Analysis Overview
SHA256
34417295ab14afa42260cc9ac7de0384a2f0307d0b3ea5426b4ba4359024ab00
Threat Level: Known bad
The file 859eff1d0644b219ebd63768388542d8_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 01:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 01:40
Reported
2024-05-31 01:43
Platform
win7-20240508-en
Max time kernel
137s
Max time network
118s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxB847.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D30A4CA1-1EEE-11EF-91D8-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000dbbab5eafc5a1926972b408a580f6c506c0c5070419348bd9d77f924ec742dd000000000e8000000002000020000000fe4fe2216d68e908f2e9f4ebeec8a8ade82d72b10cfefae6fec630a09d33a23c200000009b62fc7571a7433e1b138b293a2bcac7db0b44383d4d9a8f5eedbefacc87af1a400000005030e495acb6781a0efe96ccc68860770a7b10dfdc8cbfb5ddd25795f39b5221ad101fef23bff6924629783050c9c192da2d3b4aea3ca69c769e22f0e53aa1cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b131e7fbb2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007fbbd4902a4d0e6acc3442265ed88389292ac13f066a0004907b18d3b40ebd9c000000000e8000000002000020000000ce87125ab2a8e69ce23e0b3dae3a5ce16868220a713e91fa0f3a1d108a5656449000000018975bdc0cdb6867545e0fcb1d6e986b385c354928acba2fb66b8d46de9dfb15e716119720229d1a691b5a57580aa5ce7361d7f38d7294c66d625f3b2dd5144cef6015a145cd031a2a25871b857fc461b7482e768d65b3eb1c63e7e2a3ed189e713cfa2d290526a4c70f96bbd51e2f03388367204acdc486deb1f0b9b2864f5616dfcbc5f48c8521aa232927a099a24d4000000086d41e3c45a48119fa78a6ce3f4b22b435d810b932a7cdff403998444626ad46745d9fc91827a887e4805cb5224bcc669ab96dbbfa8a9041d3a97a2e37751d76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423281524" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\859eff1d0644b219ebd63768388542d8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:406547 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab149C.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar154E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf25d76323216af44a02284db3a4cc1c |
| SHA1 | c399f8d274f88bc14b68deb8b8fd569a911a34c9 |
| SHA256 | 2e88a388f8c756e1b86b964e295560f1f5bfd8979ed005c8dab39e1cebba2024 |
| SHA512 | 25807987831c5316d087b02ec342598ec699909bf388788bb497b78d50b9685a2b65bad93fab9fef067bcba82138f2043e03d3c53c6376e42b166663d2cce0d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a6f17e08e1239475bfc81008e2c6566 |
| SHA1 | 5a30fa15390ca8b45ad68f058dbecf7bcfbad068 |
| SHA256 | 48a6b2a3409279a1da9499a1123696b327d0c36e82c4de79d4bfd341e63aedfb |
| SHA512 | b2299e2baddd27796af56a2b3f171ebaab0db96adee64d9e4069b7045408d737eddad5e1f6791c350d44b872b2fc974f449ff3002d4a1d9209044d539185ab49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f5889834d28d068d48fc6f11721a67f |
| SHA1 | bfd181d29e35b670014112505ce00f4142c19b18 |
| SHA256 | 1bfabd7de98be0618cd72e840b4c3e0aeea59d0c9ab8b2b078054502b778edeb |
| SHA512 | 32562c94fe097a791e6c47f35f34f23080fa595c0a0ac76e3781fe11912ec257f2d179071f77cf424641b1d7f11b9f1486d7350db706925016f9bf82561fc999 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5c1550b735e909786e897a7e93989fa |
| SHA1 | 48fc62b6f9b7ecb42146836bfc2051f28116237d |
| SHA256 | a5bf416d8a19940be0e1b4d2171613ffec22333c9fd4eb104a5f9f3fa861d6e8 |
| SHA512 | 2b25fff56eae4e80e2d3e643d4b5b7eca4fd4044bae20f9f7632612f9ac020c763a707869d21b70b9a9a35481070c46ed185c3b9d9444a8a2ef994b3d9876d71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bc62afc8884b7b7a1ed63e5c52098f0 |
| SHA1 | b13f349e761e2b8703b4d821a46345b62657765e |
| SHA256 | 0e831a98cd991ad8aa39ed197ea518e1f359e4ca9724cd506664e51a871b04c9 |
| SHA512 | ba9022da6ae29fd1b1d63e4d55ae8ab2d714fd6c647bcdd1507d3c688990c88032015fbf12d6ac255e1d6b9060066b89c5855c85b8f0cd6f1c60abf7951c4008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea3448f502e8595d72ef53dbcfaecc82 |
| SHA1 | 4202f572b18abc8c61f438acaa17cbd3034e11cd |
| SHA256 | fce4377cdfb6934fe1ec2c3e5c1089ad44ba5c59b753827ba316025ac873ae99 |
| SHA512 | b76a7a0ef113325276cfbbecd59a6b9cd816c299959d16b50f9ccaff28869a58f6633f13112c0fe0b8559a6798981e96f4ca06b4c55a9ade83ea9cae27257f7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 414cf1c987b8d0a53553d531c550f892 |
| SHA1 | c4a94873e8af68cc85e108b3c12a8b65a12ce4f5 |
| SHA256 | 1909a27c9870ce90b9bdeea3d93bb74806fa6ed3c5cf42f41580d823679dd68c |
| SHA512 | cfb9c311b94af7dcdcde9e07c08d4d5ccf41a54e454cac5f74a0cb9ca91908473ede75ef0e0f0921f2346f99300e6e9077c46dace85e5abf1af7e0866b91ee22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9451559efd7aee84a3e41b500c0e167 |
| SHA1 | 0d252403148c574d2326e469b9badafc81c236d2 |
| SHA256 | c7814526e09a42366f479921aff0a9d31cf30e08705995be0dfd34eca34c2a7a |
| SHA512 | 020556a080e357f464b685bb8cf4043666334b9ff0d7e8991b0f25ef7963cdf684989974ebd0bde77f68232ecac4998690f3a772f8ff25a405b5b64a65dfbdcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 889c798127666c2df84bdf08806b9aef |
| SHA1 | 61551c60b56b919cde35f32d7613523e857a9008 |
| SHA256 | 0e3254ddf8a0580ca31a3c404fcf1feada67c01b1fced63f537b9f00ab13b538 |
| SHA512 | b381fa1b56e2add5c7300b32a0677a999b5f062effd0a91c098835cabe7347e7807c275707cdd01b672f78784bcc79ba4c1c4b821a496cb8a0931615098d24a9 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1928-480-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1928-485-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1928-483-0x0000000000230000-0x000000000023F000-memory.dmp
memory/920-491-0x0000000000240000-0x0000000000241000-memory.dmp
memory/920-493-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f47dad93bb37b3a4332b4553b84fae8 |
| SHA1 | bac3d6e9ed782604e103325fb465f1eba1db48f9 |
| SHA256 | a2f9cdde556b8bb0d5af7984de8ef912f34a5a5fadeef32aa816a8d91b9f7d09 |
| SHA512 | 0b3968c030214bd6603083b5e5b91d9a7810cc4f5be5b696db03df64edb767b3664f4d7be746e8a2d9716b615f6377958c0ca06142cf37384675083a43b7353a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaaca461889411f3e38b76d90b54b165 |
| SHA1 | cc5be8aff9039a64ca1cf7f0d750a523457489df |
| SHA256 | 76389d1ca2611f3516c116ff6691bea5b923a41ab09c9bb91633e2fd5a1fe7c6 |
| SHA512 | 1bf705822d937108ca4c1fcceecfcc90e9838c49dc35e6727081c1a355bd474d609b477e2f1c82acb84ae1c9c14930c307a53d1cae816e2e9838e074bf74c9cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a21281b6eaf419915163cd590ed3abc3 |
| SHA1 | e18525c2114f83a6b0eb3fea6e02089fc0ca9f9e |
| SHA256 | 457b217e64c5ab97c4f39ac7f0f7d257971b0897114839d6d0a84e887b5afe3f |
| SHA512 | bac38c1367b24a4127c8ae562cf17791ec52b9cd729fe4fc2fed4d9fc849525d31b5f55d346bb34ab9a8c0c486b0633cbc3a06402139af7295efb4ee588ae6a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f023c31df69ee0045675fc105a3e8ae |
| SHA1 | c1a71a433a341c4564245754b155ffbd0bc69349 |
| SHA256 | aad3faf8ca61f4947fe41394b53477bebb9b8956e363361fbf5af1381ef85969 |
| SHA512 | 279ec86053959a2503b44cd0f9218d0602c4126515ec91540d8a3bd187daaf8b4284dc4d42b520339ead169d3e130de108404adcf4f20e3c511f7d6d5673e5e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3f3b19a9af1f6f24bf2b242281fd4dd |
| SHA1 | ffefe2e38c6393f91e35f0f505063e6c09460c95 |
| SHA256 | eae5f6db0064d81746485e9e49a7b63c8774169898bde29af18200d964f1aff3 |
| SHA512 | 8151a66e48e88f3e2cc6d2ebb13284b119d741fcedd654603c7aafedaa11a1f06b8f0f28f6878730bd022c0cb617c550dbec72899c8b897f3334ccd671faef18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a63ad91febb69bd2fda6b996aed49ff8 |
| SHA1 | e022380573ee37798c24a2a9e4b1de2f220158bc |
| SHA256 | 839ceabd21e4b895da8939c94b3ff79bbe2c1542948d4919e592204ec43c61c1 |
| SHA512 | 60272df9606be38f3bd599b9b71202b291566f94eeb65096489535f83a5e308e89d026a8931b73f6cda43f9e95e228f38888b4db4c798ddcf582c98d2083fca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3665a7ab22a2cf34cd6b33db2789918b |
| SHA1 | b3bdb8866e6b1e38ace85bfbd90cf0a0662d49aa |
| SHA256 | 9999b189fa0bdc9d51e7a4b025334d77bf8853d02a47dd1f073f9937db5a207c |
| SHA512 | d942f65ee4f27adccedb4b46882d91045cad3a18724466394258f7ebfa11967f4ceaa41ef3d139552c8ba8e7d60ab7d0ca970491a3bc0f1b8ccc693fecc84b84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 098165c0a59642329e0d2dbd816b121e |
| SHA1 | 002ad0633dde8554117add5ea1a53128db8d1d94 |
| SHA256 | 9d39c16263612c7b4c889803dd33459eed7aaba65ebfa25cc2732d1a021394c9 |
| SHA512 | 751d20214b251256b4f7b54760172cc0ce8ffcb4f1e04d4b22d2584861b3f5fce78c80d0f7a415729bd7b7d78030c2884b91d125885a452c5e62a2d800ebba07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d1b928378a63c5ba20091c24abd50e8 |
| SHA1 | bd5a694c1c0bef0fbf8af767d59d7ee9b18d194a |
| SHA256 | d83dccf6938ff0d4fa5cae297c32ed0159411ab0c501b8ae314597fab27f5634 |
| SHA512 | 101253641929c3200bfadfed371ece9a654d3bec9b6ce2fb9d3d34be62f0ef6af6049deefe51a0ad31eed64855114a3aa95dcdad5939cb99b5c33ccabb0e6be3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 421eb4a0d9275e59168e39b4dc8b77b6 |
| SHA1 | 25f0fe21e288041a86348edfa1e5a0d245c8e841 |
| SHA256 | c272c61b3071b75077b502e7a91ddcc5990bcdc7bbc3ac1f0af00a624633ad46 |
| SHA512 | c69f7404ddaaa78ff885e1639355d0475fa3edd6f8f647ed50d3124b74d2620b8f385a6f22862e04ca96ea5252f26aaa8b835f80351690bc2f941129f21a2e36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 842002e4b217b140fef647b4ab37f33b |
| SHA1 | 840ff8772a7719cef2f06a3bddaf30c0712df917 |
| SHA256 | 377cd733273a2a1218a808893689347e719f44d5ceab13b08c03ddf5ee3adeae |
| SHA512 | 90bfe0b1b18a3e4924b1f75c756caca28e062f571bba3388f2cd48623b2a504a663a5d6214c527f1dc664e3365812eabe43482d1c0f8a3a5ecc54ceadf6d955d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 01:40
Reported
2024-05-31 01:43
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\859eff1d0644b219ebd63768388542d8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,239779752103259184,1690845230667546848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 183.240.98.228:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.140:445 | hm.baidu.com | tcp |
| CN | 14.215.183.79:445 | hm.baidu.com | tcp |
| CN | 111.45.3.198:445 | hm.baidu.com | tcp |
| CN | 111.45.11.83:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 148.113.34.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 163.177.17.97:80 | api.share.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 163.177.17.97:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | api.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | api.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | api.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | api.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | api.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | api.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | api.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_4480_CKLKKQAORNVFYZQM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | decfc5958fb349e24f34ac442eb490b3 |
| SHA1 | cbd0c391bc6ca0497658394a03461207cd6dba5e |
| SHA256 | d429f55c6e123349dcce8fd800686a0298a9cede92579a136eb7e5f3041ad52c |
| SHA512 | 646f55bb1ff2f4aafd153d1fd2332330d57a98686c8d57e62356cb8ac73b731ec006785bb1cd26b56a101c21f89b72d3c3cb16f598718c5507776cc399e9789d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3a1a0a744863258b8740eb2d09e23e95 |
| SHA1 | 964f457849bdaa95233b76ccbcdce793d078d8a8 |
| SHA256 | 6134a62db0be3678f6b056ed105d4a96519594404d194837d8492026b28c5567 |
| SHA512 | 6b346ce300a1159d9fe0aa03ebd00a134770f25adace31bde1b8f908575badbc104426b36e246418bd7b4a5368ccbd291bd8dd9c31288a61b92ac3aba1a428d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24caee6513c8f5650c34d86114c9d1b9 |
| SHA1 | 38073477d0925affb13ae8224be88fd4c34f2efb |
| SHA256 | 4683cfd873fd3987cecf730712e6b7493ec89d0ca5f68c5bbd44310a35e21fe3 |
| SHA512 | b970d1c5e0f83d7f146aa11ea9d001bbc47e5f98f0190c01586e0bddafd2c20f43ce931592aaada72d2194dcae8a31496bb13e45c01d45b0f730112784530e22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |