Analysis Overview
SHA256
2328638fcff44f121ccccf071df3d5b0d98d0255dab396d58f22fbfc7ceb6fd4
Threat Level: Shows suspicious behavior
The file 554d75d7ccb5360b8dfcbc724c6904ce_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
ASPack v2.12-2.42
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 14:55
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win7-20240221-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\绿软基地.url
Network
Files
memory/2952-0-0x0000000000230000-0x0000000000231000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\绿软基地.url
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.89.16.2.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win7-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0013e68e33a9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422206022" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000fe27df8e63f9243306aa51667cc9b360337e91de0193ab885e8af68e01f64fa9000000000e8000000002000020000000a789c88376740c24e1c709af13c2dfe6266a9c7d8862fd9e07cd14e10ce9d91e2000000027ec2a0d6b9b2118e6ac72a32ddc7958bfe1269e92829d1d8cce1061d876c9514000000030dea2496cd391d325b0d953ffa2388dc7d571bf0a0c620a75ef4158e7c4add7f4860bbb3397026deff03d87a990ebc5566f14a38f038aa384ed42f40d9d7a65 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000da9bd7c5104ea3f124d4a6219a06fb0872297c034bd992a58a2a50be620b5797000000000e8000000002000020000000ec068e70a738d98a39aa5a1378421ee12732861677d4e28d4078e3c318b16ad19000000008406b9b691f90af37b779649adda5c052c07f346b534e285276684ff866db7b5a234d0d01e5c1baaedaef550c2ddecf09c05b0053f069ed12777ba176b7f266b62fa4985e7dc91b801dc0f5e6b674dee35fd6319e0c5616836c15b94afe0451282c781c52087f6191abdd3850e81a19e840f292bf736cc633c465f0d7a064b1a78b13bfe5f35ea55931c9543e4067b540000000bfbe5da0702379662bbf77118dc4b188c896437fe85623c04feee3dbdfd0070ec6c507cb701ccaff83fcbea7814a4b455a518ef4a92e1f961d51a5a4e2b804e6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA64FDC1-1526-11EF-8C71-D684AC6A5058} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\apQQIC.exe
"C:\Users\Admin\AppData\Local\Temp\apQQIC.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" url.dll,FileProtocolHandler C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:660 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cnblogs.com | udp |
| SG | 8.222.133.242:80 | www.cnblogs.com | tcp |
| SG | 8.222.133.242:443 | www.cnblogs.com | tcp |
| US | 8.8.8.8:53 | account.cnblogs.com | udp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
Files
memory/2268-0-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-2-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-1-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-6-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-5-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-4-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-3-0x0000000000400000-0x000000000063A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec.ini
| MD5 | 8eaf52ea6cff07de618f9bdecd8328aa |
| SHA1 | ff12791d5ddae24bbf3063960d66a73ca4967d67 |
| SHA256 | 5f43d4f2bc58dfaad982bafe2ed5df2724ef3ad36c6827ae8b201dddcd9b0f80 |
| SHA512 | 4018a22aef09db666ba42956fa86b9c7b688301c31cb30f9999e79ae2738907edf27480641ec66bd77622fe4d8ec3169bdda537bbab30964dc09f01a2b4c8b4c |
C:\Users\Admin\AppData\Local\Temp\ec.ini
| MD5 | f386413efa1d5c99026f3accc7a2efbc |
| SHA1 | 58f52719c871397f4dcf67c32e73581468542585 |
| SHA256 | 030df1a4995fc25deee73b999c1fd2ff7697f411f3ef410ed66ab0db47064aff |
| SHA512 | ba7614f2f8d55e823c71b25a8d82177a1d931e70ca51851d4ba7b5b87e00e1d8f4152c1908243d267a9f0eb051cd9c011b88917c076b9fc2e36e469f33f715b5 |
C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
| MD5 | 67519e8c5de2eb0f68a44747829d9cb0 |
| SHA1 | 0135dbefa740fbe0edbae27f55832a9c9867847c |
| SHA256 | cc8da00c554fdba977f5eabe30fe47e8fb7fc0dc3e0a00973baf4ab7b0ef5a4f |
| SHA512 | b26344e1e67d51b78ebe992da72fa3f66d5550e126f2cc72fefc84ae47eed122bda1695ab7bd0a0f6be5a318af111e39581934c6ebbf17a777c955b97dab6518 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d0ccc7448df489eb9fbef5424f913f4 |
| SHA1 | 5ed5df5ffd18dd06463075b8c2b8d5529cb25eef |
| SHA256 | 7697a6c2aae194134849b5a188cb0c0956d940f26abd5d5a3fc3c9ef841f9aa9 |
| SHA512 | af1edf502e0516969ba77a545f64ea5b6c17deee93917e01b2ddcda97ce2acd97468bf8a5c0bcc7affbcdbc09a152e0ee60d1c53d42e3905798449688fae43dc |
C:\Users\Admin\AppData\Local\Temp\Cab389E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar38A1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0de58c012fffc670cfcd12301889f670 |
| SHA1 | 2bae9bd30998ea819804c23ca283075e2a76d62a |
| SHA256 | 58aae751fb0319fb1e1cd484887ee09329a8fbcbb27a49ab787156669d1266bf |
| SHA512 | e18ec419b4ac1172c17eae6b3fff5a4fc18bfff4941ec0dd2b70cb836c459391fa131d3e533c3137ec01b1f4784f1a485bc7965cd043d242277782e1a14ad439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941cf1caf4a8f3bc11c63aae5bd51d0f |
| SHA1 | f576e09437fb799777c6072bf8840b9e8d949293 |
| SHA256 | ab296a468e26ecbebcd189a63ba960e6649fb74332813792bdd0d2cfacf7bab4 |
| SHA512 | dedb7f42df06589a54544b429c7a71caab5b69728afb1a2b81879fd3f6029cd8581c80fa428f21e8add853f00bd246b31ee6efbee67767d59ac2418a5709d61e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8274f64a120784447b8ca2464bd4e8be |
| SHA1 | 9179026982840354771873f0a0457027472b3ca9 |
| SHA256 | df9e67ac855aa292d32a7b0869769e02f7ff7003095fe9e8f0328a2739fe4d32 |
| SHA512 | 39c9fecfbe599c2d46b667e10778b5ac2d9ea0962714868ef0eed405359b0614b7df23b5f70596a7e34d0e6ee9162967715fbc68bcd9a32c76c524aa71592683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f72ac5862e0909ef64607a116c3c5f7 |
| SHA1 | e755d1da1fa7538ba6f09cfd3ca918b1efa64593 |
| SHA256 | a98b2c3316cf0b591095830cb0e2d9fa7432d358383565736e890af8c474d55d |
| SHA512 | 85a0fe28f64da5a45cfc44e3be5717729c4062663e60c0b2c722ad1817c2285322288efcca4758df8aa3de3ab3e2831a10d79fac0e092d3bc909f672dc442870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afb4c5b0c2fa1d440f3dff127790177 |
| SHA1 | 6da8e19ea1deb4ec9bb7acb16d93a44ed27e3d0c |
| SHA256 | 4f2225a552e3c495f49f25cf491c8981e91d0dcdb3fa8ab79d45203ee5123a45 |
| SHA512 | 3a4121e1a69e5331eb0725a33d85b1272f4711d5a0249dc6abb5f0d38f45b009edfd7d2e7caa3a6d7c738dfde7a4c65df40772d888071294c68bfc48fd0d91ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ac4e88e2104feae0c7e5dd1ae11809e |
| SHA1 | 991f113bcd45c2e0ac6194ec65001ab4a2a525f4 |
| SHA256 | c18e0c36c77f911bea22352012e44e25837935720e90b6349c2687b1faadff7e |
| SHA512 | 2bc67982ea07def2d0bb8c2f224a9ee8e5b1a548b90d7cc3688d4b4538a7c5ff14f0fb28ecfb580484c5d82ee1c11661219626e875129e0001fe999b72aa753e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad6c3e76cb98386d63221f08f6c146d0 |
| SHA1 | 63e62bc3d2ffac00054f218299cb268fe88374d2 |
| SHA256 | e55360efe02aa16c7eb8fb2e6a24c47857129ecf199d070cd1fa3a15cbb0f664 |
| SHA512 | 8f8d402b3bfd08af476acac77cb8a13c1da88867ce7e74eb1d66f5ab9f1e93b72d59c3e67f170256217d72e890966eb86b208cbce3815679b1660ac6f091d00b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf5a9f8cb3bc476b4176699a6db32acc |
