Analysis Overview
SHA256
5de448754f3229f4f7f07bdf0127e98258d1ffc3158e1031ee55974946b48847
Threat Level: No (potentially) malicious behavior was detected
The file a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:10
Reported
2024-06-13 10:12
Platform
win7-20240611-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{247C6181-296D-11EF-BE23-DE271FC37611} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ed86fa79bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000093bac5757b66fddaa70ef7cc584a9c315001a8c6dd3f93489fdd6d3dd402a5ac000000000e80000000020000200000008d46d27f926245c7675a3688e8ca68384bb774a5988c9945ff83107c9fa86d9690000000e98fafbd45a02c4ca37ffb37366e4dc47ddc24d876a3005f7e1cc4f81d688c6cc6737e457fddbbaaf5e31a2238449660ee4fed3f60fbc63157e0850c52526870d57f6acf65bac6cf099244c400d0bac7f482fbc027de9f6e50dea526f74ddccef1c1d27b34b285cfbaf4ee6ad7966ebbdce68c5751d223a36801d05fb276477e8faa73e5d8a27efe5250022ebc90f56440000000f8f568a09fe97c5e3ddf1c6243ac396b8e489401d0b312f8b3aab2978bf8ef4e6c1ee7b642a568aec9aa86b8b3fc50d372174d4ac425ae8c2678dd0882f0d68e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435290" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000133d8944ff118d6740805ee7718076244812db337623f27a4c8ae65ea316805c000000000e8000000002000020000000577f5ef3f2ed0a06f64792b67f7aca92ba45e806a76ae5135583cb436ec4b45820000000036183dae8551a101e0c835c8c2ec4b280490530918d54fa083ef89133286d9a40000000fa626037b72603aeb5534cbe173ab6fdd06b601fd3b31be60c9a21397bb9d14c0dc9f901611ae80a812894d5569a8e9ed68ced5b78f2b42722e3440362f9c184 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2536 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2536 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2536 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2536 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.yaporn.club | udp |
| US | 8.8.8.8:53 | yaporn.club | udp |
| US | 8.8.8.8:53 | vwijf.com | udp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7EB3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7EC6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bdc6237fe4caa27eb211347fdc90359 |
| SHA1 | 67dc27095238244f407e9b16c6879615660ea6ae |
| SHA256 | dbc7258171b855314f163245578406f06eeed7d2c4580a59e095416855eb9e3b |
| SHA512 | 0e277c437c902cb20d4c3c75e24af80f63d30645d54d60f3c830a9c98a49442894932ad8a111f265f5c70e0ee6147dfa75208fecba6f42be10a550326ee4efe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 90aedd9d5615a00267cf6e0b7e34e176 |
| SHA1 | d39de2234a84f3293c8ee77a151e7fbfe9b2712e |
| SHA256 | d85788a49a43a267ee8732f2a5ac458e62152f039188bb6eeb4829b657b5e074 |
| SHA512 | 38bdafea6f85878ffac97bb70be4edcb2fb7e38fb6adf5dac7a99321601de000f3e5fb79d7856c3a247ea43cf6c1439af900868a8bbef24a4d1dca20910aa2d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e53653201d1136d86dbaed7be7d9cc |
| SHA1 | aa27b680200f8ee0fb492a9b7c90ec3ffd4e7c28 |
| SHA256 | 06417ee3ba0eda2f9d51ca6b67584442bbf6315bc52987d2ce595c6f220779ac |
| SHA512 | bba74c0f36c863ba6ef21f73bc04205d273bc4f7e98639aed7821299b009e4129fcefdef9c286dfa7063d10cfd3b6156c8af45724d6206ad4113981767e4c004 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba3e1cc0f3bc0ad032ecac6ecb24fe1e |
| SHA1 | fdd71b27133e9eff0d702b4a9bd24cb9afc8bd33 |
| SHA256 | fc3a4621aa18f15d1a5986730f2d0a6646fd84514929f4165c5656705239e729 |
