9a182b823241d72441dc88cb1bcfe255a136 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd36ffe32d01969b0796666a15c0388f |
| SHA1 | c56147d727fcf9ee6c097e27ae4b0a5fe7c59a5e |
| SHA256 | 443f7886cc5edbb9fd448c428e1c65358ce46252214c70123c0f935af89b9661 |
| SHA512 | 248f1017735141cbda0e27f682b85dc66157e1235b883e2346135033e5945cf8f6435f974351f1656709af67017d02e71783c62f29903e52fdd40385b4b5a4af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b1dadf29938f682d3480f5051a834e |
| SHA1 | da35ebb6b6e81816b6f9b9dc35ed7cafbb495db2 |
| SHA256 | f213db63cbd7b97501120d93ca031bfaa7f9c78a8fa84da6be472a2a4de7b2a7 |
| SHA512 | 114ffd21f88a97e1be0a5318ee084e10f0a8d8081bd1ebb928f73d67ba9d38772235152a3fbe2760817506da8c5dc7d600e585f31d49be10e49918c7ad6520ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b92be4878e078bbdf5df5199fe95245 |
| SHA1 | 9b56369a97fcc46914119abd435b68c7eb8f1090 |
| SHA256 | c17004104fd7a8e9d2e10f775b98f43c0cdad274f727d6e9c0d0aac2fa685fc8 |
| SHA512 | f9173528c89fdcb3b0eb73e942f9475c83326085b3ea35feda0c32662e4a043e8f536d4140b947b3b5c4155934da2802fcc7bc4155dff37d296a39211cbcde1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0dea5e47ed45bda7e0672c1c576df1b |
| SHA1 | 434afd0f5f25d2305e794ace4a74f42af0790ab1 |
| SHA256 | 8033d13a7910e801e1eaeed2c038f3706816f11e9c257ab9de2f0322214bcfa5 |
| SHA512 | e75dc2a6500e90b78bfa65ce7d6fa180fcf790a7e0ede4cee962facd7c10eb11384fb9047431ffdc3db4e3a964975bad49b33f29dd35ccafb66b075e6b80ea6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd0cedd23c6bd9d42dc3e1aa1a6c02dd |
| SHA1 | f62ecac5e1f7c6e21054b62bc9fa1c5957e4aed4 |
| SHA256 | 9cfcd3f84e6f661d1407f53e7baf6a691693eec4a718332f5cc4cdcab03d8bff |
| SHA512 | a9d670344adbf3cfde5b8311bd4e3108458dd7e8a49cf44e2f8333608ba233a4fb1139549970969cb9e1077cfff82f5de2c44f787adff51e5d63eb4a5f27d167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02b8d63e8c3b7af0b387a30022e0ece2 |
| SHA1 | 4325ebc3b0bb89f3e500b2b361b19c8762674ae7 |
| SHA256 | 20942b6594517b102e90ec103a369e7996e8abee50a42368fce1d631977b351b |
| SHA512 | 2a9c855db29a92b926f0cbc5cfdc3e27800f9bbd7cc0affc3c9e728dbdb1be5842a5540dfc2bb38ad5a8bd99723bcc0f707d2e3c3f5b5d29c4cf66544c78d7a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05da336519ba01c2894353dcdada0f38 |
| SHA1 | 410a1e492da8d647bf5aa8d24de85a9f12dd678c |
| SHA256 | 93edf11e17a28484a5a4b769b50ccc78d982c4778f7798013b57df22ae201339 |
| SHA512 | 66506d2fc3d735edbc957af6b4471f65793aa45d2d03dbe996faae809e67975f42995198f014e0c5322d8f3d77f6af419e6a97a9fd582e543ebbf5d54a216623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5ae1e7bb4d128cdb0907f7fd35ce55 |
| SHA1 | 4de046419f2e917ca108489c275a58fb9531618d |
| SHA256 | 881feeb699e931cab7236d4ca2caf71839d3d29900a84da1ff943455f0f21e55 |
| SHA512 | eadd57ab7dd0e0701fa01f5447a88217793fbf47bf264322e26d4d2d35558aab76fe8caabe02ed1a49e5bdc8ccf1e73c53b2f1fac30c8c32076589ac42d13b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb1c4b4b2d378a1d9d52cc83a77996e1 |
| SHA1 | bf398de16711099b11e91d5553b6dda87a89e0c4 |
| SHA256 | ad522019b593f0e78809d706055943caf85ab68e1b5514e41894be43e0a0529a |
| SHA512 | b070217b434358e3e303034d036319aafa011e93eeb194fbfb4b54a84810e3de6f2dd6d4b6d13fa5b7d4785947f1338407f20b4c9900854e0ed011090f9d0d71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca55fb0d5f9ff23c212a2a8db2c7027b |
| SHA1 | 3f07c7d350592831a56866f50048806c5f3eb849 |
| SHA256 | c72639b9b90d3f50d89bdcec2a66ce87c30294f85e59b0fe4b25dba5c1069205 |
| SHA512 | b262fb12d3d3c5df0b2b2d6b5adf549f7df1bb3895e1ea18185626f5c0d03535fae690dda982a80a6eabf1305177b6a496f5bc0ab1f57c059f73d4415484d219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d872d8a5fff1cc51426a7677ddc181be |
| SHA1 | fa8aadb6b1cf5f7783a76a3aaeead35b9d6009f5 |
| SHA256 | 5a8f9fa1b82395241ec12fe0156a9dcb6b27011ba0f571ea5f8c0eacc373a582 |
| SHA512 | 4756431db30915558a26831955131ddcb53e07d3e1b1582f702cb40565643ddce74c0224d3a401656aa30e76bf3879cc4356c2e7b4650ee9c496c2f07868f19d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819d0bed89887d707fb002677c94e1c3 |
