Analysis Overview
SHA256
acaefc7b2d5e55c3f009dc0775f7ed3170b6a0d7a70be6614311de1f590f91ee
Threat Level: No (potentially) malicious behavior was detected
The file 8cfa35de6360824286b5554b422b5378_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 05:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 05:07
Reported
2024-06-02 05:09
Platform
win7-20240221-en
Max time kernel
144s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b27bc4bb49399240a9a53ab96b75ed0c0000000002000000000010660000000100002000000036c26b03b32b100e45228a4c5d1b9a32817c70585dea314b2084f9baf073469e000000000e800000000200002000000074ce717d54297f48aa08f4c1e92a92a58a3672b9073613d32cd927894846c80890000000cc9de1409e8d1e4e1151d3828c968789daf1161a4397e9a693ac2c05aca1aea9854cad1e0c3b5ccf6c6669712ffd64315c4cd032537a5fad891588c9b2702f88c35d896064e9103b6596a9a973dd57211c46684afa21d28584c415cc8b99efcc86fc9883ba71a59ba57c27325e3b6925b4ca8bdd5fff878efb22f0a731f7daea607d174cbccf6a5fc3b8641fc35dd999400000006740962f4fa8649adfc01a7f679bb380be21d0e02d5b60a8a41cdf4526e273de2bd04b3c48464c7daf04e087869fe0ecdb7df39cffd2a11e1750346abd791e52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD4664D1-209D-11EF-8804-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423466708" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b27bc4bb49399240a9a53ab96b75ed0c00000000020000000000106600000001000020000000ac65d6ec85dd21e4e9c2142d7266c085d6fce1909594ef76a892c1c58ff0aa09000000000e8000000002000020000000ab7b4e3a9b1707adcb3fc0fdae7a166b80fa403fa925e6291c617b5261d5e6ea200000006123b6cd79548d8f82cc61b20f8436e915f91fd5ee41a3545eeaa798f94ad7b84000000084434257421c594e8f589f1b5df7b620ede4efa731a412969fc113edbedad65473394ca73728f91f0037cba88a33b532db0e1cbc026fce10839825c0611cf697 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06013f1aab4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1908 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1908 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1908 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1908 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cfa35de6360824286b5554b422b5378_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | musicindustryjobs.com | udp |
| US | 8.8.8.8:53 | www.employment911.com | udp |
| US | 8.8.8.8:53 | www.indeed.com | udp |
| US | 8.8.8.8:53 | www.musicbusinesspage.com | udp |
| US | 162.159.130.67:80 | www.indeed.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 162.159.130.67:80 | www.indeed.com | tcp |
| US | 172.67.147.46:80 | www.employment911.com | tcp |
| US | 172.67.147.46:80 | www.employment911.com | tcp |
| US | 162.159.130.67:443 | www.indeed.com | tcp |
| US | 8.8.8.8:53 | roscommon.com | udp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| US | 8.8.8.8:53 | welusweb.pl | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\jquery-migrate.min[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Temp\Cab16AE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c8b8602cb2eb1712af9a5949218ff11 |
| SHA1 | e83eff5eb65dba65cefc2e7f4ba77f2689055db2 |
| SHA256 | 04d4c95527fe9dbafd0476c97adbf711e856503437fd671457a6a864703431b7 |
| SHA512 | 9e7c696a1623c77b27c2859d6453a7bbf6d99beabbc2029a9446456273fbf7ac0940e24da8028f5aee8581df1b467b0cd8779d132eb03cc1c107a9070336d2f8 |
