Analysis Overview
SHA256
d6a7eb1637e40aedb3d30ebea7a1d42f37337113f353b14921e206c487819604
Threat Level: No (potentially) malicious behavior was detected
The file 7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:08
Reported
2024-05-27 19:10
Platform
win7-20240215-en
Max time kernel
147s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7982D8D1-1C5C-11EF-A596-F62ADD16694A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbc55bc36a01d54aab9d4edb0f47d30b00000000020000000000106600000001000020000000d1f03a25ddd5b3f108e7acd647fb0646d4685770ac867ada856a0295fda50acb000000000e80000000020000200000000acae0955780dbde99a86a0e8aeda0dbb601cfa31c948708dd23d606b1d99c869000000061b06eaef7f0ec1e6bcd870798b63063915f94fd12eb6c4b9e28eb38b44755fc20f13c3c4e9395c3e559846f97d48a96d1fdff86f2765b254cc0a49356d84d236e768fe638600414f23e0142e7dc643b0fdec503d68ba374603b5950f910fd98a53e93c755c89833e4f6b4348a5c0e7352798b631f669d78188d6074c1a45b1e55e199ddd9e90e539629de11e1c9d8cc400000008c7ce82f9a641ac3733783d2bb5a922b7c71410ff94855121f43a10d99031db3b7ebb447edaea9b792fc41dd41fdf383cf7f30f3f2caa66b59cdb5fd6bfa7dbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbc55bc36a01d54aab9d4edb0f47d30b0000000002000000000010660000000100002000000094b18cec2038f9c18f57b4a46d27ae43655188e862c65df76072ed6cdcb1e0be000000000e800000000200002000000027213234317d1e3575f8120038f555a327dfd3b18a5b139c4358bbc5b5c8ff9b2000000012a97ce5f03f641ad52b99106e9a59a19179cc4c5b0d3d4e3e782ec2f09a7ffc40000000bb6ad1969dfbb5382531e5eac3f2b6628a9f481d9fbfeff378634194abf4515a089eda75f903ff116fe2dff74c2febcc191a9f5b0b8c10420cee2d39f738b8e1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603e136769b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998764" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2980 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBE5.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarC28.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76bcadf580f1060b5839289e7af12a74 |
| SHA1 | 7a6b75dab2acda7282a21d006aee563383ccfa37 |
| SHA256 | fad6ec83f7b34ee7f36bd3d9dc7f3f74ae093e66503d1a5982a887081dc54217 |
| SHA512 | 0787d42ff5016570d58c2c7acf80d06cb93d4ec70a19560546cef90f6c39d00efd3cbe1e4cf3f4e8614832f76258fe75d98b2f52621010ae5b75ac85cfbc499f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb478cab001c1582100f35c67d099b3 |
| SHA1 | 0b4a63aaed2eb5dbf2b34dfb516e8c03fb53bd7a |
| SHA256 | 274e631b9d0e3036d08915f1a37bfce4fdf181dd7c3f588c188f1ff826c41340 |
| SHA512 | 32c946b1fa86fc21858c79a59780c9b401edc81548e6a251cc49fd2d198ff4689999de413b40be0b380da2eb0772ceced815fe36d4d8fb83b976f6afcfb27a8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df705bd5b75422e6b5fd4b5f17f12d61 |
| SHA1 | 3d34b401656d0136101ee18b753f3aa4eebcaa50 |
| SHA256 | cd3e424faca01404578c2fd1980d64af05aa7eaf3834b526bfe2bea7c03b7ac7 |
| SHA512 | 36579287e926064488fa14ccf94f3d943a439682ecb52fda3aa4d47b053118605b042e8643671fc171a03b506f52e74211ff8282ba3254a0712fd133a5451e34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 777be0066ace25136995b106c78056e4 |
| SHA1 | 11383e53e58fd9595329b209ac0d8e9e8deadeb8 |
| SHA256 | 467b679355e3c699e3416036f334aa98f1c201f1a114a321e01540bf966f5545 |
