Analysis Overview
SHA256
a4ba20e34026daf92b6bfc27a571bbe5cbf4f684e315498eaf155a05ec22ee65
Threat Level: Likely benign
The file c033e0a5ae7f779c369dd76d3df8faf8_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 07:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 07:04
Reported
2024-08-25 07:07
Platform
win7-20240729-en
Max time kernel
141s
Max time network
146s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000aff5424f791c2c81c2945acfc03cbbb797ab66067ab00b2bbb5b83a5899ea029000000000e8000000002000020000000a47646bc79634b6d1fbdf0abb07ee2a103fac9bfffa0681aed777c86f8992ff6900000006a63df557ebc4a8b4af9081c1eb51df62e034c913718e0b7bd3b1c855f55969c20c95573ecb24842051397f64b947577ecdddacb921b84190958f08dc8fd718b69d63f0f89ec31e680ebd86738f3bd6185690251fc315681381af5bf2b633425340a82f9e7fe0f8ed651d0d9108e97fe0fb2ebbbb7c07d154c799959b69938092df0ae7fc7a120c062a702f4ee994db1400000005791ba65ab9d796401cba04ed6ffe73f843df7ab8d432a551ad5b8fd75261aec75e22802b73dd71f9af795e0be0f06685e237b5705570877db95ea32a2fd88e2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000002945d80b8f8ce8d20f5747560f71659d817ce6d09558494ef5d992f3160619bb000000000e80000000020000200000008e1b039fe1de4d9ff3d8b311db67559d73b375801db2ea1f570875797cd7845220000000c7e9092445a7098fc5e68c1f7940b45ad52a2bd3a9727c38e154cd2b05b1f5e240000000919873d090a867ec64b35674f8a25e135ebba41378ca173500bbb56162562c15369394f27a211c669979d32bfa63efcb919db40ce3ff73399b34159b948afede | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e08f6e27bdf6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C25D281-62B0-11EF-A5E9-FE7389BE724D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731348" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2308 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c033e0a5ae7f779c369dd76d3df8faf8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | my-downloads.rozblog.com | udp |
| US | 8.8.8.8:53 | up-themes.persiangig.com | udp |
| US | 8.8.8.8:53 | skin98.persiangig.com | udp |
| US | 8.8.8.8:53 | linkseo.ir | udp |
| US | 8.8.8.8:53 | rozblog.com | udp |
| US | 8.8.8.8:53 | s1.picofile.com | udp |
| US | 8.8.8.8:53 | s3.picofile.com | udp |
| US | 8.8.8.8:53 | cdn.engine.4dsply.com | udp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| US | 104.16.203.119:443 | cdn.engine.4dsply.com | tcp |
| US | 104.16.203.119:443 | cdn.engine.4dsply.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| IR | 185.49.85.182:443 | s3.picofile.com | tcp |
| IR | 185.49.85.182:443 | s3.picofile.com | tcp |
| US | 8.8.8.8:53 | popkade.ir | udp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 185.49.85.182:443 | s3.picofile.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | popkade.ir | udp |
| US | 8.8.8.8:53 | www.p30rank.ir | udp |
| AT | 152.53.64.158:80 | www.p30rank.ir | tcp |
| AT | 152.53.64.158:80 | www.p30rank.ir | tcp |
| AT | 152.53.64.158:443 | www.p30rank.ir | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 92.123.143.169:80 | e6.o.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabABAC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAC1C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ace82a5b2d256192a591466b215b57f |
| SHA1 | 5b390440f01483dc593af34e0645e4030dea30d9 |
| SHA256 | 76065623a9b20d0c267eddf15d7c3d4c7f013bd9a21931febc66e9a7ad687498 |