C:\Users\Admin\AppData\Local\Temp\Tar178F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\domains[5].htm
| MD5 | d8b7fbaede6d67ee6c1475f3d3e717f7 |
| SHA1 | e711a3585e31978b17ce4545ccaab227739ce6dd |
| SHA256 | 7970c14089a6bcb20b51602278f802f761856236c1b9a5d5816e3e1681f863ba |
| SHA512 | ccfcff10154d4ae06cb9aa8a26d01806e39a280ecbb9207e835c65b9b36f9ff257e593ea024f95de4eea28560514e22b0a7d25f5dc2997001c827023916c07f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e82c3af2d2f3dcb26c4dfa3336aa754 |
| SHA1 | 9d394b24fd073dff7b44444e7ba42c2a59d546a4 |
| SHA256 | 78c434065e981869938187323ab68cfdadbd0c271777181481391e50dec90c21 |
| SHA512 | 7d018eb390b9d78113e8c72b422ef0295d6ecebf94a44ec4ce442ad3c4e675f53f54ae94e9dacec64cb07186a267d04142b2d930b0768f389bfba040551d076e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2c07e38c5aa72f13b3f52fc116e5c2 |
| SHA1 | 99b0ca162eec7beb323e865e43ec729d8a0664f8 |
| SHA256 | c353f804de0c43e0507ea6984ab644c31863084913b8cd3d5ce5d8be349b91a9 |
| SHA512 | a69a62cdc640f30b3efd81d6356edf5297235404f4010a1b2341b37138b6ba1922a1f966fe62603b4b9059c4894f864405637780b8e084929526be60b31320c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | aa2529299b58c35a89dd34ae90b47313 |
| SHA1 | c385aec5d5cff93f285583ac9fd30c27a7badee2 |
| SHA256 | cb46b6bd516466a3949a50796cd2b89cf2647476361c25aa4ca9412adb440409 |
| SHA512 | 778cfc0acb1593e07ce9f6339e18004e8d0ef573609cd6ee5557370498eb15458d4e05842e87ea9fca66614a542ee077e89da064299834c71c936d12dd82c276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7241f4a15768c8d6d54eda80bda74d35 |
| SHA1 | 35633ab7d472fca66dea4e057631925ad3d3e151 |
| SHA256 | bfe62b3a4ed3d7bec93b7a90b1140cad2e3f82ec3580a9021921118c705f1557 |
| SHA512 | 7242d7505e77d6e8dfee21b56b159ef1086d2395a5dbec96d6e29dd7ce8422b0f193e8c123fc21a00be1c13f08e751e548732c9213f8cfeb1aea3ffb8f814ac4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55a26a36f0f926567446bf464f0403ec |
| SHA1 | 2d848b3fb18a10ff9e61eb1cce8122eefc2de3fb |
| SHA256 | 8c95f4d033d89603836d84248a0d3455f4a460c28e1c1d032d0c4b29c1a88149 |
| SHA512 | dc34a6bbb15e339d30228f68a051dfc37afb1b96ee3e4042e000160e0a970edb339f0695c5bc4571e8c1729d5bf7fe091d84e8f965438278c5d27f23e9ebfd69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce640a0b8921868ba6c18a6cac5aa3b1 |
| SHA1 | 8c904ee9e5e82c088bcf092a421503dc98a9aaa0 |
| SHA256 | a47b3f0d78c68074384ac628cdfc606f434b10846702dd4551d8c37dd7e31ab4 |
| SHA512 | 03f428a8e45b44d414d39845b47799d6cb1c602b5cea36b5abd5a93fd8aa9681994fe403edf9e8f7e38c0863c49397261fae12cf2523d7357588f260dfe39432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d5464d108aed6bd9751382b7a27687 |
| SHA1 | a7c77832549f3bc8145c815c53b2d179ba9d0075 |
| SHA256 | 5beeb059d8482f1075316366bba0f21badf61aa12b70dde59f4da9cdbac444ce |
| SHA512 | f40e60cbae8e4afcda6abaddabc6da72746c1320dd07ea2d7f69e7a843440e1460dbda895e08d618570df7c8b5a512817f178a70751e436471f770d621a90504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f21b411438cb1e3f19c9d41fa7c8383 |
| SHA1 | 3df0cbf7def4a3ad52506ba80491275644b33ec7 |
| SHA256 | 6253d87ffb766514ccb478f596e750a8d902e7cc29bc9fbf735cb6e8b6406ff9 |
| SHA512 | 0a47d04c21f2f6be7917f97c50c2f4ba3e7b85b222efd8fd25096511cb78a97ffd2635f2769f1063e0a49b1c57e3d2d800fdc03a411eec98cd2a4001c5c01c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1bb9a38af095231e2b6ee5d5825b1746 |
| SHA1 | 3d086ded224d91dcfb7d74a39e05fc2a3628d08c |
| SHA256 | ad08442945df653aa712a7142d92b1180abe40badad29e6ef2beef35241dbcb5 |
| SHA512 | dcb8fc2a2bef31b188037d27097c3b2773d0b2b58fd24bb03d897be59b5a00e402c7abf2365034db09de1644c727bcef6be10b9c989528c91d94eb6285750058 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f86e20d6fa05bb635c5486d5b16000b0 |
| SHA1 | 4648101b3cac05c3e8b6902253d4b1dd4e9ce284 |
| SHA256 | ef93f002ac0986486d99932a6eb25679997922b271eb8072cb03c6a1637c37fa |
| SHA512 | e74b4ca75af33320589a0a9fe80e99ae5cbae6e57b2140ad3c8095efed3081b7156f38d8a13be7be7bd0728859f3f33248391c7b52e591c3cd6ac8ab3d22e69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a3fd85fb4c2321ae0a4cc29756935d |
| SHA1 | c6041919b22c3922efd98fc6a4fefc985f095c2f |
| SHA256 | 25993387b5d30b0211cb7929784ab71bc2b9990b0fdcc3a1bf811d0ffe289f32 |
| SHA512 | 2a649f4b959ca1b5a891676f7e9ecdea279a04af3aaa6229e29326498c2363edfebbf411bf7b7a43a7f9ccc6a8cce94fb8ac800fa5ec77e1d7c7702bc70c0ac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0547acad989119132e838c9af7303a70 |
| SHA1 | be85a7528a98a4f3abb6c25ad5d68c98c5f04ec1 |
| SHA256 | ed3dd7ff7235c2f73eba8c3c1e06d45906f53551b9301f9816a186e3ae945da7 |
| SHA512 | 9c210211860a3feb87d16331da0d251201312879de5e3a72aab2fad0508f84a6bbde77032e5b664f3957cf0cf0f9e6a32744425753dfe66df309d836448e50ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f9bd2b960fbafcec4f0cf5e402aeb75 |
| SHA1 | 732e8c8afe72fed56ba15a8af85c51fd0d42e847 |
| SHA256 | c1211cbacc7223b23b1eb833704cb2aaf3014af6ca0fad47eb84054d2dde6220 |
| SHA512 | 2fd8381f79682a81d31ed201c011207f645b2d139b653c341c38e24caa50e48c3787d76aadaa97aee5e56604d7d7c95de9756146bef87e2680534ecf8ae0346a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa81e536b97bbee5589bdbaa76071eaf |
| SHA1 | d19384b845c93f094a886d45f9dc45948bd7943e |
| SHA256 | fec1469d4ea3238c1e5f644d3807dfd4430ea7adfbbda911f623979506704b44 |
| SHA512 | 4556669d55f843fb0b8ee335c19c7df4c8e16cf1ca07e6c92a6578aadc61fca94d72d23dedc3c118fd050145ebb25ce70644c4e9852ae1e147b9627025859d64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5f01638a205f574710f69b69a2f4b14 |
| SHA1 | bb00fcd0265a2b2835b851d4af9a491d0642634c |
| SHA256 | 4a7f213839ae23ea1899893d084dfbcd21190627dd51401558bf961f5e65118e |
| SHA512 | 397aa91f0461d6a4ae22a603de8f30526f2c5da9b84a778d4510c1f118643a32311c7aa251b96114ecbd407a24f9bd128e694475232e03ac178bfaf5b99010be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 960305820d5590fb21cb65a9ec13035b |
| SHA1 | fcfe1771ca535d5b9b34292123a2cbf20fac4ccd |
| SHA256 | 9ce070647089d67408602eca93dc57036d70c8dfd6a4732167e01adc923e785a |
| SHA512 | 9c6800411081b5d1f2dd8bfa1fab1996d226e1670033a2ecc9ba952745e56dca92e6dca9ed4030218e91eca5dada8f815fecc040f0ac864c9cca1be827947c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e76d223a4a340e7f7cedeae6b23bb94d |
| SHA1 | 0d466ea3fc2f2c5d1b8f71e5fe3f37dd54b73be4 |
| SHA256 | 371396291f285b16c000363d9201664a47f80f35c6ee98fde9e2e2f692de7889 |
| SHA512 | c011f684642a5d07bca57842461ded0a728a981c190b41a9379c28819e563ffe68a50827355f7219987766c766ce433effb2fa28cfc74c7a10d02a411569571d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee24182305847a4dc4d11a3bd7564f2 |
| SHA1 | 5591ebb514029097072a88bf610417dab413e9ff |