| SHA512 | a6057a200fd78d6e91217962932c9fe04bc172fdb968757f50f7889c79dbef5d0eee8730cb09e60f08bf8fd2c81a1f07c98fcd3cb93ce20ab02a0f17b21340a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7ac1aa841b0978b747a4f015b159c9 |
| SHA1 | 3389e2f1788bd70e3eec344c2ac4e012e5d0b18e |
| SHA256 | 1cade54bbd2f5c29897fb95106cf2c2d36d9d6c411bbac3e94fbfc97ab63beb6 |
| SHA512 | 61c4bf9f91f29ee79217e24918d6536f8576699514c837b11c1fb1127542ffd4d492a65568e316ac5b45ec5b94d266a258e773139860b7625bacd2d5b6721016 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be86af3dcd8cf2116da56625e745bf8 |
| SHA1 | 325cefacd1b5aa179451edc490830e72968e22d5 |
| SHA256 | 0296f222f322041a5b164e4d25888c39b5dd03e7f6724dd36386d3bae9b6ef65 |
| SHA512 | 5bb090cd1e9cd4c793b0b94d68aafff2dde50a392bd0a12a39f73d9f92cc2183aba9d6a2349d2c34f20346c38306772e9713f2b62a5b217a43210b9185398dc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4f0ee605603d8d82b45c71d5b3e36b5 |
| SHA1 | fc7889c28c9c1b32c53d873d043e3f5cedd27792 |
| SHA256 | 88a01826d24604aeb26be3ca7a1c04c50e8c39b3e478233a825e5bb6c3809505 |
| SHA512 | 76de3b9ef2e0d42f1f78972b6a07a0043e0bf5ce07c55ab7fbecfd57b7cd5715709353ebfbfd649a2ca88e1e25840aa3110b956fa2d35fdf053279f418131bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba0870a8942385c347207c0c49895ad5 |
| SHA1 | 88a9c66b0a75f7c1c418335cfe0d4dba56cad149 |
| SHA256 | e669f1d411e8fc7defd25913e112c47b8022f525b9ffaffb1c05497687b2cc64 |
| SHA512 | be9f8feb1f48b0b1aa70ae12846831a68bc44fc583936f2bfa4751b523c39e0e2a526bfb6df20cad948acd0df0e03dc79ad2b4ecf1920dcd2de5aaca4986151a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdf211ff78a86dd713cf73eedc90dc86 |
| SHA1 | 94e7dcffa2c2acc283c48882e5f296abebcc5ae4 |
| SHA256 | 24b5900988e66ad7584c49f0de0b2392874388feabcef7e74eaeb2d38b6d8ebf |
| SHA512 | 1d3becd7fdc6329b35639ba42f4f1e685ffed5e5b3621327f640d9a04e341fdf406ee9a2fa0797dd137328c3d91307f966f5617b849da5f8c5792fefeeab22b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d10128ad9caa5ed90285302cfb4f0f65 |
| SHA1 | 60fb15951ac753d1b99574646419dff639dfcacf |
| SHA256 | a40eeaa08cdafa8484e01f323203a1dd82ed4408b55652a9685d32a34e3c634f |
| SHA512 | d72b42cbf97412a52a237f68f8fbe063dfd1c433b11bb71db246961aa790482c35882b763ba809b456533e0c55cb5e71144855e04ce39a7fc3640a035ecf9e4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7fe949d779ab203ab55c7d3c9d6f581e |
| SHA1 | fcc090e5c4b3a7ad83e6f5c149db3cee359e8b98 |
| SHA256 | 88af8906a4b002a6a8a4fbeac940f0c5947c41807284810fe78d9ab7c7941bc4 |
| SHA512 | 03a7760d0e027ab51fa83437c0c94c8804e7d16c8a889eff78ef4146c510f3f63823881f2881ca70a0ce7f03f3c26b05a1b7cb69ca823fde358eca6274dbdc17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f1d0146ff9095c887cd42032e94f7b4 |
| SHA1 | b3199fc2352eb022148122a8daa2e63ffd20aba3 |
| SHA256 | a91636f9ba424a8e78777819d0e7c4d8b36d0b2f798e070f908b93d076ed670a |
| SHA512 | 2b735bf72395e3651d9703df9dfe728460c80fb679f63a61d3d1bc386cf76a0ce0769c46898efc8e1d65fb26b08275e1afe4f1a1ef750cf93a9b13c83a5989f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcf980b308f1bc99c872da0fa1e4d5c9 |
| SHA1 | 8b697ea9666745ab2ab27adbc0405bebf51c4b36 |
| SHA256 | f873643119e2b4c4eceb70a8442d09d3b7b7ae459daa9fc4b187921656413685 |