| SHA512 | 534eea1450d030a509bad579693c969e2f94a2b8e239ffdd9a4221f1cbcca2f4e04bccae2fd61ffe3e85c942129f438011f1e048128d80829c2dd30aeb3a44ef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\site[1].js
| MD5 | 17f5de1918f048449e1c73f922db12ac |
| SHA1 | 33c38b4790712d0678156e97cb47e1712da4989d |
| SHA256 | d526cbfd2682ef59cd5eed8ec29d8123b2b1cc607cc4874ac5440a2326453f1a |
| SHA512 | 28e81a6761207a6eae6c8c868edff6a10e5e752816e90da08ca72d60d31816cd1587fc193d2576705c2184748a64b316874142d5d37e4817dcedf7165060da8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d5fdf109f7bfc6d3e25959ba8c75261 |
| SHA1 | e87ebbbd1975e98598bd981446d6259487b47997 |
| SHA256 | 388f324d4ea8689f0d1d74e6631e718329809d1859036e2759868fa0fbf8d99c |
| SHA512 | a466158bd19e2525e99eec97c2ccf9b90378470297f96bc5d3202505ed653ac460231edbe1601d758a4379626b526d02cb39768778cbdf44df8ea023d6207e20 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\style[1].css
| MD5 | 4e5b2934e906b911362280f8d88899ed |
| SHA1 | cbbe1eedb0fb75e494573824274c812fb45a72af |
| SHA256 | 2507d55a51044de0e5aacb0005195b6a7296ee74d694d4a7806d7781048ad14b |
| SHA512 | f0b487d77d226120595f14516d45d445bf147a5506e14f9845897931e9b1f9997f5f9e6c32bed4c4651a49c1fc822d70d90b0b3abe7483103613c696faa1bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\wp-page-numbers[1].css
| MD5 | 2cae9789d1bb0e24b3d77044f61794de |
| SHA1 | 4a87661cef6fca596d1b1e1715ce3d510dfd4ef0 |
| SHA256 | 6b2074842ace46bced09d777b7dafbe906a9597c3c0010c407d828b0a505c66c |
| SHA512 | a7f41134683fc17c6c8b74d8f2cb7cdc3e5fd5d2b07a3828fad34faea49cc7b9b7f43f834620cc7ad199456a93b5e78b146270ebe3609b47aad8f92b781a762d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\skin98[1].js
| MD5 | c728463cb24222963d38b024ae7a26eb |
| SHA1 | 92bce4293ed56655afa3e93bba697e703d6d1ae2 |
| SHA256 | ab0b2d28708886296a3ad8671ee0a00136593536ee59b1c1f8d59306780493ae |
| SHA512 | dcd807d4cfe9c22f27717807aa53ca081538d88a00a4af27f1713f510b259cb055782e8d83f0f250220a25e3c5976d424cdc1fc8663ca494fc0c86f3f0ab354a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3cd6bebdd5c0c8377d28cddc5e1637f |
| SHA1 | c2816411429d72cf1be095e9bf7f214cd91be611 |
| SHA256 | 1e7bb92c482308df39fe7fac45e8f420f06ffc3004c2b04e33fe5487a64daef1 |
| SHA512 | 7f95d1dacbc6fb0cead296006fd3249aa11d48b0f0337bfb7533a850174e7ff8b628711e000a6ee8b5971b1c2c7b2426c6aae61f2c608f9256f6c911e45f8379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27fcd3869c2b56db408e54256aa2c92b |
| SHA1 | a87c41fb6ec625e02d3f90e0421dbf75cc49918f |
| SHA256 | 16d3c7c299054a533c1f0299784b9d2e063358f78160a3d2d50e9b20621cf9f7 |
| SHA512 | 8cd8d9df6b5b021383d2467ca77616912dacbd1d069744eb7274954b4130632f5a894b640367eb852659b80b65d9ae9e66f9950021e67e3e7153ab7ed7f4284a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccbad17db8773b215232bc74e3a76d3b |
| SHA1 | 10555a78ac9c3bbbb23352ffa9f1a55ad24225fc |
| SHA256 | ef0e7481ac3008d4c4c3c6058d93e7ef8f4cff7d2eaab7f34564287bcc0d574f |
| SHA512 | 989fbaee3bc4b2d69421793bb07a89d9b02984263df685f22c5a96009e0be1250f71ff15ba2bf25c7bc9ff5de585dfc5393d10c9dac99efcbe8ddeb6993752b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00811c4791f0a9daf158f3d03ab1b144 |
| SHA1 | 13c74495c52f7387b1facc475f501cee54fcb9a2 |
| SHA256 | 74d7402a72914d5a1f2d13213a91168f9fce59b9d2cd4929d67a66f441273171 |
