Analysis Overview
SHA256
4dfdc29ee44fc1575cfb8946aa7f0bb5adcba97865ad0e3e261b5d67ffbb5f4a
Threat Level: No (potentially) malicious behavior was detected
The file a35674cc840c8e89db38d71144446bdd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:22
Platform
win7-20240611-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C9CA9B1-2923-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000032a0ebeea8593c25349f354e9c43f3be6fd539d4ba947b7d1ca36885943b34e8000000000e8000000002000020000000456f2a5ab7381776b781f0cb7b00b337a6ab890321ac986656d431cc7932c8d590000000a1f66d1d6cc954925e959a6ba83a860973beedee69905419dd9369b5b06f060616a15976c3aa76ebf416ed1f694e0f8300f39d33874c9f575b73601e3736f05bb2cee526ba4125f8ad8ed51ab775c6c098a888e7a0dba710e633e9a93bd4e5c9a5d5a9c1ddf4c45f0837f7e317cde00740f0dbf74397ea0e3b6b796871cb2d74b1fb90be211c9f796ef221329bcc6e5c40000000c4ed69db131b8a666d37a490d5e33314e72fbd470401e3398409dadaa8a0cdbaacd087d32ba9ca01bcc4e10ff28caafd3a4ca41541d1cec7938b3c91a91ba2bf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d4a4e03b9f66b556ec198f34cc53792f63efb7512fefafad123e709181ee5639000000000e80000000020000200000004210932b99b549db848b0c976f7cf5ce6809ffb4d4a7da5903955be53c1ee808200000003cd9114607eb47018baaeba275eb09f4bf220724508c902ba6d75145da1cc92540000000d2b096d2b6f300cdfda0f3f8a8d7c8073fdbe1b9eb9523b8c523c5c7d20e5f065e93214a2f3ab18facd3787369f9550e68cb78ee5b18dbd8d938014378b6dc63 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403495" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f17f2630bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1948 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a35674cc840c8e89db38d71144446bdd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i2.073img.com | udp |
| US | 8.8.8.8:53 | m3.073img.com | udp |
| US | 8.8.8.8:53 | img1.07073.com | udp |
| US | 8.8.8.8:53 | m4.073img.com | udp |
| US | 8.8.8.8:53 | m1.073img.com | udp |
| US | 8.8.8.8:53 | m2.073img.com | udp |
| US | 8.8.8.8:53 | i5.073img.com | udp |
| US | 8.8.8.8:53 | i7.073img.com | udp |
| US | 8.8.8.8:53 | i4.073img.com | udp |
| US | 8.8.8.8:53 | i6.073img.com | udp |
| US | 8.8.8.8:53 | i1.073img.com | udp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| US | 8.8.8.8:53 | m1-073img.073pic.com | udp |
| US | 8.8.8.8:53 | i1-073img.073pic.com | udp |
| US | 8.8.8.8:53 | www.002au.com | udp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| KR | 192.186.11.53:80 | www.002au.com | tcp |
| KR | 192.186.11.53:80 | www.002au.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| US | 8.8.8.8:53 | www.07073.com | udp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\bg[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab62E9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar63A8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ea33ffd4f481f7ee0b24667f2a14e47 |
| SHA1 | a18aa814d2592f82665698f7bae8bfaa59858e73 |
| SHA256 | ea83de291a03389e23f92b712c1e610a54e856b5d917a81345041f7bc2de1bb2 |
| SHA512 | 843f0d6d9c666746a1ef76e9d20093c2aa4eba946153002ffece49934f7d2829923e4be2baae981810787b106516afde0d5d4559bf0e399ce1f154482acc6e07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61443abf243ccb14cf2be1e9504b7a7a |
| SHA1 | c56fd64794b486986faec37713b9c7746310900b |
