Analysis Overview
SHA256
64830627cdc0c53df1da2a1927bb0db4483ca29f1ec81b9a4bdc240b380257a1
Threat Level: Known bad
The file 931405ee82d206cbbc97722ba616bb6c_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 00:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 00:07
Reported
2024-06-04 00:10
Platform
win7-20240220-en
Max time kernel
128s
Max time network
129s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxE060.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BC68A61-2206-11EF-B54F-5EB6CE0B107A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423621539" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\931405ee82d206cbbc97722ba616bb6c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:209937 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.excelawyer.com | udp |
| HK | 119.28.43.203:80 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:80 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| US | 8.8.8.8:53 | ocsp.trust-provider.cn | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.cn | udp |
| CN | 150.139.140.74:80 | ocsp.trust-provider.cn | tcp |
| CN | 112.50.95.196:80 | ocsp.trust-provider.cn | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 183.201.243.154:80 | ocsp.trust-provider.cn | tcp |
| CN | 117.27.246.196:80 | ocsp.trust-provider.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 36.248.38.196:80 | ocsp.trust-provider.cn | tcp |
| CN | 150.139.140.74:80 | ocsp.trust-provider.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 112.50.95.196:80 | ocsp.trust-provider.cn | tcp |
| CN | 183.201.243.154:80 | ocsp.trust-provider.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 117.27.246.196:80 | ocsp.trust-provider.cn | tcp |
| CN | 36.248.38.196:80 | ocsp.trust-provider.cn | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab12D7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar13C8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3da7840d63c634f34367a0711180185d |
| SHA1 | 91b9a126b56fa6ba5392b3d5487f7a9b2100d1ad |
| SHA256 | 1d4a5ce0b3e023f06f557091525099e9e7648a73fac58f388e9dbdecc4d05888 |
| SHA512 | 577579e74e815acaeacfaea6d7abff76381c9715f5cb8e3695e576347dd385e3fd2251bbe733931d3d204e56a655336b96065c851fec8b521c533ca2798ce188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b9452225cb0b6e05e5f8499068ee2b8 |
| SHA1 | f9e9589bcd723bc671746547ba00946db8e9cbff |
| SHA256 | face4a9beab58feb8bc8ffb907a0289bc1cf631d0840f3a02b96df0f79d3408a |
| SHA512 | 3b86184ac90bb039026ae87a201de383fc61ebaa0fb324d724d14256275f4892c1ba4c1b22b0aea4e5965b028af04e5a47d13e0e5c175379d23a3da0ff7e0d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef14f4577521e7d28d4bb4be13da5b0a |
| SHA1 | b95d2890959b93dc2b9fc38744fc9d80d3156dcc |
| SHA256 | 4a053c983b258a0af9cb9f1dcc1cee99496c83f122725b7c44966b840f0de54d |
| SHA512 | e2d179bcdd10dae95f856d5c19b8f6e249f1f32cf0d7557daf3f5d64e960bb3bea42b8da55100d6b54c25bdc80dd07a32e28602e300ba53043531665bb449d07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f349e50f46c3ee5bd77bdcf31009d201 |
| SHA1 | 361ac701b2bd2d03dbb08789c9ad0d17222f1c8d |
| SHA256 | d89ab1f66ee0a1151326b5c9e07aab09f4129711cad3333537b5f2447e74ad72 |
| SHA512 | d580ab929407bb494347ebbaa8d71d02fe20ee669bb7be7bdb1216c4b455488bb717177e4cf673379cb49db64367d7c387985be10cfadb7836aa6ab72a8d5f7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd1418d852d7d418f6b5757b96074335 |
| SHA1 | 42cf395969203b1d7d6d385c91f85af9e2c8e1ec |
| SHA256 | 64b9fa00ec87750b8551fa095ed63279060a5fde14b187464892bb24a788db6a |
| SHA512 | 71f9a2a81080d9de5ec98ea0602e82d4e935d382dfbf163151ab8cdd989391404da295efc358b3e30610696f06911df24c6045e4ff4de0b5a4acf888c3312ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c64209e38290c5dc2206123485fe4af |
| SHA1 | 06b850876aa0c1e24deb9e3555243d275a8d2cca |
| SHA256 | cd79d0d22a767629d421bf3fa790b2d430b0b30955c90adb067ba68467ef67c3 |
| SHA512 | 318e6120d59701eb92683ea8382b3136773b17380cfe666e4c10b88fa712ca611a72037f3149a71e99fe2a63591f1960975a81be9bc5a5019a543aa2ac38712c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 29033d2399acd6a3c4bcd35fa2d02fa5 |
| SHA1 | 3065692f90edbafc8efa4a08bdbc3af1a4338de0 |
| SHA256 | 9d1ddea57615dd3a05c0353c5ad4ce85f2b64ba7b4b1bef793adfafb74dd3aba |
| SHA512 | 74992883da370e0bb44f9d90da95b92bab9b470a431581ad9e635f47049299fb3412fd7149fdef3fed7dd35a2349a00ad24f651982bf79205c7553da955f99b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17f4d32ca2c4b7870d5e83429cd9d8ff |
| SHA1 | fab11393b9053bb162eccdb2593c7d37906fd6cd |
| SHA256 | 4287243e3dfb821fee284d6dd33a613321603d518864b528ba80c03ccdbb6b2c |
| SHA512 | 1d32c2a12e9ddce31ff5398b511b6f976f5753fc567362a8f0d091fdc50263f48840e9668e80eaa86545e05141b0909a2a934e8cfff5aae57543e2808f85a3b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c32970a9884f05b73abcf0e5fbde85b7 |
| SHA1 | 5fd61018734ae748b435b6ff8ef32ae64e0af3f0 |
| SHA256 | 1aa1a90bb65cfee6f5684e205b5fd4527171c1b34136c928032fec48551ee75d |
| SHA512 | deaa284382132dd80e01f7215df6b3fd9b7c3f679d2d413b4b115e724a46f703854c1186d155740a273c816489aeb4927201c92aa0180c570c86a76a53c0ded4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdae5cb41977d48d1d59866f9c129baf |
| SHA1 | 24b47a9535cf6dc2ea6b62e98b89be62208d2d86 |
| SHA256 | 3f4e6ad6cfdf3cf362c0e74229aee0bae102bccf6e90714a401331a60eef634b |
| SHA512 | 266ceee99873a89a99ae986cd2a303fdea51f3a0a695d9709372a56a92be6450afe7ccb607012e0cadc58a45b0f3896af17ffe2843704aaa5df24211c1653e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51c959cc770d93d296d5a01ca5c798cf |
| SHA1 | 10080b2327e277b2417655f7b5301a1c5ee25559 |
| SHA256 | f1edacdea65959a446624a5245ee10fe6424bca6f309585a51dadb751cd5d66d |
| SHA512 | 827325718c387aded87c7d73a6e4bd7cd6dfba820a936ec21475756db6267c4742e45b985b771c2fbf78173de97152a11c899c368bffdfcc9cd7f50906cf2d08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b85cfaf4fd350377a06a3a3d20ba3ba2 |
| SHA1 | 3653d7b1129f95f86389c58e9d5c43ef747b49e8 |
| SHA256 | 9b8c831c87c3c6b2d8ad7624965ba18a69def4ad165a84d37e6fc0ea992ff1cf |
| SHA512 | 2930b77c649f4ff296f89061155da85d6fcb5c9df35af1122c032a67a455a8830431f1f189878318e36d8612a8ad3da2fad48df7542cc4590adb988e75fdc3ec |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2332-641-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2332-645-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2332-644-0x0000000000230000-0x000000000023F000-memory.dmp
memory/1240-651-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1240-655-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1240-653-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7ca2ff4b467395eb4a001603581b03 |
| SHA1 | 0dc8ca2c5d10cb1f5f1093719da64b88a22c441f |
| SHA256 | d4a6ac1d4914a69423046760369a8d5854940a7ad5e34503f2f5ea51e7fc61c4 |
| SHA512 | d9ee0a4cec628d1b70cb2caaf0851c35a0acc5935bbc3455924b0719e708ab3097a3cca8b577b4a1b7ca2cddcff96e88b16927f669d0a86e586cfb07cbc0b8e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a67ff827743e60496a406510ba81c6eb |
| SHA1 | 8a5a1cb01a63cdff61d93c849654393281e23c3b |
| SHA256 | 989d1a44e23d5acce91c6c66ee092be5b11964518100cd863c7e622c01cc2757 |
| SHA512 | 77fdeade662c2e5075c699e25db1afce0778c3b95d7ecddd2323a503e44a4fec9c4c50fc666c9a02a125851f55ffa9d7bf92db4e2c24767e16a48b659d203531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31d0ff9a67fabbac861c9d2c04b904b4 |
| SHA1 | ad1d9caede8167c916044de1cff4e61bfe313bdd |
| SHA256 | 9ba39d662edeaef885c95e3c6053f447fc14059b654df9654c8b0d4e80ab1da0 |
| SHA512 | 18ccf9394c2c7e77d5db059ce828e64a7ccfe4e315485377b55bce2efe2b64c3d6992f98d121b3ec4029903a5facba418da7f5e408ab25f0a85e12428bc574eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ad443a68780348478ff3b3150cf0b4b |
| SHA1 | 515a1a2e541c01b64dd5d9cae751e8fb8d9266d3 |
| SHA256 | 141c85b277afdba88490b182fb367a014b2ebd6fe425d55d28901c403d262e63 |
| SHA512 | 0813a9b40c46bcc70299509fcfd3dc2af733b8d292100fbb19a8b86b4bf8283555df8ca55007b9ffd24a4f60cfa3b2092346578331e6016da2ceb4a1eb372143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f87a8f530e8ea9583d9ab353e7b613 |
| SHA1 | a22994029c54a5ee1b9f8735802c2cdd9cf1c5c2 |
| SHA256 | 2cd0a5c4bbeecc0c5ff41b97168bba9a35bd41d54eca3496334161fe4de59253 |
| SHA512 | 8890b2ad49ed30a0c5e3a63cc9fb48ad5b9c44ab8a6b17a53b139c0975bcadbd2e23e88054049bf7e9edb4ed4b18adbdf4f7450bcee9efaf0769436746c8b581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4de267aca0977562ad0305e01656ebd9 |
| SHA1 | 40a775126d0848adcef82b3525825ac88ddb09fe |
| SHA256 | 647ed013c58ee1bee84e24c4ef3c05623a88b1ffb765e06303355b0fb61bb0a5 |
| SHA512 | b3faf0bc34ebf7eae4bda6e5a4173e8e592531db9ad125ec484defb047a1609774f8209d4d070cbd43e3c2e40024bea91cf54f8b37a62fa971c8d637c9a88d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0b0d4bae63fc068fbd4ef1ba639c719 |
| SHA1 | bb957a43d1548bcb4c26ecef41367aee9df02827 |
| SHA256 | 3c249893da03df3937a7122a9f8177aa906969a882c61fddd66ad31b234c2b43 |
| SHA512 | 18027ed191f98f136351c3e57774ea22006f53eabfadc627691c82b953f4053a8bdfcaaf391a9893520e2912034e0a542a7fc080a476940ee7fe65b06a6b6e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6919bd54f8d14558c49ea3da0964470a |
| SHA1 | 950daf651c61d8b82290065c18d4aa8e208f44fd |
| SHA256 | 03e8b95f06473b92bdc8f3758241d1fe1f05bb44c40c9858973b5a555308285c |
| SHA512 | 1a2f46579135fc6e4f73495bde7ef4899c146945e3b36e36710f52fcec2ed7f6d909d84403aff3556885795e31649562f20a4c2cb0c46d97c1e501bd21310ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e05c26916542b42131ad1c9f4a1a5205 |
| SHA1 | a8e8a2dd7c063eb3a7f8143bec5748212c366100 |
| SHA256 | 54ddc15230346e1f2b698fe51d9def36e2147a69f31aa99440b2902f63ac16dd |
| SHA512 | c0a11956599d29e9b1930ebe0c55b1fd96e0766c4fc5b5518609e1e6a786f8b20516cbf6e7e1f8f5879a1445ea9ef281c7e1daf213f2c9d7475d343a1bfeb638 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aab1793e031c9ca3aa18895f0810f867 |
| SHA1 | 193cc611ad042ef9e8bc45ab3b154aab91bda2ba |
| SHA256 | f62312104a6256e4b1f87dbd5c8046b0563e85e78cc1ab7945ec021a253e65d8 |
| SHA512 | 0ea4602a3d746c474b2abdd7dfba3fd2177b1d5c31df9437d627c37d2c51a23d41132b8cbc1c27f6c3c08961041bfb8a7e6043e207c3ec85ed4e7fb3e72b5fba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 00:07
Reported
2024-06-04 00:10
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\931405ee82d206cbbc97722ba616bb6c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9053046f8,0x7ff905304708,0x7ff905304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16804449456850137299,2499795572396695500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.excelawyer.com | udp |
| HK | 119.28.43.203:80 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:80 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:80 | www.excelawyer.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| HK | 119.28.43.203:443 | www.excelawyer.com | tcp |
| US | 8.8.8.8:53 | 203.43.28.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2240_KTKEOHZRHVEKEQSI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\88c17dd5-c6d2-4c83-977b-749caf57fb93.tmp
| MD5 | 740d25b992de8150553fbda950d6ab8e |
| SHA1 | d7fad2b849f4ebcb5c8ef0a8a9054c4a2c48cf2b |
| SHA256 | 2c92f060066b45a247f8ba8528bb570bff412c2496eb8bc027077373300e91db |
| SHA512 | b74f1ac6d30e8522685371a4d3a3009fcd52cdc84dd1cfbfa84e8b315a150ba02e923755793d91f9242f0a6d4d0b3bf4cdff6f5f62d200f9aa555a290626623b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d780de46ca72bb74bda6a2390a61dd25 |
| SHA1 | 7d9bf250607a1e3c6497a89b76ee641771811a63 |
| SHA256 | f56c117d2c548ef085a5b4ce92d4d73057828ac207a134dfe60ad96fccc449ea |
| SHA512 | 137a6c1f93040ae2085f7fb2c5b90232b049bec78ac5fdc4020d93d742a8f6d73fe01dfcc0fc5e08bb4f3b90d9c3fbba4c77d75898e2e0a3fd10ea808fa00447 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 749763401c4538719896762dfcfee69a |
| SHA1 | 3c17bd2d48b9954f1ac4207bca895460a37173af |
| SHA256 | e9418c0257dad61e0c85e96b82c1fc297b4553b9bf6b59e288174ff0e7116305 |
| SHA512 | 81f47a63fb275c3b798b7072acf8b11b61463601294f6474e84391f8c7b6af5cdd03049a053abd49cf02b55add9df53c521acdbf996e2f061f394a0d5e045248 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b3440f58ad2ea9a43d6c56965f40dd1 |
| SHA1 | f0ea0e2908d30beb6ef6923597f5213a7c4e0c8b |
| SHA256 | 1df2c6e107d6bce8d45c41733ea5baeef29d36e1f4490bf345c5534d779e58e5 |
| SHA512 | 4bee09c1aebe5384370f48d55043761f040ac82e2c02055400fd291c6ad77917a06d6fd5fc44c1a7d1b770f91ad4da8ad05151fde9dbb288efe2474282a7b770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2df6b2a4db447878c382f8c6a759054 |
| SHA1 | 16b2ef11b2df20efb9f6138e7f7dadc4edafaecb |
| SHA256 | 87593d6bec8746c1f5fdf473e8b923a695735eae8cc3a4ba85db9ecc86c96ee9 |
| SHA512 | 90dd9e52f28bf106d65bde89cc014770040c85503e416df49de976954fb9ce61ed4078534e5951fa96b6bf98a583472f02d7b1a38ae8798fe319e38f4633698d |