| SHA1 | 777ccad9449923440f87b107ee8619af06d2424a |
| SHA256 | 08bbc13beec855378a4cb2b7755a0124f6866b76e196bd6aa5278e01501e9995 |
| SHA512 | d7c6825c572786ce1101d01bb282b571bbe083869ccf517225addd62df2512ff5cf6a92430076702e3ce885a7af02b6e9e33f582cd28981c6415949d6b96574e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:39
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d26dfd77f0231dca0a747b0cb9ff1f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,130350737858477554,18032905930207751096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mp3hudba.sk | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| SK | 37.9.175.187:80 | www.mp3hudba.sk | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | mp3hudba.sk | udp |
| SK | 37.9.175.187:443 | mp3hudba.sk | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.175.9.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | toplist.cz | udp |
| CZ | 88.86.101.2:80 | toplist.cz | tcp |
| CZ | 88.86.101.2:80 | toplist.cz | tcp |
| CZ | 88.86.101.2:443 | toplist.cz | tcp |
| CZ | 88.86.101.2:443 | toplist.cz | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 2.101.86.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_64_SROYPXJIIJSAUWWV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d43dd77a54a0be93fd5d244f938ed2b7 |
| SHA1 | 37b24b2e4fdc8f144d4f46c39e5b07613caaa2e9 |
| SHA256 | 1316c84381167535458b7dde04088a485a2fe4f08b5a85dd6445c2dc59c55a12 |
| SHA512 | a9902c49437eb65f639e6a94b7165b4d758a13520143fe97afe6d840978c9fc70e178b4ce72a6ea4ecf7f3e7557507e6b7b106c7494ef0f51ab18d83d87adb09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a2c089939d8e091afdfbae70c4fe0a6 |
| SHA1 | 34cb83e9a6edf1f2f54bd46c956af567b4f2a76e |
| SHA256 | 90c3335e474b24d369789b6c3b2037e71154cad02df2bb14b15d2a04f5bf79f5 |
| SHA512 | 2da23529436fb54d2d65ed6d0e6ae16a19426f8365535381af4e7ffddc44160d961eacd143701e4d3c20525bad8ac878da2e475b9c1a93963f9a60160ab33df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a09556153fc4c66e6b0ee6225d5847e |
| SHA1 | 27550d18f9f19e22855ae06c5c5d2fefc3a982dc |
| SHA256 | 93c20b06f1080727b1c56b3a9672561b86b9d71f57827e4c7e32ff49930b142a |
| SHA512 | 6fab412e7ceb53f89f3bb23aa05787015722a4eb3a074721254ceaeedf82b72f43b43f4f5fd6ceef9077f93b01e1af96917ca1abde5b838227daf1132562809c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd06.TMP
| MD5 | 465b8f3f108b9400dffebb4f39ce2721 |
| SHA1 | 85956e2673cf9cf1ab22db5b0870c6bdc7b706ea |
| SHA256 | 9b59e9671d0fc3d9885a39091cb4781433ec6e0ba51b10875694c5bd0f1e217d |
| SHA512 | a2d1c151604e30c26c62d7608670e494404cd16e1a5da6771b51bf51cf089d5acda7e3b74e421d10709913410dc8da4ceb79f64c23bc017a1bf1b1e7df952294 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 48f1b5543b269f3af2a361565c0539dc |
| SHA1 | 9ed9dbecf2b7cf44fa91940e0500731b241b867f |
| SHA256 | c5d49d1a1cec1b63a6c32ef0ab848694dd284935b3961894d13b832373d75869 |
| SHA512 | 70face6cd50fac61ec049f000ddb7ec6591eb35316655e242630924a4c70ad8e4f04ab63bdd1d8c8df869a31daba70b72411a0d95acc119688e5612866c35dff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97baf4002cb66050a43a271368b0c3d8 |
| SHA1 | 17da99fafa53d9edb536f31457acf3a95b311238 |
| SHA256 | 9572a887fec1872dd5066cc063ac42c13284b30c2f8ec486cd2c973aef70b128 |
| SHA512 | b94ac654e770c7380fef036895cd4bcb5d472a5ab689c72974a93ffd7cbc37d5c98230b4864a670046c8102b091c5e8c8599e8544289882344049d7d5a444b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e9301867768d6990acea916111fd9078 |
| SHA1 | 424a9ea280b770e1be300482cf52e5e1feeb37a7 |
| SHA256 | 6a7e8673feb1125301388a9cad3dca51a547c00f6cb983fd95f01dfd98bbe8c0 |
| SHA512 | 498e40700385d0b42185150a55ac2df9f2b073ea356671e621d7e43529c3229dd93ccb07fb909836a7e91de2e84fd0f2694dc74d46710b8d751499a3a9602099 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2cdc69a3c96a22ba0786453be9d860b |
| SHA1 | 35f74cd3cee4b26b1f89e0431ea16ec89a1f714f |
| SHA256 | 381ade82e6bb959b16c1d93845ace7aca3e0f628ec49ae33262a3ba346edd4d0 |
| SHA512 | a1889f92223c0fd35011be8682b0551354267cdd9b9275cd75539477f50d8187b2d7e96c8181055e467610d917016e8dce45d63cf37caf491a7fbed853ad9531 |