| SHA1 | 9ef4b277659d4c4731dac08d5d4360cfa04345d9 |
| SHA256 | 266eb30b015ea07abd11f4f1a68081e4f055c577f9ffae14097d84c00ee8019a |
| SHA512 | 056d98ee671e0e62dd4ba98730ccc8fed10c63625382f4c9a8ad22f04480dd5b4c67f7d7246775454f0f5874065b099d9addae361d67d94efb078fb9406732a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e8e424869bc0f92768d65bd3bbed8e4 |
| SHA1 | 35de64da6e595a2df793c2f6cbf522df590906d4 |
| SHA256 | 93e36a45ea515f2aff8b63aaad722ccab1238b266902cd1f1547a415d53ccaf4 |
| SHA512 | e857af967bc20eb36d9af04f9ccdf6e5edf8bc647b89a531dfb5c159990112bd3187845225332e415c6dddfe8e193888b8eaf1efa22e96420c37068d2e30ee7e |
C:\Users\Admin\AppData\Local\Temp\config.ini
| MD5 | 42fbd0334009cbc16aa8dec8ec94f38e |
| SHA1 | 6ec74b8fa290296e07866e8877a3969779842166 |
| SHA256 | 83f551b393cf7d2947306f8095064e1246674f6eda221283170e7119cd881389 |
| SHA512 | 0d71fc8a251fb48981d3002a801e60b6d4fbf85c3792a6429759ce62eeb97d366ef10ffcc65b92c73e88adc05e92e6fb5031485193699d51beb2f0feec2fa320 |
C:\Users\Admin\AppData\Local\Temp\ec.ini
| MD5 | c1ba3258f407ecddc2303951cab04716 |
| SHA1 | c92a72ba3a0549c49af5c544ebd7ea1d952e148e |
| SHA256 | 7585991a080f35787006e1710026b272b173c56c991b468f25fc37ea83c8c39f |
| SHA512 | 7c39b8668b821e812c430f04f638ee280b3389b2964e1d57a79fc87927c403b872756e7bbe7ea174c688353428fceb9b65dc21035b25810402b95878b0706f79 |
memory/2268-525-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-528-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-530-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-531-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-533-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-534-0x0000000000400000-0x000000000063A000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64d6e39dc3b17a6a11b8ec5b11de2f48 |
| SHA1 | a9d4c29623f3537252c069e5d4d01ba9f5f0b1ab |
| SHA256 | 525d358691b26a3d7920847bd9283a21301123c45ac76073d193a0fe96135161 |
| SHA512 | 0a8f9024c245fb70f73a635a0789020ab27498b9320b0be9e50c1c259359142487287ab8a86af811c10095be9a6a63d0abf45d407dbc8d4c346a5fbc59023652 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8012d1bc6b2414775a386cc817125c3f |
| SHA1 | e6420cfe66444974ed788c0ecace67381b110bd3 |
| SHA256 | 27f2ac2ddb11afc953e0e8fda5b02599ce7ffbaec4569a6d92002ce01558337b |
| SHA512 | 4389b31021439448e5d6485620fb0b13566339561a8e35a58eb9e36131d6e72dca536f4e805e920725936473ba2159d063250eff6a8929f91cb7e6a1d76f2238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8e961b7d9a2ef0a0d34baa6ce7e41f0 |
| SHA1 | fe0c1ec47978c63fdf586bc4d7a5909385d047ad |
| SHA256 | 90f02241946c77e798f7fb862394903db9a3083438e612973bcf7a6895c03086 |
| SHA512 | d5040f63b5d707d8d46b52d0c9488142bb581d55684bd89cf556d2aa95410eb737b4e9d746c0a0275def6c00ac23a0b3b3332c001039851ab9c4348344fec939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4f10e74d5883e93082474a03afceedb |
| SHA1 | 17c40f70952767f6f17175787c52a413f9a3d270 |
| SHA256 | 1edb8dcc96e4ac7fbbe9c57188f553336b48215013e06e58806f03241d8fc779 |
| SHA512 | 80f60779d9b28998a99c5da3ae33e2b9ccfddf28311fe9605b019183ff351748b0c6c10490b88bda5025a79a7744e575a801973de7eb24d70803beb4f906b2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbd70c4d39449aef3f0c5b08f703e950 |
| SHA1 | 5c7e7db7a287152dce7b4e60f32c301f172c9a5c |
| SHA256 | 3f339d613d6f7fc6bc43b886386296dab299e91446ec39d7da715fafc060f05a |
| SHA512 | 7cb02d52eb04f23704fcdc75277a76d95a0e919ee7cf589b51870f52a12d5fb79223712b3314555b5d3b0e118b7184c3486d3385a6cd384a5ed836357e372fae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41584ce839070cff43cb056b391f7957 |
| SHA1 | f5f07a00d9f90eeb181c8b38337b80d5a2f58365 |
| SHA256 | 94af5a9cb571b97f126f430e3b3c8213c7e23f2f5c07a1aa72f7d291dfb4b32b |
| SHA512 | 67c3fdd6469ec5fb7cb3d5ffa9381e92d3624d6f39f5b529860e03e4273bc93b12a627ad1f6c4b02022baa1480301603be85608cc103982e5e52f22138ced5d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3783e9f1afde4b4574a7ea983f71c7bf |
| SHA1 | 992f2cc03dc631edd04614676bbf5b6d4be58384 |
| SHA256 | 834bd1532b36f48ab6842d14fec7d11a295dac23025874dfe05029f643514ca2 |
| SHA512 | 00e8c028b7f5c459d3868281bf45839459f2dc4e4eff0c3397100b8cae2802dd609de51f030e1598dc0347fca7f9e721c12f339d562a142a097e47c1e374c27f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc0f0514d6b1250b7923d0cf96fad4c |
| SHA1 | 24d5f5e413a14ab0c0995692eb05974e251cae0e |
| SHA256 | a736c3066dedb45a0bee0855d0bb553d6777336c5bdd21b7bb7d108b14133434 |
| SHA512 | 4694e4cef190b8f35451be294283310c12243deb098b5ac3f23d0a37d0e6d302a7cd3cf835060b2d0e83077566768eb42440cbe08582d5891c107169860d4c7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c32988d38c34b915a20c4df72d8fdbe |
| SHA1 | 41067af2fd2dbe41c5c34db604084751aea01fa8 |
| SHA256 | d372e25aa1908939110b58676abd7d7484a1ee20d5c72556b28608695bb2ad7b |
| SHA512 | 71fc3b176c336e1b059038912969fc4753643524a78efc0c8be39d6f10ddeab8fbe5cb5ed1fe44f85097389c5026f0bfd14e7edc0a08342e90ddef6b05768f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc292b5d7449fd6e70cb15fab69d5943 |
| SHA1 | e2508cb20a73f01b9c1c7b5aa88ae4a073f14dd9 |
| SHA256 | 66594cff33a9991bbe1d99953569e71842b68537ef780c733804134c97fa7521 |
| SHA512 | 25d811f6bbd7a53f0669a8f5620e3296aa8b233512007ef282069ac36d7d23f7949bdd02887f9a49251ddb02314eae2454848df5d8e8b98f6ae0878152258e82 |
memory/2268-984-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-985-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-986-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-987-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-988-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-989-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-990-0x0000000000400000-0x000000000063A000-memory.dmp
memory/2268-991-0x0000000000400000-0x000000000063A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 14:55
Reported
2024-05-18 14:58
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
136s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\apQQIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\apQQIC.exe
"C:\Users\Admin\AppData\Local\Temp\apQQIC.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" url.dll,FileProtocolHandler C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa231446f8,0x7ffa23144708,0x7ffa23144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15606347903620221202,10245313158403559262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cnblogs.com | udp |
| SG | 8.222.133.242:80 | www.cnblogs.com | tcp |
| SG | 8.222.133.242:443 | www.cnblogs.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.133.222.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | account.cnblogs.com | udp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| CN | 116.62.93.118:443 | account.cnblogs.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/3884-0-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-5-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-6-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-4-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-1-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-3-0x0000000000400000-0x000000000063A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec.ini
| MD5 | 15213d861f6a26c952428c15da885e8e |
| SHA1 | 815a8a132bac1ee14957cda20970a1fe12bf8965 |
| SHA256 | ee3f6b63ab76e339c9081e8a9fd335e3abcda9caeb9ff2600d940d6e0932bd3a |
| SHA512 | f9fe705fefafbb48690422a95b9902dcb6d7ddbdb0cee67c18862beb1c9a1adc9f75840ad3aab006e280e594738cb14f91b92af740abb21ab68afc12e7c32b32 |
memory/3884-2-0x0000000000400000-0x000000000063A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HTMLtips.html
| MD5 | 67519e8c5de2eb0f68a44747829d9cb0 |
| SHA1 | 0135dbefa740fbe0edbae27f55832a9c9867847c |
| SHA256 | cc8da00c554fdba977f5eabe30fe47e8fb7fc0dc3e0a00973baf4ab7b0ef5a4f |
| SHA512 | b26344e1e67d51b78ebe992da72fa3f66d5550e126f2cc72fefc84ae47eed122bda1695ab7bd0a0f6be5a318af111e39581934c6ebbf17a777c955b97dab6518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_1688_TDRBYOJECGPXYCGG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 589e952b4ce01af28defe05dd4997749 |
| SHA1 | c6b0017eb6ec6f03380a69f426f4ff20d258ff91 |
| SHA256 | f3cca4a1aa28b6a23f93006fa0c8500952f5e7e4a7d7e32eb5d3a805ae2d11be |
| SHA512 | 4d5ef03a00826e42c06fd0023db940d23b3ead8c926bd653221345e9fb572f4fb64c311a3076967463ab294148cc3c50e77ad5b561fa96c17580cd9e4b998efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\config.ini
| MD5 | 42fbd0334009cbc16aa8dec8ec94f38e |
| SHA1 | 6ec74b8fa290296e07866e8877a3969779842166 |
| SHA256 | 83f551b393cf7d2947306f8095064e1246674f6eda221283170e7119cd881389 |
| SHA512 | 0d71fc8a251fb48981d3002a801e60b6d4fbf85c3792a6429759ce62eeb97d366ef10ffcc65b92c73e88adc05e92e6fb5031485193699d51beb2f0feec2fa320 |
C:\Users\Admin\AppData\Local\Temp\ec.ini
| MD5 | 15d5e0b500b562bc38210873665bdfcc |
| SHA1 | a8557e98299d9ad686055abff62dce6f8c8886b6 |
| SHA256 | a68fb9a39e38455524af537537bed71dd8ee4e0ab76f4a050a48424f5a6ba4eb |
| SHA512 | 45d4d23ec3cc834d93f8c94d80c4f0988f5f91c5968de77e250e7d5dc34d9772b73cfe0a687a94500d586e9ae683be939baf22fa32eeb692f05381759ccce9b7 |
memory/3884-122-0x0000000000400000-0x000000000063A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a68aaeaa4a031d8e9f9e310e212a9cb1 |
| SHA1 | cb39cdbfac13ab07174b6c513981569ce86ac32b |
| SHA256 | 72dd160eae0360722b725d89eed0ef028bf81a3b1ae536e66e8575a393c95056 |
| SHA512 | 318ed52f72f1ed8dfbce257685712c9a783a7feb9dc51e767f92af673e3510922ad31c3642568e0e3467d926dda8996cf8b97f6955afbf2f6d4daff76a4b11d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03d8f097517417c8517383b2a3158e41 |
| SHA1 | 23fe007eb19efd9f31fdb0414bbcc7b512c995d0 |
| SHA256 | 1171e421cae52c51e4b2d6de0e618def788bca4c5a4f5e14f7254669287599c0 |
| SHA512 | 596bb6964f64606f58ffaf52febe75eb20feb4934459df5869ea60ed4b9989954c1b4cfb008e4a0c52739dca0dfec9e8e81f2113b1e8200b457b24ebc27d13cc |
memory/3884-137-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-148-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-149-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-151-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-169-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-193-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-194-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-195-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-196-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-197-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-198-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-203-0x0000000000400000-0x000000000063A000-memory.dmp
memory/3884-204-0x0000000000400000-0x000000000063A000-memory.dmp