| SHA256 | 6b90cf2ea20d3bac918b59c9f54d71d6845b0076442aa7c6c77897243f8df7d8 |
| SHA512 | aff8c838fb316fdde809b7635a9853bf21ce5b8253e387181bdbb3a5ee40f1bbcfb607942143bca3051bfaffad7b1536c24bb0847ddf4b5490eb8b4c78e440a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f4fa7bc2df9ec30da205ea1ee7e0f7 |
| SHA1 | f42926c79bbb1a331ccbe57084ff7911a08280e4 |
| SHA256 | 3cdbcf13a3c12b4bf159fddced3079e3c3bf9ce41c9fbb4c8d88e36f89b36d5e |
| SHA512 | ad9c734cceed091d956fa54cc2e17afc7731ecdcda2a41920bef35d8ca6135d581a8c116e72401fb697224245729b67183c4737d2f2dafc86c6ba3c958ec850c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 527cb6d5deac739f92a8f67431d20d9b |
| SHA1 | 341827950d4f899fcd2e34a2e30216436771fd35 |
| SHA256 | 9b2aa4716f7dfa29887fa304f9bbda811bec2fbb593a1d947f09bb7dfb102d0e |
| SHA512 | 210ea304d915dccdb903406a4bfcf09d8698fec8e66262879da8104a162326bf4afeefb4baf2c4965929ee40895a3543bd31b54ed8a12d8dafb1c89a0828416b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f78e3fdc12e9a641aca285dda24f7742 |
| SHA1 | b6cdc9c99bb064c2e6cdded1c41f241e27128279 |
| SHA256 | 8fc034f94fe652cc5a1241ca4bb803f95a1ec7ff8da7e37da757386dd199ac74 |
| SHA512 | cf6561c0552cf6a6416c2a94c2b1693355f13bea88dcee7436b2e0c0d45cc34a8cd724bad96603c8d2eacbade016bfd009c92b47bedcb0facb924a170dba5f7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80e833af90cf0c368d85893404636de2 |
| SHA1 | 689ae49a3a7b1e0e21a64d6763e22ffa23c5f5ba |
| SHA256 | 12b7451b99bb19dbb6b414ee8b23db34740c7a2656d68876b52f847da510f20e |
| SHA512 | 05dac37dea7947acb5a69b8685f949b9b07fab4dc3c710fd2587758564da6b3b94b01a14aa6a4859aece79cf195267f5274f53515bb594fdf03665bdd1fa487d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45c027d7890e9e522b8b3075b260af7d |
| SHA1 | 068b822e219124c957565db8fd133279fce4e2fc |
| SHA256 | 1b48d7900312a7a08e96ed4da0b41b48fd68f03a49f1bfa6b7941dd49cbb7102 |
| SHA512 | b702e8179ef1439e0b43d4c9b68acbfac0fc76fcdf1482707aaee46a5b0b8ddba879608e7c9a8b48ca4d4211fe16c88bab807096937ceac614ab32b5aa7c4f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89f7664f147fd08a105aee6ef6fd491 |
| SHA1 | 9b27508e8263f9d41792b8c30a774b8e9a153972 |
| SHA256 | 3bd1fc78732bb44f588f316252e4ba735517d556935bd7bd57abbb9e48c1a876 |
| SHA512 | e05d26d43babb63a77d9ae8ce20c8bc045ab2b74def8b706c7f18919cb95dc58a9a62eaf6a8f923ee08cfa685cc8691e97b490dcda0b40ed9ce3c017fe17af31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd7aae40eaff53e1815ab7aaca0e530 |
| SHA1 | d5642a237bb4416d2f019a517f8ceb9b6be822a5 |
| SHA256 | c3403773c31d02c737f9514e27f587c081db33813573b844895c088d4ee6b02d |
| SHA512 | 78e6bb57cca4180e3a992143598778b8aea70d60a617f66d0551eca6b641f16fdee26cde4920e0d2de11d625bf517930ab4fcfc80979325e29df8a03eec5a62c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53594bf43a7675a16c7a8beaaa8e9904 |
| SHA1 | 9afeeef220fc9cf48be794907cf59c1ddb29c3d2 |
| SHA256 | d1e510a2078d2fe3f626d8749aa36e528a438aaf7082b04ecdd7f8f47305ea1c |
| SHA512 | 30c0060190df57249ee7d2ba3475e9a0aaa655a66fd3b79381a66a627733d8855e89f41bcd203c1883bb9bb58a9f1dc2d70130448fb975aa14d8b2182f4134de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8eb58be07355d42a5a5d6b6783bef03 |
| SHA1 | e3fe5c40ca32899631291f18613a0a28797f3132 |
| SHA256 | e2916bba2e62122cc640bc7ab65e16f048755711991a02cce47ac2ff5a8bc418 |
| SHA512 | 3f79dabe6f0a1b4e3ecb27de54b533ba6fab69c8884602b79e9984d2e9c08ef88e955e59e277c61170b564b9e75520583d1a9b267270af3bef11dd77b4d61daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f62d1c4d164d0caf04d583a66d1b4f |
| SHA1 | 1469a911020cec8b190f54141b4ee50000cd7924 |
| SHA256 | c5ed3df25336aca39b8ed84c72d80911b5a269e56d860f7e769df14a66362d59 |
| SHA512 | dd17cfccb61cb4395cbaa2e0de8048c0d71c5f70d5b9aad46cf8d2c5a421de09e5a1d7297342782ab7b432d5abc2277fcfb8fa22d7f86810933aac801013a593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4607e71c740819818d57e486b79e055 |
| SHA1 | 6a814586e481c57c95d29458ebeae95cc544059b |
| SHA256 | 4d92c3cd5fc5f67dd9a1e15c889178e6b4fe887b103eddd65206678ed3c6123b |
| SHA512 | a1b66515b04c67d0b4261a9eefd2af501e670ab994b5d4660322056b26e4e0b12875bb835a5e76981895d957f54a659e358f8b2692125a33f625bfcae64af9b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f3ec36856fd08185c504baf6e7b0e8 |
| SHA1 | 05f936b5943b56afb48a90b22e81a0ed56687c81 |
| SHA256 | 556802732fc4f17f422615ccdd17e4366e2455720c6003c2de51405d7403865c |
| SHA512 | 20198adcaec7065927cd1e9a41852d1a8462d428c6c87e005f6e376db45bb252b6af415a1c26745f47602c00535e6d47f0cd668cba4ded66a8fce8f702436247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80ac28ae5c4bf642aa0fd00c1eaac141 |
| SHA1 | 4fabd0a85433d4c318688252f34c581017e7f8ed |
| SHA256 | d6ee5568f8ef8623c90371a8e648d3fa017cc7afa2d0c2b8cdd088086866ac4f |
| SHA512 | 7ad3f47ddd31b2da3f37c998f1dff2aa8cf774e2a7c83bf8769f3d30431d446da1d4db875b23384fd89aa34b0ce4be5174ee15f1ea56277e1bfaabc3641644a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2491c3e19174c93e2a6436b60677f7be |
| SHA1 | 006f84842658f656e9653f9294c0847dbc7e2939 |
| SHA256 | 08d74d06f54335a33bc46d41d5bbbc4db99afd0d7b1fdde00362cb669ad5f459 |
| SHA512 | fc4658944cb15a51b0ee5796fe14da560528acc62735b1784c7b0b5881f703fb79ad4d7f9aa8e1314768a4ec8baec4ff8d61c80787f2b46f3c5b9b9906cba5c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7311859f1c6171461122a09063e9872c |
| SHA1 | 463953c04f63aace00231eb2e1e56736fc64ca26 |
| SHA256 | 67928a15bbf5ac563a7720a13e589613be5a017fde422fef1a3c32e84b135264 |
| SHA512 | b123fc52aab71bf4e20bbc05137aca30a7dde8bbd8aad4dec45a73b87026b7318b623cca9e6404e6b36de165c0061e8eabb1f5d2e68beb92dad9e14b135b4a5f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:22
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a35674cc840c8e89db38d71144446bdd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8125324357945636077,688779409983385279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i2.073img.com | udp |
| US | 8.8.8.8:53 | m3.073img.com | udp |
| US | 8.8.8.8:53 | m4.073img.com | udp |
| US | 8.8.8.8:53 | img1.07073.com | udp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| US | 8.8.8.8:53 | 103.47.28.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| US | 8.8.8.8:53 | www.002au.com | udp |
| KR | 192.186.11.53:80 | www.002au.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| KR | 192.186.11.53:80 | www.002au.com | tcp |
| CN | 220.185.184.10:80 | img1.07073.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| US | 8.8.8.8:53 | 53.11.186.192.in-addr.arpa | udp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| HK | 119.28.47.103:80 | m4.073img.com | tcp |
| US | 8.8.8.8:53 | m1.073img.com | udp |
| HK | 119.28.47.103:80 | m1.073img.com | tcp |
| US | 8.8.8.8:53 | m2.073img.com | udp |
| HK | 119.28.47.103:80 | m2.073img.com | tcp |
| HK | 119.28.47.103:80 | m2.073img.com | tcp |
| HK | 119.28.47.103:80 | m2.073img.com | tcp |
| HK | 119.28.47.103:80 | m2.073img.com | tcp |
| US | 8.8.8.8:53 | m1-073img.073pic.com | udp |
| US | 8.8.8.8:53 | i7.073img.com | udp |
| CN | 183.134.63.93:443 | m1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | m1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | m1-073img.073pic.com | tcp |
| HK | 119.28.47.103:80 | i7.073img.com | tcp |
| HK | 119.28.47.103:80 | i7.073img.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | i5.073img.com | udp |
| HK | 119.28.47.103:80 | i5.073img.com | tcp |
| HK | 119.28.47.103:80 | i5.073img.com | tcp |
| US | 8.8.8.8:53 | i4.073img.com | udp |
| HK | 119.28.47.103:80 | i4.073img.com | tcp |
| HK | 119.28.47.103:80 | i4.073img.com | tcp |
| US | 8.8.8.8:53 | i6.073img.com | udp |
| HK | 119.28.47.103:80 | i6.073img.com | tcp |
| HK | 119.28.47.103:80 | i6.073img.com | tcp |
| US | 8.8.8.8:53 | i1.073img.com | udp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| US | 8.8.8.8:53 | i1-073img.073pic.com | udp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| CN | 123.129.227.39:80 | img1.07073.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| US | 8.8.8.8:53 | www.07073.com | udp |
| HK | 119.28.47.103:80 | i1.073img.com | tcp |
| CN | 117.149.203.35:80 | img1.07073.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| CN | 183.134.63.93:443 | i1-073img.073pic.com | tcp |
| US | 8.8.8.8:53 | 35.203.149.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4524_STMCRIWYWFXDKJCU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b4402712d3aa040d47d56861ce72ca4 |
| SHA1 | 9a2e96dc81d4277ff48afc55b622be443c0b8195 |
| SHA256 | 8810e9863df367c5d841f164c2b3b5dbc4c5152a0c461d4dacc0253b356014ae |
| SHA512 | a3731f1102803d609228762d8f403569e7dcb7ba3c39bd2dad4629b7eaf771079d757494e4bd0e936d32f1fea564e6e520570c28b78f39cae591747ad86b7785 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\786e0ae8-4fd6-4370-8cb0-46f882791f3a.tmp
| MD5 | 5e5629399152cbef04489128706ca737 |
| SHA1 | 9aeb7b6d81aeca9832b973ad4ee71585ca156976 |
| SHA256 | 6a0b4730b3bc8ab0390349ad00b1dedf1e635606c8464acc3acc132ae42211ea |
| SHA512 | 0763e81bc9aa541f31fd9784069769a15309699ccbce0748cc21b033525ed1bcfe94128d99db5ea628f0c5fc0ff5b568c69418f19e74e419e8a6192af1459440 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 966e038cbbe78539247d054dbbcf6f0a |
| SHA1 | f215ef0c35d1aced1f4c13de8d39767b9a37a366 |
| SHA256 | d0b97e657af25842e169836e3c5a423407471ccf3695050b52d1895f4f93c75c |
| SHA512 | 924b65e407d5c25082e1786c9c6a23e119a50c9c51c2a4b94e515d561a6508155a674bce356ae6714a5114a4e493445665887391a8789bd174ed6b4cce486041 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce0b1f66f25dde13a3bd6e108ded3dec |
| SHA1 | 05957b9eeff8db2f853e20cdbd831d153541a9d9 |
| SHA256 | c6788da827eaaf08f2b9a6dfe428d86f5ab192544a12d6b75170f40c02f66a2c |
| SHA512 | dffcdbbf9ebad69bb0a50d0e19aef1305049f9cbab15c7165c0688b5925dc9b15205ca9fce3599666d55e0f82fdc49f3a1a46c599e6e277c05480547cd0c4e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |