Analysis Overview
SHA256
586b886e170ca9a75760d33a3af801c0c1fd1a518c716e6ba7bb74d727fab76b
Threat Level: No (potentially) malicious behavior was detected
The file 7537767de56550caea8f4967ff059563_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 10:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 10:42
Reported
2024-05-26 10:44
Platform
win7-20240221-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422882016" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534d7d4104f1994da148324a2613d749000000000200000000001066000000010000200000003abcf95c87c7bcc98641c8f19a33d012ab2a2df535d45d225fbe537ac60816ab000000000e800000000200002000000040e1d90c8ca6ac380c99232f5989796a7887b004d1448ee5c13e1e15133f786f200000003c25b7e3858385f76ef1fe99fe84ab65d8991477f1c5f746f362dd937e64751840000000be08b93f45f9c79f80b652718e22a4b38ce6282fb4877fcef31e7fcf775096abb3513138cca7ccc5dd5779a032c01b6d21933b8b3c28d956b7cbd25e8a8d022c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A42B4BA1-1B4C-11EF-9511-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534d7d4104f1994da148324a2613d74900000000020000000000106600000001000020000000df8c36d741900d49f0686821d40acd0aa9473e06b2d27e57277c44682a549d7f000000000e8000000002000020000000d234661ccbd61b66c3ad3ca81c8498d9fb35929b2f71cdb366fc82ee1abd47df90000000423564c26d1a8d31a7f486d5f730ab14726687a519cd7c0c763682bd64d1eba24ba8980eede0e508470a49f8cdc3c8e435520295d3d9284d3573aeb7b842bbc08f9c4c80e546fba992c9feb513000f91855f50e02f25b720cb31fdced7ad359d8ea9a5a1fed7611f995a8e21d22b0c83388deac35c90ef239f4dea8cc93120b9f2e3b794d942bc616108dd680535749a40000000b4e6dcc9e28fed18b190f9066aefad51ead3952fa04cb8262cff9b07acedd1a89f5a99793d63dac1e08df5bc6b6158326966b9f93f892d555ed45e8790e3bff2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c6c38959afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1152 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1152 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1152 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1152 wrote to memory of 2192 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7537767de56550caea8f4967ff059563_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xinhaoam.com | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | chdadd.100msh.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.233:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.227:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.227:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.227:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.166:80 | ocsp.dcocsp.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2944.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82b1c530ca9d2f467bbf9ae02d61be5e |
| SHA1 | 726c8985dd6bcd79cef595df197e0ae4000ffbba |
| SHA256 | e6526aa237fad0f7528074493120801985169c741a7b775c38ae9a006720acfd |
| SHA512 | dd80dcf1de583a627d26922faccaf0ad2cf4dd9783a9fad127f21b61cb3728999e184da66015d31cbbea614d88a54cd67e69e72d3ddb5c5769a337ccfc011e5f |
C:\Users\Admin\AppData\Local\Temp\Tar2946.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2A67.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 895c6f3c7502151672f07f4cd426e646 |
| SHA1 | 47f2d879abc717d6c5ce8bc6eb0497f0d59833fb |