| SHA512 | f6e927453ac2615e3d354f5477379a1a4657cbdc94bc5db7ed3fcdd39332697a6ef6a2ca2e454d28bbefb30c101c91cce27cbc580ab6f7e3ae58935efac35d39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae07ea4071b1d1380d3ca8bd78c36ff0 |
| SHA1 | a8485b5f05857583ce24408dc6374f7f7cb85e21 |
| SHA256 | 9c32a5adfd708f80c73a66fa362f5f8b0850b2169dc4b433f1eed1c86c40cdd7 |
| SHA512 | 84a0dfca3196afff34d01030d6a26a0186441fb33a014ff8ddd20e455ba330d0f1b52e6d9ce446b94f1409d6b2c7b9c1bea4f9bad058c0e150f4273e18e154b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 572bf4f35236898a1d195bf380c46362 |
| SHA1 | 22cf2fb8a13824355c750e8bd0b4cc2bcacf7ef5 |
| SHA256 | ce9fc8eddab8535454fd330b81a6e96e0c832056ad4aa1dbeae62587dd9c11c0 |
| SHA512 | ef3d0a5d3f5dd2182b0720f43223896de922167844b937abedfb9b81ff139ed36ef1a889a5d6b9823b6547a8d9391f3d90c35c4a04c2039246684c3068ba9548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13b31df9137a5efe2463410c9e0c8b16 |
| SHA1 | 7768846bb2cc1dd37c6de438c43c8770e60801a9 |
| SHA256 | 034a593425ed9516a983965e4795e27b4c7fbcb7d9c8cdee4f2b934b15451359 |
| SHA512 | 0f0ae941c9e2c7ff3c861e6a5bdcb22e893db9427da7db0b830550c4436293d6fcd434bbf5816350ebdc6617dfc40ce8ad3c34906e4df3465115c7278443698b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 570128386bfc80d30173929add4f15dc |
| SHA1 | bbee6bf6603803391a15271ed939bf4dd6966642 |
| SHA256 | 85d7ee17ef388594c6ca2c091b77e0c4f0147052b676612118f5e68b8f3b1742 |
| SHA512 | 2771689296c27edf6bc366fff94308a8e00dce3647b433041a0529eaec4b24e35567904204d6d04484231353360db259e91de16df55110ccf3c322c3e9aacef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93bac42b422973e98b0614b0743d80e0 |
| SHA1 | 072707aa4423a93e3a2a76dd734b0709c887fb82 |
| SHA256 | d7dc9e91537beff74d7224cc4f6bb60ecf145bcd1ed862dc04bc001d31918d8c |
| SHA512 | afccc4a241c9df852c78616c6de2a40eca55893cfcad38ea542e12c987878d8fa82075157627647cc3417ca9956fc0bca7b3fffd789339c4a59a19060cb8e2d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac3503531c5929a076b127c8a40eef41 |
| SHA1 | 6108d2d933849530c81b24f45b99970d13b57a55 |
| SHA256 | b3e006e745cc72fbd10c14b707dcdd66590d9b1fbfa6259562361898dc03a793 |
| SHA512 | 0466950ce03c7855a15d0a0714c51bef1c0d0af2d69ec610f842c55e0e87ada7589ba3381fb5a4233bf58406b4c02aed06db16c66acd214a2aee319d78926b45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 418b50838e95b0f6353372a5c5b7a9d6 |
| SHA1 | 56e59c6d1fae1759c5197e9ef511efbfe8b7880a |
| SHA256 | 503bb15ee59ecea43a46de041e9830da41a1d7d6cbc68dd50e1478a9b653573c |
| SHA512 | c47b232f28ef561fc2de2a3cc085391ca592cca8cc902dbb3b60d3426dfb021cd95912dfa87fcfdf17d20579eaf5b30923e77dc160787c6d763f5739c93b20b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04ae98622b755c8e2210e61bff364c7c |
| SHA1 | 4fc6937b454b1229a2654a183e9a0bd171690dc3 |
| SHA256 | 199a4066a1a95b5136b07e3862bcdf2dcede96e1117b5a1e97ae97ee2b465499 |
| SHA512 | f948c4ca43dccc5945addc527130213bc1bf85cd4bd82b764f1c8166cb2be8b62624995120d74ade68bd4783b6fb985a515a00ec704d12d8e347e013184194fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ed15d30d7db352fe778633c1a27bb4e |
| SHA1 | b68dcebf82d50208b644619f33674285600d5db6 |
| SHA256 | e84c5bd6a9d4c7c0a80ed8ecf3128347d4a8b91fdc64b071ddd6b6efbbf7ff2d |
| SHA512 | 23b088a1c0f0fb9b25cc16bc3570aa43078f751ece9054c3bd2690e96474d949821bf69707b7e2b5cfb9361a567db24ee8875dfaf638547fa7e41d3c9d0ddc7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1429d5c82a5860cf870527c2a156f8b |
| SHA1 | 29bbc1f723e4a12f918a93eda752b5377e983236 |
| SHA256 | 71dc4d3c7df86f2109023d3f06b0035af1db5177fa13f24ae25902b2306bb365 |
| SHA512 | af082684218f971302e7a19623d80e6ecffe2ee6e37b38b99c4959b01779c1b2d8605c11a748684098ec8cf2b73af2410717bd59d35376ca6c57500c40d3ea67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 645960237ae93421d7385e3390c8b28d |
| SHA1 | 22de8fa7525e9dd3f7f6ff09064c4c2b377a9d13 |
| SHA256 | 9b68646f60957e9ca81cb0cdaddedb7b6264b454a77b01ab41bd84a49a016962 |
| SHA512 | d96462ebd9352bddf28c161db47f30bf8c00599959a1a6114c012030da0ce53c1dcc9173279461c794a904fd439d431d1c271e37887b2b65b7a9fd5541911bb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 891f76f5377d3ca9218c81917382fdb9 |
| SHA1 | bc61c24c54d9b4385f7c39a97da0b408a7573fcf |
| SHA256 | a8a2dad29ae9b210af4085b6865a674f5f63654a65fed6462be624d4e4b24240 |
| SHA512 | 2ab0d3c75f4e7054d40395f551e96c6e1c600965f7f8f8d29e2ca4fc90e8593a03b7a02da28f0b4754fca88165ec78655ef7fa8ccc6bad46c42dd5dc3c046751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 836a99739f6730111abd6117c3b7870b |
| SHA1 | d9d4a415e72af32ec9d254c2a7a1cb5e01ded140 |
| SHA256 | d38f9daf5bab49ddce1b2a090b16d656ecc9db5708679043696a68521b2ca4dd |
| SHA512 | 89ff4e3781ac18067b13882167e960c414c2b730bd3c7522d5eecec75e62465d696495375c420d63bddffcfbd1ac7a53ba85df741e772760dfe61065cf6386fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115eb170920e3f7700ee3b4c9b75e740 |
| SHA1 | a35b2513c1a6b03aeffcec66de9b286001797b0c |
| SHA256 | ec12810776aeccb3435cc334aa7b199186ac49b58a2f7b90e600229743c58a80 |
| SHA512 | 1742eb557421e83724db125f5a73c8a360aa6e66121a26222a78c4992be13d7841de0d57c0c48acd4c5d4bd42ad6dcafc71362c6c8c4a96d66ea7dc07ea66a0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a85095f567795fb3d386ae1cc4df6ef8 |
| SHA1 | f515d5cc4cb51bbcd030ddee9e09dec84ad30ff6 |
| SHA256 | ad5309f54a3efc0879a9c83a22cf74c40f55f986dab11ba37cd97d928e8e3abd |
| SHA512 | 03930f65b45032806329d60bed4ff7b5713dfde757e932271bbb424a1bf6e8df4443c3c46e1cacf5c28ea788531ef893a0b4c4a947ed88e701b96d69208ea89c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2dde923cfba380c8369aacac2cb61b |
| SHA1 | 58a71dbcc23ae99cf7f902eaa6018bf1dc091e2a |
| SHA256 | 7a35fc1c34befe85a3c01aea863e05f8078464e3691e41402c0b43432201dec5 |
| SHA512 | 5c50cd85d5b814a3c2d34a92c0a3a96032e845bac82b9ff1246faefc6656997a322893e97512d4a7f6d6c0bd51a46e41f91b6113981998a8bf2736fcaa336bcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fe3410835e1d7738eda959025303347 |
| SHA1 | 85ed41c5898c97e35a58efbe80b0a0e6278ab835 |
| SHA256 | 2363d316bdda600efd89ee04c4d1d3a47d260aecb9821609f55a2e0f525ae47e |
| SHA512 | 54141c8623ff30b0648f89a4fa09d9ae03de8d68992c2b2cda75221b02650a9f919c763639cc809476ff4272c7444e32ccee927b772c1741a27c5e675915661c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 07:04
Reported
2024-08-25 07:07
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c033e0a5ae7f779c369dd76d3df8faf8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce0eb46f8,0x7ffce0eb4708,0x7ffce0eb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11998316886716170833,16168187518415253568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | my-downloads.rozblog.com | udp |
| US | 8.8.8.8:53 | rozblog.com | udp |
| US | 8.8.8.8:53 | skin98.persiangig.com | udp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.19.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.127.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | linkseo.ir | udp |
| US | 8.8.8.8:53 | popkade.ir | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| DE | 51.195.19.98:80 | skin98.persiangig.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| US | 8.8.8.8:53 | up-themes.persiangig.com | udp |
| US | 8.8.8.8:53 | s1.picofile.com | udp |
| US | 8.8.8.8:53 | cdn.engine.4dsply.com | udp |
| US | 8.8.8.8:53 | s3.picofile.com | udp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 79.127.127.68:80 | rozblog.com | tcp |
| US | 104.16.202.119:443 | cdn.engine.4dsply.com | tcp |
| DE | 51.195.19.98:80 | up-themes.persiangig.com | tcp |
| DE | 51.195.19.98:80 | up-themes.persiangig.com | tcp |
| DE | 51.195.19.98:80 | up-themes.persiangig.com | tcp |
| DE | 51.195.19.98:80 | up-themes.persiangig.com | tcp |
| US | 8.8.8.8:53 | www.p30rank.ir | udp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| AT | 152.53.64.158:80 | www.p30rank.ir | tcp |
| DE | 51.195.19.98:80 | up-themes.persiangig.com | tcp |
| IR | 185.49.85.182:80 | s3.picofile.com | tcp |
| IR | 185.49.85.182:443 | s3.picofile.com | tcp |
| AT | 152.53.64.158:443 | www.p30rank.ir | tcp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.202.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.85.49.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.64.53.152.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| IR | 185.49.85.182:443 | s3.picofile.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 201.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_4220_BQKASWSGJDLQYKTI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bcafef0e7466f9b4b5838c3e8bee039 |
| SHA1 | 3886e1887d85640d36e3ab446b3e890d87bc96e8 |
| SHA256 | 13fca2aba984ccd397313fb29a9a6070d767b9adafd3a12a2f61502231e880ff |
| SHA512 | caa0a793bd81e616f059430e3bed4fed724c29ca5f835c8021796ca3ed121c271ecfaf0f90dcd98f56074eb3d51b4e9fd4da125206cff69f0fa7c0531a63a969 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f300659fe0b4582b968604515d79b7a0 |
| SHA1 | 633268913c37a2a04d8b58c9f94a1b9aa5c4cea8 |
| SHA256 | 85b5385fcea2f93473a785238ad7240067a19d7f0bd64059e91b42779eac7681 |
| SHA512 | c2cf1c38eff65c5968eb81bfaab6cba16ffa018de3bb2e4d2fc27bc4367f9d3cb3b39471fbfcd7984f900134eb5db46c69fcbb92c2d42065c6f51d2543284a62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55d3e90af5f8539ba85ef396553626ae |
| SHA1 | 266cd65f839b4cfb7fc4a1c428fee55fb814d96f |
| SHA256 | 024e87bacbd4774096ff3b2948a07d9d124489336c1e00e682f2b49e1c36d1f8 |
| SHA512 | 298731052851bdb562534bbf2c978fcd940a64c158bcbb8d4bfb2500380b50ffdff606d82d0908656c74a6abf0f6c2bc272f00b3a8f4ea27ac5445829ce723b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dfe11e88ec36884069cc7bfc90c2d3d5 |
| SHA1 | f5cedcf460d1fdcfe5841c8e65338172e986a0e8 |
| SHA256 | e8f4ec341159268e4846ec12f61cf6f1520f25d80ca1bca517159289bb3a89f8 |
| SHA512 | a1b4e7f33492ceaf1efe91d82aa781812f7a9d86db464c454c5b7791323653ff9b7e2cda14eab293a00be87d63603fae2897277080b964284ef8bf375cff5822 |