Analysis Overview
SHA256
423015da60ded3ff8832e70ba6d868d8e5deee6d9c25f91f59d818e8588ee485
Threat Level: Known bad
The file 08f366a0da689827686e40dec32f2ca7_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
ModiLoader, DBatLoader
ModiLoader Second Stage
Modiloader family
ModiLoader Second Stage
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 19:08
Signatures
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 19:08
Reported
2024-06-20 19:10
Platform
win7-20240220-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk | C:\Windows\System32\ie4uinit.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\Favorites | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6FEB6AA3-2F38-11EF-8547-E6D98B7EB028}.dat | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\Favorites\desktop.ini | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6FEB6AA1-2F38-11EF-8547-E6D98B7EB028}.dat | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1] | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6FEB6AA1-2F38-11EF-8547-E6D98B7EB028}.dat | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6FEB6AAC-2F38-11EF-8547-E6D98B7EB028}.dat | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\Favorites\Links | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2856 set thread context of 2852 | N/A | C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe | C:\program files\internet explorer\IEXPLORE.EXE |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SetupWay.TXT | C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-73-24-8e-53-4f\WpadDecision = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "1" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet." | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807060004001400130008000f008d0300000000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Suggested Sites\DataStreamEnabledState = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Blocked = "1" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{858EF324-E9D9-4B5B-9CEB-FF90DE9992C7}\WpadDecision = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Software\Microsoft | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MAO Settings\DiscardLoadTimes = e0196c3245c3da01 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807060004001400130008000f00f10202000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count = "2" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Setup\UrlHistoryMigrationTime = a0dc703245c3da01 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count = "2" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags = "1024" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-73-24-8e-53-4f\WpadDecisionReason = "1" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\VerCache = 0086a9a807ccca010086a9a807ccca01000000009093660000000e00e803991200000e000000991209040000 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3499cda9b618e4d94aedcf8b3dcf2a6000000000200000000001066000000010000200000009c2de51a0c5a5e1b33e83c18a01bb001e4c66bad77e7009c4c15344756183d57000000000e800000000200002000000074d4ad86283f5b06ca5491a2d53a37e5c8f5874f03ca32be07bd6495426bf99d100000005389890fa086fcaeea2d8abdaa7fef61400000000162c6beee781c3f68b247f8705496999595c53b5a91e70536d1682cb27d6924e925b2c94c51dee621062ef9148002fbbdeedea1e579080b259b0f9e1fc00a59 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\System32\ie4uinit.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF = 0100000000000000003e733245c3da01 | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
