Analysis Overview
SHA256
bc1af5f83ca803142a61bfc22497e008e93351751a189209493476c4306e4f93
Threat Level: Likely benign
The file 79c6253b2cc54b4d63afbe95f6b6aea6_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 16:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 16:40
Reported
2024-05-27 16:42
Platform
win7-20240220-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f4b0ad9e04e584abc2f23c83912807c000000000200000000001066000000010000200000004ef89816c07ce10cff8fea7444504f577e11ee5911220b7d077f52ca11b55a63000000000e80000000020000200000000118cb24011bbc81c0913be760a3a097b182135e19fec19e73451835492d100d20000000fa707af5bc759b30d211dc6e21f442a10c5e74f7cf3ca1fc0d52a536f24a66d44000000059801d9d2755fcf0376da56e3f038b2bcfea662b669b79402b254ff42fbaf56dfc53a5a81d13dc1781f5551c75a3304a2693437aaf32461706b722d2c63f4fef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f4b0ad9e04e584abc2f23c83912807c00000000020000000000106600000001000020000000e55fd87c02708706dd63a0bd80e4c1b7041fbc39034f0201ba67c107f5aaa31d000000000e8000000002000020000000d7d728ba6b0b029ce24252780e385b107796881dce0f541c952f76685849f58c90000000a6715f8042230dc67d7fea2ef3bca7759ffef1fa05e68989dd84bf6fc57faefcd333d0e0a630d9a58014510d4a6105911f4a241bd967442b940315e070685e226367037a27dc736da309d77303071c21c711cb79f7a7e1f79b12485861470ce50d00b75dc0ee26c7bd1069580fd62cc2c8919e76ac4c33c399a7f028c2aa36ee60b87a50e5346aa72f62cd42d7d2963540000000753779ed7fd512a83fb0def84ccf10497e55759d46b83f76baae2ee7db00ec564209953d02f7b882d23719669f6a7f3a858c31cb29e36a926af37d21995e4c9d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA417D41-1C47-11EF-A1AD-46837A41B3D6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422989881" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2072ca9e54b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2060 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2060 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2060 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2060 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79c6253b2cc54b4d63afbe95f6b6aea6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD3A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarE2D.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d299ac281b33a264a9684f304e9a5923 |
| SHA1 | f51a815f81bba49587e3cd9d632e85ef3bcf5a66 |
| SHA256 | 8139003f743cde0d692efa1490216866f4a0466cbc2d7ee89ae4e27807173880 |
| SHA512 | 0fdf329f4604f105bb5874a765e9b48591956b515c093c1eaac0c50168ed6957ba22486e00837ecc2a3ddf550726fdddb5c0e953d0627f4a718040f85ca70517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcdf494605533e0f2253406f29d19501 |
| SHA1 | cbfed94541d7e31c1569538f7dc7f02f669d8000 |
| SHA256 | 16bb8404ae9f54f2f6c28699451458605cdbc5f7ef7680304a2831595b69578c |
| SHA512 | 80d449c0c1b1161d477952a3823cd93d27d24a60c1f1699b41eca5e8fe94c4f61e6cd6c1b014d778dd3cfc4124a2611b816bd7c94b80be08a50e255f1ccac9e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 926bf98d2f212c8e72034b160ae07217 |
| SHA1 | 645f6fb852d8dd2c09f4d9b6ca88ae22c26046d9 |
| SHA256 | 425a5d50fd107e64a2a9846a92fe2f224afc2d240875541ea0e331649a50e394 |
| SHA512 | 4e1c1bbb9fedf98506cabcf27a0e02daa201abb41b8c66c4db9d3d986a6f4df3ca3f1239d34da320669f6eefeb49c73df9cba78bc24350cfcf58336fc712b8cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 108c834bdd332600a56bda1013b24392 |
| SHA1 | b187fdcaf6f1633e520c80497cf78e49031dc0f4 |
| SHA256 | 53b5c42ebae01a54d7be958e86b3c4cbb141c210cdcc3d83e8db4272c1510098 |
| SHA512 | 39d57556e2a363d9c40275cec8f3d3949466941d60ffb8da433087bab07190f1bcfb64b6c7b5c983447efb378515a241055bafd7dc04cc8d7c51b6e4c7e7bd4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bef195fae291769628e836673bf58cc |
| SHA1 | 41842b9fe5cc2897ab6dc6119959546d8f0845dc |
| SHA256 | 4075cb278d1437cd2281d8e352ad98010f6bcd4cf21252f4fc285446aaae6499 |
| SHA512 | a97e0c50fe042e7bc96c59bfc55223e370852d7cf80fc45fa8478a8c31f73c1aa6ebf05447ca3c2a97753bd0a135a2f8c461083d61818e5c7924ee994935ec76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78f1a5b9cc7828acb23366c125be6493 |
| SHA1 | 41c32b4fc6216f95c32ac4170a21ea166fd86f33 |
| SHA256 | 75528704d8816103e4ff69afd13de85f9590cdc3364bd1cb258679ee01c20820 |
| SHA512 | 21ac8335673082d1fa48e8a4be055dbdac5be66244082f10080770cd27c35067cd4be0a1738ec19f90f5d4978338e2e97f5eb7725fe00dbe70ddef601120e7bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c3a416a8fa4bafbcbc515ee898a34b9 |
| SHA1 | 404ead8317cc59370784526e91c055d1ae02b973 |
| SHA256 | b1f8fc522b7507d0c6411ba1dcc6998187f993e34176f49ed68c72954b74f48e |
| SHA512 | 53f439c573a52fdb04d4d00256a1d3a59f6e17762d1076457655adef648de0f30e4d07a3a3eec67bde1ac02fbce1388e25b27ad94d2a5ef5551ff5d8bc82d8e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49c7bf4b5bbe74dc8400720b23a7ad3b |
| SHA1 | 6a990e740c4ae8c83daf59755f42b66d0c6c43c6 |
| SHA256 | 840536195443709e49aab5c79dec7e1c3dcfb79326d96bafff0b88f401e4e8ad |
| SHA512 | 293510a91053146dc64077a44decb3a3ce76ce7cbacf34f22cc08d9e2b0bd91730cf38379e6c2936c357ae3584ccd60410721a1a26a74d63b0e120c0d0f4f6cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e47b50a122689261df71fef2505ef7 |
| SHA1 | ecba481427ae865f4aff6a02e9ffe6c09f37f490 |
| SHA256 | 592143e579016168f12405deca3a903ed625b4940bb22925d9a6b40a4487a737 |
| SHA512 | 73300e9a1d889c4bdbe8f888b9f3a96db013cda6563e0200b1b1e77f7a115d5da73233965ca0996fb4c3c3ebd35685a74014764726bd50bdc765c1e39f376e32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c22223f9fa3285c6764e9f0bc27618bb |
| SHA1 | 804570f17ac5c047b88cc2336cef8f33b79add0e |
| SHA256 | 47b66c2344003e139d444a9f22a44363b530fb9c2bfb797bcb1d9796df3df74a |
| SHA512 | 4e18cea33d3a4869549d56fc79692f73c732dcac3359ffa4657e5109a2cc4225154fce9cf0a656468924b595f5ee360acb4e90aac42af126c26dcb4a6a65c42c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5330ff9803ff86657571cf77006ce80f |
| SHA1 | 7894e3c89d4e7396b848126331ddc7d183cd5121 |
| SHA256 | 0f34e3ab120e1f550bafbe474723b991124f768f053f87b8fde8e9c7b6e55712 |
| SHA512 | 8f15ec41fef47edc7652e64bc2185aed5c09d94f0652eded5e217bddbe14bd695eb75aae89e32853328e26967026e41d5a3e755f6721b0db5096fdee40c0b7b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d46b90371cd2f831ea4f510f2127ec38 |
| SHA1 | 27df750124c013d3d972a07be6ec3401c3944387 |
| SHA256 | 2627f947cbfd6389d781d461820d0ae7798a5114adef172e8bcea627d5d7aa08 |
| SHA512 | ea6a375d8c6ba2feb88943cf8fffc33b38baee96a02348b3b3867ed62efa654fc842ac35a665b620eb1426195ef0ec2baa7a11ba218026b82b124671ac25d382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5223a2dc35e3fa9d22fd9d4aba3f06f1 |
| SHA1 | 861858c71b18b6b92165403a06f829bbd07e7326 |
| SHA256 | c7ffc2e051b44b30b0990af61a95f4b68583f4299c3d1accc6c0039a10f46eca |
| SHA512 | 4ae31300e49709e9032ae9fc7dc8a3e138f46af7e4edb673fc26c08592dd83e90f4bf6ef5ed91e2bbae05ee14a925747fa46e64735f2b3c554fa7f62d353e0fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41027eea9698d95dc69282eeb438e008 |
| SHA1 | 023b28f5a144d5ee21301cb1fff083ad24b90542 |
| SHA256 | 2087622d2595eebcc2ccb9e304e48e0f5d21d5fc69500de12409be6787b1e1f6 |
| SHA512 | 2464821c103803534c59af27e503c7e4d19d1b7a31b536de32d8d274ca247a16912b73f4fd5feb492ad5546121cd27826b02c8b07671de3e94b6d73a4201a488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcf1b56ec1c6f398877e030bc7edb9fe |
| SHA1 | a3d5385794e0452eb32d54af66ee2a36ddc9fd95 |
| SHA256 | a28b85c83dfc716d70a896ace9ddf28c252c498251e62bef9d70fbf8fd3fb43e |
| SHA512 | bd5e8a9549fcc0ca2f958da32c3c79416159b87a0ae851b9b7aee3e2aa9c577d3cc9530767235ffab8f178ad587aed240e7e770153f1055e58ceaac252fd02fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 353fb6e6e6871b6c0dbbe210c138bb34 |
| SHA1 | 9fdabf3d6f2fc3b3f751bba894baf411e540ebc4 |
| SHA256 | fc3a59cc8c8a856f2c9c06aed399eb13b14330c0d0a74fa21faa028b234d3fb2 |
| SHA512 | 725be9ed897f5922d2f9fd4c9c4b8e294656d0cadbe5b7d7afcd99b891ce0223962b6cd60ef5d8e375bb4012742ce3138230a7c7297da0d245b336039e1cf790 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb665b9360d5ae128480782d8a15b4ee |
| SHA1 | 5f62fd75dac480f2d1ccc2cda2e466c9e4889291 |
| SHA256 | 24241d3d929562780d9d743119e959ea4fd628a4ecb6e8ffc7b4fc290b5d9cbf |
| SHA512 | 5f8bcd636da129a42021a4312e5b7e2b52e4d092cd4e436bde70f0ea0c3ee6f8a6eb66666542a8c08ce72dc91cd307232f3fe0dc4befec7d8a50db1d2df7ead1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 351f881b4531eb9d3e3aebf9952c4076 |
| SHA1 | 4a72cfe06fb755a06e907da289a6ec122dfae074 |
| SHA256 | 5f9c7729aaddba162a52cb8e92b24d01d3452af2f6af7c41f7124758675de3bd |
| SHA512 | 5fdffa60276479b391bad89ad65b03c443a531101af4246fc0dbb5f2bf3a9c23cd710a6191e0a34620e8924fdb0082b433286841d62457011a78b38510fcfde5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39265ce87510c8c9a7e7262c48d10ce7 |
| SHA1 | fa44b23908e2c8772f4d1e58e4ca384f42eecb6c |
| SHA256 | bf735b3acc2aaa97200935438f71af3d0190fbd2ff7614ff50afc58d0485a919 |
| SHA512 | 703db139922d17d0d387477fa942b77fc6b8ee8f7d6b2b4f47bc7f619413fb7e04f3434982cd291fcb1c787624b4a5fc5688b30e37e20de676b5365b6d4baab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff45f27bc54e534e43b358ef252dd446 |
| SHA1 | 9b90e029bbf2cbe8413002bbf0904c1810b76c44 |
| SHA256 | 754160d3feb4a34d910951f1ee448e5ad121389ab14d34aca8526bb64e16f21d |
| SHA512 | 312fc96a4c28a634a77a5cf979f47517d373763e0635d78d10f71ffaddcab1f2243eda5f998a46ef6a20a9507b6e3f2f542894cc9366934000c903bb5de82312 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854211bc9fd6b4fa80b913fbed8bbd67 |
| SHA1 | a48298506b304722cbca0c39d3e225e831a03313 |
| SHA256 | 7e2f2de3afb3ea8579ba9339d6df834a96bbf4194d8e70dfe3432b9580818069 |
| SHA512 | c0d42c40822f51670d771627b1df374bf61830dde5af4c79cb9526257bd55a77cfc45816adff90d2ed9e35dd22a0d213a866aacadb8d4080658d19f217cbeeac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8283bc7ea98d01a5a0c00e1fb90e8b8d |
| SHA1 | 60bf0f6f7298b6fa2984ec45cba7421ce74d9b79 |
| SHA256 | 8b13a8d891dc3e4aee6914337b662ba7f6b17db6bf2288165ecde9ddbb63dfa6 |
| SHA512 | 8fc3f443e7cc6fb8431dccc1dae1f7ef6b6c8d90ddd90d84ec93e4909af96ab3b06915ffa4af9cfb20d539241bbc4ee5a70390d294e86c01fec504fe35434cf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b987d747000815ab5c89a0ce618e815 |
| SHA1 | e2ea870c032c1512996adff705ba10d931beff71 |
| SHA256 | 3e2590b95fabd47beea26cd099fd7dc334e46263d2ca7805840766c286840fe3 |
| SHA512 | 989e22d5121ad1ad3eead6c2550bd0e45f71e78c35c7fa590a9ee43468d708fa45be2c053f8f719435f3530f5e782f96cd60b70b9196628f7154d9fdaae86cfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeaee3fec5444d871d5f24e8f29d13a6 |
| SHA1 | e7a5e58d8ea18adecce14053747bf36042f632a5 |
| SHA256 | 5496f218e6d628af47b551a2f30e798e5e3a6b56a0766b2a089471b69215a485 |
| SHA512 | 2b5bdab47f069078ed58f2f4f3f9c4c15a206246cb4150efbe5ec24b902d7ca53c79f1e4c285c39d6d0d43aac1dd0d8a9d74d15fab7965c99b6dea7530792eda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac8792797575e4873262b18188a821d |
| SHA1 | 25f68da7fee969244d1ad79cd5a74e2656226ef4 |
| SHA256 | b6752545219544081bb3910751cb13700cb33ed4aa8d23c296381633f7bff040 |
| SHA512 | 91eb7bc898d644be54f2c8071f12202db4902c56b88d0ba9500301ee4a9a47dee33f0b5eac77bb0a59a0633db15dd9e82408a540d71e5b2f9bf675ee4e5c52c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59b103948643a481256fc40f2b01027a |
| SHA1 | 686fee2ab2a8bba3fd446238b2dce78b3afbe32a |
| SHA256 | 8f085a722ade75ac4d3a4d0ea3a6e536188c666037a2da3e0b8e3a0a4e27fdce |
| SHA512 | c9645e9176689bfdf80d3c1d00c397deefdf46692ae291eba93b65fd4106d5e287c85d93b3857b0f8016f4b49800ce3bd32f557a0ba9f1f0c4ba5439f71aa4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59c8f615b82b7a301952a926db5a66fb |
| SHA1 | ecc82ce728b13724b3475a84a94fc5465ecbb445 |
