Analysis Overview
SHA256
8826c5a56ed436c636bd25df08eda081ffcb7d47b931b2915af26241e5c04a46
Threat Level: No (potentially) malicious behavior was detected
The file a5d1c7937e26c12838b0a47459003a70_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:38
Platform
win7-20240611-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0158bc296bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c7ce7c52577331e817ec1686bba1715d71d68a65030f5c8500ce79a44f98ae28000000000e80000000020000200000009f33ef31515d3897419886f6b8c31e9d28a7459b0a4aecc657f00ead02c3f52990000000b580e72d85cbe668c53a4427741c313f8ebaa02a1f576c1e61508c16830e6e2b5c8466e980453772579577e2569393624c5cf38601ba7677f9cc2ab14627ca6e4c79f9b4db109696dcd0db797b5c40c63bcad8dd84bb5fdbf22b1a524491093a374391677b32d2673a6ce1b989dbc2ec2802d5136ba6890aaf1897c4e4706b53b78a8a322abe46acdb642d0c6b6566c640000000dd183aabd897644f60610a383b6b1201e85afef9514fd0d037b7b2c2c8cdd00dbabc3a6ca3815dc49658cc2dda470049ac942fabd8dc8d93a484ad850c651755 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001e2f60896043b8b643ecb2a63e4dc245a2876879766398b2c5dd9fa944227bb4000000000e8000000002000020000000c497a47fa6d9e841fc9b9d80618439e9e6465189cdbafc4ca4e421d4e31afb45200000004307437b8cfc766b8e7890ddaf1a1cfc59e8c4eaa4b2a927fbe07d05ae214d724000000036d2b3b046eca6d587ea7205273a98a365d6ff12ff9199fef9bcc62589b7b04298513aa79921dbaf33d607af3c0c8f72718a00692ca88e960c1416c0d89a5b85 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9E46AF1-2989-11EF-BD87-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447646" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d1c7937e26c12838b0a47459003a70_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ceress-tanaka.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| US | 8.8.8.8:53 | bd.voipnewswire.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | cdn.examhome.net | udp |
| US | 103.224.212.214:443 | cdn.examhome.net | tcp |
| US | 103.224.212.214:443 | cdn.examhome.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7699.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7766.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb096bda293359b8db4f7cbcac68514e |
| SHA1 | 79537a47eb8dd82c78f96e49eaa1bdeb5b4bdd55 |
| SHA256 | 4385b854eabde220dd9f6a3d0661fb1faad6f25f6b2f56acb83eb3f979861da0 |
| SHA512 | 9f3dc5691d1839ff0de17bd8358ff8793036b659f042a0c4fcb6945a175fa7596d4ae120bf3e9802a4750b5282883d54675cb5c831587950ecb10fc2277da30c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | bebf3d76195290700bbe1783c4443482 |
| SHA1 | 451d0a0718ad4fbcf5b15ef2bcfa1548dc67dd18 |
| SHA256 | e59654b216ebd43beb819d5b32835d3fcdc08caa6285e590bf0f25b6d9527692 |
| SHA512 | b78169c663f75e516db0a78aee553243ad1d2118fc39ad3c472f9c4718e074008bf0ebba3fe5a17562287579064e0b906487c9d4ac0f36be5310d7fbc912902f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0F6EC6409C9A15912BE4CD4DF39C278
| MD5 | ab95e968639c9f987b25ad4edda6bb41 |
| SHA1 | 9f628c1a153eda829d4eac3ba6b86c8e9171230c |
| SHA256 | 45590a18f4b24c4cf73d5158d6622bf97062ecfe674f23b97bc734179b20b18c |
| SHA512 | a5015c97bbf6be61cbde57b1ccef6c44113b0687f8c1e144625299c5d3186fa046468fefdd7d16c9007c0736e555e8945d12536c7b4f20e22e98772e8e5c512b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4594477d68f1da60a3ac72d6cc4bea1a |
| SHA1 | b24ab99f8f277c58046686cddb505ea462a8086e |
| SHA256 | e303a7b23c666849b456237c85953854f3efa5052e38003a5ee974b8860fdfa3 |
| SHA512 | 32f2cd78b9efe0c3123116360a19c914362bf666acadcabd1829ea070b2e8e130261525be3ab15da9c965172be28f64dfe82e3a52695650bf42fbb7ad4ead4fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c18fe997436f9cf7bc5f428bfa21a1e |
| SHA1 | 5e6f054a39bf4ec4148d3eef18914f52f4e8a315 |
| SHA256 | 6ec90ba1c6192f2e654b1476d379a02354cc4e797ea2c07f39ed3972a17f121e |
| SHA512 | fedcf573ce6435937c17d6dd0ed4371fc64ba66e4a48d4253093db021d1887791fb8a50af7e37929259b2d11fbe33e32d6aaa151a4340d440ee6f5978238ba1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af4bf7b4c3f2ec12e73224b582264605 |
| SHA1 | fa70c5ca75bc548ffbec814ba7358136d9e3b1ee |
| SHA256 | dc4a438a8ff6d39a817a4eba121208704bd386c27a1906eb70a23d5961365b79 |
| SHA512 | b203b3193947f004506d631d4b2e3d0f4386bb4b58b9ed0a7dbc07a1a83d9fa62a31fe18fb1f6276f5a4f78498ec7367b609ef17ad9392962a163798629dfed1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d243356b2b35cc2a1bdf365191b51919 |
| SHA1 | 64a7c172fcef373822ca4c5f83f75f34c8e92424 |
| SHA256 | 5493ff79bbef16f8c2e01b9ad4195a936495823e3f713ea0ae8be8df7474137a |
| SHA512 | e73c38f9166e899839f5119f89de16fb65902e2d6915f8d66b04e4504e4ca726fdba6e0913dcf0d62668dcaf001a27086b203924b55f08ba2c0833fecb91d092 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72c0d942ba2349435cb584577012a03e |
| SHA1 | 431aea6c7f67f7fd1b061f13345f6a60176753b2 |
| SHA256 | 641aaf7f3fc4f4b9a733475b6e3105f0d03093dee010fb49413e4fec0c59aeda |
| SHA512 | 464282003cfd8e323f8580700b32e18ce23b413a694e79e723957ec72dfabbf512ada361591bf29923fb0a29a52dc2c1f40f4b3c75ecac76aed7e1bf7a6e8b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b855f3cb1f87263cebb4e2f1702bd5e |
| SHA1 | dc53a40e66189e94551a00dc94decdd6794d6fd4 |
| SHA256 | 41b88a527de3467ebde22677102348efff86b7351c46b55e2b203090d6e6512e |
| SHA512 | cf82750e0cd1fb9cb29737d129c80aac3bbe3947785333a61e7c3662578f15466ce1d305ad582788b441499b50e1d2d10e547cbe06f2fc99ed5b142a2f768825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8e892eff902e09db9357cf024df81e |
| SHA1 | 4a9fd28134a8d91b525c603576db5fe2d88c3f31 |
| SHA256 | a000aa5137f20eb15e0d8ca17ae71f9e1544a9738f81f201ca102fa5cbc785ec |
| SHA512 | 05ba3f92114861566df18801de22a0874b2bf5d2cfbac3e13dfede85baf039e1322585ec9a14eeafa576b2c5e74d167b63b50f1ceba21a124dec862f6713fd32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b7b04e066110b6dad5cc765162e1014 |
| SHA1 | 0b8f1af4942b425ca14fa73d8061442827bba912 |
| SHA256 | b45e6a51a3639f9c8b356769f9396ea50b36d354ea2cde2b3f135bdcbd8c86e3 |
| SHA512 | b952d3109b2c762e26befebd0e852b972fff69df7552faa819feddc79d6585db38563edb988fdfd78bf7cae31982685536112e8bbef0b789e4e6f85700166dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d13c534eb435a6c9fba5695836a126 |
| SHA1 | 4630db90b8382d8632658604c3df15cfffc7e5f0 |
| SHA256 | 3be3f41ae54c68451f7e5591130c1d0ba8ddcd2ea81f5c7fdd51c0639faafc69 |
| SHA512 | dd7afc9c2c3ad1306e00f1ca71addcf89a0e0a49f9b0f007534699f7796199f6b01dc28767183a17f87425c57cac4c0549f35c125627cb8f4a9d0ff3a2150a7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e91793f00bfea190229ad84695b1863 |
| SHA1 | d7b0d190b80c161bed29abd7d835e6de684fda85 |
| SHA256 | 53128d9ad529d0088f1b233e5a30eed18b41bf9d385ee3d84743f2451f08ef83 |
| SHA512 | 24ec2a974935ff29af2f33b44bd79da20edc2946d6d814f513dc35c577a515db493089f66387bf1f0f7d2804a80309f6ae7221119c01b999e3aeb952fe2c12eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fb645541e296f0d4a9458304221afc0 |
| SHA1 | 1a7f252e2db476f44f4a8ea7d8a5d3299c35e393 |
| SHA256 | 58771938733519820bd08abf376486c474393e6c6cf9e6dd5540086270d1b15e |
| SHA512 | 496e9f78dc3272c285beee0c4b24f70a5d58979ba465488e13b0e70b3cf86338ea7727dec1cba36a4da07fbf9e5339edfa6c62d2f2d7b1e02b09e8b364283495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 540b5fd3dc4a4ab9e0a86668cdf79355 |
| SHA1 | 4710110b684f4a57f567edf2b29c651f3d720915 |
| SHA256 | f41be2efa5bf869024707469c89481a44013c2605ce7bdd69684d79035d8bc29 |
| SHA512 | 9dc2b00528be428f55bf4f07997a547cc28667711feca11c34557c7760304767089c0b4800e58047e116cf72ca1a8f2868fd8f4f24fdc715c4dc717237c99ca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24e2ab8f662fc8f85d7737a9e6797ed4 |
| SHA1 | 3d76b3e8c5456ee30de2fbc1172007d3cb66ad5e |
| SHA256 | 803f8bba5d9de7a3b714a613e8107a1c2ce6514b26b8b34e5515bffd79156d09 |
| SHA512 | d585b1c5dc0491690b29361a6e561663b347bc5fd1067637196fde2676464b64bdfc782d2988ea06db363870ab5f4a80467fa6822549a92c06db9e9cb9167a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7fdf4011c4cbbef25d69523163cc6cf |
| SHA1 | 44461d0aa56944d37a3fd9a83d354d65779965b2 |
| SHA256 | b55b643366562fbcde048d84b01f453ba1ccb8c9da8af756b79232099ea43d5e |
| SHA512 | 0e729edb963dd302fe48a99d5e210e44d76b2f07d9883efa4841f14a92264bfd0b3399ae18c9e7590e7a8f8ec4a192aedba46c1be10a0fa16e5a35388bda1686 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2121e9c70af8bbb0a3213902ad9cd36b |
| SHA1 | a5260bc3a77ec3bf54bf327ea52a80630c5698f3 |
| SHA256 | e622352dfaf0eb9646ef77fcf073d35e22025b471b3a0055f0dcf0a48aa567d6 |
| SHA512 | f14b21a969659337fce406923cf1a5640ea8ce29eebc39653c1ba0313b8ee9fa14f06529a5ca2087612c590d6c196a9846d35c13c81a09971ddc32ca7a91b9b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b28bfa86629ce18e8df07246e689ab21 |
| SHA1 | df6aaa4a603c650ea858583e52921797e69145a4 |
| SHA256 | d071eedd99ccf2bcb3c3ef2e69c53de33038f089128c7700059d00fee1b42b8b |
| SHA512 | 3764ddeb1dcdfd7104d384c7b5ad6c0eecf4b53b871117daad67fcdfb58616ac342afbe0f04ba019970e158ca07809f288fbac8e6cfd672775a4c8044fd40513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27c404b2277b8037fb5bde2afc40c0f3 |
| SHA1 | 789183bef6ce1147014b4bf00919b4a2c8f4b3d5 |
| SHA256 | fa042f1f28ae7ac3f95ea9a6388cfd9c6eeec25b63fe3ee423fa1cda414fdf54 |
| SHA512 | 4f58cca24947be130de8779fb74022f71f82e25b6b152cb10544404dcf1a830551cf17299b5e5cfc119c80e7af9deac3933d4976c97a9df4216f39d8406eb449 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e40b43c86642faec88ef627e7002919e |
| SHA1 | 021917fafd29d6bf0f0452d44d86f597c657f549 |
| SHA256 | 54db4bc90b9f7fe28f5e04d42569948c176efec8ca2741a988bf2fa6157061ce |
| SHA512 | 6ccc89a5d83c78b47f186604500d88da2b0243cee1b55d23e5d45b453d2bb07994756772d24b5ca2322148b3729c0ba6261fc027356d0c62e8cfa66b572c15bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cef6b203147480c0992b4b2bdc01e55 |
| SHA1 | fa4f335be016f8f430f98522707ccdf9cd71a445 |
| SHA256 | 74427282621a9af54cc1cceb81e5fe60a5abfd99503823698c0120c0d216dd84 |
| SHA512 | 2a25e072e086cf5f21c37218d674481480d2a5bb6a5439d8ee2cd22ffea783f045235b5c3d0e40fd38ff622c12e499b6bdf9f803108f12f12995e3942caa5a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b37cec4d4f506fbfb764ad067b4966f1 |
| SHA1 | a3e3871425765a49d13ce616d5e137df4b99277d |
| SHA256 | f479ad41795433c998aa29f870b75507dd66c8ef864d945b33f54a944e7416d3 |
| SHA512 | 06a67795983bac67515bb5d7f8fc2afc7313d0c4d4e16710f356e2f946bbac0697be8fd03c1b3918f905c6b085d6b1acb1f00fc5ae253ea3235a0dd793de66bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 405622189ee39418edd4d4d533aba2e1 |
| SHA1 | 1d6c1bd9e9c91fd1a7e5a2eb3cc187ca84e61965 |
| SHA256 | 86627d5f47e5b43bf19d45ff3c255f44cdd24f2d7a0be7131aedd16655969c28 |
| SHA512 | cf44c7ad19e7f9f64813a23a011928a2271a56412cfc6b2a9b6e0e226898d8ce18abd3aaed0de48bac35906302bfc7f5af9d5fe4bb5ec79bf091bb53164464ff |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:36
Reported
2024-06-13 13:38
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d1c7937e26c12838b0a47459003a70_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa405846f8,0x7ffa40584708,0x7ffa40584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16176790095074347456,16071557773764163015,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | ceress-tanaka.com | udp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| JP | 157.112.176.63:443 | ceress-tanaka.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 63.176.112.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | bd.voipnewswire.net | udp |
| US | 8.8.8.8:53 | cdn.examhome.net | udp |
| US | 103.224.212.214:443 | cdn.examhome.net | tcp |
| US | 103.224.212.214:443 | cdn.examhome.net | tcp |
| US | 8.8.8.8:53 | 99.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_5028_MQWLUJHHHGMJMKYE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8526e9f7f5fad367cf3187efa6e80b9 |
| SHA1 | f98f1c8cccd20c8d1427f2f0713287fe58b3022d |
| SHA256 | 89ddeb3516d744770fce8f67c09ae2b91dbbffa4db08539e482de2d4040db1e5 |
| SHA512 | 8d92414043163a0d2e1a61c8ca7cc61f2ffbfdaf1ebe86178616fae2a3dd8cb4206ea1a8a623e05420ab07e623fb53507c3afd4f13343847d1c6e6b2eebdfd5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48bc0752f08a0f4ade2022c2e7b1f6c9 |
| SHA1 | b4c23c1393a41b7b976f956ca101650f9f18fc50 |
| SHA256 | 6a923009e74c2bb47dcce9a802b002326d15999955b1c9ab3e7f7e99e6d2ec68 |
| SHA512 | 573ff450c98f4b2d2301fdcedfb1f54592869cf7aa8192804e10d102075c94ce6d0fb3026e9f2c5ebbd1a1648ed2653bcafb176f65e1a311c9f5d32f0ed6e1d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7640c327dbf4536abcadfdd028d47f9f |
| SHA1 | 82600b5057ea081f0f26950118e0a3e05d9d6960 |
| SHA256 | 7cec697a6b96e9da5094c04451bcd31ab8a8df729b503e88ff74fca03980045d |
| SHA512 | 8d24612bbb48d54db320387958967675aa399477f29620cc013efe66e356692d34a86319191588269288138595bc62756535c963ef1014e42cc61d7ff80b082e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3fa704f83b87c7c1fc58ed0a05ee6e94 |
| SHA1 | db926bc683a42cabe66a24145852692001b04495 |
| SHA256 | ae1aec70c4784cf1ce5ca374f868e01393ae0c48019d25ddcde0d7bbd56a4073 |
| SHA512 | 584f9d192ed6eaa9d08a3cfd8742d3f68f9c3be56d8e52c65ac2498f86f77a040e9e3a19e3cd0e7b057cdf397197f57487acc11ba580a822c2cda2e6a131f8e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6a7fec54ad3621abe1574e39460ebef9 |
| SHA1 | 4de05a57e514250a5b947bd01e532f36c31a71b8 |
| SHA256 | d4cbf6fee61f30451a3fb830d211ebda635f41e880292147683dc134e1624bf7 |
| SHA512 | 6ea3d00901b3e48da80622dd533d9309c5106e08a4d44cb4f6f1bd4d753c2b8c1448b9441ccb3d19eaa9b08cd62e5e80b9b8d39e3d7278082367620eb3798ac1 |