Analysis Overview
SHA256
b404dcbda4ed0aa7d6cd5183116fab81fc1da493da97aa45e1c3a8fd851ba303
Threat Level: No (potentially) malicious behavior was detected
The file a5f2015efbabb40b7f71f2075834cda5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:08
Reported
2024-06-13 14:10
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f3c2d6613a3664eb535f6605971003300000000020000000000106600000001000020000000a183465cfc3d993b8a741ed8e109985cc55a4edba7885fb16d840e617360aa4c000000000e8000000002000020000000ba2102b2d7445a637ceb1cb8a9bc116256f6e2759eb03946552f1f61c7832a1a200000007b1c2965600f85addadb8a786600de24689e819753e23ab20ff7fb57399c383540000000343891da7b8d922f0786f72735105b9202a0e03e65bb7ab66989b8b2d7f5b279ca32f2dd4d1490e7d44c2e9ed7322ddf9aee6af415cead69c0eef1ffd40e6da4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449568" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f3c2d6613a3664eb535f6605971003300000000020000000000106600000001000020000000044049f262a3bac60f8e34af92137637d043047d14f009800363169ac1314220000000000e8000000002000020000000724635218818430ad9b9f06941871f5696597672ba2a6a904c41b7309a2396699000000072a64c2e2b45f56f7b3b5c3b605d7293188621ccd712603689e8b646d716269b12df224c25332648703ba87be3f5b80e328bd4d57bd3600a6bebe4221de2a661f8fa37fe3af7e5c98c9f84c9ffd82c60168fb1797cc0c62efb9bca14bc4e232bb1e4f183593ad0c9c587888bb02f371053d606c14640bb876c5000120c201d4fc3b2010a79d1d3df44e45e3806d1c24640000000be8864c1f201c4c814f1c961a04b0e424e30c61424f60b1d34d7c2d1dc5e59e354fc632ecf9d60dbdd9c51f32495a9221d30a84ed57f5dc49229c52ddc6fb38b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62E4D711-298E-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3008fb379bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2756 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f2015efbabb40b7f71f2075834cda5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e45a7e591fabdfe3a2fa70e712760a12 |
| SHA1 | 010ebff50f724337528681ae5b43fdea36ebaad7 |
| SHA256 | af626ea1125e5eca297347123e2c4d0e94e2b797df2e6067d730d8ee634bc9e4 |
| SHA512 | 363e7c28f1c6efec40b31a7e4b14b24bf06e4516fdf34a19105397a23e60d91a54cf0fabb8cc6443844e7b318c3294020cc54081b156d06020602088fd935c7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | bcad1f92a4cc6f94ab614a1a5114c5b3 |
| SHA1 | c099833c91100f164b96fed4414e7e682b6fda37 |
| SHA256 | 133b927f80286fa6f6d0d5bfd8eaaf40bf8a65984e8242233dbfd668d9f15045 |
| SHA512 | 538a85780a5102b0890b0f75f2f436b956630695a3e328aa8f521d0a7c55c65713d03ac01f52cdbdb75ec180291fe02afb43d6d16a57bec1da8fc722558088e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc6d7706029adf92dc30e163cb47675 |
| SHA1 | b1a70fd72f9a99fb277a9c0650ba7a805bb39210 |
| SHA256 | 9558886febaf23cce316ef038effffd1c877845d9a3a8ae986d7b39a5094c3a9 |
| SHA512 | 8fc498fbc4fcdeaf31f28cb9af9f0a71e325e9e8a6ef15ab24c7c8b930e1460c40076a655035cc0b6bfe6fc1f971def1640731ee65da1ce4b6ca2369fd6e9848 |
C:\Users\Admin\AppData\Local\Temp\Tar3D24.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3D23.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3E42.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fbc4361b1e2da7c7d7e348f5f5a56a4 |
| SHA1 | 3f2aaeecb1c82b2cad555979bb05b998b563507d |
| SHA256 | ada025f3e5ea3a5565e921b47c569a6c4fc9d8494f1837cb86d3e477750dca34 |
| SHA512 | 722116594af7840ca42a9b1e578c6a14a62c7a6093c7597f7a0d8fd9a79e10b4b6b40726ab303116112e69bd82d2d71c1e60be7d4e34c6ecf1ca3deacbaf28de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80fe351f87645d4136fece83bd536e26 |
| SHA1 | d4e179fb41e2f469f6be31ed99e1a1bff2541d52 |
| SHA256 | 2038c7f917b2b7a8532fda2848bdde0049387c364fd91d3ee9cffc7ef5cd885d |
| SHA512 | 2acca44277bcc2da612bf3aeb5157054827a05f198031beffb70ea46cbe1d94ac3fa01431828120294ded44b2bc8c58f78be1766cedc0433a19372b1b671d8e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0df963d9f72f7a580f981d8407a9f78d |
| SHA1 | c0252e2ef1b84d64bfdc8bc2daef17f4bcded31c |
| SHA256 | 137a57b3abb3d3c1ee2635cda3756f253a5b59d3a47ca33a6e1b09f7036a38c0 |
| SHA512 | efd3069b61a7dddff27e76a08fc05e9e8621da994934b0a4d3a590941f2514e424393286fc0a782b024a14c97749bf10e3102153fd56e287e55d6c7ce3a20564 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8663ab2de143da94ba777e790429c3d2 |
| SHA1 | e3787d5eef3632dee20489c3a54d25e526320edd |
| SHA256 | c4cc8c4ed44a889f4123a0b754337d2ab4414127135b48fb3e09c64fe7725a03 |
| SHA512 | 8b7d17efd4fdb1f4b90376c72932df5cea93aaa00ad300881cba85e4c5d7709f809057aef4bc6f24612bd6021b88b967ec7cf6451037fd249f0ea194c10839c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49ec372b2c4a167369929673bd733947 |
| SHA1 | c54deb7ee098cab9a2a4f5886a44a4942208ba80 |
| SHA256 | 2e0b87e6cf4984af6cd7fb1a9bf5a5e2435738605574c35d72af359b4f24c16d |
| SHA512 | 0317d1e322cde5822b6ad14e984b866e864efd4be0552e4dbf39a2a61e86ca81c3def10d194f8686f63b4bb00e7407c7a84b9e566fac9d99284a3c40e979f71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaba4a51df3456218960792786e4f3b8 |
| SHA1 | ce7eb9bb7efd7c8dab90e97caae00c2fa4785d1a |
| SHA256 | 41984ada629c2444a7b57e0087a40895dd99944ad55006fd8b93d3667f4ae4b3 |
| SHA512 | 8f928c1a9d59984ee1ee73ac761e76b285f816772bd67fee074bbc77415a2b076aa5755ba5345e560dced234d7f153be86f2089d81a657473ca9c9abf5951324 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dddf1801947298668bacbbf16d87f715 |
| SHA1 | a9e2ef09049890d08d49b7f096af7a4ee45ad213 |
| SHA256 | 1b2a79c56113735be319cf51fe27fe8c551dd2e390839ddb4ce3c1b297b9256b |
| SHA512 | e76ceaafdf9512cc9f0b90b0a86dd2d03c2170ace8d33caecc8dda3d992c075daed02270d4c67f2af2525e97de9d94b8865de08f04b77b13b025e0546cd83867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0577dccc856bb9cc60caecaadaacdbf9 |
| SHA1 | 8204df78eec2707e89354a372ca2b2396042a214 |
| SHA256 | b6273369f6b26e7bbee83a6bf7e982bda8f2e64b3f49053e7aee8193dff0f73f |
| SHA512 | 8e3fb3b94df7970293b3d6b407d0eedc03714f7c918c541f5814a51411a7628a8179dbaaf0a8b3b29384d979eacdbcf5fc60856c78cd309221d36ec8a1ba021c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f59c4dc1bcec672661ac5bea9fdb5b3 |
| SHA1 | c1985438c145e893db76a77053f4f54a41b4a371 |
| SHA256 | 073ac1cfcc21e8ff7d94c1220ce1cec9860679f7ab4ae4b98c4089841db1b897 |
| SHA512 | 708e9c004a88c6b745ff0d7d46cbab05a7ad276241e7f5c835e589b69c9de914e92318c5dac7fe5cd82aa46ae7e21a6b277f437a660cec410f1e97716a108e6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0f6bd72300320cde943d5e2a0d067cb5 |
| SHA1 | 8c7afa9bb02ab4eafed3503a9bd534bb336320cd |
| SHA256 | 464b6b9da3103817eecbe2b8e7bc2df880b91f956a4dd979c622d52f8e9b4ade |
| SHA512 | 2d63dc13e32b331c57e4395c47e33e9aed1cb97366b887665f63295d23a193965c82a532510236d2e737f6d1e8a2ffb0c6cfbbdaa64f7da72244b9a159378954 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f1a42474cc2559444e28c1f920086d0 |
| SHA1 | 6399edc75ec7514193e2ee2eb55b607a4fac2117 |
| SHA256 | 55ef38078f29633f231f729db46400053a5b423f57c615ff127d42eb3cd25cd8 |
| SHA512 | f13ad50202a888ca82907cbb12a04ebee2852ccc3fea0e9561747a783c4d13d037c24fe78ea641400791e438285f889474b026f735b74d00ee3e23189d957557 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52f7056d0d4f538f91c884325d9a9c5b |
| SHA1 | a40e5b3b1fdcbced40db789785e6e7b60016d229 |
| SHA256 | a86ba8ca10513a107614979f6670f974d7d5d65f9f7a17c0a5a5b4c72646ce3d |
| SHA512 | 9e4a5cc46d75f7fd8a65ccdd51878de97cf05950b5272e3143f1899cac0d9420b4f9a17dbdcc006a7e8faa94d03c2fc68d31c4602db8ce06d3187cf014d2299f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55748692ac6ea9234062e58fe2f6b0aa |
| SHA1 | 32f937e446555e64eb24aec6dcd60ef14ab323c1 |
| SHA256 | f0f25c722f319a502d205f2c8def1571a6c8f4929e6f5ff916c9a2dba87e1926 |
| SHA512 | 6fbfc1dfcd57d99b956abd008add2cb63ac83c44361a548ff8e277d537157d1cb5fefb3ceec2543dfa45a420aa94967d7fa6b32541e5014749a1838c0dc2ffa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 630b33943e8b161e83a85a29a5633a96 |
| SHA1 | 3b47a41a30a0774662e88fdc6ae64fb78f361f22 |
| SHA256 | 564f7a997b38fafc67dd0e7bcc32f1c8a94a2fe114a7ea893aab944f709e9a45 |
| SHA512 | 9fe838b6bcf210dc9f66fd03abb20cc00116eb6e27dd437e0a6d869076a35644010bf88e74ecab77dd855d9705b9f7a9465ef7c273567013e37bd9e95a261cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a250ac316ff8f1df18571ee0ac4590e7 |
| SHA1 | 62a5f58564913f5e97ede1ff7a21aa594569f352 |
| SHA256 | 134d707326c0b9d52d7e84486f83e2ccfff06479675bc83907a7da38c11304fe |
| SHA512 | 123fee90e0a54b5bc081f7514b74c96d3dab281fe6e3614cc89496bd8424e36aa446b8979049937ce1f836f05509aa95443ac8e2508ebf437f70ff3daa6ca455 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7e083d26895cba034ef1ba1d18b9b382 |
| SHA1 | c3bf528428db45e3db0b61f3e928a91f44b1eead |
| SHA256 | 18d44151aa73865ba063359dfcebdf51d12d358e0224e006d1113814e069259a |
| SHA512 | 24c2e815e9528733f7930b0192edc9313b8e2c26f0204cd5ae1a62e8398072c58c856e478c85536e6e5743d5c633e2734997abe1664afafb5f0e9eea354765da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd34a7366a08ecb509c2c4aed379aa29 |
| SHA1 | 53d23a5b3234dd46be0467f958d65310adb96cd5 |
| SHA256 | eb467cff1447b9ea35e49c6ce6e8d797e09f3f9d2abfe1aa6c57a31f2a78ee80 |
| SHA512 | 0c43b12f62b851da335adcfa9b583e2223b100d6867b37d69f8a301c55075eca6852b75a780fd697e8e295a886888ae595fd6b9f4cb43c2ae27bf67d61e9a61f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0932f2a2ab1422287fc32cfaf5a6416 |
| SHA1 | 033c1d0de2a8475681a80ee608ae7fc078558615 |
| SHA256 | 6e00649d7fcc96b44dc3b991d91b38bb2ae17df8a27967a00cfb76b152ac9e20 |
| SHA512 | f905a5324be0ca07a01bde351ad1dfa562daa63128eb8cbedf2515a9dc333897d971ca37007dbc9a2a495f56703e2c0ca4f2b81e965e2ed3772d7800059dc8b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14b5870f99ec56a27cf5d163d30d5c61 |
| SHA1 | 42faff107dedc224203dd8938744efd2b8e68431 |
| SHA256 | 36171f236d462d97fc02383955f4b1f1212caf22981225cf1ca64118571cff6b |
| SHA512 | 3d6e2f00c14a9664f8978ba440be757904b842178c5bb454e2a3a9c2a81413c35b2770d0a601e300222c21d64d84652247fd53831065174a94b48b91179f5862 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:08
Reported
2024-06-13 14:10
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f2015efbabb40b7f71f2075834cda5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa228f46f8,0x7ffa228f4708,0x7ffa228f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9959170957505694778,537642050579419658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | ww1.muyaniall.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_1308_EHHMVMUPBQIMDFWA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4c25b475a1bfb359a63a18ed5514d1e |
| SHA1 | c267dec34fa9457c9165f548de3177338fef85b6 |
| SHA256 | 36038b9d636443ba2f38bf43fdfd5ddba511a198dc1e5f2f8b7598983fb4192a |
| SHA512 | a5506e132b380eb5eaff07ee2863c4246fdc73253ad14979726b3be1086e32cc171c18344effd09695c4d0a796370d88ff3567a6e5cc71ff910ba7f31b3a49f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b4273192af2f66ee27007333ec9cd2a |
| SHA1 | 31f1dde91e6383b1790026dfd9e979e0581f3a54 |
| SHA256 | 09b71730750fd188d544dd2424d0dbbc2ac8fe0d13ef537c980c939829752409 |
| SHA512 | 947e3e317f96b162de2e81fee3641d3e98402b7b373be6400a2f179b832ff174bf605107d7e106b52f589b3aa668faf0301b6481b4d668173fe0a8be3e864761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8b1c8ede0df6f4328dacea2aba8b934 |
| SHA1 | 9be437d346deab5b652b1b6145013541bc2ca0a6 |
| SHA256 | 583b20e011f4c5ff322f43351f64e1dc00a47faac5bbf49304c4ae4f1e4a0fc0 |
| SHA512 | 057813d0251f7c6fbb4a5a4cb21ab4b70f0bb6bc785c626aa7e5ebd2e24ba2c87cba33977c0d370a56bc8819fd9b20635c41f10340a8509c895e07e8b7924cd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 47376e18999e55d72860240d43fa3bd1 |
| SHA1 | d6fd6ef416c7becf7c93637ab38028d4dbbe43fb |
| SHA256 | 23650acbcc110e7a4a866363edc6e33cc8f94467422b0ce7f9e7c490756effee |
| SHA512 | 6c68afb89e13652b74971a5e11a8831175ab5d33b18ac0e9a4ae05eaf8d7612abc9e3cc9b9559fc152b7ee054240ba85f5118beab63fabaa13502ec5f7060f8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c7e890d4c5eea5cf91072afef5367b43 |
| SHA1 | 92037111683ceafbab5e332c8e5b9c1915027dbd |
| SHA256 | 43acd47638c0aa7bfad6fc31c13e2d798586a02a36ecfb0fbc7ce8de1bf1b054 |
| SHA512 | fcc2efe44058337db5c1d1e5d989986aa2a0c85ecfe6daa214d6f845a44c1c0b9f28cfb02f0dcd13b2dc8ded6a47611dfd78d8f400bcb711327bb348bfead5f0 |