Analysis Overview
SHA256
0c6a421e4a3922fd0681302108e48777914320f2d6c1fe15a50577d2c3778b23
Threat Level: No (potentially) malicious behavior was detected
The file 91f749dd833ba7f47f094bc63bc61a48_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:33
Reported
2024-06-03 13:36
Platform
win7-20240508-en
Max time kernel
121s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0e9b8b5bab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000aa04be15f00cfe83a022ca53605448aef5b3048ceb8182b7c848a3364da78a4d000000000e8000000002000020000000dd4b3856f99d169612e63604884707bfcc6b7a0ce54f14f89621e6d8cc012e8c9000000004b39d2ea1c5aa887497ea5f9521d74d641ebefb65ca62a056dff3a7b32ecf075e89fe960f13a85728edde179a39130606226949f559a2df8787ab8a0f74a634a71852b27e12a33ce85e5b5614a5bb7b06b1063245f9080160117549ec9da449ecef60078f9853f4335bb1da3b5f83e5983e8649824d1f8f431d65c409c76b237cba6bc3a9dc61fec1d7f1d62e76e837400000002630457647892f6f0799e896ee5fdde0777e3eb551f797266445a93360a6312af2f4004dbd24307c5c657d50a1b9b2d165b53c45991d22981cdf601634aea73e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0A57F81-21AD-11EF-A9A6-4658C477BD5D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008873fba3c44b98d3fe9cd3c69a249e7764400c3f5886bfd5ecb0ae7ef8b10235000000000e800000000200002000000066b1ca59a5ab2cb5908be773e04cc48b15f88e9691627478bdc59e9e81cecef420000000b76f4910e7f52696fad2ae16a0b7d6bdde6f45e4a013f1cddcc9e338807cc034400000005f19f3de67354a5cd67cc2bf4a1fc6b7737543d16b7165b332196397779224c40680a27f56cba9e7a31c35d5d2fc78781bdc06a62911add7a2f3e20982b4609f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583483" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1956 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f749dd833ba7f47f094bc63bc61a48_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e8abbd5c5d7fc0a1661af6c68b7de5b0 |
| SHA1 | bf6490935886741445dba36e0c2a64aa52910f56 |
| SHA256 | 0ddb15b7ddce4fef7867c4f9b13e899cdf00ca6fdc26f26a1eb25fa389d6e76e |
| SHA512 | e97469cd8ef945ef84e943997b82ef362c106c52c2c2a8df287cf9bf3550536474b0f63b26a581517956e3c094ce4d8a08b538783e3a5b390017bf393e3a8e2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | c25f8f4552ee6c19e66283048bf35da4 |
| SHA1 | b6c5672478abc1eb2f896ef629eac80e2f55edd7 |
| SHA256 | 1b093e95ab081042ca302a0982148ec07e434cc6515e1843cd4886c2f7201bc4 |
| SHA512 | 3ad050e7074feaeaef213f89ce05a85d1fcd38254e253aa63a740e0ab26667b89c6f2f958de41a667e178ec6641c8b4f419592b20ca6136165370ae27eb7eafe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab4136.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fd2ff038cc4187e0ecc98c32e140e28 |
| SHA1 | 86eca8cc4c9fc3cd23682c90ab240add64eb8751 |
| SHA256 | 95decdb21a5e52b349fd822b4701943c8ec28573470e4e6e05f1a532b4d82c0b |
| SHA512 | 1ef27fdc6e308d5bd8f03dade496d53d8a82e39417f11d4dcd7fbc03b0f53cc794e700c1e33947c904b5da88546b7b31b2c8a2067a9873aac1f77d649e4c5647 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4246.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 384efda6bd4716796586206c740d6b6b |
| SHA1 | c98b4f95330dfe138ee5829d26ff2c1c6b1a710c |
| SHA256 | d6ce7425f31dac0a0d3e4c4abdd6a638b837b6f52ead72acce7bac9aaf559cd6 |
| SHA512 | adf33b1732d31d6df1c167d11b3d8d960ec52fccbc0bccc6d69aac5d9f0abb01dcafb538d6c5795e5dc53edc095763cd6106627dd4b925f371f4ed11da783019 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491b965b98bedf6cee0a8ced3d411774 |
| SHA1 | 2a39cad2969698312117d54b92e75fa3bb80c57f |
| SHA256 | f45e3f12d06fed4d8bd71bedfce6dc7ae36c7bdabc7d40b68e6a3eea47f7b4a9 |
| SHA512 | a7ae31fbe26e8be85b4840a552056ab0d58c319270ddd0dea7e16769803072f867806a37701a440a99990b12cfe210c09565ea80141558c9143d49f1b6e28470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b1b0894f1e4d10b5d87d69546d77796 |
| SHA1 | a9da90c9c82934771a8a97b311b206ed9c25f6df |
| SHA256 | b4004625ec74f989652912756d40a1547f7c31ded2b7a81bdeec4272225322e6 |
| SHA512 | c8a00d365d40348dd14a59e319b6c9edef42e00ad6560e7cc3b82866416951c79891379d000306148a83479f444248d28825d91ff78ddd49984d76b9a58e5755 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81e2994faf9ae11436f87495f21cfe91 |
| SHA1 | 2b01d0274be082d984142328a587b3fa30e1c19b |
| SHA256 | b4a7692e62f787ab1c1daf86c1b6cc386fe97947f4de98318fe9dcbec1b8cc26 |
| SHA512 | 87b53bc01e449c0ae0029c1da6d1c92ea3e4076f91c67067851687df579d5fd1fe05e183b7066814cf12b7d23605993b969f51bfa37ee834ac1fa025e3e09695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f233c2407b876aa80e364c03e5a125f |
| SHA1 | 3514b066bb23852c23f353ccd4999c3d3d819b3f |
| SHA256 | 4007707d093f060e6fcae8bc70f59c53a3778a6f2c8bcf14b8276c91e8dc2c43 |
| SHA512 | 435080df9005e44ab1878d2b765bb9cc958c5f1090b328fc7f2bfa5b1f69832a2851b28f811f5a8b8ecc90bdbc943d2ee3b5f89984984d14df3f3ecec50462cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caaab30bf69120d06147e3a4dff2eb89 |
| SHA1 | 3b132aceae66c1b5730fb5d96cbb2c138c9ef54b |
| SHA256 | 01a1d953b6d15413a6eb58037e9a33c72f3dd7a5e7114a6875f7443d55483bb4 |
| SHA512 | e61ec7ce552d65dd9ef217cabcf0e894fc728fb75c60f91dcb9b5e2c4f4af11304bb288aabbd4e5a66b799e882e24b25169453e939ec379693a9a63a1d53aac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f94de9b3b3d620f955a5b44c268c0303 |
| SHA1 | 550852693ae4350132c6d77afdc8147f6a90a4c8 |
| SHA256 | 94c8a59384ee4cbbc4d08e5af6cbbdd8b5fb3c38843431661e8a17b268555bb7 |
| SHA512 | 688445287eb81b888303d12f3cd6adcfbd5f74ac64a936d2585a569e097f4838f28d13e5607222f44b1b11080c68e20da8b0e987485b3b32dc530852b178113b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23c66b2489edd159fed14c58327fcadb |
| SHA1 | 6e3ff30f329329a6600d0a94b19533939f72ae66 |
| SHA256 | 70096274040dbc7de4eb59aaff43607b564280d5cecc4260fccf7a467bcc7d03 |
| SHA512 | 35eac17b78e2a78604dc0388c17e92448e4778e95fec7ee1ce11beecacad8b3b14a2748a48958d3b53794bcc6460c971a2b762e054dc102b540a37c6a53206d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb50db43ee3f7dce9621b98713f91c20 |
| SHA1 | d74a23e348cb066428aedf879c00359a38b8f015 |
| SHA256 | 2f88f8c2b70e0a9ae61c73a18bd9e5baaf3361ed3297d759d8115786bc57ab9c |
| SHA512 | 7542d12fbecc6f103971ac398809b00e2d00fcdaa708c9027f3bae2acda8c89bf6c992ee4c62bccac5b682eebb93d8e3d0e9227f0f9487c9e0b9f67e75cba7de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1f8ca3485ce0624a95569b7dddbbb70 |
| SHA1 | 9c76274013bd71014691562a90dbb53949cabc10 |
| SHA256 | 7a155a11ec8134198152feba86ce9ccf5dcf1181cad3341a405c2e59246faef9 |
| SHA512 | 537609d93802e676022123c215d5542f27f5338ac2ec0b144277548d08b4e1c6af708b5a49752eddad96f939435256c7694f99f6102f31683127a8445a7155ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73b6ca5658e46c1432f50bdbbdf5b845 |
| SHA1 | 8c4cfb6c3d69c27ce1e8c8111f0176d87114fe44 |
| SHA256 | 27d5e2eb5fe18ccfe5e32c4c4f436a3e657152ecfaa4c16598383c2230b167f9 |
| SHA512 | 0c1464a9ea7813e493e04cfb3d1b18fda8b39c2c5c8bb0787ebbc7e990e914704b1539528bca92fa6c6488d64a6f97e4075aee1f6ddcaae61f7b5bed2234c441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13c6b2a691b556680437bbe5f18a94ca |
| SHA1 | 202fc6c8efa6eb4c05da3ef3dc66e543c7c198f0 |
| SHA256 | a2a88a27a8e6c1fb7a028795dd58cdf4b48415dc4d0b6810fd847c8be6a9c926 |
| SHA512 | 4b2b6e416c65b7f0d05a2b01c4bb2c57e904f6ae284dcc08ea79964556ebabf8aeadd7b0b55a95643db117d632619eb8b5d925c8a6d13e30a3651f98e463e87a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51052cbd9769787c36dbfe037cd483cf |
| SHA1 | 4b216033627a3572d94f675ed6b4e744493f0838 |
| SHA256 | 4b2722f6201e76ae62d900c6994718e670ccf49f9d45502ab8f4eb8a52950640 |
| SHA512 | 2c583fa8186bfd8de52be48fe63ec378c47bba36d4ddacdf38323f116c6de886c65d428573022f77d34bc181dd989b4710c92e5cda5cc9fc53bc8b45a149d38a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e484bca489c2711755387bd6dddb7338 |
| SHA1 | 34a22134a71dd5d0cf1754c26b2316afdd0f4f71 |
| SHA256 | f5d15f6352e8d7936df6f69a2c774c1a82cd381ddf56c2fcc51ec06273a85673 |
| SHA512 | d001df58306c98ca776cac7dbae95ab7c54bf8eb313f402775b35e67e007bef001b0f1647bd6aa88a09a09f4588df5d3d036221f59e8847bc53ee4fd91e11bf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0f98ab90b2dac51b7cdb6c96194a48d |
| SHA1 | f59cc4477a22e358482843c94a9cecb7c9cdbdca |
| SHA256 | cb7bd6a0147bff61b87fd022f915b2af51c2f95cc46aa5c645690b5e7ebee23e |
| SHA512 | 87982f37dd41604e84c842776df5ea7663d39789231030830072b02b3900b962742de05add20a0f06fd155770e85024f5d32f2af7012076946b0d84addff0146 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa06875e0eb4e3beb183ea214b5b4ea |
| SHA1 | 62a62b3a1ce2bd05759f5ce231e616b0ec073856 |
| SHA256 | bb85dd2205e25a85fd17f4d2a4971555ff2dcd5c55f2ef32ec45c0d376554680 |
| SHA512 | 191db127a87720d63c32ddcea54c268acdf770903a207a4efcd69be8e079848110106b7c29d32716fefb6d1cb66da0fa8752345019224c8fb2f86e9d335d2d0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e306c4f47537bf5420b16be3a8cdd28 |
| SHA1 | 1b3cf414f29b03148d97697865b36ab3b30b7ce3 |
| SHA256 | 1476b7e447ec6d5fd0b44d95b5f765cc5361731c00dff8d3a159369f9966ebc4 |
| SHA512 | ecd92732944893f315ed2286b429387aa235db9054b1a9b8b41ac003d1b3176e30b2530c986ab9eb684a53aeed1baabb4f7f2e58154a0ac33d5ee57b10133e2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9c039df163fb54aca7dbb45b12c3812 |
| SHA1 | 54981c031a8fc8ec19d1612366fa5180a7c36f34 |
| SHA256 | 32ab392f217ba71413236628633ba84bd9fd22842098e503100366671ebf3e18 |
| SHA512 | 526ae7aab62a4cd34f076e64100cc527606a7f251b4eca9440cacb15131d01b84f4704b9d8ef19008b6d4c9e3de0fe94ce0b1d948ccc88898f62a17ac4ad372d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f1ef39d8ab3ff589b8262b7c5b533fa |
| SHA1 | ef73fddb576093ee472f1235e415db9c735a2a70 |
| SHA256 | c9c721b762f3a0218fb1e0d66adb7157b5a82d361022fb11d59c3c33f2f58b1d |
| SHA512 | ade5e71638ef2e2ecefa8f38f4ca27bb0279c2f7bf7f130e6f212612f4d41154c2a7489f500218dc60105f1a676fad17acc4c305fbf34a19c3eaffad51fea8fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 759436c1ab91584089424b3501921e03 |
| SHA1 | 07217a1a35532abc22c571d32d3eea861fd94bb1 |
| SHA256 | 1fdcb99056552b21275103695b81870e4e15a767dbf1e0f5e6f725ab9d6e530c |
| SHA512 | bc9fae533297a40a15233382e3f9b996d54353f16dccfadabb0c6567f825cbf65b88d0e8d8e23f67638cc5e41e7dc3f2580b307e71b22ed1698b516aa0998f16 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:33
Reported
2024-06-03 13:36
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f749dd833ba7f47f094bc63bc61a48_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb8546f8,0x7ffcdb854708,0x7ffcdb854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6315144897600703836,9455502387816817536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | denun.net | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 199.59.243.225:80 | denun.net | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 199.59.243.225:80 | denun.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4648_OZWEMNBGEAYISMFJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41403c7c495655562dcec6802248dc02 |
| SHA1 | f30651e3ed9c9d86e6b30568924b2b9eff506e04 |
| SHA256 | 1874656311cd9a0d607f1a7c6e2dabac4e94eb706d9db7a0f83d861e55f787e4 |
| SHA512 | b86cb86b7459f49ef584c1099ac99284fb9785a8af70520a594a551cd4e41afecce3f84f53100b381d7c1131c7430941621e06495743686a74740a8ed3c39f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0f400722721d2d91fe2bbd90b9ca8133 |
| SHA1 | e0bd74da96ab7ee3e80990e126235d8090e6e58f |
| SHA256 | 19b853163eb9eb6e8790085a8c93137753010fb7432109b4988bc34c5749f91f |
| SHA512 | 77026c8648c72a85b41b504ef6547dc91d3c77b3aeac4f328382945f8605d9586d855596fd00a0a166f7cfcebcd1671ff5d119bc7cdecba4b0f5b243de9a61d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b31825ce761f1d47308639c34da2696b |
| SHA1 | c99ed56d01032276f7c4c35f515bdef897cae644 |
| SHA256 | 93e15035cdb89300147e99de2b9aa7f287f7d99922d9c603219b53fbf50f3b19 |
| SHA512 | 491525ca0fd20c33f41afaf93e0c8ae0e743e4fc2665482874568b46e935d9101f06388d4263d9e3052d0e87c08272ad52e3f4abe774fa389420c6a9f9a25614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 46168ef83feb244e0bffad3024f18da7 |
| SHA1 | 36d6f20e5daab22b98453110160cc1056ec32d2d |
| SHA256 | 49816491cec74c158805fb588a1ecd49f6550abad6f209a877a4c71a6f75ea9b |
| SHA512 | 05282d1f55ac6bdbdfc7687d6c2a84411ae3a44e047358f90364e0473c7ad42380ecc5ee6110ab25b69c6595da9a736d2a41b09b3364176313c620acd903e22b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c10f0a0baa69724c860b3bbe94664f8 |
| SHA1 | 5c54d9e32a26392af71c8929a5dec03e67e8ec23 |
| SHA256 | 364c6cf5371a04f494b84332838049d61cebd64b8e4f19823ad421b6d2cf67c4 |
| SHA512 | 088b44f7cb102e977d31e9984f85668eb98f99c7ec1f5d5872cb5118d0049dce28089ee7ae11b40592fba6199365a853c44e2a54c9bdbf0d9a1c5d19ac6ca40e |