Analysis Overview
SHA256
c1287c08c50190ad075d0b4b86cea57524bedbb087f70331c2a53b9fe3d7af0c
Threat Level: Shows suspicious behavior
The file a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Drops file in Windows directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:17
Platform
win7-20240611-en
Max time kernel
140s
Max time network
142s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\Downloaded Program Files\SETC7B2.tmp | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\Downloaded Program Files\SETC7B2.tmp | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\Downloaded Program Files\swflash64.inf | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000068cc0c8622edeadf0da89607784751cd172e286da332f07093ddb4b120a5ab4b000000000e8000000002000020000000405f6b195cbd8e3c42ce0e09980738633d144a9ec144f4bdfb52ec994caeaba0200000007733df25bb822d427fc50610bd4caab4e11a16289a02f45f80a4031f28a20fe340000000bfbdf0facafae7b86f5ff877a1edb7b57098365809c99213b4ac6a730496fb09953985ef3563adeab575ff76b0b8a5034e99035035c9ceaa22dc957563cae1d8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435569" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000005a4970c4da30d4bc8d9720955f23a8bfd727458fcdb8599d805a9aa9ebcd36aa000000000e800000000200002000000008f6319c8baf821d731301dbef93980fdae38efa225011f1602b38f034b77695900000005f165930c5048e90d8225fe1a1db84438811e7f18366a8cb7e7187f49a6fd81fd1d1c1ee34cd08c44815032628c6f5c495ad219d8a746ea54e143f68f80352e5ec74e553dcf51c8b8ead685648fc80d4516c66b51acddc2173a032ce8d405c54a96544bbbc141791dde086dba2f6f47d0d59678bf46a5a72a3001d919d9da67752358ac024a6e04050c0a8e5b2bd184c400000000e5558681a7aa7480f8082d187936c86ff2f6d93684d1bee419fad0caa900d5c855e8fd416ea46239e1605644a661b813202f31a98692f73dc0acbc2c73878b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605a9ae17abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB70AD21-296D-11EF-A5E3-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275469 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | fpdownload.macromedia.com | udp |
| GB | 2.22.133.225:80 | fpdownload.macromedia.com | tcp |
| GB | 2.22.133.225:80 | fpdownload.macromedia.com | tcp |
| US | 8.8.8.8:53 | fpdownload2.macromedia.com | udp |
| US | 2.20.12.81:80 | fpdownload2.macromedia.com | tcp |
| US | 2.20.12.81:80 | fpdownload2.macromedia.com | tcp |
| US | 8.8.8.8:53 | get3.adobe.com | udp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| US | 8.8.8.8:53 | share.baidu.com | udp |
| US | 8.8.8.8:53 | s84.cnzz.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | amos1.taobao.com | udp |
| US | 8.8.8.8:53 | odr.jsdsgsxt.gov.cn | udp |
| CN | 14.215.182.161:80 | share.baidu.com | tcp |
| CN | 14.215.182.161:80 | share.baidu.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| CN | 220.185.168.234:80 | s84.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s84.cnzz.com | tcp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.232:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.136.105:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.105:80 | pub.idqqimg.com | tcp |
| HK | 203.205.136.105:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.224:80 | ocsp.dcocsp.cn | tcp |
| CN | 39.156.68.163:80 | share.baidu.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| CN | 39.156.68.163:80 | share.baidu.com | tcp |
| CN | 220.185.168.234:80 | s84.cnzz.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2000.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar20BF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34bf3001fa7cf8bcf4d151be7b6e3581 |