C:\Windows\System32\ie4uinit.exe
"C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2172-1-0x0000000000400000-0x00000000004B3000-memory.dmp
memory/2856-3-0x0000000000400000-0x00000000004B3000-memory.dmp
memory/2852-2-0x0000000000160000-0x000000000020A000-memory.dmp
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
| MD5 | 1971d71c62ea75c4f433476600caa4f9 |
| SHA1 | 428e9b5498ba9746c123ebf3ffd86a14f73878f3 |
| SHA256 | 3f7e7774532126e2c175de962ce9d620471f4ac75463457e1b93ab615abd4de4 |
| SHA512 | 88667b670c3ffc78b442e0767ca0ea2c1409b8a2c5f18e69496831f7bfa7496e54843819fe725eda06de6deca9ba9dd769d4b5f3ade4126905ed3b1bb6f94422 |
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini
| MD5 | 3c106f431417240da12fd827323b7724 |
| SHA1 | 2345cc77576f666b812b55ea7420b8d2c4d2a0b5 |
| SHA256 | e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57 |
| SHA512 | c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb |
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
| MD5 | 881dfac93652edb0a8228029ba92d0f5 |
| SHA1 | 5b317253a63fecb167bf07befa05c5ed09c4ccea |
| SHA256 | a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464 |
| SHA512 | 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810 |
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url
| MD5 | 2578ef0db08f1e1e7578068186a1be0f |
| SHA1 | 87dca2f554fa51a98726f0a7a9ac0120be0c4572 |
| SHA256 | bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3 |
| SHA512 | b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee |
C:\Windows\Temp\www1FF0.tmp
| MD5 | 2ce792bc1394673282b741a25d6148a2 |
| SHA1 | 5835c389ea0f0c1423fa26f98b84a875a11d19b1 |
| SHA256 | 992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48 |
| SHA512 | cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749 |
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url
| MD5 | 11cede0563d1d61930e433cd638d6419 |
| SHA1 | 366b26547292482b871404b33930cefca8810dbd |
| SHA256 | e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9 |
| SHA512 | d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752 |
C:\Windows\Temp\www1FEF.tmp
| MD5 | a1fd5255ed62e10721ac426cd139aa83 |
| SHA1 | 98a11bdd942bb66e9c829ae0685239212e966b9e |
| SHA256 | d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4 |
| SHA512 | 51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370 |
C:\Windows\Temp\Cab2B79.tmp
| MD5 | d59a6b36c5a94916241a3ead50222b6f |
| SHA1 | e274e9486d318c383bc4b9812844ba56f0cff3c6 |
| SHA256 | a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53 |
| SHA512 | 17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489 |
C:\Windows\Temp\Tar2B8B.tmp
| MD5 | b13f51572f55a2d31ed9f266d581e9ea |
| SHA1 | 7eef3111b878e159e520f34410ad87adecf0ca92 |
| SHA256 | 725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15 |
| SHA512 | f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Windows\Temp\Tar2D36.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8554800ea9db7f0c9cbd0eca82dbd8e |
| SHA1 | 575c2411742c9e024c1a8fd224d6dc0424a12d9b |
| SHA256 | 9043906e2f0b2d07e8ce06c78e81bc2047513ba23c59f2c283fd905a984515a3 |
| SHA512 | bf977be2d6a722c9eddf73b893c40101f344f6f931ac270e796e4f30f2879cb2448aea57215a5905ae93c08fe18cbe72618a1285eda7bc3c7e3a2a0ae0e232aa |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f138f9d2dfe3b3d5331107528dab154f |
| SHA1 | 218881d8cc52f7d4c19451483439218a869d7184 |
| SHA256 | 0c955698214707d6cceb4380b34c266613737883a6863c17d8e8b8dc5f46a2ba |
