Analysis Overview
SHA256
99967c2be6c05abf88aaac5ad6c9ec6b85a7094d630e2d83b79773af91b179ba
Threat Level: Likely benign
The file c07a4ae290d3f44928d450419f2f68c4_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:53
Platform
win7-20240705-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2052dc68d4f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741338" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000e3924d00f5d1bd79c2106109f16f6a9524060a99eb1a1d7bd8f6c5acf945e1df000000000e80000000020000200000001aeb85b81aa6ca80b6ee8ea33413bad3f583b0c380677ae7ba5bef556ba6f31c20000000ec5b4cf1f10dd859efdbb78c2067fb9beda65615e0258f663695cbf8a0f873f8400000007b6ca2ba8895a053108dc0f3378644ac48f3b4934dab2bfa55f4d0aae40d1beca7280d2a338c6601a6d22ed5676ce63131ebe23b27751b43d2728e2917795fe4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000059f71c7921532c93d0cc0963ba14df76419acf89f8c3a6222e0393296f06aa3c000000000e8000000002000020000000846be510163a868eaf4a79f4eb2c5cdfc343ddddd59f86e5fb07b0295349659f90000000124e997b6a30e9589d90a9f121906a40c25c31870bbce186a3cf2f63df6fd0dfb6f412965a4dbe2083168b6739b8dcc213522662f53d8e4658370646d589d394ede24a6a2c093e02e6196faf0880eec0c255d1299dfc83e1a5bf8b56cc67b30c5de52cc82386bbb1d8e7a8073adf26750ec29845f6c4136eea32a7a921aa74c1acd49941781c95d9a5c5c328abce2b6840000000c259954f36855be9e64f63133ff771a6a03b1b022f7bacee20e5ac5fc649a72a150b032852d7e8beae3dc8446d6cd55c0967e6b1d3765b6cff68fe6211e0b847 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EAA2541-62C7-11EF-ADD5-E21FB89EE600} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2140 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a4ae290d3f44928d450419f2f68c4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s17.cnzz.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| CN | 122.225.212.209:80 | s17.cnzz.com | tcp |
| CN | 122.225.212.209:80 | s17.cnzz.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| GB | 79.133.176.211:80 | ocsp.digicert.cn | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 163.181.57.236:80 | ocsp.dcocsp.cn | tcp |
| GB | 163.181.57.233:80 | ocsp.dcocsp.cn | tcp |
| GB | 163.181.57.236:80 | ocsp.dcocsp.cn | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01466fa13a9417d36ff6d675c75eff48 |
| SHA1 | c9f61af6504dfbf19b207b7ed1a13dc9be2bff9d |
| SHA256 | 4fdcea9d6d6f9bec1058abc5438855154aef6e55e55641649214c2916b32c239 |
| SHA512 | ffe789ccfe9dc8f70e846f77f5f25db454eae2666a8ba0a642f385e3c82b666959a33095343e28d9ca66a53ea55ccef0758fe6be37ac23272e74da199b0240b5 |
C:\Users\Admin\AppData\Local\Temp\Tar6868.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab6866.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9e5a998a0d18e1e5369e95d20d3dfef |
| SHA1 | b921063ef4e09554822665ecde98011936e2e056 |
| SHA256 | 3ef267a18aad88c2d9f702b9c40fa91b7480518725c40bf1ee432f3ae677b460 |
| SHA512 | eddf9c7cf62cc2d62e2c72e8807ecf623e08171ca360ea523d7cdbb6e231fc0c13735a188e5a520f2079e393baded66037dfcb07c3506f050e4d23738136815b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55a57128691a91a7fa802b6ee82fca2c |
| SHA1 | 2614886050e1840a8c39411522a6dbb8b10fe86a |
| SHA256 | 11b7769e9d1635fd90c6247f59625b084f507a182cb8f84434eac927544a21a1 |
| SHA512 | e78295df5c8338e7fde99345aba78f5f9f198e8baf1b51bed6d4c730832aa7f5a0f95d8aedfb24dea39027539e533c86b103277405897b96bf77f96cbe14ba4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70e8c5d25502edfc405513bb929764fe |
| SHA1 | 28101ac2d07c93a3c3cad6fadf98dcf083877d80 |
| SHA256 | 80cc0e3a9c9d15830f0cd1283ce9611fb58eda6deff2b7bcd8faa4e32da4b493 |
| SHA512 | f8098e4fff52f9534f3b3a0228229197c971a534f1542a4bc1807927d6cd6590da806de7491a6e36683aed5dac8f67eb0250a517026a16220c0166daa3974561 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76147b287c177f0d5254f5af57c89246 |
| SHA1 | 8fee123ca496c88b682fc5446849b3eb49eb47f1 |
| SHA256 | e2f68795fad5525ac28abddb84e0682b129c8607650ff8e87539e3b6294bfce6 |
| SHA512 | 63f6d19e04eb1ebe4a4f8f801bc2b42c483b4bb709d10d42122a0b48c0bc967d3b3c7da8ff4b4f397cbdccbc688d98bdc8f4555929da839859bdfb85efe4e46a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a8745c52b3860c699f3605e84d5c8c |
| SHA1 | 5444f087487f1e5d86181cd2e4884bddd501b3ad |
| SHA256 | ecb14c49cd63e829703064a5752009b7fe8165c5c7166310b81ca79de75dc7e7 |
| SHA512 | 1364cbef2a45031daae26689e863b497adbef94f9bff9bc2e9649e9f6c70b12f212611022f3acbc18a747890ba21975d05ac69cb41d9d8a8134fbd4dfd74d8b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e63123c9aa628e4b986cb035317cd0e5 |
| SHA1 | 56da0ada1b5de268e4ff0ee5d4c020ddc831545c |
| SHA256 | 7720e41da97a18d33a92e533afd9dd6fb7528ba1635a30abab647ea53d94ada7 |
| SHA512 | cc8fcbf8a5b2ba877a8661442c2098e4adcbaa6cc79d5b27a89d97401dc9be7a9eecabb6a6582fb0f130040a8c5c5789fd12b04761aa2c6ec47b41d4eae0d9fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 095a8beb6ca2886ce9709504a82ba4b0 |
| SHA1 | e440b8ea7d2e135a3b0b84ba4a4744045e1a0eb6 |
| SHA256 | 41b28ae0f1b3c92b0fbadd1afc9bf583305d00ef88a71f42ae0682042c7b933b |
| SHA512 | 0f69233da8018dcdaa53342f1e5a4e87aa5f170dc8229bfb04bce18f80bdc52d79ffd9b166920e53c73e35a292d58d21cd11df29a2fd286c71dcf0ade171dbb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bd7ec7c7377037d1a4bccd23e4cb6fd |
| SHA1 | 69144ed66fb1ca7b5de44336e0d4e2020b5012d9 |
| SHA256 | ca84ad0ec77c6a4f9738a200f44ee729d21f67b87f734ce08b720096d67309d4 |
| SHA512 | ce4e3a226e08ec2c49034a7b795032d34b854181eb0b676d6ec751331f31daab5db5ea536d2bd6c9ba859120e46299ef9dbed38260dd8b1689120b7380853d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ca1c7eaaf312e6db7f2fe4a5573c038 |
| SHA1 | fda86a225533f8729b4123807c90881ddf2633cc |
| SHA256 | bb3bb2f9722eeb7c1b0bb9fdffc1933d8167ee009a27d35e70270dffbd0842fe |
| SHA512 | 4fa8be13b50f2a629fe13f22f15b682909e11b62843af304cb0acb1d193371c36d5d96f2602886a833e668d3f342007fed5d9b61ff2a56988edd44fed2db081f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6be52a5279168913083b91707b1c8cc5 |
| SHA1 | d0503845c41af801abc0a2a68f158e98086c883a |
| SHA256 | 7cfdf3ed1b0010d15cebaf411038d37c10d4659243afe7c5be829af364329755 |
| SHA512 | ec0cd21e4a31ce205c9b0fe6848f4b28344973d15a29152122ee9dfd0dd9cbf679837a7d01c4b8a58c2730a252d7bb3071451a9a5db2b61a2b97344e23e35f21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0e7ffd5eb7da7250e6f52ad7fc71769 |
| SHA1 | 41e07752af662770b38772b4130595b4b58956db |
| SHA256 | 152df12c6837eb3baf88c25b07111fcc588081a5d9516833b89878e631c64ec8 |
| SHA512 | 3a7fb8f1ecdd0a65956a544c6fca1fd7f2b1cfcacab3f729f846fa14933012347802942bb5a5dbd8104822220e3e45c52fb8656084cf92d821f84f8ae3ee1ef6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a9da173d14e55c9f53ef3da6bb44ed68 |
| SHA1 | 6419b319f036badea754d6316ab5a4a751eec325 |
| SHA256 | 11f2719f805ae6a5402f11f0e8eccfc28816edc5b91a3b8bc71ab600557295a1 |
| SHA512 | 4fde95dea828ca39d42ee2050e11908192d211bedf2090ce37fe54b2b96c49895bcc920685d861ad144abff6b7f4dac7b6f0ef7f5317c8ed5f90db2e3a584ad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7534ec67018435db1a8f037a702140c |
| SHA1 | b2d7f8a19d8410ea32e7191a1ae122d17b4b6867 |
| SHA256 | da0a9db0b6af0d451bbf9e56c44ebd897823d1fa8e495e6afd72f4425582d183 |
| SHA512 | d56ff958ce995e409f7b27751f76037facd4cdd69781b5fb9147405d22f2a8ae7c5b3f5e3e24ea1a16394a30be32c2fcf549628b123c2af6be9096f4cf664639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5acf1bf41019fd62dc79ec65f21df7c |
| SHA1 | c9279b40a15877039ffb41b21e99c552e47fc0b8 |
| SHA256 | fc18f3b501cbc25d295a49766dbedbe6c748f32098a5be7e1727565d7158a0a9 |
| SHA512 | 58eba410b4e42594a93d98cf6b82a211a78e0361632b56c329d04f9a2f7edc2fca9a536f79815ce5aa05b810aaf75bd090952fbb48776c2e84f6f07c497e8f71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ec9a789a9c93ac995d07a288d999ba6 |
| SHA1 | 07e9927e9a3b39f4ea4cf03fa38aabeb4131dc32 |
| SHA256 | 3e02ecf7d4b63d92d3b6b423e91c3c487a55bafc82c009f2d3ccc12c6fbbac0d |
| SHA512 | 183f94746b03257fe7149f1142a368150abfebd30be181ff6c2a5a29969c05d8a3fbe137f60afc6e681b2b1a73a9b936b090416c296cd0fe53190cf374549e4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1337b992815aca864e2dce121d5eb54 |
| SHA1 | c06bdc66274a161029c495839d1d8d6bb07b136a |
| SHA256 | 78dde62ca6067fcebcffd271766290e360cf00042b711d51c69cfa0179553e61 |
| SHA512 | c05f1638d6d0a3e8b501a05f0f0a1ce746d78ae0ddd485ae404a83ba024f9c44e79215065428a3cc076051ab79fc71df929edb2718b25ab96c63df84fb7013b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c8eeddf9ea93db046d865e4ed615633 |
| SHA1 | 0d4b6f476b471eb14678fd0807567e799e277f8c |
| SHA256 | fd02e63e159b5a4d5e9ef6bf6aa5439d08e49ad7855d68ae006fad8fe811c919 |
| SHA512 | 101406d3f3badc0d202bb75c4d0eeacb3de8cbf85db007d07b628caf1917b382a0609a6e0516a5b9baa49c99546d3ab91d51a0fc707709b88fea0a8ad76f47ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 90db2173d9b8fc6fadadb25fbb6186ea |
| SHA1 | 848832b3d7798db437ad8d4577fb0773abbc3996 |
| SHA256 | 9af5fd65f6e944d0776bef042fcd91e9b085280c6b73bb8217b87600ac191d6d |
| SHA512 | f441b89e923b9ae6c605e8d71f3e75621fa02e7d5350f7045c4f64cd7b4394e36f3aa2c00177972b238cde71b8415b249a3514826c2898c7b2c75e231f047082 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3480360531b86f40b350d3349f6ea97b |
| SHA1 | a232da5bb756d69c55dae48d40a21113eee1e372 |
| SHA256 | c95934e396baa45013a8729181933372f968e2d32748bac35b15c964e748c2ba |
| SHA512 | 39ab04948aa542a0619f09e69e33a7e3b5536acc430ddbe75d718fb28c53367cd972195c730f1492b52cef4321aaf4d7c9f7fa0305efaa6987c0fc61aed8cb0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f628fd3b9dab65e0e89c6224edc84e26 |
| SHA1 | a8420f8b47edbc2321bb026caa2606c49fb1dabf |
| SHA256 | c311a1318d6939640c6c90b12958659429e0ada9dd1eabb98b410377cd0d610b |
| SHA512 | 6cc30606ca81437571785420fcc86353676a343b740b99700e1bd0ecf578559ed98bc36ac60e5cd87f80ca0293d577ec70f3ba6711cae9400d7bcc067e4d8c66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c1abab80d359b3001c7fb44915336a |
| SHA1 | 6ffc4fb5508e3f6f89115d634e955da460d1bef3 |
| SHA256 | 10235345316792f8f97310ed9844163d67e438a4c127575c35c6271953974b0b |
| SHA512 | e4c9cf78fbc9ab306ab92b530c54b0525db4f56593af208cd28b0f2a1586f444cf0bf5a57b116f2a881639b3dc29c8a6c59dd45addbf46bac8ab3de8d405b1c1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:53
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07a4ae290d3f44928d450419f2f68c4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffff7d446f8,0x7ffff7d44708,0x7ffff7d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14276603430497908841,14942557692658484600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s17.cnzz.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| CN | 122.225.212.209:80 | s17.cnzz.com | tcp |
| CN | 122.225.212.209:80 | s17.cnzz.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 209.212.225.122.in-addr.arpa | udp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 228.98.240.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:80 | pub.idqqimg.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| HK | 203.205.137.72:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 72.137.205.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_5084_GXHAAQVXRXKZFMIG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18763a06312c596c54924838a0c382b7 |
| SHA1 | 70ac0e21c281a076f9bd2a65ecd05db61824d259 |
| SHA256 | 2ffa598507c72f299d2d09d0a39cdeba8e9f2f9a6986a888e79661fbc2456fac |
| SHA512 | 9428ef91b72bd59ac87244e2b2d6b64bf85883c8bc162ffb30027f27ba9d61c6352539abcb3bb60b1368f49265088b5ed26c1021528abc77bfff3f8dece0545c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d7aaa055bd376486bb5c0956b7e9d1c5 |
| SHA1 | bf0c77397906c15b689d0160cb8273c9b04a2265 |
| SHA256 | 74faabed209173bc1b0ea0b45ecded3066f0be2c675f8a9873e88aa4501c374c |
| SHA512 | d03c65516c0f0260a875cca684c445b2b3438bb4176e41aa2e1bc5f4d387a62c90b635a65568d8fde2817b7ccf65a09b9765a37af7194a18a82f91dc056bc745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c111ef6446ef0c0e2d43855489fb9c88 |
| SHA1 | 62369d19c281e91274f72a4055862dcb404b691f |
| SHA256 | 213a3be43ff3c2a469a1712c45f3fd6c0a7fe56a4f705aae31af8ff33419bbf9 |
| SHA512 | 816de53a3f552321aa1e0a5ae0b520ec48590b8b1ca72db2454cd885aae8fec19982faa37dc16221b1cb7d1251b6bd9e18642605496340be8a3324644e343d13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b8e56d12e702b21a8ff8be007174c4f |
| SHA1 | fad32f644c24c905052ec84320220390ade4f1de |
| SHA256 | 8329dcd7ca42ee73a0a780555723da2b34a9fe01d240c0e2a511dd7872f172a0 |
| SHA512 | 09ae2887f527359111dc8dda1fa16dcb47afb2cf7a28027b2fbc6ee75e0c3346e15b7d50c3a67ad2aa67c5ceb7aa46373209f606675ccaf7c4b8d741e6aab99f |