| SHA1 | c7773251e3e2d532332eab588682ce2cfe5a7d0c |
| SHA256 | 8bd822d0564f37f06b15eaf8fe4bab157d66f289c66eeccdca1b5339cf70ee79 |
| SHA512 | ce0b45cec6b4648ad962f1c20efad63970b05ceef0c8474c3b5638df042f937220400fbe94df50d6bbe11d39c1f224f4c7049ebb3508c9b15a0b778b0da72e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f0b9e1c8e3700f1b7b96b52540b491f |
| SHA1 | 3f62bbd7989352bd60c85a59d7a3df2c8e27a4a8 |
| SHA256 | 13e533c5313afbf05de2b2117ac1b87c9ce344e2473f40dabc17f7aa7f6f8f55 |
| SHA512 | 941388a1b1d4832c7f7cff45842b2e821130bc9fce670b7709b952cb0eac1365252e4c59393472133167d76d4f1ac42b11ac08f0f407708a96a8a08f1d57a5f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56f2eac86cb1e45dbba6fc6acf0e050c |
| SHA1 | f48eb0f5c889615eb8e465869096e9d49461c670 |
| SHA256 | cffd6c9c53cc918671a9d496b6d953f415316233410e265011100f5d2e6bda0d |
| SHA512 | aeb7b86d20eb05efef0d16ae62d775713990cbfdd66c6cc859a9d934411570b8f5f21f843d013df33d1c5d5b599b8a7c18cf334e38fb6e9d0e61ffa42299d34d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b0d3faf2d529099c99bbeba7c76dc1e |
| SHA1 | 4631cfd486d025e4adbfc6539562b4ab42c72fd8 |
| SHA256 | 22dae5938c0e1a3d242a2e2d0ee434df322807bb53a2f8caacf90fce21370cfb |
| SHA512 | e27851a2a41192725f554eff7f4fbf31cf64ce0136bb3b53fb47771a95df56b955cb7f57d6cd9442aeab931d928c69bfe0c8478dab3b013dd4d74bd2bda728a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3e4ef3678d193455563f14ed64547d2 |
| SHA1 | 079489fb2ae2f3638b9f0dbd37d9683dc79ed19a |
| SHA256 | d2c25066a1756efc0e000b5fadfe6f817612a9d18b1c08cd68023c9c7921f102 |
| SHA512 | 3935f860f4217edbef24d75ace790bb72100507bd80ddb8a643553b9eaf63850a422c3ac8ad23d863cbb95a5af42542338656694ba12b90146f1971a0567efbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace265579cd42f086da3e35d0de67687 |
| SHA1 | a3dc7b47c2f7330023e504580aafc4e67e38697f |
| SHA256 | 770fc6a1d7182862c2b3b77c3c6b3b239e306f8dabbda9950c122616dd4e8b18 |
| SHA512 | 89eea257391844a70770127c00ffa45635719f87ebb7297c06f67fefd0a02e591429b998a666a5f17b0e26443d9c024300a9ce6687de97b7fdb11d433ee8232a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d9c3f40b1dcedd27889e4a94a608adb |
| SHA1 | 1ad03551bb2b3db260267f2185144369d0df700f |
| SHA256 | 4074889ac2216972d3d6cdb80febdd23b5d8e507f7218d441f462d62104efde0 |
| SHA512 | 9bd412f16ee236078b9d1fab9d5e9076571a3ddec69e9e12d36b827df34a9131d748f11b9c9b0c3373fca2d91f4d485fa68bafd80b63a4fc01aec57efb7adb83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 609730210c378edfb8a725f79166234b |
| SHA1 | 6224d00aeefd5023fa8248707adcc5048bed128f |
| SHA256 | 55a825d3473f49406d127147c66feabfd34fed62384251f766418669793d7d0e |
| SHA512 | aa728ab1302ecce64f1042d5ad699cf8892f5e7a45a9ef40bb5b0af90fdd0f3bae5d327f1ff81e16df876e3033dc15be2368941a2abb95747f50b7405bba4fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb1e03c4fcb7c35da4d1384369df6c97 |
| SHA1 | 3498391ad6e547ec53a606d252a553d3efabe538 |
| SHA256 | cdb66304631691a6456f355511c0d0f80f1f1079ea7e859beb1b21c3d4455a0f |
| SHA512 | 6abe333081f3be681a41cf578be502d309d47990608d6d008ff0ebcfdbbab174b1680f3e3a127b7f4e821e694e97054acdae2e3d3fe35ccb370f687788f2196e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1d7fdee27f0fb83870fffea39e6d7c5 |
| SHA1 | 255c4fa71ab78341fdc9b7bae09dfaf32430d040 |
| SHA256 | 1ed0f23854f9d1e6e5e43575a8b8ebdcd6ccfba3317afce191feb989f6ee656e |
| SHA512 | a97155e957d414efaa7f75bd5d62f710c52af51b863e908e1dc11129a4971ac156bda539bf5aec2a93184efe4645adc57ee2b4c34caa113791e32e49f8488162 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\swflash[1].cab
| MD5 | b3e138191eeca0adcc05cb90bb4c76ff |
| SHA1 | 2d83b50b5992540e2150dfcaddd10f7c67633d2c |
| SHA256 | eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b |
| SHA512 | 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4 |
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf
| MD5 | 60c0b6143a14467a24e31e887954763f |
| SHA1 | 77644b4640740ac85fbb201dbc14e5dccdad33ed |
| SHA256 | 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58 |
| SHA512 | 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f |
\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
| MD5 | 47f240e7f969bc507334f79b42b3b718 |
| SHA1 | 8ec5c3294b3854a32636529d73a5f070d5bcf627 |
| SHA256 | c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11 |
| SHA512 | 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b320a4ff8bf46a28dad1da877a893cf |
| SHA1 | b0c65522579791912ee5def508a314c48b00d569 |
| SHA256 | 6ef2f408ba71d7f8bdf32f6a1b386017beacff83211285d8cb76c31b251f7bbf |
| SHA512 | c733eb39e6b4abe85b5a6944e790f5b8e1263d587c9134b39f91fb0a720d255f16b25dc412afa01fa1e443ee4560b4141f818d8a09bd8ad44b0c723ca11ab5db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 369466448fe1fa275ea388a6c918d661 |
| SHA1 | c47aef3bb8482cbbf6101a49be4ec110511b27d3 |
| SHA256 | 4ed2571b27d79a038aacbc30df8478a6784cb7cce0e28402bb091f0e8d9b70d4 |
| SHA512 | e21a4a90ee8380192cd099b8e1bdcc93258e180a856093938c1dbec738c18cb4b9df4807c5637fbdee8caff06e554b79eb3d144ca44bfdeb7acc06952ae22d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7beb9ef10e75a990fb64aced2ac206a |
| SHA1 | f94457b6485346e412f178deb2dd709232807586 |
| SHA256 | 8621f965c2be4b99ba5f767772f35db4407a7de19a19583890e0c0797475015f |
| SHA512 | 1ed24094ef0fbbe5a513446cd2e307481679072066a479ad724534fcde41e6ab006c596813125d21d0686dfee6a202214fcbb29c512067fd0997ab7aa82f3ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 352e1e1a9ee179386f8c23371a6797fa |
| SHA1 | a6f2076349aefcda48b08becd667815994f541ee |
| SHA256 | e17cb7c9e4527b95cdba06934ab07894182311d4c958a3752724b92387d2ac9d |
| SHA512 | 4dde738ad6337520e681126680b6902a53f18e762b45f65cfec94fc2d3d671136b8906508312fc0474601a91cbb88cc11f055512cf19e2b16b56c5a73743bea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d03b0a618f4a074edab197189bc76ec |
| SHA1 | 3f6b37bd0530ea5181f7f981da70c7971198f51e |
| SHA256 | 4da6ad7b1c83dc74ce386d40ca11e327e3814c0b21be7d944f7ad6f2a9f26873 |
| SHA512 | 996bc2be5bca737e4cd0803b0b1623b041d96edcd815005b7c5a97acd2bed42267beae294285c8b42c0a06087db4931286009f948640234ec494a34f34f954de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bbb7044dd358f2fa6df7bf11c5312eb |
| SHA1 | 4333f7e9c4739e2dc3d85127336b9543aa67f041 |
| SHA256 | 2f68f0c9157bb81d86632c51c002cc50791791ee9783f32b2ccc1ae883b70bfb |
| SHA512 | 0eabc95c11b793b7617993d9b8ebce61316aa97da76d253ae8793f497edb349a318093e95f77ef689a0899c07111275e9c63e692f6d8be490b3412fe682b60bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5781dc2f12b3fd96150d88e63f208173 |
| SHA1 | f1451dc9fd8f55366c996adebf3f2bac1f42a298 |
| SHA256 | b267d84e64706dc8c60b7295e9d48a766ffbef8a616f21f48f978058dd7ebaad |
| SHA512 | 702fcc642aec4217f24f78cf896cd9883894e0bcd1c213e9f346dfa856e42364385a80f24d30b4e95802a421b23bf9e0fe1d4ff5e773b2afb5ded3b48b648cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f04acf2a95eb2b7425d0805b757657a |
| SHA1 | 054888739c44ca8a0e1129603fd07d65c14b404a |
| SHA256 | 1509aeb50795e2c3b2136b9420f915cf528d17f03317e63292b77d53eedbef08 |
| SHA512 | 80ae3fcca76f1ff5324779b6014cefba7b9c72ca9dd2cc0489166d18b1c176f131b75fe6ba2b442ed31af18f246af4379359a94c4aa128e000a192ffe122982b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68b2d4abca542fdbb1e3750555975c57 |
| SHA1 | 857feb93601f5ac99623942de56d92ec148e1ee9 |
| SHA256 | 424d4d320faeb930055a531fd3fe19aa99d4738ab7336a8c86bd7a6f523aa890 |
| SHA512 | 64b8703a188270e802b4151560d90e1ea63a5344de9695caa86ebb182ee6f059fa527e1aff250150c489239f54d9ac82534a80cf58c333f06b975ad4ed6dd8d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b08ad9d8cfe40b3d08c0bab4c284122 |
| SHA1 | 17ec2d5bfc0b207f3619f5896359bac2f5e107fa |
| SHA256 | 0238c669cc8d890d6b59aafbbe15176aa580c0eccbfadf50053a9ba97b55b106 |
| SHA512 | 82ead0d5085d698f6b0cbef40fc03b67c99644b71f7a1e88c5c6c0638becc44cfa5c7f9f2a5eafd15cc09ca33b511390c8ed8b8a102aea77d90160ff212ec658 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:17
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb29fd46f8,0x7ffb29fd4708,0x7ffb29fd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16657655500761137933,14354590387700165295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | s84.cnzz.com | udp |
| US | 8.8.8.8:53 | odr.jsdsgsxt.gov.cn | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | amos1.taobao.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 59.82.122.130:80 | amos1.taobao.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 220.185.168.234:80 | s84.cnzz.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| CN | 220.185.168.234:80 | s84.cnzz.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 72.137.205.203.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4400_QXHDZIFQHXEJHORN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25f0c74effac76767189d78295dacdd2 |
| SHA1 | 7fec3928feede4b462b13d06cd6fcf2ad5be7a0a |
| SHA256 | c159a2200ec3a9cfa0aacc2e42191bbf1adcef38af578b0385066ae50f6c9476 |
| SHA512 | 7c65839f2939b9cfbc1ad3f29d12d737cdddfedc2f3966fcd7ca80f1a414207909de597b4d555ef31e59b932df7fe0bb885919ba85690d446095198e597a7853 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef2e2d9b19a4711b9e3014ec4ea2bb7b |
| SHA1 | 92d9c85c26c993a34b6194736d7993dad78d0462 |
| SHA256 | 8d4ec6ed79ef07cc8b6f77204576df97b8245182bebc21e03ca5d8339e0b65dc |
| SHA512 | 7670e6a791c2becca3994c04481be4e8d56bc4bd509e62664bbed6a55adb591e399e69b6aa8758a1fa4a0efe1da308bd8c7a94891c2e3033182abe3855396ab3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8bc2a73b317ac7e6df0f106eaf34b75e |
| SHA1 | d71d3eb4b802ec48c570a833642c10bedb12de67 |
| SHA256 | f5b2a29e6ff1df41375fb50d57e8da04474ad7f05792f5b185694545af240074 |
| SHA512 | c54399ffd88a0b70f4bd2a01948f405e463054e646c50fb6fbade811da4933d06dc1450fe28bb3d3e4b74b2daae080c95e7888ae238a7497b8931614a481c42c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a28fc8c7b408c9fec7eb29ba72319a1a |
| SHA1 | 2b1815d04fb077e076a7c078db984304b82cf50e |
| SHA256 | 1d26a34f3b686ef9b0f4402fd77dbbf4e517c3a60d31f19751f038953abe9e65 |
| SHA512 | 6a6f10e0011b2e2f335d65b2b5da07e47e06aa5eeb22ac8950f63928c18242952d216526c8a2ba909ad04fdaf073215c4277272c6de2a28c7cb39a211f0a78bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c6d74d2f1201b8a916766b543a13380 |
| SHA1 | 7cf8df5886de670ef5aa4ee77df7a957d56a1c2e |
| SHA256 | 9115bfc657ff8d8ea6e8cccac0f31b2d04d69165d6d40fb1473a77d3bd0dc0c6 |
| SHA512 | 13d488670f04afcddf1304bfc990253fd70bf768e294742f5f868ab8e90d3e681eb0d1829356cf9021f2b3cafedb7438ecb43b974c2cd5679ce656d70b659e75 |