Analysis Overview
SHA256
54170c2a8fbe5a1c5afe214324c0214a9f64da1cfdbe42c21a6602e341308380
Threat Level: Likely benign
The file c07a81ea9e518127b23ab44d3837bcc3_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:54
Platform
win7-20240708-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A24C5C31-62C7-11EF-AF9A-46D787DB8171} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000003dd9ce25ec83a8ad56a1b2af36a191b45fb957f69a91db053fa2f5ce8bffe987000000000e80000000020000200000002a370d6511b67e55453e4e9c9960d185d9827fd85937f343d1297952aa204e8090000000ab2e094b9477a85ed6695f81a2da2d0b98d0861c7dd613d18c57e2643f5984d065f09dbc3bb669f9828d7e459f7293ff798e2c26d87768a6ff53e6ede81520b5c55727389f84f2c48ad1aa84b26f108f3abe66410aa18dd3ed529c2c68b1ec04568c585c55b8570f9677ed19a4c70ec60102723046c0d3503a2a24a0aa523033719d1f3b904705476e185d59bda618e140000000222513128e584517f590a8d350b0ccc2ff2b4869175f56a53ce0be6efd2b34ba86b670e8bc900a0caf1997310b6a2301bc70edbcdf7b788168ade2252e8f0047 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30069e79d4f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000bc90614b3a49bd2d61b87df91898f754f60a2499497edf32167aa448d293a45f000000000e800000000200002000000068da93bb49aefb70bd71dda8f0e2e23248b65d6a13261769fe7c15185e76cff020000000fafc1480cc113b0506444f756b93b02ce7a5dcaf03900230607cf36bef197434400000002705220b07710e642d3f1737dc617bbbc501e59909255fec32b649eb2bf8d7a2b7a763edb9d560972eb2ea0cacc98043c5ca2b020023ef515217bc3d46c4c8dc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741371" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1956 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2448 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a81ea9e518127b23ab44d3837bcc3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 104.18.28.80:443 | coinhive.com | tcp |
| US | 104.18.28.80:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TarBD0E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabBD0C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7ce3a0c5d201bb6252b45fe1909b3ea |
| SHA1 | b7001ee19d5488e8c018a5b0b2608f089c8808ca |
| SHA256 | e466bea52faa5bd907181c05d667bc741a6dcd5aae87453529c6674a60e22604 |
| SHA512 | ec501ecea091579458fbb5e79ddf6baee7da727bb67842a5aabef52d4a86cd6db52db8c2530c0cabc71c2f832de3db60cbee9888ff497a364c4c9c2fde73c2ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3a6409b79b83c1b6f4239079b5e6043 |
| SHA1 | 382ee0629feaf4c7ac559a9470dcd4e844843bd1 |
| SHA256 | c8482ce3068d804653544bd0f09038c0b98c89b606a3770367389a91cd628b9e |
| SHA512 | 9e64a0617a3a93b4a49964c097551ff8db595955bd58ee31cf47af0040ed0dd33ddc152343fbe5a2e7ea9f1ca83778c2acddabba7ecfff4dfcf61c694572397c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d7f19607a29116351b4618f2a1565f |
| SHA1 | d79e63fd71aa3a8c9c9fa6492a75334573eeaff9 |
| SHA256 | f63d3bfb8ac3765b7196370a9487034e31944ade7d71eea7b3c5f5aa82ea593d |
| SHA512 | 77d6ceab7373a638e47351ea486b563021a6a9bc074cd765c0a43daad7ac126d72d82d1bba232d71c31c5f41c9aa8be8d87f9a95219ffbded0c88d157e59bb24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 162bb3b6596265f24060cb2b6ac658af |
| SHA1 | 17c798a37e534c3c210e20b92c5165a29c175ee3 |
| SHA256 | 6a54f3d29964043876b8c2b295f9d9d3d6349735671288f3e6245ec8b9d6245a |
| SHA512 | 4096df657fecd0fe350dc59817d98c4ab7a2420db4ecd6b02ed97d4eff7773272e469944a4a311b81eea951d23d40a1dc652ddf4bd49a8897fa8cc24046749c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d6919aef1357f0236d4cfc21f2d1481 |
| SHA1 | 1062bf229fc472382801dd261aa5aa1683e6388e |
| SHA256 | aa5bc6c14df94789d2f4fce3a5822d3a1ac230f6a6eafa5ed22f299b9de83035 |
| SHA512 | 47743b769a229bdaa7b4732ac302ed0cf3dc4ded91c5733a3e9ff801d91450bbbf9557b717d58ede33e1fc213a7360e7d93bbab3b11f3c302132c5af3e2f0b19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2af5ff91b03c91b56c0e0647f3d9e846 |
| SHA1 | d879b4058f88560abc6fb049569deb7ceb97de3b |
| SHA256 | 04001910b2bf0c4a36e7c9199e6b6e0b2d3354c98bbafb1ae9b15c7f3386463d |
| SHA512 | 8804e54597dc6ffdc7cdf73adc85f7f824c35b23d6f202b19563aab1f67e44f750caa0f991510b86ad568232e998e5169857fedd5259fd9795b0a5d4ac9824f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cb3d9ead43b64ee8f7b80fd7bd5034a |
| SHA1 | e7774611e07468cd90a221dff8b2d814bfc1e783 |
| SHA256 | 71012e7bd51908bda7802db1b9af3652e869bba61a4d2b044a92c23dc2fd62da |
| SHA512 | f4b06c2b049f054efd5406eb391f3fc9ca3e1ebff63ee511b9f5a3a92018dae07fab5199993cbb2af963fe91f2dea3cd7579c88bd1572db8411073baa49a4228 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0dec7b862420b4767e35c10fcc52895 |
| SHA1 | 39b5f8886085c3db496bcb240a13a18db623c4ce |
| SHA256 | a7e1e4ef147da860de1fd80578853b71ddff0b2b4d759643c1e5af9a9354f68d |
| SHA512 | 3e3f2c0b003447605b2b900439ad32ec2382e2cd42c9096ce3f6c58ee70935fba221a8a208c0a3886fcb54cba89d4b256574dc47d645e4a5285517be5a197593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1292fd1f3f399a543351a605900cfe6 |
| SHA1 | 23b3319d791209cf085ee87a681cbc8f7ead4158 |
| SHA256 | a75cc4d88f74bae2eac1b7d6b7b3971324598ec267899fb0e56c8dc63ab75821 |
| SHA512 | c01757fe1b8c95593a390c0f7983f2ddca84093b886d8c622929972c63b905bf5ece47d4024274b7fc81b7b5e5ffbb788d3397905ecd0cf059d07f2f23eb93f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3ae75d1083d7575b77c1543e4e653f5 |
| SHA1 | 81ba9fafd91515881f6897c80c8017d595a3b526 |
| SHA256 | 6713490a185cc42fd41b157554f03ed055e30b2432e7872edb20d9381180db54 |
| SHA512 | 975f60d83ed6b21111c84ffb03c733d8f5ef55f4d07ff308a1dd95bc697509e45a2a930c1bf96a3c9619f7e843549eaa6c55824c8cc2235d07822826023d316f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94c4c173098dd888dba42c6fba8e801b |
| SHA1 | 9369bd2d162a22e922cb0bed1e62c27d868d7fc2 |
| SHA256 | b9935f9edbb29bbe8aecc68a2ebaa2a719eacd9676056a8d4363a285f6866815 |
| SHA512 | 8af776d58efc7d873fbabee0c40d6046e5d11e574a401390bda81dd226b900ed81bd82b0dfca9440bae36d81f80d7995e6230db85d4df34064c2b6d83cdd8d86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa8d2ab805ac8923c9030afd027bf53 |
| SHA1 | dad1e2185a08697fb7c9fae24353dabc9d481ca9 |
| SHA256 | c1c1c0cf884e06d8df820f90278552d09c64a7f7bc98f9596a27a7379e5e94fa |
| SHA512 | 51f353a90f77bd4b79d3706e51684d9b7acdf7247cad383767a5e3f22427fd07aaf7831c085ead91a17a6fcb27272d4d2562680312bb853084c808cc964fd087 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92a0542ab7067df3b562a0c08cae1488 |
| SHA1 | 45e6366bb2ce0b2c7935a2de31b512a14b8f8921 |
| SHA256 | 6e6b9c9e368ca5e69e698e1221015d458d3fe21adc8a1e9908b8b8301b36c058 |
| SHA512 | 05768c00c9452ad87bd2e411d5045ebceb19a49fd7cf027d81beaa1237929b7cb9699a21d77e167d84bdc3c364fcb8a26d6ceed6134fb0269a80d8872e3b86ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 91726311a75cdbf84503aaef931a3372 |
| SHA1 | 2e264f0804819e355e3f2e0dfb681b9a098f6bad |
| SHA256 | e6ea1b22560110e51f86a7f40e9550fd977c4bdc2b2ab9eeb0bdf60ea7a39527 |
| SHA512 | 235abd9351343a279642268d2be6c48dbcd7a4b248402c3724d9b996f7e9c852aeed4bebca46625775c8b308e6221d32f2cae5b2372f0586d5d7c571bd528aca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a093c56e76f0e9733e0e7f88725b23d |
| SHA1 | 032318c6d1adb8e1fd707262da92793a5455058c |
| SHA256 | b400ca78601086de6db05bc6b625d774a71a7d8c99d9b5bcbec1fdf46393deca |
| SHA512 | 35e20bbd613c379ea15db8da0c2eaaa453f046671257d1abf58641061bf24c5fb0844c272d120eccb3e77a7d45f856156aebffbd7598b2b8821ea444d5077a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4cda2d0de4448e358713916db445130 |
| SHA1 | 113530b24ba76a871a073b77540844519aea57ef |
| SHA256 | 0b884e35fca153064bac604e1f41b284300c1220d8dfeb95430b6613092a180f |
| SHA512 | 0d40f8750f523108e827404cf53ee945d5a1336807caa2fe91aaab2c015e256752fdaadf1d79873f0b0f223110e88596465ba8772e06c94f80c6b011018e65f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 224a71c6294fd714baae4dade1e4707b |
| SHA1 | e213dbfa7804f4f921fbe16b239804941565e9e9 |
| SHA256 | 242dd0d51b4ee588a7e83fc34472b6bb94c9b618dc3f8e8eb6a3e10d244e0e6a |
| SHA512 | 5bab88e031e1c7527ebb4a6e91374ef3f47f29c952e15c4432f20b31e1f19456324a14fd2cc773621ac20c3e631d0f12eb3d1bbde3adff25d966cc6256d5a5c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e6d9718eb341dd991d48c08f8f801bb |
| SHA1 | 2f2ced84c39c3d8d717700782d37505c964b9c91 |
| SHA256 | f4fa0ea96ff9d85d863d6da5b3e27868f80f9d44351dd02231e391c0475fe7eb |
| SHA512 | 28c80ed967dfcfc885436a6ce2c809d7719049b338f5b353968d3299dd58e006abed53ae2ae29760af57de76492f680b9c99eec93b41c33835acd3a760a8eac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa4dafcf5984a002896d90666809f8e |
| SHA1 | 39a62891bcd1e128cf4f0ac429aa5f5736ee1049 |
| SHA256 | cbdfcc5ff03501ba75904966bff514fa6af5da37391d95637b4bc08fbc9bf28b |
| SHA512 | 4720677a2d67f626a778c2b78b22748a8e85778b276fb11f58488da8b97129faad35e2bd5b8e1a09f6c07ea6f8304ff5d82989e2a7dcb4cdbb7f9bd30502d4af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c72b014dd2f87a3718c6f99b6bb3217b |
| SHA1 | 1497c80effaadf614b83990f36eeb04e3c1fa256 |
| SHA256 | 5c4c156167c0dc1c6ef15474ad3992580367eec4fd5b94778d8a51b4c0ea54fa |
| SHA512 | adfcca8c520815bbd673b151689746ef2cb247235c98eda3ea9fe1167b148ad3f2515249c93a9d52102b34936faa146f056ab8e0a78e31de8bbd6ee914fa5860 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a104a10c123aca0f429aca9dba703c5 |
| SHA1 | c70ba3dc1887d3c2272f0536ea5e0c9c3234e803 |
| SHA256 | bb83caf9fedcb3eee765a0c2b09467fa7af5a4fc1f540be1ee4d7ff2a5ec3e66 |
| SHA512 | 3425395e8dc0acca7808ef248ca9f71d80f5905496e5fb1a45dd11c5290aecd860e9f6c7e3bd6de191707da872964f84660fc611fe88857b731935d7c9784f45 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:54
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07a81ea9e518127b23ab44d3837bcc3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11253209534477086641,557783566027864824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_4440_FLEUUHSXIYXSZVEY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d897745cd2b42a65ccd12e16a7531048 |
| SHA1 | 34ee5ee302c174dc218b864c7d2a284c2dd1fba7 |
| SHA256 | 4a62811540a51ffe16ec581a34e2bff1379d1e40633a3eac2ded5500189e7e14 |
| SHA512 | 86f93a0b453cfcfbe08b2bd8334fc38cccfb3a13ac84cdc8d2cbf10048bc5b1840cc8d4ed1d6c9fee998e1427c569e3ee3990dc61bb5d6af343a16c987c99ca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 188041c3e2bb6a755d54e7d127f4032f |
| SHA1 | bcd9e3b502c6bd5e654fa8b00ebef1e1635bd80f |
| SHA256 | fbbc7c2130bdec9ae5e28018c000b34e0fe2bf31679ed87f241191ded75fe0cc |
| SHA512 | 603e0fafe3f2cc9fd2445ae06c25e5607b1e1237ab0a6ddd18f999e931379638894ebf6d5e77e80c5def1f5b044f14b11fe02430f3f371b2ab05a7a7517d7bb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49a760438b12a8362fa4625dbf5fbe5e |
| SHA1 | 0138f97b52779f36b96995191a031fe920d4e91a |
| SHA256 | e80ff4c5b372ae3b53892c5c146b68419271111cde92b3cdd421740f387fcc78 |
| SHA512 | 1efb5c06191c316bf0fb727c0b72821328ab2a214d23315384caff95a552c04eeb4872da6206369d5c2bf2b337e3a90a81f6b380ee5a8fea75de986bcfebbd09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f8f0d2e3303c465f53b78fedbf5b829 |
| SHA1 | 9aaab927952bd65a71b44fa204fbabfb5e5214fb |
| SHA256 | 0e8bf4a1bcde05e58a48eb99df8b87e1a56e60344d99ee8c337a2ec165bec669 |
| SHA512 | b00fb3f96e7b77d6ec5f045b43801592f7e8df50dcf598bdd56180c83c8a6861d46a60f50584c005aec2fb958796fc4b0e161b0aa7a8de507c81725c2e769646 |