Analysis Overview
SHA256
85e102eaeb3eb3dc8807c31e76325b817ebeb1b9d36c20182cdf61baafc507e6
Threat Level: Known bad
The file 85cd9f5023142b5edbeea0158c2a9fe3_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 03:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 03:04
Reported
2024-05-31 03:06
Platform
win7-20240215-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px64EB.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423286519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b684095eb99b947ad81ee10f7d3569100000000020000000000106600000001000020000000009a5da84ce87b97724b98c38ab71ddf1fb34d562bce747b60556f136dd459c0000000000e80000000020000200000007dce91275761777e773ba25a5346d38d3d7a5a189c4eacc4f88a22b7ab571684900000008bcc8eb767d18171067281bb3aa0f0b637313414198106bdd049119cb31506a304087f269f06bd2aa6692053657ef801d6f292f48b4b4bad732a99c71c91cf296f4386a8b0b17be91720258b9c3b1ffa037f344efe30eeaacb9070a57b4ee9cf566d8a10a9c98174622bc8b9e959f80a39980d00f9091c2f810cfb7cead119f6765284503ad5961deb97df1842814fab400000005815b973ba84335efc9a8db732d532f7b23e0d39e4aab82f547e4387b5224ddc40517ef6e58188747a9d10a72816e15b7fd7a1d71bb32e5136c39fe74c8b11ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f1ae6f07b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b684095eb99b947ad81ee10f7d3569100000000020000000000106600000001000020000000ed3f17b6d81687a054f917e5c1cd9abdb77ab6c36af33db8f7ba0cf0d242d2cf000000000e8000000002000020000000bbf26382f527273dbab666e5c1a87640cfc62ce68c44e18038c52a3e05f669d3200000000f03a5976f792bc49405346b6f494effcfb1229138110666435ade0a410219a04000000032838fddd05340f4d6c20ac70fd7e214293b8e5ce67732b43f446ac1522b15c190511dbf493665c2ebfb8a67f9cbb610ee1342e69528e719acd1e5123c56f2cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74434671-1EFA-11EF-9EA5-C6F68EB94A83} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85cd9f5023142b5edbeea0158c2a9fe3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275475 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.0431a.com | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | amos.alicdn.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| CN | 203.119.169.82:80 | amos.alicdn.com | tcp |
| CN | 203.119.169.82:80 | amos.alicdn.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| GB | 79.133.176.219:80 | ocsp.digicert.cn | tcp |
| GB | 79.133.176.166:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.213:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.223:80 | ocsp.dcocsp.cn | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| CN | 203.119.169.82:80 | amos.alicdn.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2856-10-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2856-9-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2344-16-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2344-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2344-18-0x00000000001D0000-0x00000000001D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab992.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d886129ac7510a7f7a5238d83bccd57 |
| SHA1 | 60be1f5cbb3535b4d67ed0afb5fdf0464ca26684 |
| SHA256 | 43e8ec9531c6feef322135c07698f9f8bab3c562841148f6f5dbb88173941b1a |
| SHA512 | 213f1a6d57f64299ab3ada8c2a49a74c9c6587a78861614441b60116f7a9a5de8055624323bd220c5489d2be6f44bd72330bf984cb62caf8741eef810baaca5e |
