Analysis Overview
SHA256
45aafda1c5f29bdd78b2ca16cf3a910d337fe84c8074dc123ec5498bc4dd9b6c
Threat Level: No (potentially) malicious behavior was detected
The file 7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win7-20240220-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208acb3469b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FE467E1-1C5C-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092566e832e70f04bb2cc0f648ac6e08e00000000020000000000106600000001000020000000cabb48b9e7cb4ff6e5929ba7455c18831d342891b36ecce992a32551323a60ab000000000e8000000002000020000000daf3d0c33052ff902131dfb0e0d665cb66a66186b974fdaeeab13a7263fbb5aa200000006803cebdfa2a390714b8d5ea480a1339749e5e86d3c500ae6a63999801bf4357400000006e13ba959be97fad5bbdefdeac4b18e21b9d48988e62a53bb32f4da8f99aefab9ddb7a476b31eb135f58fd3a265890d90e58651927fec03625f5e5e976ff0b5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092566e832e70f04bb2cc0f648ac6e08e000000000200000000001066000000010000200000008be6cfa2abbd1a7755ab0b8fc93afab06192d2db5ed9efda25c89a9e4759d295000000000e800000000200002000000041a684f433f1218b35ed2e3dcea6fa7ce05ccf38045d07a5a3040151953297e1900000003e99fd9e60cf8411f68732ead4d2affc26a8fe39195939afc2b76996a37ff60e684f2d5e0e2877b7d143c05f621a67fb0309acb73d3111567410ea4f62ad2b985d8f1d87e62a187ef3846bfd56c70a214994869cb2fb4559172512a1a006ca2eb1e9f0b14895a00cc3d9f453247e0dd3c24e8bae5be6d115629a045db9865b30a983a882e17fcc4ae05ce49ac333370340000000719081dff70cfd9c62124e4188d09b339b50fef48b2848871ae251060cf3229b2612be8f3ddbf04bbd1a372d4b72e5fa0958ee6d358aae9fbd5c99ce99e68cd0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998722" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r2---sn-ab5sznld.googlevideo.com | udp |
| US | 173.194.185.135:443 | r2---sn-ab5sznld.googlevideo.com | tcp |
| US | 173.194.185.135:443 | r2---sn-ab5sznld.googlevideo.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar1920.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab190F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9559a5c6dd6201d6d4aa5c842c8ab536 |
| SHA1 | bd5919aad3727e8ee248d3280f73a0c05f41c5a1 |
| SHA256 | 49513f636d6e2e7d333552c935484f6dfabe0577a87caef988878984686b4ca3 |
| SHA512 | c67cf68d36f072175bd4837425d9686b22ec21e151b56c1ca92aa60350bbe094dce991fa3f17ec4ebc729ae7aa7eef46a7cbd1bb2f155f2b4dcac37f1d0438a5 |
C:\Users\Admin\AppData\Local\Temp\Cab19DC.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 834c79ef0f54c7dff80401147912a8fb |
| SHA1 | 67ce8828d8afc50d7f4592fa0e6dfee8f7faf1ed |
| SHA256 | ade5cfdf6fa06ce7b10f1048d39f04512aacfde93899b24c8ba0c1594c8c2d31 |
| SHA512 | b27247dbbe44cccd0168d57d4fe8a83302bca5f37bb7c4240b9a75d89c98c97be2e19c68b5282e117fa8f5c0f5c8a30da482b12d40d66abe2b0bb10063c9c9dd |
C:\Users\Admin\AppData\Local\Temp\Tar19F1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c0d20c7d62c83f42f6cb88e665bc83b |
| SHA1 | e93a0a09f0de93f9e0270713ef9a45a24d1ba0e5 |
| SHA256 | 94d5d1dc923ba6fedaabc786853ea97cdaaf0aaea46dfd198b9347a2fcb54025 |
| SHA512 | 45c3897120c934980b1c905db78d0786c3dd681b03e63a8ab6ec646bdfb68d6fe8bb761b779fde683818052b738b84e8d3fd404a2a32b3a651f8158aa98a5e77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1c823c8047e16abc20ecf92a21d4ea5 |
| SHA1 | 8cba1cb2f5dec399b9e1908e40e1747f84cfbd08 |
| SHA256 | e71c6209772e1e594b19a752e571898b2d4b9c1dad2339850406a353b1251b77 |
| SHA512 | 18c5f3781a16ce443734bf5b3dc080d713482272d3b3b574a70e207d400bf63e27268c38cdbcdf41d36e46199fda2919ede8907e8ba94d37a5e45704f1079bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95375bf0164d58112234770dad655631 |
| SHA1 | afbe6b168e91059fc3b074f1d190f6c1a6b27965 |
| SHA256 | 94c9f1289969096d2c25379b2a737f415c028fe88b617597cd18c2c2bd7f46ff |
| SHA512 | 001f981d302d7aaf3c29de69f9c22e2ff946a8abb8720cc2a8401176f1385a5851195d179338e64959040654009dda69df4b47c7d23c1135e26371ebfa05ab17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5078b90f4d6fc8df41756bd3ec05ca28 |
| SHA1 | 6c1813c4363b1ba5767a5a168a2e81fb911b7fdf |
| SHA256 | 25c4519182add200586bad1e2c33596a5e8361f026afe2ffa3346ead23661177 |
| SHA512 | b34a06d5094af8f78bb090a121dd5cd285d0c6d75ac8939131833c88e6f7d739078c107be551aa4ac9f09d6ffce691f6ef979d366ab8de37915d170a561b9391 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 899c73c00bd7b0ba1c878eea3e92a392 |
| SHA1 | 9951ef21f6b53d9e5f95f3132ebc5c5eca2d5d78 |
| SHA256 | a0494a023094a251ac83b07fa7d0622f958968821d182723b25f52d18a5de607 |
| SHA512 | f0cfc9fb1457a0cedc395f9d6fa53b02381bf0f3c41a1c7544789975f493aed7baa35b3119a8f7960c9223138f3c703129eef8abb7a2b78f38ac19e71bbbf373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58213eb0b051dec3048382fff5f89ed5 |
| SHA1 | 2539933f3c69923bff9cf79f09b006a2f0b93082 |
| SHA256 | cbbfba5b25fc105d740103106ab58248984aca6a7f7b86cd51b28c486a80168e |
| SHA512 | 0a4cbc4eada22678b7b6a5b9c8eaf1542e9456450976f4d43eb4eabd227f422a293e6dbd11addcade9f2d6667a0268f1b0713335a94e4dd8a31620ccae32c02c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d961a80e5cbdf93361cab00a58a0cf5a |
| SHA1 | 2e9d98c4198faccd6ac13018d0cf5bf0fd05031b |
| SHA256 | 7225d1616da496c64e811e847ebb3d8b95b32074b344672f458d26b314662df4 |
| SHA512 | 4547509d20bf507c9e17578478612240abd7faed93098db126f09f35052db6e1199dd44c6b9def4280d97fb1af6bee7dc88fc8fd45899f78119a31b2130694b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b5d09fcadecd9924a7bc1e6e5c184f6 |
| SHA1 | cabd6b7ae9113569297a8565a28bea4270fb68e4 |
| SHA256 | 28fa7d4d70519b527e7924f3b4a7240f62a2238f1f676ec54163f757b0353460 |
| SHA512 | 5be9c724454d60a653f8f4e27719b04cfed8464ca9e8b163b3905fa067bbf8e6c8c12f8934a7fdee2a06449ade4979e4607c55975e584dd3bbebfd496f5c6281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c644228aff4bf260461c91a4eb41bc7a |
| SHA1 | 11bd598438a1259220ae70a82e78495f2e037350 |
| SHA256 | d57b48724a7219f163e264899b57a2bae164f81d121593bf1db7b8b13047c9fb |
| SHA512 | f278943e23a09ef5b9cdb0a18481abf5bfefc5e244bedd15f117f28501f4e422b04641669d67d01b8855de9e9f76fdc139dc48390d54490bff179f90402ce48e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9caef6f88142a96774a56ef1e7843201 |
| SHA1 | b52786f8bf10d8cf489a724d901fb04c496ec6d9 |
| SHA256 | 796548925176137abb4a8f474d695d681e3bb4b0d11a9a833ff94aff9890bedf |
| SHA512 | 05f84bd9dcbe1b24973268b74c41efb14e9b4da23fd16652972f715e2af45204974fea64ed0a4d21bcd73241eee3106d4e01a2c8e7b8a07c1feead59393b012f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c81321a1e46b9d9302e6eb417c38bb6 |
| SHA1 | 5e422905b506860e2b4a2d5a628d3c607916a177 |
| SHA256 | 004f72b6246d7db63bd11eda0173f717f73f24ca2b670a148ea223d5859e81b1 |
| SHA512 | 5dfee4d3986833d1f1c78d5f10950ab0ad0ea3d74dc9f5a80286f521b54ebdb3697817935dfcca42bc01807898ff14f4a8c82159a48519b20a69709935eac2ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5df8bee3445c73484d5158eb3222a86 |
| SHA1 | b1a92c8681933d7b3a6b901314748a25f353cdbb |
| SHA256 | 7078b9a6b450016a6ef92fd871e741e89c137661aac2409480713ea3febdd383 |
| SHA512 | b522ad7f14ed11a9599fe89d1b04ea5a44b2d516edc47e18390c0d49b2432462ac5dc65ef7c78a639eec7fe26f6d3ed28b673e65f0fec7f3f862da764a75d541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a22bd44d4b8065ffd6ed8fc92d198446 |
| SHA1 | 873199feccbf8898feccdfb89a8d4e0bf3c05e6b |
| SHA256 | d4954d59ffa0d1e92e716015d8a649b8144e0a30cea300097b540d463582a260 |
| SHA512 | 9bfee79ac8e9750b6dc41cdc827a753204b0059e220c1e34d0cc8906c10fa475022239fea08becccda2679d6766da885a5b750e0ba1ee1652a0c5423bb406897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc8b8909d9d3ae897cd8f6951ddd4325 |
| SHA1 | cee61ea5b3c8e96ebe977033dfc79277b09b9c76 |
| SHA256 | 2c639382297e43fe69981b7dd2584135ae386c0a846ededa763b39a57b7bc379 |
| SHA512 | 4fab25c23f454943e4a99f1ef13b82e84b8302e0c3d54d0c1a093c70958712e00f2f8cd2ae619cc2bb51ea8a3e26bd1df65d4c224f35df9c1411f48aa6615c00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 611aed20d611c483e0554348c90b7e55 |
| SHA1 | 01ab28a4d49b97cd6db30e58b3518c03fcdf7374 |
| SHA256 | b5ae81bcb0e0c6da14e8d3091d3fc80d681f5dfdff0f5d0d169b64a057041851 |
| SHA512 | b756d8425fb393f91c57dab830c594e7f3c4b6e79b69dbdee6d2f97a6491f0887ad71698cbe2e5552200bfd95fc560c0321b843c09b054ef76c9e3f4569b22f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ed32d5d70ebb83858ae9dec568934c5 |
| SHA1 | caa33a9416bf792a26246c188aa27a627f4f0df8 |
| SHA256 | dc85ef1219a166831d3a22587f30257213e9d313faae1dd6f324f1b84bbe0a16 |
| SHA512 | 5dc0e93453fe50df8b45c03e2ef091bd2b3330347cf2f42e950cd4fed85261423889cd282e2922310765029ac374d95607a008e68f53dcf76377cfc00911566b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 03aa422a573570235bb523805680c165 |
| SHA1 | 71a84dba32af175fb78992905891368f9b3db0dc |
| SHA256 | f9bee22ecb59de9741af5c02fdb01ad8d3c03c95d3d7209d52c2bd7c5ec62ea5 |
| SHA512 | c3a6c67ce9d42302d77d3b16a30951ce91d3ed3880b7684d4cdc81c84fb027b76ab66ea6d26e1ada978f63c7032233e4828096b08a37720cf4fdb88c3401146d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e41ea675b4e41c80f099643ed524f65 |
| SHA1 | 1bfa51708186c97916d58d2656fdecaac29e26a6 |
| SHA256 | 333977c1fabd06a4f4d764b5b361a50e970044922f9cf768c6d3e799fd85ccdf |
| SHA512 | dbafc3c1044f4bf9212712c01fef1464ed49e2989664252148119e0ea38784202698b6a54e63fe1b40c13d545ed019092d07b7c30adc81e66737a5a769d508d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f8fe91b1983966190bf9e7140db2c96 |
| SHA1 | 8834a75f0624f339b7620128edef5bc0c4626569 |
| SHA256 | ef8671f215be8eaecd6347dd8ae329a753b12bac04853274a4b08fdf524b3bcd |
| SHA512 | f92e4c686df118c2a8110fc7eae9dc21b899387284efced1801c0d18f44406c4ef7b8b6e2286e675a01c907f9046839a9b9894c6a18e6595ee12c124040590ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843f4d1c91d9fd4575e703dca46d9998 |
| SHA1 | 40e173f193ce5da27e8b6b6fad1a050fc86f8cf3 |
| SHA256 | 168bd05cfabd7beb1db63dc64821e468ffea65e60ab98393c6c08baf5ccfd70d |
| SHA512 | 049be112164cd503cd9c8c5c06af6a61d1fa0ec527e7c0a38abc406f34e398fb3485ba842cbf5a9375519a4a87c4e994070faa587e079b542415a6306a1477e7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a32af4c3c0c97820aebd4ecb39a97d5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17b046f8,0x7ffd17b04708,0x7ffd17b04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9903298719725761345,13315839424910028959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| FR | 216.58.214.67:445 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | r2---sn-ab5sznld.googlevideo.com | udp |
| US | 173.194.185.135:443 | r2---sn-ab5sznld.googlevideo.com | tcp |
| US | 173.194.185.135:443 | r2---sn-ab5sznld.googlevideo.com | tcp |
| US | 173.194.185.135:443 | r2---sn-ab5sznld.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| FR | 216.58.214.67:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 135.185.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.ytimg.com | udp |
| FR | 172.217.20.206:443 | s.ytimg.com | tcp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
\??\pipe\LOCAL\crashpad_1040_ATPINGCAHOFCRCWI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a9aa8c810a4a71b28e2ad3ea947530b6 |
| SHA1 | 27e4bec0d1dcd437ee75b637a7d769dbd827626a |
| SHA256 | e7063e6add59e8a13237a4f27642883fd0eafe3b960d6854232d6513c32c1b43 |
| SHA512 | 5493f0a06c4b203c73275440fc7480b33fe8dcb8ef497fda2d17d5f9a202d5380339aadfac17bfc635a4277c74153e6f2b5d209caf09e3955ae3b419133996b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e771107ea0e42823e1b1f00052eaa2d |
| SHA1 | 374058ed26748e5835842713d578e3383cb06934 |
| SHA256 | 9327c339157367f1f00b883aaeb5a15e4948d2b9de552943dd612be395822956 |
| SHA512 | bf8feefa565d37a0d412ee3d7cfc41c09f61102cc307797a3f79359f82ba5989b6c5a2c27197d55f4076b92f0ac569c3e0ca78f213f482431114275027e187f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3c2b688501f715f1ff9041031e06231 |
| SHA1 | 56a5f893e64073361a1dc9280a478e87799edae3 |
| SHA256 | 8dc2132e127892d39f69d44d57e8ba95d3a797ceca727c7d27a5f9841b7bc530 |
| SHA512 | c4d6d78a5143d068fe7740787389a6c2583ff7ae3ee84490547633c2760d0af0470569b7f6279ee487f23a3ed1fc9a7afd38d81770659203d3f317f8d59537c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1383984e307c03cfe5491d6aaa190b3c |
| SHA1 | 7af4fce95ed9d13f6d12414db2f8fbc392b2c387 |
| SHA256 | 017332fde6d033839577d504e62d909d7cea3f3f3c2634d337fed62351511bf8 |
| SHA512 | 1c300d293cc5c1544970a3c3f41fd1f48a2755f9688a4e60a8e3c8a50b5afbc9fc83340b6dde0496017e478e5cbdaf0a9a00a7f5f3490c13e9a8edf6b44c9120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 85d789c99b36799ff71f325af01b5a2a |
| SHA1 | 2d31701988d152255ece1f6ea4229cdbddd76438 |
| SHA256 | 47f43460aded1ad9b2fd0875c1606424e5cf43bed29abb4dfaf63756ae065485 |
| SHA512 | 4e0686264f6c43f65ecb58658d002cdb453eecd7c556ee7b337fff241e9d4ef7e9968d57498a004b9b827484db750dee2b104dfa0e2ff4e1f447a6289e7f6093 |