| SHA256 | 546d95fa5fc9f3c83235a4121c6cfbcc97f57a96d03cd559c2d14866d2e7b272 |
| SHA512 | 15dc2b4abe8d9a8d020a9394b97ffe398148baeb4d57fdb3f5fe13eabdfc746db48b7bd26e7f5b419532a47e561c79561c3e341b7b4ba548e24f090dbc00885f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130816f39be9a2dd1ed3b8db4e3be33a |
| SHA1 | f28691433102206fbf00e01d85ae09298c7fa9af |
| SHA256 | c4fcb6777097e15480b0d915dc68db7d35637d896af1ba7b1a0e71168c271395 |
| SHA512 | 22028bdccb22a7bdd83d4901545cbe320ff2f4af7e1190c37a927990442bcf45e2c5ffc8fe7693969791d5f4273232576d74ffad118792e24508eb8f5339baa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6c232191488d0f42ef23b63c72277b1 |
| SHA1 | 7f023819b3d9233478f08e784617add84e357f12 |
| SHA256 | 875e1bebad2fc0c549f8da6461a9d1ae413aee4904fe933fe44aed24e253431e |
| SHA512 | 3d20dc74b192f6e46cc83c88ce51b2fef64b0139a0d1ff9637bad6af64bee1f0a787c927664af4efc92c3aad065cac73ecc30fdce985039f32591f4c78ace0ae |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 16:40
Reported
2024-05-27 16:42
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79c6253b2cc54b4d63afbe95f6b6aea6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff246f8,0x7ffceff24708,0x7ffceff24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3354270148604458528,4504646646550549031,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4264 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_4288_ZWHAXREWDDNRZCYZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fdf98abe4290f5328eabbe8be872b59 |
| SHA1 | 81d2a52793e541c3b6353255a0b91ffe81692f07 |
| SHA256 | fdb0f9967956b391372a87697d9091fa1f0e59863099c8c514155825b292461b |
| SHA512 | 7384c835c6328ce144df99d3c328f584a78c6dbe7965414e16a01cc5a353b7b6e87439271430eb5b1962b183d7fb601e7a70bdc290bd1411038876775e56928f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\50c65a80-5612-4b7e-ab91-ba2308fad445.tmp
| MD5 | aa40305e707d3c24db0b52b57876edc4 |
| SHA1 | 76c9794c31b5837f9e1ef07f9dc66aa329a3d997 |
| SHA256 | 2e83721c836bdd74360784effe53b8d663cd5794a77bce1c06efac8c569e4f0f |
| SHA512 | d6e7adb3822d3f07fbf4867753eb3e5db4f66a5b49d909c32d5bb4d475c78e420caa2f761e3c81f4e0d2ddbb3a90203df1faa78f68cf2e51e2c1f92b964b5afd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21c25ca15af37802f3a0c4f918596a69 |
| SHA1 | f1aec2a7999483eea41d7e74a29e9fb7520eca67 |
| SHA256 | 14ff52faeff442cc2bfe7c7c409ab9b6fd316842eef3df7fdc583c01acd813a0 |
| SHA512 | 4914ce239877e6c2eea9d9d86e4ae90e7085b2fc60d7c6b1e245b4345562e33924d6b734f88657e6e0ea4aacb0479b399d6ccaa200663505f38cf50c40ebd9d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fcee382bbe8fa3ba1c0705a5771d9f23 |
| SHA1 | d43d609ce584096a16cbb988852977116447a48d |
| SHA256 | 19b50e39232d3b1cc07f5c1f4b2dae3e3a4523282000e6e10b8504c140c88aa2 |
| SHA512 | 944008f34987273b74e4302feb16b79afd5ee4662deaf43d8f7a6002d412b67d9640b40b6ed6a77e50b4b4c7cfc6eecbca9b792b553164001251bbb0788cc537 |