| SHA512 | d3e9c3bd9dd61b290662ffe31872d3826e6e7e513295fafffb0626100cf6a5498a0f89ee561bc207be7d75f24572f6c852ca9442d26323abe69e23ce6d80e328 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 773e68e135f87691b70daf80d18b2a94 |
| SHA1 | ace6b947c1aa495d4e2e9db4f137d368af31f801 |
| SHA256 | 99eea085a40c211910604c0b73ded8783a11072735649fe83e058ab6a7f0dc80 |
| SHA512 | 8a10350562e19ec5062509efcbf01ce2eb3fcab51e33f3a3c8b2c133511bf40a073e8def56c78bdc8fd376604a9b7b64a755b86367fca937c6761845419d4ea4 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffe761bb1ec6b851618817329420d154 |
| SHA1 | da6425d3a3a25649a6e7954c71145d5c5989820a |
| SHA256 | 4410e758aed010a8c5003d2a491b28bc139a1df62ab0b6cf7a993b03171ff1be |
| SHA512 | 1657fb558593c3c02b82873d7b4335380f5c9a072c0fc97d8c2dbf33ceca118c71c7b465541949579c03a3f45566db724b0fff47ca8975f2d0e0c20df3032234 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 877084839224be4db5e53633320ed15c |
| SHA1 | 708ea2dff9fbc454cbdb06fe9e01bdf8c3d832de |
| SHA256 | 2a6dce08aa87e9fa34914b4364f3455d285937015957f16cfcd2babaee75ca8b |
| SHA512 | b1e71d6e274a2a3e6ad9837a3c8fd749909644127b5067c07b426c15023f5914d36fbc20990df5e98f51b51d7229cec703f7664c3307ec6b6ee2b1303417bbdb |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f7defe9aee7c5899ecf2fcf059625be |
| SHA1 | b9c90ac36da0bd8c83182876477114824e4a54c3 |
| SHA256 | c9e1627be3b4d7d5c4ea970f72fbe27afd61e3d79fefe46eb13a5c258cb51500 |
| SHA512 | b2b9924d0170abf5f208806375274057f734f5c675b6b84837ed13631e7200ca3819fa1b7492f8fa5db1527dbf0c0681151935cd836f9b2abc8963e7b4d19375 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fba0e58095d289a247377d62e60ff39e |
| SHA1 | 3b9490fe038b03b187f641d7231082b16517c15c |
| SHA256 | b9b5318072c16cf626cdb69893a2136d49ea4b174dc731ad0a89076ed98106f6 |
| SHA512 | 8010bd451f2920b58a21091d533e2d0b0fbf78dc59c5608a573448436f4ea30792df5daabb9bff7893ac29492c2c75378abb13bd8d8b8590b2b326c0f587c18e |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e3e6f47fb410f2aab228066097eec5e |
| SHA1 | 154361d5252700f49d61b6cb6022eec3e2cf4315 |
| SHA256 | 54d16f0ce638d6affbef1f1a8df4181adc455d7ff395974cdfbc7c7b38737d15 |
| SHA512 | 4b7d162bfdbfee2e21975aa789501b45415dd45615892c90ba5451d0c9c8456a72375d8f8aea55cc3058e16b3297ba91bd9847584499647dcb87cd857219250e |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f09617babe71716c2ea6b5c92e651411 |
| SHA1 | 80cb414edd34a3ea874291396a3fe3798ff72644 |
| SHA256 | b131dff0379b14ea860e0da4d24639afc3110a2c6f61c96e117a260ce65b27eb |
| SHA512 | ab376f2bd22993e6979596fcad6bbd570e9e1e84e9d2962cc62a643899198da15643413dc21a5380e83fd4fb8448f6007374addd63bb7a770dfee78cf23546b5 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e49c58366c10f2cd800420736a89869 |
| SHA1 | 624b62ef15a0f00c25473a96b7a6d32c9396f9ea |
| SHA256 | a5dc5e2a8046c83834bce4efb2d9b2831bd5e46fd3f03862b7d795b0b8592227 |
| SHA512 | 33df8f72247d07a2ece1bd7e6ae4c9b9ef7c244e4c1961fda10867e5c1539ca6e407e94b3539e243f452dc761aaf6b856692c1e8164a1db0ce2270ce730b14b0 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 977c60c925ed2a464735adf88bda6344 |
| SHA1 | e5db91872214c0cd7e2cf059e7e2e37f0d8ec233 |
| SHA256 | e124bf4e681f6d6227e53fc6a4893210cfc37367c4fa8f3d9729c55f471c05ae |
| SHA512 | c297d2957e4151d3342dc0dd325e6ad15a4d253399e62c0272fd610784d90ab797fefd4ee3c2b26d6bfd959e23dc9d81ecd2b46ed5f37facf39215e2dbae2c2c |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fec38d9c72bba64c17e5d3b17b4ee10d |
| SHA1 | b81e102b4bb06a5184af277f73f04aa541352bd2 |
| SHA256 | f29a8268358f438597fc0b69c6774f3382ff2ecef2cb8292fcf7a476c92cd275 |