| SHA256 | d8eab17beb8586b6eb0fb6e949a209cb8771e7ddab148e407cc44349d0b774bd |
| SHA512 | 18ee709183bb1372ab7fc90d311b7b8a4fceee5fcd11bd5f295158f11015d4a2b4cd05b93b716e2b332f6736fda7d1b6ad1f4d553eaf3ce7a70dc3ea60cd5d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c13dcd7f1507283d856c10532fde9a56 |
| SHA1 | 51cc552b7c39cb88a9e8ae7fd3c9ad9ebb257b44 |
| SHA256 | 13cffc708bee3e01ee9fe60a2696f9c05feff21f6bcf55c7227b5a2d2b1bd237 |
| SHA512 | 0370d2fbe98436e6d105c4f463cf8667223d6aa2c7dd6fe939e652b9f69c5e1456f523f07c17efab99f65f20b427636cdf47287ecdd2f1acb00e6f5e6b25327f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a00c1f06c53c6f22517cace8fafd79 |
| SHA1 | 911aa7e08ee5bdd1fff0c1235d529ffec66ae07d |
| SHA256 | d4b37bb64e46015f961c6f3719b2b81536edf0d6dbd96fb05fae9b50fd7eb01e |
| SHA512 | 0988f6d199f92a573a229f60ad6dc615e98392295f602ee9bd9b297ebcf8fc0248915bb3f8c0d5a2f88c3170093c8ac8609b262eb8b00a3641a4537195a18bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2034644b403a6d7661488e45c57da7e |
| SHA1 | e7413efd79ee5aa06edf84296411a1b28945d13d |
| SHA256 | ee8bed946c61cb273d53289973ee3319c99c9056c3884d86ff91f47d1703fc26 |
| SHA512 | 353ff1cea741089e8a17e76ac8ed919e96ed6a02ea06f1e21160ff8ec054f7aff45d8c44fce87c2dd2ba2eccd0ea3a18f29508313283315bc89c2902ac7991f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea4f673b3faf3ca7968277f3a8be3bf9 |
| SHA1 | d49193839fc29773afe34bdc7407651d25450244 |
| SHA256 | cf7aa3cbfe19a47a97082f49acf191aa5f55e1f38612352d4dded80033388812 |
| SHA512 | 2e24fdee388a37187b8f3217a3969353250981324db8eada68648684141c36e3eeceb909e509887fe70924a816496597f2e7e5d4333e71b6338644c4a31bb16d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03fd6632eed34ae4842227fac384b36b |
| SHA1 | 513c441ff5c8589f3b5e0832f5fda881aedcb3ff |
| SHA256 | 9bafcb554819b461fce785ed9b6b19c4f50ea32e1e97b44ba6ab01746108d462 |
| SHA512 | 2899248c0887d43b797dd2beb7874ce334939527d9d0cbb085dd1132b3d94e50a8d34cef126e2e14e6910d116249589b7c43649be78f8523a5b16e6fad7b1c73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba72069b21ac16ab62d5d9f1d9a4c155 |
| SHA1 | de45d5aff09cd7b342f7ba21fe792c102c210c59 |
| SHA256 | 1481a35ee904866ed44de6436001046f5235369cd5002d078b54519dede1f4f4 |
| SHA512 | 6aec8a0b3d2a0b7ed9e28186177c0032959cf992801c13de2faf493176eb0369cb32bf607c11208e9f04891593481fa341dd7292382d993678eebac63f4bccc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 467061212c8f81163fa5f7a5f80371f5 |
| SHA1 | e2802e5fb819783621d63150adf739733638220b |
| SHA256 | b279e50b9175ee8e13b53b9b017b20eb0a4aa04bbd9236e853da6d62fde8685c |
| SHA512 | 2a1b4b6b34c36a8fcca632654e41749c3ac957ed6f0f7cad4d3deaa81331968b9e7742d36c37852a2b06672bef225562ee0e9a3c58b59f332d8cb2c3226572da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1ea6f8ccff941dd984cc4be7c9383a |
| SHA1 | 7179b20124aa58367878273ec0a8556c39d87862 |
| SHA256 | 62c8328b8472366083e92427b7dd234f9f4c9552ba03735fc1c0cf58a4ffd04a |
| SHA512 | 986a8c7c469e0de0ef2a554d763a5cd5061debb69eb50d2b41e1f2094e197e484d8e8b8243da2763ea3cefd38c2c5bea93a48c1f1c62fcf7118cbcee5f391982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa5aa10135eb465f766d94aea75d47f6 |
| SHA1 | d56899b9294199ceab2cde4b272fd71979e5a2a5 |
| SHA256 | c11692d418dc97c7c9ee1e2e41cf261312eaebe5df9d43695dea10063aa23c7c |
| SHA512 | 823c34d29f18d446720ae5fe44168eeefb54a138331c2f4b92b5ee87a44e6c974bedd0d54815f3f125371e3741c981610ab5a4266b2ed3c110911dce6081d77a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f99d4415310dfaacfe5fc0b2529938c0 |
| SHA1 | dd57af708d1f60d57ae39e2c4b0ffed86b02782c |
| SHA256 | 26d44ef106b919f662287366ca2fc634366e879d292741df52abcdf413600dec |
| SHA512 | 2f351a2b2134292146163da91d63d52820ee998f99ab88d3e9370a300a9ac49b74aa697bae680c6a7b0470e57d7f6775b6563e275014c53a66a989a419fa9b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d20716885cd7ac3cd1e947a5dcade98b |
| SHA1 | 21eec7b39f135fd91b53401cd65ee0d965ca23a6 |
| SHA256 | c9ee97b6192e93e4dc465feb8be1cc873ec5189979f77f48f3bdf211fa7fe340 |
| SHA512 | 1a8112a5f77b616124b74baa25d97ddb4366d3e5b09ac9590db9a5847644a306cf0f3e1faa3086c09785bc6e3aae6210ca35361d52fd3a50b18afe4077ef6604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18b8306581f2b838c77eb612eec101e7 |
| SHA1 | 151c999f147efb5531303ed712f36af9ed32d0a9 |
| SHA256 | 1ff91c9db9320add2343eb4e1fb90ce1d32b8a525a426e9f62bc0a1f10341d2c |
| SHA512 | 5d4d658a80c278d032542770ebc87131f643ec1ab5d16a7c8fdecd7c8975cf88e8d172be9b148832bb764348f9a2f3c19008db2d6e3e2c18bc4b2ab61439da6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86ce440892afa020ee81ca9d612696b3 |
| SHA1 | f22abadaeb1d51e8385227e612ad1aac795f442b |
| SHA256 | 77076fe0d88bf9dd6846325f3e92dbad58d97014570543c49f6c80424516bca9 |
| SHA512 | 9c3160551ee164102546384a0eb746291e217252b0f63cbc0638a6517f9092e87bf2530f2c6ec77d6dfe44838e04570445b06782047891dce0d72bbe470f7735 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7ba816014db5ec1c47af12e634d1872 |
| SHA1 | db2eec14ae61c9f1f4908f1be08ae71c117a1ab1 |
| SHA256 | 9be9da3626c9446aba7fd5f7f56ccf02df885194efe97a32f6952b95c74dae2f |
| SHA512 | 6f5944a20c8b8638857e218d499db1bbe094660e30b929364af51dfe2c35a1f0b597233f1f7970b094c51470f7feb8795ffb598a0bcedbd91e079deef142a06e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d080fde0d26b14eaa40fa33ca86a5e91 |
| SHA1 | c9418d2cfd2c4e6a0b9b0bd2ebc3778939b8ecf4 |
| SHA256 | 7b07cad95b00de49759a625133367b2400223084168089053dc44b2cf19cb399 |
| SHA512 | 13325c40bd588f97dedc9f7cbfd5a5a5f3696818394c6c3fc167a028948d1c675607397b83c3de1839936f5e10715be59694d3eef4f3541ee848962542050b49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2d38794da2942a615b8dc53106fe63e3 |
| SHA1 | dcbb55a0fadac2035366e45162c918ebadaff4f1 |
| SHA256 | f15ee97a9808a607094a883f7d27349b89fed17422d8762f2b6190795701210c |
| SHA512 | b32d3c44a1a4ceb43e39912f7b91ab5e7bf55b15c3dda396440107e6298b37a3a0e832b45c43ba77ae938c320932108ae0153c48efb151ddef9f614bd45c6ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a0e094c38164c7844be502ed0e8310b |
| SHA1 | af19d4c97907af1dcf8f6fe8ad6e8bf63c86a772 |
| SHA256 | 2cc3ad0d09bea3f638aad107afbd333abd4b63f9f910de4b04d67e954c17de99 |
| SHA512 | 259f64cc303236bd46cc547b273d9ea2f83668f78404209a58c19ffa79be8dfb2001d87d74d0412eaad1061823b84e5550ed84a3e2b40c356ed134578c8e3f02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b8d180d5e9faa69496828a611ec01b9 |
| SHA1 | 2fb961adf2c5b07bf5a4bf19fc5b9737bc364de3 |
| SHA256 | e96cbcae028bb7e246063ae7bdc3e92b044130c124661a0594b0658b83570a19 |
| SHA512 | b589b16dd70102f4998549e1d902fa21869e8e6397e744e144b11541b743b70ad2cb64c2a00a6e2726ba704e0847f91acfe77832146805f4b2c559100d77fed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7fd47c05e84ba2882e7151d6cbadea0 |
| SHA1 | e041deda3433d02496e13991626b958742e9dd6a |
| SHA256 | 120beba5f6fce14dfe4471049e5311368a5f2838fa197d9c837a871e2f1808bf |
| SHA512 | 2ed829eef573ef16be0a0a27735e3a13cd6b7b7db965ee22956919d9a130370c039ba2e13c3f5001e5d28d4c89598351c58da5d912d727ffab9644e20724e21c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f50b5d714387a53fe9f98e41b8099308 |
| SHA1 | b249a7396f134e7c548ddc5a33fd4c0d0cc0aa4e |
| SHA256 | 6c114f5c96043e400c6d452b265429d3ac922732760519002cea814bf09f57d3 |
| SHA512 | 326bd9a6e1fa4a92c3d047f93df6504cb91eb5ab6084364f0b6552f98449a5ba32cf314ffdbcb8ba24e6642d08095727ad983ff4fcc9932503342a44b3ce3b33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31ec0a2930d2d22ca6aa5dc96cf279d8 |
| SHA1 | 286d6bd5d705220f13f4a9e1ea0a44c92203c385 |
| SHA256 | b7016735f898343fdfdd6c79c8dc9f652c20a144b8ab721aeca79fa204b1ab1b |
| SHA512 | b015d7478b6af6c55668a808ab0fdc8dbd16d6f6e938c194d360e7c48d2a4fddb8dd451f99a6c6b38c0e6254e0623fb7ecf5f3d676c5d69022255fbd61aafa76 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 10:42
Reported
2024-05-26 10:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7537767de56550caea8f4967ff059563_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18364885403413773959,13915154196472336721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xinhaoam.com | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | chdadd.100msh.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.136.105:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.105:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.105:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 105.136.205.203.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4352_OWRPAUALNJUZWTEB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3776017b2b76fe14dcb87dc572b363bf |
| SHA1 | e5842234204bc4cba6aead3be4355d51492fcd59 |
| SHA256 | c09c63b428590c95e506c43e664e0192703f889b8de35d762cff68a3300a1994 |
| SHA512 | 11012223f0a8e66987309ed18814ae08e609687fe0a8da500bae0c7eb30ad8d27448c3aa58d8b424711c520961bce90316a684495a5c9afa2e3eadfdf938d8d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 71c40fe3d09ab4a3a74b316a9b4ffae3 |
| SHA1 | e0b54b5d38ed9ddeb1520d23f629e14a1baf35df |
| SHA256 | d2694b68bc26ad30f3614fa922a9408c4a03c602f88a0f1b2c671c02c6a92310 |
| SHA512 | 5247ce7792394ee2adae8302508e87b641638067984a95ff656b68df412523cd3c7473ee0f9b8cb872fd358020419f41030d0c34d2ec9a337c6b1cf6a98714fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90329873dd64b3d805e7b6a66148a49f |
| SHA1 | 49f55c59166e609b325303dd443cdf768b1824c0 |
| SHA256 | 6a74ce8e76606b544e23079eb826bbe22943262f0d190f3a12a0f7a2e9392c37 |
| SHA512 | cc506d9cd76ce3d363fc713fb93dd1c15380333e8b9eb2e72627292a8786e670f6dbb5d0bc0003ceb74a43cca1996929e435fb626062223c7e190bd2e64d649d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a28fc8c7b408c9fec7eb29ba72319a1a |
| SHA1 | 2b1815d04fb077e076a7c078db984304b82cf50e |
| SHA256 | 1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65 |
| SHA512 | 6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb |