Analysis Overview
SHA256
bd9a5176208509077be4fe3d68bd90edb3f130a065c05a0e3d4a542356530ad8
Threat Level: No (potentially) malicious behavior was detected
The file a5f40ade76fc63ac3291497f1904c425_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:12
Platform
win7-20240221-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800337799bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d287ffb28edb64890a841f716fd05a6000000000200000000001066000000010000200000006475679d0edb4912b76441359c366ef6ee2226b0ffb31551be1ad5f2d7a5777f000000000e80000000020000200000002f550319f1d72bc9ec06a036d9b1a34b3a917247ed00e51142cb4aea68410333900000009aa9669023d64dea981aad220f30369289b25e8163b1604749ebaf36c942ec67c736c65d244d4b8359e72ec5be2ea07e5fcf5240ee52552c1960f7fdf00dfc9158f864794b0dd74ef0d1af8774dcddce71ad544c2ed188851e9207c9ece38fa5899d7d787894eda787662854fe5fc75f9ce41ea8c90e2e074db6a872c0284a07682655e1214a31327342d32269e40c4b400000008ec5341698c941a9121abd78c1aa5aea1c9710f63c2827b0fe48ca4d1a2edf4a42b7c76864f23c1b5342f6f560963faa812a0ce356e39603f537bfe43d7ff699 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449675" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d287ffb28edb64890a841f716fd05a6000000000200000000001066000000010000200000002104fe19b9b4bac5688a6fc262538a7ebd6eaa877eab55436ee1ce8b670e6120000000000e800000000200002000000021e5248caf276bcee662c046033284e1b73717534f26551b7e86dcad66d833fd200000003857882c54da2dd0b0b6d8ce23543c5bb9ff493e106775e1d7e2e2a534753be640000000cfd4ecf3727f9d3f3a5c320479d00fdd82b82dacf6678e5254fbfff8e0094d4a22d1509e4ee748aac584f314a2cac7cf498453056a5fc7f2e9465c545dcd183e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A34B7161-298E-11EF-A34E-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f40ade76fc63ac3291497f1904c425_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vegas-rates.com | udp |
| US | 8.8.8.8:53 | www.hotelrates.co | udp |
| US | 8.8.8.8:53 | www.vegasgoodbuys.com | udp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 172.217.16.234:80 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:80 | maps.googleapis.com | tcp |
| GB | 172.217.16.234:80 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:80 | maps.googleapis.com | tcp |
| NL | 185.107.56.199:80 | www.hotelrates.co | tcp |
| NL | 185.107.56.199:80 | www.hotelrates.co | tcp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| US | 8.8.8.8:53 | tag.perfectaudience.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 151.101.2.217:80 | tag.perfectaudience.com | tcp |
| US | 151.101.2.217:80 | tag.perfectaudience.com | tcp |
| US | 8.8.8.8:53 | www.cssdeck.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.18:80 | apps.identrust.com | tcp |
| US | 38.14.182.69:80 | www.vegas-rates.com | tcp |
| US | 38.14.182.69:80 | www.vegas-rates.com | tcp |
| US | 172.67.162.63:80 | www.cssdeck.com | tcp |
| US | 172.67.162.63:80 | www.cssdeck.com | tcp |
| US | 172.67.162.63:443 | www.cssdeck.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | cssdeck.com | udp |
| US | 188.114.96.2:80 | cssdeck.com | tcp |
| US | 188.114.96.2:80 | cssdeck.com | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 188.114.96.2:443 | cssdeck.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3016.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab3113.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | f49b05db16c6ac3e5118fa1d033c1d0c |
| SHA1 | 57bf80f106a18e9d517bd74f67071b06feddb04e |
| SHA256 | 5759f6bf46d3043bb4f4ad26c174b8afd5ed8493d4c0e148cfbc662d086b8b2e |
| SHA512 | e3711722c2388d3f8ed6b377855e58efed6af9848100b681308c3eaca6896f21d54ef24266dfcb0356a0a3f85430b0a1242cec7475a6c4994cb0ea2165ce21d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar3166.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 437ae143e7bd72367d611ea32a717bd8 |
| SHA1 | e36c99903014d51a05f45c2e99c5b3fedc79a517 |
| SHA256 | fb3a152944408b800373a084e8b46b52086582cc8a460ac419354a46446b917e |
| SHA512 | 3fd41780007b35ec12a80570297e790315ad84ff306cc66df50a94a528063b1133d42de11c6eb68bb728845ec7d6597700ca5919b53b2f0e5c19003e419a3833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f68b26957dd3ada1fffa8576f8a54afa |
| SHA1 | 892ae885f2d166610d95ca07e1163645ac9052d2 |
| SHA256 | 6291b9143380f0a958718d6c814a53b3edaf9f13c96470e4cf7913c27e656fee |
| SHA512 | 40549c9482f7082c6898909a45ad9eb337ffb0b96b3c2facc487cdf0e2c977105d6a046f336486a915bf09dbb1d2d220e8340c5516caf434f01e452d3ccefd10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eff67eaf9132839a7ae88d336a1c4156 |
| SHA1 | 8f61685e8757acbcd2a37ce9c52eb95cebdf3a58 |
| SHA256 | 28e1609c29ed2656a744b58ca99c834c6124b1c5c06b409dca2190825651a295 |
| SHA512 | daa7473fd211013fc40443c98465d75733b25dfec5fa735907cd1423205cfb8310790d6a520518df74886c521857e1e6d3f7f3a68942ce77ce82d104258cb240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9261206e553aff7b31d6ff8da527cc08 |
| SHA1 | 6065af421c73ade73a14a2d2b4a8f82f655c9466 |
| SHA256 | bd931e9e996f18d1b925242b22450f404d0fb2b39a35b7aba64b96da2a4b2e32 |
| SHA512 | ba86064d784387222760d3857b02309b19e189604650bfa98bf09af49f9cf06f22d5b607d9df7cd91c4518a289dfd2eb9d22964ae282b325f876cf2d0fc3e576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dceacadb7a84a5431dd54799afb94433 |
| SHA1 | b2b09b3cfe0dbb74d1eeeccc5735e7f880514e57 |
| SHA256 | 01f13460a61247441cb55a3a013f2aa497fa58bdfb3e2fd8315fa8c812516595 |
| SHA512 | 90170bc2470d14d6b138d4b9743eeafdbc85e03ce48c7f45a70fcf96c17756a4eca1885c16d3a99d86fb9d2308fd72c5a38b96d10a6adb646404232083625e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd7a0a82bfa449de974d3f1c008f0d43 |
| SHA1 | 173192734a00f6b36a5190745bcbee8b46b434c3 |
| SHA256 | 76317d847029ffcb62ee1c8ba74da0b643d2f044d1acc5a3c5743c29a2256b24 |
| SHA512 | 20e78d4c156b6cbba90f27de2ef3d211d6e43e6c149b94f9f51f3647c88e7bedd26c81a63c37f3f8eb66c21a3dedcecca81ae4b111b09dd0ac3dbb8274fe9de2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afe520cb7a76f84425a962f0ed8ff2fb |
| SHA1 | b7d862cf5ee701750d3860f288eb7eecafce7f61 |
| SHA256 | 7bd36369235d3870f3c47a8b6a39949a4680704d680901297bd874e8452a6d8f |
| SHA512 | ca63e599403e3bb99ff4a09fcfdabb7482d2d5772287cf0229d06def95de41541c6ec1b84230fd676b41cb08dd893ac51808295733007b837650270b5f30cd1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0cb88adcf06d89ce383884277dc4d86 |
| SHA1 | a1768fe4738a1557eeee0be99025b6af7fb5e30f |
| SHA256 | 9693763b2f4c43e2d9b203710190969d45c47782119860a8c8dcf4beafc3a9a3 |
| SHA512 | a7f6faeedcf08ee57beaa0ec9b97bbc4e21505bdb27aa1664ebce3fc3893331ff170dbced38ffa0ab985e1158b548fe735b25d4df3b9de473623265898ddfbd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e2dfb6d8088456609a6f21d71e71337 |
| SHA1 | 07d70a783bbf1a7efa2fc96d56fc94e31bad1d85 |
| SHA256 | cfac623b4aeb326e1075d0a8941310ccd4f187bef5c3dbf8ce7ea7162d4dd873 |
| SHA512 | 3137e32fd1d60b2815c5b63cbf4d7ae558361d5acd6620b07c89f655e2e64ff35734ef8e433e242c2ec79c645b1b7ecd693bb6e61fffab6c108195471acdc95e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 025f5669943739902e64089a99231038 |
| SHA1 | 73d57da10d51b168d282de3ce93c4915c684a8b4 |
| SHA256 | 34690791443f79c15c552c7e733e29f183aae239a008e8c982cdd6e6d976f3fb |
| SHA512 | 3f5ee0ed799a86efa99ddba3be74fe089de90d0a12cf6f77fb67f88793529febdd595373383c1c28b31febfdf0ce0cf63a7bd4ed317aabf702457518f17c021d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fa28cdf2252c3179f706f7a8a472535 |
| SHA1 | a5c4ddaf1ec064afd4b96bf9d6aa1cebc5c96f6c |
| SHA256 | 2d74ec568969084e6fc09cd11b6f1bcc7dcef375a05d6eff5916e5aa1960ace3 |
| SHA512 | 304da5cc68afbba6fc567b6c32f01e9d8020b84afff7a06ebca43ba14279571469edc6c5ed399187228d2851b1fef5c58c1086279797a9ac029f5e8bdf200ba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a524411dcdd279894956c9fe0398e5e |
| SHA1 | c45bb0ee339b1fbc5b8124bdc82676011dacff69 |
| SHA256 | 15ef0fed158b5d902a1b12753529304959898e168cf0aa921985f9b41c0a3596 |
| SHA512 | a64ad5105a42095ba9c0aecf516f1301345e81b42867eec2ae00487e91074ea63b9b87c9ebc78ffcb40f24949f0312373aaf5342224549df09276e3feb3fde38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2030f55d7614c5a6252a92aa1fd0fb20 |
| SHA1 | 483807a8980bd9d478bbfa30a2ac7d3c2536481b |
| SHA256 | 4196e8e0a8c6275a9d7b6afc994257dd5126c1032b63110ebcb9e2921cf11d9e |
| SHA512 | 26296cf1e2a04d7d588346609ec09856e905ec102ea1b0b127de0d04cf19ce337735ca972106095acfc37d3d6ba50951c3ddd3ba26d3bf0d026fb5bf981b75fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7aac364b70d1109d441ea2105aada89e |
| SHA1 | 93b35012474467ba36d6aa3dcc209d57facddfff |
| SHA256 | fbefc5f5327f37f1d5a3e15bf9c16b01ffe9b6a080ce228098b8528ee70e0b73 |
| SHA512 | 7e269937142dec28c187d23658786e51eb3ed439bebe7e784ef94bc2830beb196c094928be429ab87196727e147f75ca7050879bf3d1e38aaf4d4182a995dc10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d705e67307ed72d451377d11f5b55378 |
| SHA1 | 2cc29ddbedb5b9cc57622d2bdb4a72f25a7daedb |
| SHA256 | 13d1595b86d0a04ef435e7f38d6149b5c0b227b64de8f44e5020dd415c763287 |
| SHA512 | e1e9ecd6b25bcd65f55934e0a3b429e1b920b5cf6e1d6055b929d5da90e0c06491b1940bcc0ab457267906d487377dd185eacbee78fe16cd6adf70e4ad1eabc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f4aa3832c5502a16163764ef3e3c5e9 |
| SHA1 | 17b842257d223de1f63e753c94d291a588b004f2 |
| SHA256 | 291e549462445bb0165777cbc33ff18e9a1ae89909256e3fc12125987e06b232 |
| SHA512 | e88f2f242c0390f3cb75633a262d96c32deac2b4ae8fe7eec348fd3fe957a48c03a42cf862f1f05acdbbbc02ccf7fc485dd4963745f2bf09b6d0de414b65ad9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47c88a336f087c3b62a2e1279a8d45e5 |
| SHA1 | b7f35c89f44d6e65f9a6435419afb369f797ec8c |
| SHA256 | a539d951b3c9a6a8270b94d50523223ad79a6e883647702a06017c799ac9893a |
| SHA512 | fba2b6e98b1ca6060c74d04da81c94c480f31d5b306693f2c9cf2264976003c62c32a26a0d9af435c4eb956c0bfd21e090da587e0041bd751669e66df8322c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19deffbc65ce7f27b5b678ce29944323 |
| SHA1 | df233e45c349a6c209c4488e1aa84dc9d50c2a32 |
| SHA256 | d3d6cd0f65849c58008e8f510db00592c41f2739b95d29abd134da9ea9776fec |
| SHA512 | 9927ab17683a91217a5858b7d4ee846fad257090f8b3be61e6336bd064b3aeaba04e99537c8e04e54e3a5b18cf221ddeae2592fef04675e07b12d229e830cf64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1e80aaa11985f493693f730cdc751b93 |
| SHA1 | 7dc50c11354cb430260c4fb6a8769536588752a9 |
| SHA256 | 0de0537f92ba538f07d186acd55ba2549c05bdf07afdd0747e8170b509e67201 |
| SHA512 | 12865585dd0cc89dd012a3f9145d9dc33e1341d383ec8de6a48882b0d194a8dbac192b685cd65327767707098a96aa0045f8442c2b8ab3ce71087b2faf577c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f11f34499b66ea06952737b75cf94d |
| SHA1 | f5ad5bda2ff1d704f5195580ede9207077243918 |
| SHA256 | 8ea7b459dfc9004251a48fa0d26d672b00cc7779708017825e96808e48fa96dc |
| SHA512 | a54e9ea24c3795b22f6983bb63f2398118879e0c2258743d10f94ae72199a12b21a6edfcfd073b185be52fe15b8c7f8ffdd7fd2fb83a995ac77a52925830c304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35dbc0b272697dbfeb1c1ec267bb6ca8 |
| SHA1 | 1b91a59e53d2c99eb674962a3f445c41aff0c750 |
| SHA256 | 56a1ace18aecedac75366da04dc356947065140da9e3df95f5b11fc97189fe35 |
| SHA512 | 8a40fa41c80f890f26c445b1814c642de2b7f6aea7712977f6b6e106453f9d48263e76cd552f8c7a32fc20ec60ad243eba82dc4afe44ef808e52b0ae394b6534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 227f3697bdef80cdaf4c85dab080c07e |
| SHA1 | d225950854d9f6ef141cfcd12504000e2d1cd976 |
| SHA256 | 7bab9c62a6bbeb06fe3a935afc8d45fbb9843b29170aae4de9c736a2326e72aa |
| SHA512 | 703476f727261ecd0190277e97638d8ee13015c63b94de8e2b093c79a6727b74ae35a043c61449e7af54ef0e0dcdeea868fc94152cb15c1d69ce102599cdd4bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610beb26a17fa3bf9d264088bf3a8ef6 |
| SHA1 | 91458e2616801c509b2fd261c1eaaef75cf7ed59 |
| SHA256 | 547828dd5aebc09130610995dbf0c51c63ee2a94d300bd36617d959f52957590 |
| SHA512 | 923b24c30479a38e64d9ff1407b990b5a8fceaf560e1ca8a7f593005650d3b07aec2d7508b2d2608e048eb8021b00be656146a3bdccad3280eca4b9e32f58f3f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:12
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f40ade76fc63ac3291497f1904c425_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa819846f8,0x7ffa81984708,0x7ffa81984718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8712398997611515484,106100466527732191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vegas-rates.com | udp |
| US | 8.8.8.8:53 | www.vegasgoodbuys.com | udp |
| US | 8.8.8.8:53 | www.hotelrates.co | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | www.vegasgoodbuys.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | tag.perfectaudience.com | udp |
| US | 8.8.8.8:53 | www.vegasgoodbuys.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1736_HLKFHKVJYFEJULEZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6aac31045c0a2ecafc28666c50332420 |
| SHA1 | 316b3f65ca5fd1ebdd23c446aa60fa8047eb0a97 |
| SHA256 | ccf3ee4839752be5bce2d54a3fb5482c90ab318971e5d43f567998b624cd5d00 |
| SHA512 | 0fa86f81c86e97ea646fc4c8bc27e666ba1299b98efa03a74a9914dae34485ec1664a01178958412efcc15bdffe4d7ff9a58154eca63b5f274e9864549a7ba79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23a548dbf26b173ed199b646bea07656 |
| SHA1 | 8f8e40f6017126a1d4c5394151768c93392a6f3f |
| SHA256 | d5fa02b5d25b0841503e05f267bdfeeb84cf2cedfb052311ab4026240af0bdf7 |
| SHA512 | fdbe176a1182ef15f3adbfef1604b04092fb3c74604baa2c57e6a877db0843006ee9e98f0dbc9057d97f274247a9337108bcf84d626a3872d7c4c63a07def683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4c65347851bd29ce06bece0e90ff548 |
| SHA1 | 093103f0d640c1cef619c20da87f88e572939e8c |
| SHA256 | 209a3aaab419e019856a1bf80fdc8dab62cfa5ac4cf9fd7432d53d2103131f1f |
| SHA512 | e7ad18f10358433573de9c7ed5b0c332db0aa931e02b75b620320188021fc0a6d1929bdae17a4245a3eba00be5b10d1a498942275eba935c02194a28e8373695 |