Analysis Overview
SHA256
3d4492952bad25fadc597887cdd8e57d7e3b6477b1827c891be35c4d8e2f2c5e
Threat Level: No (potentially) malicious behavior was detected
The file 846f643c30819d84bc50dab5ab6a732b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 14:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 14:15
Reported
2024-05-30 14:17
Platform
win7-20240508-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b084c40dfac79e2da11ea70b7aafd62589a401c5ff8593d18f4629af98a3d650000000000e8000000002000020000000138ce605c37a1a23e7de10be44a65a48fe93bad956d5a8b0f8c6e04dcd052a772000000015054e07b49784a103e64ffa748042c7161caad48c56ef1f2f53aa94855a57a94000000094b618951b03843587f43ea111bc8f4535521d18e8f4e769556d095b1148aa6d608d0e0422426738f7c9f198abd2f3251dd2caa7707dd7bc77b7b433e689b7ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E75F1F1-1E8F-11EF-B023-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 505beae49bb2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000003c1a831c50dfea90e4ace686206c13a6917b1cb95adf729663e651886624e326000000000e80000000020000200000005d42d6600053759abfca773ea41a4f35dcf885c575b911ab95e16a1919435fe190000000a07973b4d328c843cb95ff9051492e14238a4f8ae182874e48774ef0a80540ebaa626c1348819b0df7d052c9dda63de9fca1cce57931d9a8982f0731f6725cd4cb8a66256c39a40e11d21159243a720461fcbd50ad86549f01f1e57ceb1ab34edb1ba39c6152acf8d6f3aed01be24ad8a4a8d996ef8aa04a6bf61e01f776118b14c4eea185244044bdfae60095c99dfa40000000b50193160c6cb528cbdf158565381d4be2f698a8d460f1d11664574b7ddc6782714de89a7e2f971b83e7dbf6da68f3fe2ef631ee08a0993d8a6d748883b2c5f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423240392" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846f643c30819d84bc50dab5ab6a732b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D
| MD5 | 13a18350c217b79dd91ea948f60e4b42 |
| SHA1 | 393b8f2c10fed71ac35e67dd464983ceeb09fefb |
| SHA256 | c2b1a1950a3e9aee27517e4dcf337fa08660600016f95048fc3da4fe9880212b |
| SHA512 | 9445762ad6ec7b11f194c2299e051e64958abacb4b063518d88f801978c0e1742e223d12073ca8e7839426dd0771f643e72c35445d90cf21cd373613456e8946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D
| MD5 | e8279038601a8839157ef72c6c14f044 |
| SHA1 | 923ac5026ec13feeab3503397822d6f4453fbad6 |
| SHA256 | 371ea1072b51997ba1ecabfd188fa601e2f84057e91ee89e57bd09c50ae035fa |
| SHA512 | 5f757c016d2a6b2b3ed4275b96579df7acfe60a176ecf80a44a66e586b080f6813128eda744636c7cde781ae3277b8b42a02a2fd735de7c1d9139290959905b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 80fc8995250efc1fd886c90059987511 |
| SHA1 | 998e068450e4039e6d908f7959c802955fd6e6d4 |
| SHA256 | b4648b05e21606a40d8d62ac772c11db02b53663ee40040e937863fb4c027bf6 |
| SHA512 | 36da5f15cde0a75cb413a441bdc1c45cd7f8712ef308acbc7dbaed9eec20e4850f3c534bc14bee25147998a5414a6ffa9c15be75b0091ca9ba76e44d21c45564 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3217AAECE20956500C22BDB70A7D005F
| MD5 | 575e766781fb0c482c76823a32344718 |
| SHA1 | 7654dd87a6b20a780899ddfef86362dcbff8c723 |
| SHA256 | c3fb9db458aeb3461a34697c96ba72df118625215a878ec627d475a30de3eff4 |
| SHA512 | 90612b7497efab55ecd17b7da03a3f8f22bca950ff3e874fa50baf2cf5a2ad77645aa2febc8ac6f4d0b2dd7d09b4160b398da928ffdf26866cdb81c993d5c732 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 42187fe5d12db8efcc6e658b7d587414 |
| SHA1 | cda478932f8802845565edc4c3a2c1ade5219ee7 |
| SHA256 | 7a0ff960c9ec1e907d4b33b973c04565dfa24304840811ee36a60c2ef20fd5f0 |
| SHA512 | b00d680404de7543bd10183de74b711596d7d3b99dbb033789c013337e2da0c8a33fe822de9572df9822f482eddb21e8efb978e021231ac993c98aed6d18e69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87dcff58ae72a7a5ecfe444dffe775af |
| SHA1 | fa1dbafb54583a2c780ebaa3b558dde19701dd20 |
| SHA256 | c7531bec254b913cf49ffd9a40cb55206493bd26135ee79d0822c8f65743af9b |
| SHA512 | c2ac541a2836e11710ac33088d85b577a308c46463ca3876a86ba032dce816729b95364fcec0cfd791e507450c915a028dac178a801da90a8be99ee0a609f1e2 |
C:\Users\Admin\AppData\Local\Temp\Cab3795.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3798.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar382A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c692f7623cada0822a5af80d0bfae09 |
| SHA1 | 8878678d393050c7143ed1c48278ec389ee162ec |
| SHA256 | 37b064e86d1eb477b649ab6e49a2168bf113e551dfb162a4ef896b7572af2848 |
| SHA512 | 3c30e0cfd0826412df098ec3be2001ebcf6b57bfe75d9caf43b9fc753501fa985f8444ce9a5138027a4b98fda9faa4e930f93558ab1185154ee9d4368e86d5a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cacdf54cc5dbe4f0445aa924f09733d8 |
| SHA1 | 774d5affafd9f6c0dca2d098f45666c1b07d019c |
| SHA256 | 66234b7ccbca4efed0c4a8cc5e1bdecb62e21c88df1af37046646d7d86cd7742 |
| SHA512 | 8a9b643dfe4765cabb31a3fbf2eebffa4fcd259504ce06a1bb858e006fe03a8caa2cf92344aeb0e90a18c30170b09589f0cb0d54012f9d09b4116324e1a1a11c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3d74a64390e764c33f16794ab7ce2c5 |
| SHA1 | 4789968aff406f2d775ffab6ade279587083ae09 |
| SHA256 | 2ded2a3d9164628fafc22e80c0029a3cb484a7cc6b9ac607814fb9a5a8d25eb2 |
| SHA512 | 628b1071436f12ca71dcc4899ba25c5a19a898265df6612b1fb80d714057fc7969f3d8ba6a4aa2c056996f104518cf17c7da864cd3c02140dfbb7550120d5a2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a61a198ea2a2bddf9942d33cbb477b10 |
| SHA1 | 1ad47f22872170654fbc2cac81379bb138ffeeb3 |
| SHA256 | 72dd99e30da0b1ba9cf16a6c5eaf81dcd4cfd54778871ce3edfff60f78ae6fb0 |
| SHA512 | 1c2da94807fa3699f9342e6c385680d4e629832ad7c8582c51ef136f79035a4462ed985114ff97e0115cb2f0db2f73a4e5f908c5bd346f2ec2ccaf0c2f98c595 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 242a68912b6ee85c223052f954aae109 |
| SHA1 | 60707c0e7bfa5d6bbe4637fb209d3460de308920 |
| SHA256 | 7217d733b6c8d5520306ab00fc81ec0db00548308734bed8e449440247ea3553 |
| SHA512 | 83b6caf3f7c36c52449d9e403e4f9b0ed88bf82dedf62c75484a95cd4644d6b84b1ec20af1887dea65359981b9ab17fc59fa15acebd6eb85bb1a869087d47e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5746fb4808c3b88a3f2a693385e92b1e |
| SHA1 | 532084e8dc3b9583c15a5f472a55979e9b49e8a0 |
| SHA256 | 8d2acec926bfe476aadf89716fb9cde54208a474c60ab8b666314a770e9f7f17 |
| SHA512 | 4962fc59a2fc86ad6dc10b07ba5fe4d98c6672db714d2769d154d9bcac08e9c9cbc19aefa275f75c334fdd6557d3db8e5c466213c2baffa317ba7740638fa0c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9622970b007423d55e6438a18da1bb3a |
| SHA1 | 3a43d3e96aa512991c86bbc0553d1e7d945db424 |
| SHA256 | cf34c8061e3c570f85712f63bcbf85cd03effb60e5eaa4eda731443ea77aa78b |
| SHA512 | 8e1a4848960c914e2b20f7193ab94107eddab05817845bd00726283f4b9ce85ec14ebc5bea5155523fc722783c3aac07d494b76baac1dffa6e4f51bed041e1c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b32221de49e017b48e0e8f435961f8f1 |
| SHA1 | 1b24363e6947f2d6b67ab6fb6efc66f79ebe7f49 |
| SHA256 | b7d03aae8ba6fa0b3db30b639487a968d8d5e159a1623581aa310d21a6f60d00 |
| SHA512 | 6787ed5aaa7aa547375e0d75298ed5744a6c1e97826ecc2e1ae3ba50d476fe933e6a030c10aaa6beda6c1c88684403a313a860d0640412b84b91399bf801e15d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 395864333fe4ee9642adddadab8dd4af |
| SHA1 | 56ebc3e91a16d7f1554c3b9c43d1275326c43ade |
| SHA256 | a9e946e6964880ae948a0237b1ff304a4d33eef7874b6f4220cb0fd568092d98 |
| SHA512 | 8910d46f783ca45579f7c31ec91230604744389c411744b30f4f35913ecdbdde646b4628c0fcaeff248efac150138fe7fc965501b25432ce8f6c907007d6bfdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 764352f23199de8aa4adad84e121831a |
| SHA1 | e3301f59943aa05e0b98b7af507d4f25abc794bc |
| SHA256 | cfc53aeb51f36bf794d894a097903d68325b320086f083dcc6bc0f3e99483ab2 |
| SHA512 | e29dc08d6eb5577ebb27dacf8bc0c5af37b49ee85ccb4b76d4016f7c8efa64a6e41319959ac89b3ef4e0f871e164316cd59f4bcb29c2cc038b65e8b57fccbddf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42699eb17915a03792b58672a0c6d272 |
| SHA1 | e469c6e9f36f130c0d038df8f73973faea1ce4eb |
| SHA256 | e5c0afbd7d28d330d80aa7c664cc2d24776820b5bcd79beb0d4d7c7e7f9077b2 |
| SHA512 | dbe42c084cbbe5f68cf61df7e4fc2dd80d90db647486a5ebd5e0b7739dd31232154fd3be60d7722eb07230224a2d5c329e93895504879a3b2cb841bbd179ad64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea019ff030789d951705a3a24d69f117 |
| SHA1 | 7490d54238592ea630b62fec9565aecb72eaf46c |
| SHA256 | b4715fb7e0bdda298aebe2d76715554629f0e3d9ad553b2af6e5bd4151157b2e |
| SHA512 | 14ef192fa5a9edfa5ef791cd6807892ad569c9fde5ed5d0945bb762628665ae3112d9872174f23cbedc306206f8a4d19dcf999b9c3017c922ecad2fe22d7379b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae099264ff33159b0e2ff4156a96c64b |
| SHA1 | 6fd2900f364fe39fe431f85a153708d0abd8cf5f |
| SHA256 | e57b97c0af5b11746296c06ddb49ee91c31e36ceafa386ac2c92749f29ac3a51 |
| SHA512 | c3e44051f2209e73c3a65f6fb843fbdf34268c85b51fe0756d2e6ca9611a9898e6b0c700ba1bdb6763aab7cd0396aa3184ff4c2d72c64fee3f36857736a08461 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecd64c4401f2a17f8a343a0c81aa0a31 |
| SHA1 | 5b38e10fe0857703b21472a29193753c2fd41592 |
| SHA256 | e1a02774865ce9dc0e9dbec210ece51bede6932f5aa699cfadb8c7a25a7f2379 |
| SHA512 | a39624fd31f981674b90e070d5b788dba2c86b1ab44c69e4f10e164073e098f0779e085cc9777756e21aee4c8e18ef63c1adfc79e4e784739e7e6b09c1f86956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e953e763f75060a0f37f048b150b6daa |
| SHA1 | 07f6dcd921ab38bebae1f27485b55cc936103bab |
| SHA256 | 6de0a319f4b08851b5865c71de635db5959188b7f04f5c783e3d722da55a55b0 |
| SHA512 | 46337d2089b71b20a743c748f430d58889da0a830333cc26dd151b60bd3f1258e0d4a4c4ac7bd9c6749d9b11ae91fef4d746a07b7382fdd45e6639336900e1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce54022b6e7180a97065a4a3b3bd54d3 |
| SHA1 | 568587a0cfa3caf205138ecc8f4d3786451b2dc9 |
| SHA256 | f673637a2677c7a5e2ace3c1ecf84d5a52c5db70b2af7154aae27a4bdc9e3f69 |
| SHA512 | a7e78e9c8c9901992b8c13c9d194acd06c31575481d501315b36dbf3a76986043035bbd2080c2b887e9ffd563cfc5384b959383428cdccee14123c6c74f84124 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e83b7ca71fc175c4a1df8ae010d4dd4f |
| SHA1 | a61554cef5c3b7262ac280ab12d0e9baeece9714 |
| SHA256 | 1af9d61ae1ddd224d8fcc3b1196e90f9e2c42de5c152147a8931e2b941aa5f98 |
| SHA512 | b8e4ce95c89c1bad5d960f17ed101d2332a9006d3bdc451c4a14fb7cc593294fc4d4d291fc51f6b1c8af296ff93e7c403236933d6a0601f2ca58c54d95a88f13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5d7425737919adda0ef990ded2f49e6 |
| SHA1 | 2138ae1ea6d26e4f9a485cc2ab8cad59c40bf895 |
| SHA256 | 156c6ae1184bfda1197307de063294e326c6305289642efc3a57afd3d6aa0e80 |
| SHA512 | d9b38ddd46c05aebacdaeceaf4676afce87b4f73bbf715627faabb864115c7eca2e2285d17904342256b6b7dc4f0dc20d513f268e6dfdc41360c968ba4e2edb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e7d21f75d289a568a3fe5bc93891bb |
| SHA1 | cab17d352d23e6c18c9e8b164c66a1221070542e |
| SHA256 | 26080e25cdbaca17f97fc0b87be49727cb4cf5761177ce913ff9c72fe40e88bc |
| SHA512 | 5260cccfa5ff77b0c387245fbc4e44364ba4b3e04de6a048fade959460ce265bb4d44dd11afa1fca762a461436d83009c882e472a06f2f099cb7dc965d46a1c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19c0b5dec6a9af3d71f72716ef66e07b |
| SHA1 | 62cc3fc45ed2c2a0e129260c1600ba25585cc6cb |
| SHA256 | 8cd51d8b1e700b177525c74ed6006d64ae1f81f94d8a777e60f89b89cb99eb8c |
| SHA512 | a3ece9f7124a6f862a11322d6c551ab74d9ff676c2da722364049321f0b2fd9468f633651e05da43a50942b664d54d9a78abbbb6d2c3ae112b20742b2ebf0403 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 14:15
Reported
2024-05-30 14:17
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846f643c30819d84bc50dab5ab6a732b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1b9846f8,0x7fff1b984708,0x7fff1b984718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,14243828191244468405,11028606746579217449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.170.75.47.in-addr.arpa | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_1748_OSUZDIGHDJXPGRKA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47f4db1c52cd3685377c84da21b156ad |
| SHA1 | 9f665f1c1a75b3bb7a5d61bf5f939cf661bcd712 |
| SHA256 | 48122378f34d591a23ef158025a00320c019b82e14ea5f9670abc02df5bf7088 |
| SHA512 | 536c9758d11119a57345b02d61db4aa7257cfe4f2690cd00b7a2ec2fce712ae4a836f19a3974fb09393615decd9bab0af62c10a6af1b409754c53481f819ccc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ab28b237f0bbe3cba175287003510a7 |
| SHA1 | ed6368af5ae5b5eab38f11f4c0a3b7879250d4ba |
| SHA256 | a7783e80ed62d4ba52246a2ffe2892ab082fa2acf7bc2ea1d45f3861521c4faa |
| SHA512 | ce13be209b90306bce6a4ef99eda0db26b440fb7617ca9f24bb347eb1e82a408292c27cae716540fe940458c2ffee258e5544e836d131343ac286bf3ea5d15ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f63d07ff44fcdf9e8a85840f898b32e7 |
| SHA1 | 4bc21cbfd7d1ce502ab5a81aad9cda95d845f92d |
| SHA256 | 67998a4abb8a79e7fb78981c83c08ba8bd0392149588b2ec58378a9d046915d3 |
| SHA512 | 97a35f0e5c31e690f50f39ecd15709f9507999653f496576476eaa3f78c1f63808a136b1b0d5ac064f0320a7eaa90d66e184c0e496603b50970c2f62695e3791 |