| SHA512 | 1aaf469c04c16f382c3b1e62ddf08ad288a0ebdf112e768a4821b0e9a87e07caa7f426221c309b233c7d14768b232e9e999189c1049e5fb399d0367b08111837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5ee249f66e3c4d09defb7994b6bafac |
| SHA1 | 5fbb8e5788ebe17311f1b66bf675d595182ea391 |
| SHA256 | da41545cd6d11efef17ab22cc1ea6d29b9be51887e409bfa2ca05ffa9dd581f9 |
| SHA512 | 974fca2f03a2f5ea1591443da7023fbc9689666ebd5a3e4d7b28107d18c01c664bb90b7135e0cc5f69b21bbde0c09316b0cfe91d247b9c65aeb279d948e24fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05efb4fd8ec3063b7be564250decb71b |
| SHA1 | fd662f3ba4f65a61c23d1fd69047748ca5ca27a3 |
| SHA256 | e2f87a34bc77ffce3ee4c04749426dcf6ed9231a7217d1720ceeeb3ca7311433 |
| SHA512 | 7f7779c30723bf3b205d5a9c98df1e597192e231030afbaacc98f692831db0484e2ae04bc1035ec88fbcdfd37d38b7b2e9159dcc51518323c795515eca6b5abd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1d45a5c0aa5aa17665ef2b31a7aab6 |
| SHA1 | b152117bd3f6144b93ebcb116fe9715e6932a010 |
| SHA256 | 738d32f612f54fa6622ff4ee23bae9b749efbea82aaddc0e8860e5b6fb1efab6 |
| SHA512 | c75ce44959d352b3dad2450705e2ffe25d211e00aa569b710d060414d05efb33c5977920177035f46f54dbf81c711718418b5f0cf5de0c4a3b9e3a6f37259608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a25727a5a9f58d36fa39d0301a963985 |
| SHA1 | 1ed7f8dba482b2531104fc5e23117230fbf6127e |
| SHA256 | 1174a5bdec0fafc65534456097c2d0e2b1063245a5003e1c8ed5045dfc098b4f |
| SHA512 | 8d94edb6c43d361803d1db1b5803fdecc07aea7ab2c6e57f4ab6efea4bb195cdb26e378abae806f7a75ee60889f53890d2602c50794942055f4d313264c956a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a53b3971edc8caf3648bb925a8c08ba0 |
| SHA1 | 03cf12efbf385b4a60de9900e60a1e2cca241aee |
| SHA256 | dd8e205aab4c70d4b44b4531ff3ca8dafb149c04d3810a160d35bd763fbd9b1e |
| SHA512 | d92198680737cd44a9d36a75c8015497746f35a234a0826dac4a18da2bdf7cffe43817fe448d205a9338ee47734aa242d7c93c09702714d22ec474cb8b61d21d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 445d08a1946b90da475511e9b2365c8a |
| SHA1 | 6ecb39abb913cec24ff686fd887050a84e0f9ce7 |
| SHA256 | 4bea1df14186be233da617422443139848ba1ba8789d44cec8dc7139855a95a4 |
| SHA512 | 9472eefe243390b534e21a802805656a16fcbea6412a2439155dc4fb702bb6eab185c45e4d67a2fa652e320c3a02030d8355b52df3b4d19528bd42358851c2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31480fb458016930ec42d957d6cec9c9 |
| SHA1 | cb8302448529d10b6a37252e698600ae889beaa4 |
| SHA256 | b16f9f9391ed7ea295b63929c2fd8cbcf8d0af4c871c881d1af55742e76af874 |
| SHA512 | 85612e5d164132eca2ea5bdf53811caf018eb713d9a3e5eda2aa17a4500dce1d4166d6a64c20386808d3d37f4b71383b8350786f33ae9e14ba511e932b034113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a0feea6423fe2dd1c8542adccfd6a5 |
| SHA1 | deb745dcedf5557403cdb3697b8c82495b98f9a0 |
| SHA256 | f9174c59f27852c2b08084935aeb95cc481cb2402055aef11480c6eecb10c236 |
| SHA512 | 45c781e47220684567657ca84807319ae3efdcaa531c6349918d3efb366d44dc88f685d3ce3c1a935f2587aa550e22d3cedf203863b8312b55d814955c8981bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e7e4d3d7049ec0c48d74f9d7ae65f82 |
| SHA1 | e506bbdeeadbd9d2a628544790b7e8c149a05120 |
| SHA256 | ec75dff01c0833b433ca0d4ee38e75a6a99e6da1d2df9bdbbc7121f9d091d96b |
| SHA512 | 9c39a2501af8af80fabf1afc48e07a30ed7b8712646f852db8d2abba3c2163f9d631dfd5c7d3198bd18e03f9089cce0670eda2cc2085fb823c0dd8d693159f4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38422d949a0e4abc037d3ed7189e3acd |
| SHA1 | ea2410e81074ae4424094911b3c393d62aa774a3 |
| SHA256 | 763f8461cc7640d7a320c6252a838c99b29173a16867114be28550b38dc5a670 |
| SHA512 | d1d5eafa3776951597a1a4bfd5f5bbfc52a05ed92a4f8efe15f9fca7f78b40ffdde4a8419eba7208812f3be9c8c72c61d97de1b389698ba7bd0c169ebca5bb3c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 19:08
Reported
2024-05-27 19:10
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a33663eaf7e86c6eaf688f8153e997f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd8146f8,0x7ffddd814708,0x7ffddd814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5178003037513718540,14995330242586102671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 213.180.193.90:445 | bs.yandex.ru | tcp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.205.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.132.156.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| RU | 93.158.134.90:445 | bs.yandex.ru | tcp |
| RU | 87.250.250.90:445 | bs.yandex.ru | tcp |
| RU | 213.180.204.90:445 | bs.yandex.ru | tcp |
| RU | 77.88.21.90:445 | bs.yandex.ru | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:445 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:445 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:445 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_4792_HSARVVTQRBEDQHDS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9251c8eb9ce47beb8fa51fee0d011c1b |
| SHA1 | 7bd2246f0bd053b936bd800b442edea798e434f0 |
| SHA256 | 006977b29f10fff1dfc7f443e68396d81d8ea22cf79f1276ab72a232568a318c |
| SHA512 | 2a6fa86f0999c90c6029fe07540418f7bec09a25ad450775e66778811c10b7dae5eb0f226599ae53164bea4951d29e374edb70dddc80d12787a4118a5eca9744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b7f5b93fe9b08464fb03009c0ec6bf8 |
| SHA1 | b46f53c9218cc971725cb51efce88fdc145c5b6e |
| SHA256 | 5c900c2d2a3e7b155ce7d02e7453a7629a576a6a94074eced6aba21e62a46d22 |
| SHA512 | 7acf64c10d5a46ca9e8e12591d1f58ab3aab27b82702543095a24a0b0ca16d4e4856babff4ace67d6da29db90093d66f4a0e00181b21608a5efd00fe25e6817b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ccd3fa2e5804f5128fc60830487451b |
| SHA1 | 557d1cbfd350d766f8efbec5aeda2a4c3817bafc |
| SHA256 | de354e2f54dfb4cce68640f395a47856293bb1999a4509c2a81e9962114daa03 |
| SHA512 | 4613beaf99fa61bec298d78d331a9370b04bba3496c6b078035ccb39011e201d5da8f96918cdf811ed4eb00ed9be29bc7f0fdaf92a9446eab1794d4ee7006dc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57f8b1ac98b7f5bd734bc61b63cecd27 |
| SHA1 | c1784c175a7180832d3a09ab347ed4a00dab82d7 |
| SHA256 | e5884ca7e48be782da680a1752f87dc16074906cba87c90f6f378c9dd71fb869 |
| SHA512 | 90c223ddfbbe5efd60896e1f8d8e54f3c187a4d20655d134d7bafe8343ae86c62167b26c37b93343faac3c1a311557900ee54ccd46880b1df2ec734003070b13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 84b28e8ffed9fa0b8f6a91b5b31b308d |
| SHA1 | efaf4dff37c34966c481eef0caf7dacee9e2a78c |
| SHA256 | cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c |
| SHA512 | a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9 |