C:\Users\Admin\AppData\Local\Temp\Tar995.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabB0C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB21.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ab978149e79c895e863cf52c7eeae260 |
| SHA1 | d87d52a222764deeea5e1360a82f7b32beaf2165 |
| SHA256 | df0c79ef7924ea5ec0471fab39b5970070a065e45e28ba7f03d8b07b80037816 |
| SHA512 | 6884e316fb816674da328852f035f7477aa3f6e12a0de0e4f62bac220bfa79eb251a9022567c156c26519e61c90946ba4a50026f7b89ec28585789556d3b0124 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92c90a272eaad99de60b0ef9cecff0e2 |
| SHA1 | 15f0d42815b40e2db98ce93dc49bf606f9351fa8 |
| SHA256 | b17194e0af585a2182c98a99bca08f52226c811d3cfc51b87567ec554f821f3a |
| SHA512 | caf7d0c79836065b5f858773a014e448ef9888bc1aa17ee6c333d2f9f5bf6c982d15c4cf89b3cbaaa8b44f95c5557811976ce8801dd698cc5010d3000ae95882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cab4b90b2a1bab8b7e49e1c44a6ca70 |
| SHA1 | 8ae2b20e073f9f6016f35fd901a4421a1a027a4e |
| SHA256 | 4cc3c3a295b4ef0032b4f9102cb6867bd02e9011b1847632356dccf83b160418 |
| SHA512 | 5fd106494ef56d607ccd99f240f889973716d97e1ec2020cab29f987cfdeee2851e4379522413f56b1e225d6fd58e674468b4e79b78bc0dc4d952ab468ccfa3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f159c3e7f0333403230a9630baba98d8 |
| SHA1 | dd6c93176e1155a399a6da2ec615ce4b148798b5 |
| SHA256 | b4b646434d246f47e9cf14a5892e0165e442b6e625bd31b819621ff546a4882f |
| SHA512 | f9fe15b1f946915244f0f175a8db91cf01ecfdd6132079c45e9f51390a65f6b80340498467f6476030ad335c164c093d28b9b15be4d7becf3874bf2035516877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c79ed204a602f1f3d15a64e1599a0dd3 |
| SHA1 | a84f501aa4ea9a7436f7ba225c43e128c4a77705 |
| SHA256 | 6521ff8a34d11d0d87fb566baca548c8207162d4f4ee8f0769c31f75ee1a152d |
| SHA512 | 286ef6a967a90a87db15f418929acff09430bbd4ddd529db00467c970f5b971d791cd04f7cd25456f862150b131fe58c296bee5940a5eea6131057737f578352 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f4259fc1711b5d632fa82dd85d04ac5 |
| SHA1 | b37dc220d6670edd14e83a53aeccf35a2e4b00e5 |
| SHA256 | 5eae62fdddbfc1836458a2a6d33994e5f58af1087c4034aa78c007d15f04b53b |
| SHA512 | 5f5249398b8afe50af3bc44e9fae3705da4021694875ae989484a8c3a5eb9575f3afbabb017342cd5977499ed02d779c13c6fe8928a287c5e69b665905a4c4f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 09b74fb9e1d6944ac53190053af21a50 |
| SHA1 | ece35c37670d8483c7d9a981411549c0250dea9f |
| SHA256 | 4666d126563ef273733594da8f3a0e28afff0980adc9aa6162a06bf541b5d6b6 |
| SHA512 | 4ccc77843fe6bc6f4ad5aac8a8981864470a9a3cdd11e7eac7b5e4e7399c1ad531aaa283265334b7688ca1b4a50a31d1d9f84bf75a02ce21ef7bc30258d08bbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65ef4512712fd4dde1c18a50b1721fb1 |
| SHA1 | 898373402df0013bcfcfd026d410f00b878f4b0f |
| SHA256 | d2620df5dcc7f34a73fb91edd496c6498fb8354313c6585a96e5933668493f33 |
| SHA512 | 0589af074ea67a092855dc0628c6998bc68d86aa9f4bdd5063ddd94b510bf4d299ab6c511c9d41fe6f08c7ba7cdd9a68de7c1406763da17e532dfb4fd5bcd921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76189705cca6cda9316b2bac53e48fb3 |
| SHA1 | ada86dd6f21f2415e4ff25556449c8e3b5ea48b5 |
| SHA256 | 9647e64f1d28197347d8135d38cb51c7b7e5a582401f872d934f0a0c964fa305 |
| SHA512 | 3ea96671a3b6c7f7ff756e78f888ff725ee890f996249c50fdda77d6fedf49dfaddbdd884e62a21be4685c25372a43869470adaac6c99ff25c1d5b400bedd6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 698cdb345207da2be088f299373b577f |
| SHA1 | a76568630d6c3defe5f756465951c463e2b9e09b |
| SHA256 | 1269dc9acf4f201aebdbded4a02f909a8f02daa65b5e85208477d9c4a90574cd |
| SHA512 | 54af33058d5577ca3ee118e7f874c5a6d8e42528e3d5c2b40673c6d061ea30060e8bb934243b1bc0423c8255868df62653d8c016c8ca7a280cf1fb7ac2441f48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10c4dc8b38fce05f6903315be4c86105 |
| SHA1 | f121668028348f1383ac7ffab8edc921e2041644 |
| SHA256 | 9877f083c30003b24ebfffb00ce32e1c5f0030a198abe96a1c467dde6b45f33c |
| SHA512 | 2bbd00aab62b2845550ff8a2977a1cd07fbb3570e5f3e187e198415a9d4911a1fdb5e33c0fef400d8e8f0a2801e773ffb94134f8dc4d65cc315632549589ae6e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 03:04
Reported
2024-05-31 03:06
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85cd9f5023142b5edbeea0158c2a9fe3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,17136386818018550487,13488653935565182360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.0431a.com | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.50.91.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | 35.166.122.92.in-addr.arpa | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | amos.alicdn.com | udp |
| CN | 203.119.169.175:80 | amos.alicdn.com | tcp |
| CN | 203.119.169.175:80 | amos.alicdn.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| CN | 14.215.183.79:445 | hm.baidu.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| CN | 111.45.3.198:445 | hm.baidu.com | tcp |
| CN | 111.45.11.83:445 | hm.baidu.com | tcp |
| CN | 183.240.98.228:445 | hm.baidu.com | tcp |
| CN | 14.215.182.140:445 | hm.baidu.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| HK | 203.205.137.184:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | 184.137.205.203.in-addr.arpa | udp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| CN | 203.119.169.175:80 | amos.alicdn.com | tcp |
| CN | 203.119.169.175:80 | amos.alicdn.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
| US | 154.91.50.177:80 | www.0431a.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4660_ATXMIJEHSOJCDKSP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab9400f3-6a9f-468f-bfd1-69469f9e5bb5.tmp
| MD5 | 5f1f833fccedf07ff895887f36670c5b |
| SHA1 | 6abfd3d07985231a5d38e0ec63d381450d18dc32 |
| SHA256 | 1fac653329f3a8fd4b758c3c6831569456cd83ae750671518cc25f15405b2638 |
| SHA512 | 3d97b6e5cdb7dba6e1baaa0f12d2e411d3bd2d3c223d8fa8cbc2eb0ecb937ab56f169c5db143f12fcba4e18a539ae6f8c01a7e819770c5d060e9033c39d47a5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e460411095bd67c3715fceba1104ecf9 |
| SHA1 | 774437b99a12f36b334f37c510a29423c359d8ad |
| SHA256 | 2d958bffc20c378104a48f006298fe3cd645c6f06e734787cdee5f8b141ea6f6 |
| SHA512 | e3e1b2d67b3e48bb4280d070a41f19ce089a14def0d7059364af208d2063f0705471a995e9085076d948368a68d4e2c734063f50711d49eba25574dfba9e95c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 066fae16af084af80e60e7bbd2b5126d |
| SHA1 | 7ec43321df8ed8af0e026295f2d85a2f96c259a0 |
| SHA256 | 7cb39491d870fa7a0ef7390f2718857dc72b5d151660d6bedd474a09a5e10868 |
| SHA512 | a978c2af969248d8a5e6f81ee3a98e6893977eba9562b7ef073e29774450cb91c1bfcc11cb5dbf32e63a21d838d736cf43ec5c988d55a91fd148577d609cf5b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3fb6a98f5802bc60af3ba1728c1fa072 |
| SHA1 | 45b06539abeeabe4a32dd6485cfd41fe7c079774 |
| SHA256 | 162d10d5bac0130082a6f710aa77a743ffbd036536a4d2a604617e9fed831a94 |
| SHA512 | 17723843ff18fa1287dea559d8ffff2b4cda148be93f4b0e9094c397dbd458844dc5065491c01508fbe0b6667e834c99ab74060112a5b6909d6f0b18f93d9026 |