| SHA512 | e16bd84ac7e44ac871edb657626b955670a08398b8ec04d5ca5c7ea18369b37dba52de6e566e083f461c35105b480750d40100f4bcef61514c6ad5c538ab23db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CEC5B0E4CCB695208492C64784C4129A
| MD5 | bc2a845b339013065f6b48745a9ec505 |
| SHA1 | 397af94629b31b9c79d67b6d2e4000f427ac3626 |
| SHA256 | 9af45e2e97789137c9aba4d4156302eb392c44e5e59e5fe2536a0ba8aa1d4332 |
| SHA512 | b55ee8762bc762788001dac5c82025ad06c0a9d665656acf0618b93160e9890a8ea7ebd0cf0ff28c50df752a21d0bc703bdffcd1d71b83ae57cb08d022f07247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A
| MD5 | d4e4572b54a321affcac4c8d9b2fca57 |
| SHA1 | bc8ea90657ace88d6cd0f93df5b63aa8a4330e50 |
| SHA256 | f4d2bf6f726c0cc54d18dfe83f0d594b97ab4ca756bacde6a3e26b0c3260b777 |
| SHA512 | 36a70dbbda1db8f46b7c6e96108d4368f512d87780c71cf5fd2b38a20b6008fedff9504b11b59ee29a51461d66e211f2e0763f3c7c28c2557226acc28c3d80f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e355ec2c978ff2e4fa9fd6be8321ebe1 |
| SHA1 | 63c8625171f8a976b6e7637917e500f94fbe12bd |
| SHA256 | 965ba60cd2728174c14337c847ab5e0f1d716275eae1caae50f39a422e788ff6 |
| SHA512 | b6660aefaa35ac8423062e905a96d921f652e066ac8ec7a896e60989acea73f9412d2ba55ef3ac21eacdfb9d7109201a5dbbe2e3673c6be614f27ae736948440 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0040df8ea6f3c1f77aa783c0b8b3d49f |
| SHA1 | d5101d4d3922d62a862555f1ada1daed1fd1117b |
| SHA256 | 38c75960c21a9db60bbf8984071e924181c0c2e8107bcf57c04d1e761e63d895 |
| SHA512 | 37e8f6fdfdfe65a282f2f475cf64ce67e6c1bac0370c26379569c5092b6b4f1862268a7305d58cd5f1bac3c5ebd5058d8ca943b06fce00680841ab097a78fb78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b58c82b4fb656f3984aef8f1bab02ea |
| SHA1 | d8ffaf4c70eca9f5efe9149fcdca261bab5396a1 |
| SHA256 | b815258c45194c4b1575a6b6c5d295bb8b999df300c23c4cb9f4eede41ee1857 |
| SHA512 | 72d875b660077172e34b736e7c34b897125a04073c27d4b1ad714664b8acf27d213d3173212e54ed1c42f6c17a0ed51e6a5556de7c74abe331c71299012bfb8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47fbdb44a29e76d3bc3a36ea754bb9a0 |
| SHA1 | e6b5fd0a1f8d6731a6f11b2cf5e42947d062105e |
| SHA256 | a450f0826ae0748996d21abf2459c92b496a93fbad978ad2049dde777c23a942 |
| SHA512 | 630a967900de417d53acc353bf8cbe67edb594889ff7f7ddca1fa7454e1ee379b11d651a973890abbd86a15b47c88aea47b9d3e6efbc1542ad6743b8c2783acf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8249eebf78f6a9f7a3e93b5d286e6a1a |
| SHA1 | 8a1aa9973a7e82fee1c01bb412e1f92a28d12b75 |
| SHA256 | 3b5ba9eab0099be57b7fbd49c3c1074411ca053f03bcb326bc305e9d88209fa8 |
| SHA512 | 03e73eddf8293741aaab6b76c131856c1e843ca5f11eb575ac65e7c847a59ec6fe7eb0eb05bb5e0427d3bfa0cb2a9c3979c03373ebe99a93be2b5216fa00d827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b3121e795c501897ff44958508c410d |
| SHA1 | 506cdc16d35198e81e3199ef110d84bb7a21348d |
| SHA256 | f04bde983d584df6a05d1ef0a631692543ddc146202487eeedd3508e898e3a9b |
| SHA512 | 4d55915cfaa5ac62225c94237822f0a766996d7ca4b4118c99d1437f4416213a597cba6571ef5d283e225ef22f80b2e26f64a22faf4ca9e57ea9b3e8340ceac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c624e850a279de69791d80596485083 |
| SHA1 | 783bd81200c06fd32077d58e873f38e83ccb4504 |
| SHA256 | 2cc1825e32d0b60659de43f4a6eeda1d5013d9188ca2bd3c047d1e58178d71aa |
| SHA512 | 0af44bcfb4f3f940ceca9f0a11e5007adfa322c311638e88091d39b8338c2ec3af9df3fede89dd6faae185fad511b5bc1a679cda9566f4a74741cc0207ab254e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66db44605610e0153bc05958aeb35e32 |
| SHA1 | 0d530352fcfc90fbdedc5c741fefd0775cbc8939 |
| SHA256 | 71403291885604ee661bfae8417787d0e3bb312d9d41b8a68720ceff6509fba6 |
| SHA512 | 88cdc875e89eff17b251b1a722861d2c765b4f53db02ae084edb18150c2a459836530cbe91c53a5436d53f42213d79a3add51f14e203d64a75fc9f1ff591a5a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ab615e0fda3358c2e297530b00846e |
| SHA1 | b744c07873775cd0a6f5bc34a457bd5dedd03fca |
| SHA256 | 8a30ccee5d4bca612415e1fe3510ab5034f33315d068f5372fcddd9ff521cc30 |
| SHA512 | 95b5d5d11c23346aed612658ce5870e1dbe7b110451f54897dba9c64c9a28ab0fb8a272fb15e043413e7e690608954f9b303d1ec7f33ca5e1c8e7ab8342201fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84376eacba77afa640568dce7ae6788d |
| SHA1 | b18ac6c39bff8002f12fdbbfb68731492d3421fa |
| SHA256 | 8bb1ffe3c46fe39a2259651801740563b400cea5e26cf20eb3ccd90f89365763 |
| SHA512 | 5ba4154bf81098221c1b1eb459d0f43fb0b1b1b0bb5a363565329c309131318d7fd34de47ed5e7dcf35961a668ac6eaf9a89760746e132143723c3943eeacc37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 170380efb9bd46aa6f47a155b65a48ff |
| SHA1 | be90061eda4c9fc53181deb0bfa7ee65e45539f3 |
| SHA256 | 6f6560a409b0fa95a8b83694330da492146f994c3cca57cc2b0699de6bf35c22 |
| SHA512 | 2386f84535491f325d03629c601f97a6eafbd2755727c8cf2d25c34d350d3ca538b36defbf1f5e6165fb8ea712a45235518c38588bd60b270d5b2814fddd06f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe980b5d6f729f13bad24d96e23fa732 |
| SHA1 | ee1cd0426190792da496a8585f6bb47225157385 |
| SHA256 | ffc37ef576e9f937a505bf67c8ce23ba86aaff7e1f77627628ec755824b5c8a6 |
| SHA512 | 1d83c183d0b87620e8199e995432394a5c5b80be155ef5e7413711ecec914de196d25438b61a11ea0108817a151d660d5e1757e17f816b4725e889d4c000af35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0857009e8891e1839aaf7f1c84da29f |
| SHA1 | c2dd88a85caec6fc6da69a944382f24545ce9679 |
| SHA256 | fadc3819d4c21c0240baaa3d8c66f0106c1bf795c22e8142c50be26f875ef04d |
| SHA512 | 8aed40acb07c33f00f310fa43cd0120da9b24d6fbb3afa7c69e345aa51f53c5663270e20daa6daf0daa9a335a90f8105469738bface9051f0d419ec8efba4667 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f995067d52107fc58db76c4bb44e7f |
| SHA1 | 8214ee48dde54e35d2444b36f99434920e825020 |
| SHA256 | 71c8fd637b6d871b41933fc61ff2ff2f20e55490cf75e4368d66050d016f77c1 |
| SHA512 | 8e27d348160aa7f09b9bf177faff5c41a5f0b2ed30c97110abb427c03239c1a43cc718d57577eae59a9844a7161875cf171d4e3a0edee24b28326f9e60d40037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c94e9febe0fa3de889a3f10fbcc91042 |
| SHA1 | d9f9915695e1b1a0f064f6b5f0068c40000d88ac |
| SHA256 | 3eb8bd70aa2a2540bfa589192308d0ab3ee67d2a10e11c0797848bcb09220e0a |
| SHA512 | eaab1c086b2d25f21464260924ae14e7358f74b02cf742a5366d3f442baa45074568f5e3667e26715a99ea6712f124d7678267a72798bfb97eeed1b08bad1184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec66f2cc25aae44e426a262245e1f978 |
| SHA1 | f4e1abc616e33aecec8f8dfa81c5bf60fb26e904 |
| SHA256 | 0f0520eaeca6952d36ed83b51f0d92168a5f7d2708c09a31ee96716eb929a7f6 |
| SHA512 | ae4ea03d0593c3883959a0cac8c499ae827045961904fb99d00d137e96b712f4fcb2107c071dfe64ec24bb594faad70fb92390e1568659e2c174c88edd3cb411 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98a59848a7e10fcf49a039c18c39584b |
| SHA1 | 6e449373dab0636e0e77ab6203745c607d71d9d7 |
| SHA256 | 6ea6af59129ac37e11d5dcc4d4d431cc93e086d14f96ec760bde6c7318d19d74 |
| SHA512 | ec076ce4c76f1599e1763b66598bee38a006c001de6effe227204fcaf096f3d210f5b2afe392fbcbe1ad744dcbe749ab6b85c41ede1c2b138ead6a91c55e8ef5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63bae5cac56bd5c93859f503f3b123a7 |
| SHA1 | 144670cd3e669ffd1611ce03a07cff536a2d5a42 |
| SHA256 | f83d42c02b40a81bd4682f5fda0f13c6ebce7f3059e246c6d97bead460e95fdf |
| SHA512 | 3b72ffee4daa54fc5aac58bdc4728ad841ae66e055d99ac130371f8325f2d12d04f745183aea0238fde96f49cbeb0637a21419ef8de0373abba898ccaf8af0be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a93d1189b54498f7f34eaf7f46d6113b |
| SHA1 | 333c987fca8942556ab7445a84bcfb4877dde6c5 |
| SHA256 | 403a9c5c8d8b30bd09d504432689e6ddae1d5aba679aa6a78bbd75383f9ac8e5 |
| SHA512 | df161e2dbc9119a42aed4dd0fc7dbbdd43d6ef80fd0390c2fb3e6189ec1c1678b7ffe9533f0d787d374eafd8c0c215e847b4d883740686a10772773132fe86cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 656c835848a33326689b22c770a394e7 |
| SHA1 | 77c69d83ab7d6de633b9f87b6df4a620445a8587 |
| SHA256 | 35c71522ab4d472a12b5a834f11f5212577c7d50943c7adcf8f77a52f6280628 |
| SHA512 | f1df2eb005024d26bcbcba570ad762bd1fd8c3a2d56deb10eb1b20b79a91663ae2aa767ad74748832ceef5e20fd51b98f0cd677202ee9766afa44b273bf3adbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 963cd1ac7398d6f72fb364fc53d858e4 |
| SHA1 | 99c46a2376539a6c0c00eff17b1506e3aa862628 |
| SHA256 | 925fae81a7d898b18e8ed01abbb7d05ec9cf11f6db92b78d12eca12734cd96fb |
| SHA512 | 9607a749a577880950b2760bffda59fda4dee8eb11a26ed61c498a2c6ca5ffb51e6f80e9353473b744f8726bf84c0111d3f014d3a689bb970c06b7cd11ce01e1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:10
Reported
2024-06-13 10:12
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa70eb46f8,0x7ffa70eb4708,0x7ffa70eb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.yaporn.club | udp |
| US | 8.8.8.8:53 | yaporn.club | udp |
| US | 8.8.8.8:53 | vwijf.com | udp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | ww25.yaporn.club | udp |
| US | 199.59.243.226:80 | ww25.yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.197.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2876_GVLNBFGPSRXTLOOM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b69e7423849c826de58bf087c7c3fed |
| SHA1 | 84911cfb5767dbbeeeab3600b9f603a273b668cc |
| SHA256 | 1a7c7a49b9d5237d5928900e2fea5f70babf09c574e183dc37680ac27abc6fdb |
| SHA512 | c05efc4f839b7227162e45527b2852dc6376b8f3e743683e5c5ae9d1df16b25f145ce9f2def7b0b783b5d2ba63fbfbbe42a7ca01145b553277cdeb5e2eb5c5b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b3b61f5e7bce85d6917035fddc2c78c |
| SHA1 | 5f34bc19eea53015d5e10fb345775055158682e1 |
| SHA256 | df2c15137b83908676cf1e5c850fdc5cf3bfe05d6b10243df91dffb18c0aa725 |
| SHA512 | d8f06b9415e3af43e15895a096d729188946e48948bccbe5e621fbd9dc373b4b5a273d48670510546dd15c69d51a0ba076122e222f8361f1d4a04524944e0ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e55afecd6ae7eff5724b06963dbb6d7 |
| SHA1 | d19910e66460733475902a83926e1293d35f6727 |
| SHA256 | 1b71469dba85a741d3f61c2b24badab5d335ddadf142ac5f2e0a76a62e46808a |
| SHA512 | dc6978005283e955a7298435d29d59415ec1117d0bb51df983ae4a43d9cc1f838e8e923e679ab03c60b93dfbb4792eaeb265f75b0e119f6db2e80ae04bc6523f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af208c6bb14127eea0541bed38bd0a06 |
| SHA1 | c5f4da6f0726b3f85cd81f2b4ec5aade4915baa9 |
| SHA256 | fdc65b15d14ebfe8c39ae462afbdd24f95e471d3d72c93e1bd71b64dc5c46c42 |
| SHA512 | d6fa99f77819d99a717d9a107004562136d4fe4cb5e3f045c317a87419e93be2b4f630f53165d3ea508cf18eed04a88fa527cb78bb82f71bd3740e1e032b7727 |