| SHA512 | 616d136f187642e04260fbb2cdfb159fbaada4ee28537f3890c0c76b3d4ccfd9a970840ed4003821f32b7bd79ccfd04629c20ef2d79ce6f7b672e14c21b9f260 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dcae58ff3fa95b241def4d894d2f300 |
| SHA1 | 0902552ea843425ce4cdb4c6226fcf8913b5f98c |
| SHA256 | 71653d8f075d4b492714333e3fd12bd0d23c5c10a64c4b09c333b19f0af62a6c |
| SHA512 | c710a0c944803257969d6b297a2910e8f77c8bf9e8117278523fb3cc6de543d0029796572eef9ff9a2fc1ae1164211107832a0e832f0c5224b2de93a10b03c47 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e64e0604e4a1bcad18ece2c6c69a8134 |
| SHA1 | 797fd7bef5454ce547e3ea6350291d27fd07bbd9 |
| SHA256 | 375649b7b8d0f1e78f3385db799ea852ed5b942bdea646f50fc0acceb5f488dd |
| SHA512 | fe21b42e98ce91c4bbe5a9486e2956b3166026529c87ae2eebfae63617d5c27b2cd96130ff73beb3bb0a61d98c4eae9e1394bbbcacd5ca7fa903e3f511a51722 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a7dd75c7ee238a260503a7b70c05958 |
| SHA1 | 629e170ff5a71b17333e8595b0a9330b098b4bdb |
| SHA256 | 0945144d10f909ebfbddb0a1cd6e2150b74310e6464d420b2e102a6daeedf402 |
| SHA512 | cb1b7150eb5bcc1b43b4c4b4fc6b8e4ec088d85b10140018b1f64e7eccb878c6973869f45669a644da069b94405fa73c36a35506776d74add2758a024e901bd1 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f9c52ec1409d42c0931bc77940ce640 |
| SHA1 | f75ac8aaeb26f61d3f62ceca0502418d0da9e068 |
| SHA256 | 0ea6363938ed591792c78d91b280766d1732e2b9ceb51d87b5f39c7bda6e7595 |
| SHA512 | 671d40eaf2339197c79ec958f35999ae806cefe91e956304e9b04064552a135352efdae5f37c5fe17badaecb18572a4a58ca2d0b4eda0e3279855793631b4940 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f981224114c28923b15450c5606a514 |
| SHA1 | 688b23ed7e7fe7c9052462b1f5d20cf22223e3d6 |
| SHA256 | a93520a7ec8cd39c74a09ac6578bc8e8d23f784938859d0553cb6a7273fe7f30 |
| SHA512 | f8c6a0d376f31fcdff7a07077850a8c8bf5048c96cd3d6a3e6c31c5e4632e533300e1c43bb586f26a38beec837188ebd042f8f137ff3909548a6bfadae63e55f |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56f444e4c223f6ac715373992930688f |
| SHA1 | fe7e9e57a26586e734c58d890e957a96f379a862 |
| SHA256 | 3ee29197047f1900a05ab6d63d654eeaa3cd951443c663c1ab810e95aa56d11b |
| SHA512 | 9499a4dec38d0c07d3456855fee2aebabcd349edaa0401c432935855512984e98334cce9a1721b3219f95c04ea0233d1212a9db7abaab7d26be9afa8968b1904 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85cefe5ef29b8cd7794b323ac4de26e0 |
| SHA1 | 35c6d08ceee8bfe711438eb876325e4b03889d04 |
| SHA256 | 389e32c37d37ba8d1aaddb4772b356efa9adbb131c82bbeea2657ff7a3979e96 |
| SHA512 | d1a401459a2f8bb23d5f5564eab074cb4c3275aaeb34fa3db789add61e608592ac54e1b818d9f80200d62d7ede9ef4055578962a1d727dbb1d8614f19af9f1a1 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b0949b94083d2bdf1f33015afe26ae |
| SHA1 | ebded2539fe6dffd4664a72a837a1effc545dd19 |
| SHA256 | 9dc5fd18007f21b2c7d655058da15824177f0974c46a953cfdee1a9f8fbd9bc1 |
| SHA512 | 5f7792c97efec0b1b84496536439a3df4dcbde81ea530e0b7e46a195797e964f09f0c73d1354d774105e68d1cedbaf8e6dca79a32296dce9fd7069eb89f3f764 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea57e3fb9f11191fc351a4da0e61cfea |
| SHA1 | d74d8e880b3cdb7ae6599e9b833e94da268e24a3 |
| SHA256 | 51478408a177bf8c19a13a5035c841f61bb325e1b0e460b5cd221af72165e923 |
| SHA512 | c8b46350d4fe471f54dfc983724e5d1a008aa845461984367245e00c75240d1cf9779d1b4a96cbf4fd1c99246fdfa8c8c0dd38c1434bb0694fba9b688d6d9e44 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c328376b8491975a21183a9bb090e8e |
| SHA1 | 7ec85b307869459648a58ea91742732eb495b6f9 |
| SHA256 | a767d51b5ac6a3e1f74d189ce816864c45bdbf42e3bf8ebe40fea743f56980b6 |
| SHA512 | 11c51411c5b7bebd7dae5be95a642262eef2c408ba0340cd4fc8b275c5de22cf8efb24d7d8faae0cdebf0d9df8845c690634de727fea3cefa17643aa8a60ee70 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46818d543260f32487c7a01e2baa429 |
| SHA1 | ecc2f41f20a0f8d03be63481afedfdde62385b73 |
| SHA256 | 2a159c81839fe2ee2053eb327fa1753ee2a3a96de4800b76672889cdd54d854e |
| SHA512 | d13e027e52edc02bc3355b124dc8bcf0765fd4602ea03a353fa733004028f1e794dac8698c82a826a6280e61841c59aef93b684c12021298a0ee512f143435d6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 19:08
Reported
2024-06-20 19:10
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\27acae0c-3180-415b-8c89-51554656f680.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe577e48.TMP | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\9da88b33-5ae9-4e7c-8132-3633fa3f3d81.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000003.log | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe576c66.TMP | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\4f806de9-7fb9-429b-b43d-082578b6627a.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pma | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\History-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Favicons | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Last Version | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\favicon[2].ico | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\IECompatCache\Low | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico~RFe574391.TMP | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\9da88b33-5ae9-4e7c-8132-3633fa3f3d81.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000001.dbtmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOCK | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites-journal | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokens\LOG | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\88281f4d-4336-418f-a01f-ad5af5bb9d43.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\97973b2f-4c8e-48c6-bd5f-1603bb9c7b48.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe577e58.TMP | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\8fd63592-7599-49cf-9346-203b4766d598.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3112 set thread context of 3924 | N/A | C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe | C:\program files\internet explorer\IEXPLORE.EXE |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240620190817.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\370e9391-e499-49f6-bb5b-38ffdf8b0c4c.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SetupWay.TXT | C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@ieframe.dll,-12512 = "Bing" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723_.pdf = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IETld | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Suggested Sites\DataStreamEnabledState = "0" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\EdgeUpdate | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046} | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\VersionManager | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings\dgiklkfkllikcanfonkcabmbdfmgleag = "50AEDA7D427A942945C9A5A4B2308F06D79D3F3EC846D5205D2A30A7D718D026" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings\jdiccldimpdaibmpdkjnbmckianbfold = "CE16B10BF9D82FD713B75085E4E565571491320382D01F8A5685941F089BC2F3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\DualEngineCacheContainerTracker\2KXE66AQ = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\OpenWithList | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\IEMigration\MhtTakenFromIE = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\media.storage_id_salt = "D66B7F6414D343DDC039C39B52CDC5C5A5F84A26DA382A3B3F33385BBD995DA0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\homepage = "67140D3FA18E8732D85FEBF25A7145F55DBA71E189F52E3937FCAE16AF33ED57" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\BLBeacon\state = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018400FA672BAF6 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb0100000063d9fdfe1838ef42916d3a9ac478c5f300000000020000000000106600000001000020000000d00d82c21d9c301cdcee32a0096349bb689423e457212098915cbd7057510af1000000000e8000000002000020000000eb3a6ca4a61954e24775aa1e81198007dde3786299fa44df628121b647b1ddce8000000052c36132d2d24e546e5f163400f16c874efa122b6cd473c5be0559fade9aca16cc7073d318b8048b25edb5cf365668e661c10d58a07f0a39f8a1f9051929da618d7ee0aec348a5a22a48052cd93cd4553ad02e26cd907ed17446d0b1ffb4822dff3f1b7bf5bdcdb988db0600832a205707ad9063e4b36dc0a867ff66e36cf54f400000008c50510b0c801384c252a6c1db2aaeb0b889fd140dc8ccba68f74f0a0c1ffd1b9e0eaca908140b0183e12c68028ca3ad1b49502d251f1f059bd659d22695efac | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\AppX3xxs313wwkfjhythsb8q46xdsq8d2cvv_microsoft-edge-holographic = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\MAO Settings | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IENTSS" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\MSEdgeHTM_.mht = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31114082" | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Zoom | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\homepage_is_newtabpage = "D3A68DA8B5C47D3957B0CA15AA73865BC36727F40BB95CF321D032A035C73B8F" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\PreferenceMACs\Default\edge.services.last_account_id = "38BFB0D7424B105A59EFD27D0952CE255393A51FDB70A43289E3D80387B9BB19" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\program files\internet explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\08f366a0da689827686e40dec32f2ca7_JaffaCakes118.exe
C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3924 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3d002c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=3d002c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x40,0x10c,0x7ffe82cf46f8,0x7ffe82cf4708,0x7ffe82cf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3837290266388050935,15245953937210305031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff791b85460,0x7ff791b85470,0x7ff791b85480
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/456-0-0x0000000000400000-0x00000000004B3000-memory.dmp
memory/3924-2-0x0000000000290000-0x000000000033A000-memory.dmp
memory/3112-3-0x0000000000400000-0x00000000004B3000-memory.dmp
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
| MD5 | 881dfac93652edb0a8228029ba92d0f5 |
| SHA1 | 5b317253a63fecb167bf07befa05c5ed09c4ccea |
| SHA256 | a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464 |
| SHA512 | 592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810 |
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a9e7764813e8e61eb16210c93f827afe |
| SHA1 | 8cc2450b833176232b3dbae9fd87ae5c41fdd877 |
| SHA256 | 8b477422e12a7c5dc408f68429529b58ddade43743ad927fcc23f26212aa85c9 |
| SHA512 | 9857936eecd26a7ec82080380707456c2ac7e3bbf9197165f814e39b0f293c8a9cc4b3a160040504daa3916cba512b879a96a4ca4be76f6e824ad7f87ee531d7 |
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4ace0a551f202bcc936a77eb0f18a8c0 |
| SHA1 | 10f692d01fe8dbc886ab8a92bf03084e626f71e7 |
| SHA256 | 86977adccfd7f5bb375cd90eee22a2c4f1e985bee40976926340e1b23994f0f4 |
| SHA512 | 39a449175299a5214174c552cca3201ce3c5882e66cd3a6d41d72f6756fc508bdcd8f8add09d6b47fb418738e4ea9928237ab4f834a84effcdc33160ff3fb294 |
\??\pipe\LOCAL\crashpad_2408_BGAPJXIZYPFGREXV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\ca21d98b-2f5f-4a5c-a3d7-0ca57d5cb0cb.tmp
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cff53e72439eef1155e27f4dc331c75a |
| SHA1 | 5b5036a3552dcc9415c82dba7a947531a5100117 |
| SHA256 | 56d977a2e2f7487a2bb652b0f905724ab1a177d2ca2837837bd0f98c01f36cc9 |
| SHA512 | 56e9b35705ad9e09abd970eb9f0772d8fdbcc8b59f972ee552718ff5a570ff8803172d1c62fcd098c3db4e0f5bb2aea01dd5fef1cebd3c03a63de7612088bd59 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5744ba.TMP
| MD5 | 7ac525ad593faf07f216ce8c64b36eea |
| SHA1 | e6ad8e1b4f0ba46b1491265ac414949f21335c23 |
| SHA256 | ef7035480df692417e5d1f0ed1d012dbe03d2c8ed5171b123abed65c083c2e5c |
| SHA512 | 3818e293e2ec78542cd430588736bfd4a4d248b4b6de4e1bab7030c46a195e6b777573ff7b47e456aa0114aa542c2db085a9654e2bad160fca832800d262f2f2 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Windows\Temp\Kno55E0.tmp
| MD5 | 002d5646771d31d1e7c57990cc020150 |
| SHA1 | a28ec731f9106c252f313cca349a68ef94ee3de9 |
| SHA256 | 1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f |
| SHA512 | 689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\8fd63592-7599-49cf-9346-203b4766d598.tmp
| MD5 | 6e60e3b3699143e888f2219e81d701d5 |
| SHA1 | 6f0f6e6e8f0aabe46b60309b80a723ff202f4cc1 |
| SHA256 | f0515419df4f0089ffeb367697838be755806405b8d2bdf56d44667eeb180bb0 |
| SHA512 | 1fe492e9b83f83413ddf02265e13968632ffd6142ca2159e2a5cead94050e43dab5ed06b203061d1874d0deb58cd51300a4344c0572fed2cbc81cb42df477337 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6edc0f33ed4542c0525edc92ef0d66e4 |
| SHA1 | 819c53c551cdd5995619c857e3edf9f908e1631c |
| SHA256 | 45111728743a92e1c8f6749e49920773d6805206f9bafa013be2527afa5f2822 |
| SHA512 | 8985fd67647dd8e8f6f50ae78b4c36fde4e7006ebada7ac87d0b4fa1372b79073465118cd781c505f070e37b25a8c24eb8b9994ccbfa50a25bec880d4e7e7ef3 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe576c66.TMP
| MD5 | 59667e655a48fef54ce1555b8c19318a |
| SHA1 | cb75d58975d104a106242d4234df900c6a19b0ba |
| SHA256 | f96859a5a34034a6013bc0f176ce0296cedfdfc1a3ca94e7a029ab709f071174 |
| SHA512 | 940673eef9daf1e8d24c3d917c3d53ffba12047060dfd9bf9656d171a983e061968e31ef4289ffd8e51a28164630cef7985724a30a2043428693939d0075a486 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\27acae0c-3180-415b-8c89-51554656f680.tmp
| MD5 | 781035a3f10fded1165959ab4f9c19de |
| SHA1 | df45c22b248f0a669b89340eac4e579e10318398 |
| SHA256 | a154ce9b75ef2b280a1a4ccc7d3d368bc1df02f2a97f32bc5ecb7e9f92a136b6 |
| SHA512 | e3106f0ddbc1c3f30c27e4f9db954f58ba092b2804071553d1009e1f5da0aee46fe9f6e9563fcef51218a4e71a28c04fe3e89ce0d8dcbdab277e31178d668f52 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 898cc83ab33d47d0f6dae7a41ab9c1ab |
| SHA1 | f16338ab7626aa14704bc5e885a736db6cbd8ffb |
| SHA256 | 5d3fd9a0009151e4349cf6a4acab5096f3e72da4f87cd27fe4ce5f08cdac1596 |
| SHA512 | 07cdca69544e7a01e1fed53813401bb87b28131f2bc7b6fd95b5822aeb506d83ef4d3a883bbf0c4c68df923ea1d36485800994c248c8dc2439cca735aa1fce06 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |