Analysis Overview
SHA256
57a546f3ac5d18e6e6f8a5fd731249564ae36fe435c75094a51f83dc4cdc5cd9
Threat Level: Known bad
The file 87e27f533c7169f4a8643437b9cc5702_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Loads dropped DLL
UPX packed file
Executes dropped EXE
Drops file in Program Files directory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 18:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 18:13
Reported
2024-05-31 18:16
Platform
win7-20240508-en
Max time kernel
135s
Max time network
135s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxD3A.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8917C151-1F79-11EF-AE65-4658C477BD5D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423341100" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87e27f533c7169f4a8643437b9cc5702_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:616 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:616 CREDAT:209940 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | www.jinfeng-hotel.cn | udp |
| US | 8.8.8.8:53 | lvt.zoosnet.net | udp |
| US | 8.8.8.8:53 | wpa.b.qq.com | udp |
| CN | 101.91.33.148:80 | wpa.b.qq.com | tcp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| CN | 101.91.33.148:80 | wpa.b.qq.com | tcp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.235:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.237:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.233:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.235:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.234:80 | ocsp.digicert.cn | tcp |
| US | 163.181.154.238:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| HK | 203.205.136.81:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.223:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.211:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.224:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.223:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.224:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.211:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.211:80 | ocsp.dcocsp.cn | tcp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| CN | 101.91.33.243:80 | wpa.b.qq.com | tcp |
| CN | 101.91.33.243:80 | wpa.b.qq.com | tcp |
| CN | 101.91.33.148:80 | wpa.b.qq.com | tcp |
| CN | 101.91.33.243:80 | wpa.b.qq.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | s4.cnzz.com | udp |
| CN | 220.185.168.234:80 | s4.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s4.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s4.cnzz.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FE2BD01AB6BC312BF0DADE7F797388F_896832C6BC857CFAEA9E59E166B13E2C
| MD5 | 418a15b6a3cd7f919143947b0ac54a69 |
| SHA1 | 858080189dc01c08e9a5640747e2fc6d60937e5b |
| SHA256 | 6b5e47fad3bbf5d215d0454e82e090bf7f0e92a56602ebbd6429cd18873e237b |
| SHA512 | b682be4672946af345860a46aefde321b0ba2c44986a253682592eb3038e903425aaaca61dbea49fed21d65fb3a64d1c88957c62ead16a45a00808872e2e19b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_5FE90E28A5C4F66460B6A36ECFF82C5E
| MD5 | b1200381ee354d9627b1834aad351bd6 |
| SHA1 | 7d2d8e9f636c8aabe593b2c1f305ce35b2f988a5 |
| SHA256 | 64f8eecfc50a8e206e9e7250bfcf0555674e05317a5f06bd14f6f21de24281af |
| SHA512 | d889b093e88a36c8851cb22fc6520ef725cd37a7a1b907c4dde294b2ca4367c22e8ec0ea9d197dc6fec106467a1adb84a4b5cdd627429ad3488b54293db6be9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3e9287ac61b17030e3a439c86177abd |
| SHA1 | ca4ab589dcc170a547c7b34b3cb866752385090e |
| SHA256 | cf326d8ff134a35c2e575bf38a944b3ece3afa3608f8b9722b54330b40474d84 |
| SHA512 | 10f4984911dd9d4f4308db6414a1daf8d38b4fd965188a4e9529ea5983984ed74068f4ed7ff038c9063366d110efee3d234a768d3a336f9138a961d14b3684b0 |
C:\Users\Admin\AppData\Local\Temp\Cab1813.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1816.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab1894.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar18A8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3c302e3717fe74e53775114816bfb6d |
| SHA1 | 1420aa79b6b54503f5a518357a1a6958c97292e5 |
| SHA256 | c48ca0af9224fc106f126da3dfb953cead50bdf1bacf3bd289a7d6ccd2da3742 |
| SHA512 | 5bd872a1b5142ad92d9430c24899daaafe45d3110e9dd9e3832a97a9aeb3232ff29b3f7c326dd990884543967922033bff626b1a4c67b0db0f298850c1580de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4be5b2d9abb8f14d66aa7230f55a2ee6 |
| SHA1 | 3c2b6df00635fc2ea95ca2c4700a0bd160253559 |
| SHA256 | 13a03406675647c395c4afb9af458d3557bf049dc66bb8f7f3e99a37319fcb63 |
| SHA512 | 73d3a313beb5280c91f13c58d444ac9c41c7394d6470b13a7e38df809107f8448f93a18cea20048b6343d2ac3bc7166a6d57b8ab9aede7a39b83b42aae68729f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f6e232abf81cf94aa2e2d53a56909fa |
| SHA1 | d18ad1b4fc0ec3ef4fb8d00989cec98acba101fa |
| SHA256 | 350d961c9cd81f372c4be6afa3e3b2706cb5a3931048fd0cec77dcc621b55830 |
| SHA512 | 832fcd5c4b324a73641dfd75d89b3b9b7fbe4dc2ab82f27f6ca359a0fa52c5611f31babbbdd0d331a97d918580b318182c64069681f2a60b30b0445ce61dc36e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 584ff8bae9ae1669feece1946c90b2b0 |
| SHA1 | 54fe4276b42b27da82c09d5dfb071b8a1a546c94 |
| SHA256 | 3e72ffb5943a9ddfca6e3c49b412b6f58c25cc7dcc51a54504ede0322e06be71 |
| SHA512 | 490bc3f77efe6bdd2ccaeedf989c951b634e51b7f8abfb7db2cf4a71079e266fa5541e07be0c5955f8ee2f83422a9bde23abf3e5771f1c5e77d716ab2dd3d2a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00c1ccf9071e1e8777f68a400e99026d |
| SHA1 | ee8b54388e698719c36a8c04f91276b51aabfbfd |
| SHA256 | 6a4954cc531f9b16fafb85e73c2db06c084faf770087057d530d562df7553811 |
| SHA512 | cde7f0dc65e3b2b35845ab36feb23dcd723d0c6cceab34cf8f16a3a460e823b93beae6d8389e5f197eaa1e878382985eeba0f8a0e4370a99630b961e069c9aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d798af35b71a53d505a04376db2190e |
| SHA1 | 6920c39dbbd69a6d00eac822aa31b5b92a8abe8a |
| SHA256 | 956872615a8887cb5d6e9e0c1d5c46f3f353e2a43d68b227651712eefc5e4834 |
| SHA512 | eaccb0ee54f83763f61e36a5d2010f0560efbc16d8fc862862f54a2dd3115fdf2cfc640f7d40d4dfe4d4d5912b1a393cb5d2f6d497e6e983de7f6c5c46ee1e1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14544f5c9a1d70b4f99e52fd52749d55 |
| SHA1 | 8e508c61767cf290eab993e4519f29382a45e7a1 |
| SHA256 | 4b48ebd9103436feaf3c09e2c35640e5038c0b6bdc8db3ac5eee1707b9222a20 |
| SHA512 | 5e35b36b31f2a81c178d740bfb0d27ed31c9a7c6677a75bae9585ead1e3c2cae188c387e436cb63b2e16a2ab4582cedfa02256e6e993d52ad1729ea53a74425b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37feb484c7e7a1e9cf20ed59a2fdf742 |
| SHA1 | b87d95d53ed1f852b4fa60e21098f00c56b025e5 |
| SHA256 | 6cfd61e862ecb89a7fd672c33df05aa644b8e450741c4577b4f6b280980c2a86 |
| SHA512 | 75c43531dc98a7977abf9882da17416368de67e13db41821315fdc4e454cb9d7ed4cc7b98e467154d20ae1d9f7d010ab6f2ec1032a05b4ad812e437a285d6da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae79728aed345d63df15ec0b4163ab92 |
| SHA1 | dbae1b7ace3dc8712a0f5895f7d651ed44e6844a |
| SHA256 | 0976208f41756abf283691a22e8c773e1084a15a0dfdcd72b5fc5282a5075bcd |
| SHA512 | 6f34012d0a2b0a76e9f9bc2f3cea96d9bc1bac42ecf125211414df938cece9e7fecb2b61ec294238d4df3c8d34be15ccea51b96b20ea34a6fdd283f66c756093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5a1297e70d64dac6a80aac6b5f48f04 |
| SHA1 | 4f93ee6bed845a045a7fab34e754171306b95642 |
| SHA256 | 2cd08a0a141d173332cb08c614e29dbc251b1b184dd7883140d9c2b94a15168d |
| SHA512 | 44bd75f4a190e78f76f4a8de39784f74b6385ce503d0ed07437806406e62ce77b4d74e38b9742fcc6f3ba1a715741b1c1b472e66364497846079d27ebc9f6a96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8e7ee61b340500b8b8d7a19e3d63a98 |
| SHA1 | b8d1143e36d3bac27baeedbc82f0818d0fd54919 |
| SHA256 | fe5911532e0fb4eceb584f5119b103d9265f1acece0c62dbb6d4e5cd07e40149 |
| SHA512 | e7f4a654ab7c28b14aacfc192776fa2ed65d9d3a36d50c451b39d9cd3f756df96200b6133f453505ecaae4b2372219d7149cb73a54378e7f1c9483c88af4b30f |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2968-553-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2968-552-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2104-560-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2104-562-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2104-563-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2104-564-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7416ad86d786f7a8805bac662ad0e61f |
| SHA1 | fbe8555232c6211f2847188c49a48605c97e51e7 |
| SHA256 | a7e374ecc8925e39ee090b83da95549604a65350d2d79105f5a5f4b0df96d275 |
| SHA512 | 3f066518f2ef5a6053f0cb66f049779e5d28205ee56ed37bb908f9b3512eadc2806a0b03f061a9d215dec27e1de4e8e9f0978ce6c578fc136ec571fe4838047f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a135109b2bffe8168e3c22dcbfd78970 |
| SHA1 | f36fb6006f051b486bccce4156261a7796cc8ba2 |
| SHA256 | 7eccc65cb915a6f3040f6f3b7611f56636a9fe81d72413726f584d2d55ac3d76 |
| SHA512 | 4cf431bf11b122bd2e02b153923404e8b653fd856657f43c96caed3426992417604280a98015d440e6cbbdc71f3f118e7f36908d611cd8d812eba23499458160 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2531c8662f96454b2627e2ab8e15eb68 |
| SHA1 | aa7253e8899c8e40f99f4aa69c76abfe77008e63 |
| SHA256 | 5704e82db6ab2acaf7612993a3b88b85b0a9c1b45a65863454410e697195a74e |
| SHA512 | 6f1f1b5837f032dd721505e884b182b0c3c5f91e5d8075bd7f915133e12110a45bd08a8d3a99278d7280ed47d9d316a284e86d765a46625352a212f1e4fe03eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3e550a61e84fdc07edc857c65cc9179 |
| SHA1 | 45fab3ed62ca628ee6017acf8b72c412a656a227 |
| SHA256 | d843a365acc63c8a571788c3d2239e84f937f2f40c4ef64496ce7e178ba6b13c |
| SHA512 | 054c075a41c8067a835808b400409e8eef0ba1901bc71496e1b8968079e4142881623c4731cc67f6ecfd62e836b13d79d17301e67067aa5d71106ba1431a2284 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2da7808b8a4405bb0d9dec24d26810f7 |
| SHA1 | 639319262dcc4890ba0e83c5b1c934898e3eac09 |
| SHA256 | e640ee18480d3198e7e4b2dbc953171cce5996d6b0cea43d861f69d17b97d227 |
| SHA512 | 6a7eee8f46798c584df33cc120ae79523b5690e5e8c480d7cdb458316ab7df4259aca751b3b46e84f0940cd4aacdb4d69b4545bcfd17b452772adc43d80f16f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4cd6c67d788d5690b7bccd3bec3e995 |
| SHA1 | d011542bcdbde70d1c3043fc51d8792d05a584b9 |
| SHA256 | 0bd197fe2efcd794ab8c8f473c18f853e550b11df8aae9f71b98264d5f4898c0 |
| SHA512 | a341f791e1ede4c77f851be7b9b61c1a21c0d8a1a355fc656c02339d512de44b43136e857f8d7f9150c4fd62fbc925ce59cbdfa4e849439e85564494021d5103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b7acc2f2dd5d73996fbce8c2141b2cc |
| SHA1 | 33a0a09eb9d3099900d05a4353ae027b069c9e19 |
| SHA256 | 9b3d005b74073d4fb6a6bdfaf55d58c07e824dc2d1c2cec78015d6c182e0d619 |
| SHA512 | 292b3355307993ba010dec3c5bd1264441dfb0ab8f19f16596c90cc02b5517aa697282110bf4dce351d36f10e4f616bdff49a891aebda9ae38421e1d1677bc03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da55642c16bb1a7fc68bb9a9c86679a4 |
| SHA1 | 4ddeccd8df73a39833373d2f9dd359b966b28c66 |
| SHA256 | 60416c0b16ed4186d748cb3ccf705c8c21f6f5601a5a0ed7bef65ec74444cf71 |
| SHA512 | 96493134a9e4eb79002a663c9169da3afb4bf86a19f20f949eb1767bcc6e2d91cd62db3ee9fc5bb834e81f80cf3e7ddcc59f1edb9f34ef22588cbdd4b880c2bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f29e049d1c85e3c80b98c844312bc0d |
| SHA1 | 176631adcbff256debc2491fc383f5a8344b94cb |
| SHA256 | c41516edf6a16a126f361bf841ea18129720bfc0f40c3581a6087df6fc37622d |