| SHA256 | 7aaf22a2f81c73bd4c9d9878ba550055eb934e1525a709ec2d0ef44af65e34c3 |
| SHA512 | d8cb078877c8760e1482dcb54e8881f62de2e0940dd0a13a545dfaaeea33d66bb12cc5c58a043c2a294188371efa8cfc6bd9a75035341ec3f1f6d9ca3d4794da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a138109f7dac4a67561b322108876ee5 |
| SHA1 | 9ca934cf447652370d0cdd28812b4217117c6cad |
| SHA256 | d8935f51fe2fe92090f37087ec038f45a4456b6bfbea3f51034ff737390e7ece |
| SHA512 | 301c8bc3b74d720fda9ce28478b5d64ffa989e872eebdce60104bb22d7ec3be1e6935a2befa36dd21e1c1ca857419a88fcc86513f752043a51af7fa91c7b5785 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 05:07
Reported
2024-06-02 05:09
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cfa35de6360824286b5554b422b5378_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10666468103875787146,10417568567289922462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | musicindustryjobs.com | udp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 104.21.45.148:80 | musicindustryjobs.com | tcp |
| US | 8.8.8.8:53 | roscommon.com | udp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| JP | 202.182.105.120:443 | roscommon.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.105.182.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.indeed.com | udp |
| US | 162.159.130.67:80 | www.indeed.com | tcp |
| US | 162.159.130.67:443 | www.indeed.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | welusweb.pl | udp |
| US | 8.8.8.8:53 | www.employment911.com | udp |
| US | 172.67.147.46:80 | www.employment911.com | tcp |
| US | 8.8.8.8:53 | www.musicbusinesspage.com | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.147.67.172.in-addr.arpa | udp |
| US | 172.67.147.46:80 | www.employment911.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
\??\pipe\LOCAL\crashpad_3020_APBBCMKGXQYLMZFO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c085472b9762e9acc81b1bfcaeac1828 |
| SHA1 | 0b144392a9791d30393b686b4204027e85c9b7ff |
| SHA256 | e6e2ce702a9d9e3b561acf8aa694c5db5c79ccbd70e3b72fe5871829aec45e10 |
| SHA512 | e8c5cfc17003d16b6af3b078fbc2c079f60577e2b8655d82f6fcbac1bc71f1f4041dfc0593ef4893fae4c6f019d8124fc9a8c68ea131a3739a261b53491134dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1797684f142ad5c33a875533349f9a86 |
| SHA1 | 87a180d11eaa256967f79cbf5421922bced921c3 |
| SHA256 | 21c49f59b9131d9b43c6ea76695b133b1c76ba0b0ec768c047b961952fa88b30 |
| SHA512 | 9e995ba463a7c6474828fa505c6a3e898c4516d85cc2320d79cbc73f94b65214fa4ba97ad712f77da85f4e0ec26e9e0826c762d9df721fa42c12ce82a1a4cfd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64138ecfdbc68ceb20f4a4f5551b5b40 |
| SHA1 | 92e4ca635ccccffbb88edc566844b3f7789c314b |
| SHA256 | 029d901d735808759efbeae568ac3f93f74336c4b5ddd57d42782b23175b8ea4 |
| SHA512 | f0f78f77b9d88c553dd5a9a4092338d18ebdd2fcda2761a19b2b4e17221367dae41437df41e7fac84e4891ac8c98b777a6177fba4e886b4fb13381979d73663d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 94f1421c2cc7ec94148b554574971657 |
| SHA1 | 3fb2abf860d67da7e023a9937f0a61b539adb35f |
| SHA256 | 2c99664bc90c36b6401ea684ccd589d3e6d4b8e98f203eeb31635dade9ad9bc9 |
| SHA512 | cece5b79baefc688cdc69fc827e36bc7924711e6203d76b11c98d71d90d1b6acf9a50b09c9aea8b7ef90f9a404cad30512bd980a3dde76e23d066123a27bd42d |