| SHA512 | bc10ede2b0add765a11e8df2d59228168d856d534cf0cf87807d7353f5186d17ebeed300936cb9c466097c14112b5e634197147a77327618a479c9a0da9dc0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac7cc43ba8d05ac3deef9294869a1be4 |
| SHA1 | 9c19b6070738ecad6d2c6546fbad67932b8f8622 |
| SHA256 | e58688ab5b1494737ed4917be531c04ff34cf2f82d15b7601f68c66b9cfc464e |
| SHA512 | 124c1383a1d507a9a96962c28505824f409391e37668406f27d6f43e269c85be33827775fa16380a365b525ac52a1cb26a567f39ca4bc3c74c4a533f66a1896e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 18:13
Reported
2024-05-31 18:16
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87e27f533c7169f4a8643437b9cc5702_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17054004699631621834,15699587688806163712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | lvt.zoosnet.net | udp |
| US | 8.8.8.8:53 | wpa.b.qq.com | udp |
| US | 8.8.8.8:53 | www.jinfeng-hotel.cn | udp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| CN | 101.91.33.243:80 | wpa.b.qq.com | tcp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| CN | 101.91.33.243:80 | wpa.b.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.184:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.137.205.203.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| CN | 101.91.33.148:80 | wpa.b.qq.com | tcp |
| CN | 101.91.33.148:80 | wpa.b.qq.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s4.cnzz.com | udp |
| CN | 220.185.168.234:80 | s4.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s4.cnzz.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lvt.zoosnet.net | udp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| CN | 121.41.84.215:80 | lvt.zoosnet.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.182.140:445 | hm.baidu.com | tcp |
| CN | 14.215.183.79:445 | hm.baidu.com | tcp |
| CN | 111.45.3.198:445 | hm.baidu.com | tcp |
| CN | 111.45.11.83:445 | hm.baidu.com | tcp |
| CN | 183.240.98.228:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2636_ZSVDCCESAPHFEIQK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 355d17de67d3e0e5a502a4775fb90cf8 |
| SHA1 | 6b1868918aab202a09d23deed6112331822d7f5c |
| SHA256 | bc84ebe67c94ee708aa23f88c60a76e4a0f2db75621b62c3a6978ba1d055f484 |
| SHA512 | a18387821333f6cf11dadb7e8e4690bbedebde9c1ade2c71b1d39863644766ea25d33e02306e0a0fadaba865222c102cb7de9ba89faf0a29b34ee6960e78b1d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e89f7077-0966-43f8-b956-5e592b94615d.tmp
| MD5 | 2398c625e1cc75ed06ba46486c1436fd |
| SHA1 | 2a5ca8a8af0dea118f233288a4eea47362589074 |
| SHA256 | 14190682666a16c5538b16c26e21c0369ba786ae602ddeaff331108fc28a2f54 |
| SHA512 | 431b26de71896a7f20c7e42161a832cd834992015cb766ece5af0f3d0f3a2c5deffbef19d7b7c3b4035a7fb323ed4a999a002b139c30caf3acc08412bde39559 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2b8275831c670a4d1890856caf4f947 |
| SHA1 | afc26e27c7c44851dd8c3c1befcab16a7b0b1098 |
| SHA256 | 4dc2196c44067c248b602487e8911bc9ebece53ded83b7ced54e5300fc386be6 |
| SHA512 | 7c8e339c4c7af0d1d75ea519dcfae646f722adcc68812c6fd6b8786e4b106fa8542fe2b2846a94ae8345690b7f98d2e93b594af3fc734be1719401b4e667cf63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a28fc8c7b408c9fec7eb29ba72319a1a |
| SHA1 | 2b1815d04fb077e076a7c078db984304b82cf50e |
| SHA256 | 1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65 |
| SHA512 | 6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1b55d3789b4ae3c37d5618806632f5d |
| SHA1 | a9d90ca4e02df959a5602ae11cdd304e5ac8db3f |
| SHA256 | 05bb6420f35c54fbedee68556e09f3144e6641e6d96f6f056871103a037a74c1 |
| SHA512 | 3ee7d0b1e0a492fad4dc5f8424be7a1e05eeebe3172997bb8714c89e4fe1e0b2131431d9b7f696dceb415bcafa8bf8b676d435c220c16290e835b8a993906683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |