Analysis Overview
SHA256
9f208a4b1815297d975a809ad3fdd4169236b26697cc1dac1fe96ba16a18dd99
Threat Level: Likely benign
The file 81ce5cf61535b7b5a477f4aff0833cbd_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected phishing page
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 20:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 20:23
Reported
2024-05-29 20:26
Platform
win7-20240508-en
Max time kernel
136s
Max time network
140s
Command Line
Signatures
Detected phishing page
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60FFBE11-1DF9-11EF-B393-E64BF8A7A69F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000c071bed1ecedb875e207cc51cfbc73bdd6681de05abf32181d1e23fd7d1a71fd000000000e8000000002000020000000daab82aa100b49e057c6264bad6375b3ba4a97ee4c9b770974aabf5c01ac701820000000b674a278bd76716146c832e36fa91514d73bf76050aa9576bf016421cb1ece164000000047527ecd8378cf02b02c592d742a45aecd7a70bdfbf67c1fb5190175473f377c6abc89020b23dc6158355cbdf52beb6380ab986a64bdd60363a6fa599dd18329 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423176105" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000aec8d2e5955ef5dbec0e0922471a804492a2fb327d1a2b3d38c08f02610bdd60000000000e800000000200002000000094256598b07818b828bd252d03507f9eb5fe7350947073d0573e4da934b0819b900000005d715f6d68fadc952cd6368fc17a63280d907e4b1adb99e74bf33e3c6c62cf91bad364f8624e07b0ff50471ebb2655f5fb1ae9e4c4dac032893d1fff7334b8273db57596d94550cf6f20c47aec216100766fdcf37a93c63104e92ddf6a6a0b66bc2cdd082b4943aeda3a1643873da31d20d677a666d9e941205d3507211ddac0eb86b76e20e8e0cd6f6613e28c21508740000000c07520487d2c0581951bf2cbd76feab4ed7b4ca5bdc4668948fef667bb0daad7f55af1420a291c1000c25973e4b83117dcb0ca222d09cc8c37aee8c1cccc4b69 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408a563606b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2932 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\81ce5cf61535b7b5a477f4aff0833cbd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.acaprensa.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | player.radioforge.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.21.53.2:443 | player.radioforge.com | tcp |
| US | 104.21.53.2:443 | player.radioforge.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static.radioforge.com | udp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 104.21.53.2:443 | static.radioforge.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 172.217.169.74:443 | maps.googleapis.com | tcp |
| GB | 172.217.169.74:443 | maps.googleapis.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb753f3c105f3b163eb10ae800a673ea |
| SHA1 | 6af3915f121e9296d09347ee9fa688b36895aa13 |
| SHA256 | 2ec4d7cf20af3df080ba7de80ace8fb7f7a97f2326a34cc4ca3d3d0774122ab7 |
| SHA512 | 70608eae292f383abe46fe2d0258cb078ac2fed5d174a494301d5456d87af6208496bd428ed464f28aa3b5050e0f23b4b43c91e9aa8f1f49d6a850c34c4a4f25 |
C:\Users\Admin\AppData\Local\Temp\Cab3F23.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar40BC.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar41BC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae857fa8565f9a15ad063bbf193569fa |
| SHA1 | 563470235b65c2dd05aafa7129ea31445f2f45f1 |
| SHA256 | 7ed3f0a28a9324eb7955f30c50b00e38f650400174d9dd35bf6972058127745d |
| SHA512 | 3134e2aaae570581356b1662fe8f092b5bbf9d3c9d5f83473e938a1b5beff75be7e3c0c2ad76cd3270d1a4c3b424117c9b7de840752eb3c3359d554336434a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea1c2b6530bffdb767cd7502449eec4 |
| SHA1 | 277be8c53ee70a6fed86d6c725f2e676c44b3468 |
| SHA256 | 3d70eff4d3f1dd8c638dad4ed4d8a4831dbe676e9ae2b867862fe1aa0929ee5c |
| SHA512 | e1e1eeed3b83ef3473ed329b17df0fc505ccc4e9753bb9119cc4977a96d66346b25d115aae980ba77d6d37231819e9d9c454a5b8a82fd293930ceaf493a01be6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fe90c520fdb966d1988dff062d0244a |
| SHA1 | b124db0c22b39e2d2dcc9ea5d39e9f6acfb30ee8 |
| SHA256 | 60f465521a9ae45389f01f50a657a6b62c79f36fa39eb0b5de1a76d6cc51087e |
| SHA512 | e01796352c44f7df7f7901248e61cb48e2f53199bab728144902c3b9976842143feefb98c9c1a3ac7343ba77620064d95ea9154eecbfe1903a4ff04de295dba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c01ba9b564e4352232ed22ba6ed2f73d |
| SHA1 | 533fc2fde5160270dd22b32bfaef0ca124030459 |
| SHA256 | 49709ae0456fac1ba68e60c57b5ed5f5a9edd9a579372e6588b95039555773b7 |
| SHA512 | 337e34cd70c677d821cb755d08e22bceebd06e4a7d4a37cfdb665c6176542e2cfc58ebe5f50107c115f4e816c473a4309c78134333c3849ef56ab145b12224ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27060778f7c6d2f7e586f4912d99a2f6 |
| SHA1 | 96a134881ab9de744dfe2c95be28bbcee32a35a4 |
| SHA256 | 55581e79d7b33a507e13f8310a0ead7db7734425f0ef5bd336b69823b8ec3fe9 |
| SHA512 | 641d4487020a6dcddfd6eaba8b9ff659d542b8bcbca2326c2bf66b09934398e5ddb83c8590316bb3a22c5aaba7122097a8e8b6ec51999e8a08c80972c72a3f4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63aafbd1b28a307907de4416441e6a2d |
| SHA1 | d7c3e35f7d87497fc40ba138179a10fff744ebae |
| SHA256 | d0466dc37b7085097a3f6d8df52dc0a9ebff157e6ad330b078b5162cce4583e6 |
| SHA512 | 2869d4e334d371fd10ee7f3de682b77fcbb6346e4c0ab8af8a64102a534a70a60feb44a012303aee49e40021b5e84a9f59f6197f3dcce645dd7a477420504511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd3628783252c6cf4ab022bde91990a2 |
| SHA1 | 0e8dccb7d77f70c350eaf8c8ad368b403752e3b8 |
| SHA256 | aeb0e731a95565257dbf0e571e87fa10a6b75e0a68d970b6932f5978302cda86 |
| SHA512 | d9da86298bf4be9efc1cc69a954fafdaa36bf83041bb8572c21f83ae5e01c28290cab58d137eea3b7a8f1f2580a9a800184544b3d1fbc6b80360229a4ba32bc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33ff0673c149c04558915f2232f528c8 |
| SHA1 | c3f335756db4f949cd9db846bd937cc369e9fcf1 |
| SHA256 | 978d860767be6a427647fd9df24ad55c63436954678da9db08a2a8f5adfb8f90 |
| SHA512 | 09b8e7cf8e21be586c3e51e33cf10daa2783a37a9979b7529c3dd62ab93cd8b8d24843abf7e10eb615ec6bc5ab47b8b6c4096bde4f63a60af7d344258f311db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb9403ff1626b58f78de3015185db70 |
| SHA1 | 08798ddf15d7e3e59fb8838b6b5ba8a783953db1 |
| SHA256 | 3cd1ba203eff04ff5a1594372ebe1c64d44bba847c0b32ac9b61f54544d40e81 |
| SHA512 | 27d5769ea18783112f9eef7525a6f0e561763e72663e133ee4b748aba9f142ffd6fc27bd819afd53b1cdc2dec4dd2a68de68971dd3fc304dae3ddddb685f29c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 715f613a2200ad8bf0d27693dd0095fa |
| SHA1 | 2c49428ad4a6cf1b44d70b4131fe9b8bd9d1187e |
| SHA256 | e197c1eef9507eb923c186c492ad953ad432cc473a61fd96524c5d699b56168c |
| SHA512 | 7ceb4843b79a22a9c1a10a576bec654dde873c7a8e3419b5dc5b2977ec1f995343c5cda89a7f95cfe4348f8061f68e7342c8818c4bd8ec1c55640488d186089d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f28f2dfb9f56f33226f2b4e48aed80b |
| SHA1 | fbd3c0fd33a5cdda86fc438ff6433ddc420bf89c |
| SHA256 | c0a90556ddb8120dd3f23d99b5477c0c9e5302dfd660bb6515fed3d0038f675c |
| SHA512 | df7cfa76a464461872557a04e5216640619e7c0f7261497b248bad7459cf0194b7bbea77ffe0d0473355f75cea398b626b408fad2438a9a67d419ad386e92929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50cf8079fd5a1e99a05550c1742e3961 |
| SHA1 | 2b8861b14d28dc8c7a66eb63983c1e06283a1283 |
| SHA256 | 11cd25ee9d24144b5fccf31012e61e580da687b647bb62f66a302a21151f6a76 |
| SHA512 | 028acce1f95fcd007b11d07dd7a6804a3baa0c0901f29f2d28cb5393a790fd67305bee058b07f8fc3e907cf6cb022bcbaf2e43e9d0fb9568d3955317022d0ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3359b1cea8ea367a8c03eccaed0fe96 |
| SHA1 | 9fc3458b601121e54776079a6693a885f33546d4 |
| SHA256 | 4bfc3a153a3f5b9b540b338450ac188bd3e3706861e85f6a046e494f3ad96779 |
| SHA512 | 57c9aea69d145814aa63e6f5a70cf54796f0ad44e9212047f5f9c8091aab9d6dec199249acffccde5b2a1a88cec12c31f2130230efdca39dae527626de709ec4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a15d89e794d3fe6fd8d5a473dbfd012 |
| SHA1 | 6e6039b4838b77a9b26fda70de748db5c1aaf0cf |
| SHA256 | daff69c32e7e406eb078c258ce6b6aeb6e33face7c3dcc54a8e2001d60343df8 |
| SHA512 | ff1db6c717896e83c388ab5531b8c14e20deb78b5faf57b53b0e30bdc8d55249a04289d6b4538a4cc9bbeaabc1774315dde4e2ee161e71e7add11a568f2fe838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2a06a257352129d2c19de4b0af8142a |
| SHA1 | 2795308db5039bfd0e472f89262ef249649d06a5 |
| SHA256 | e03b702544ae81e39f1a3e23b08ae748981d602cdfb70677b8dfa98c687f9f9d |
| SHA512 | dc7b31aeab36fe59b3ed9c6b54675303c67501fc876268abc6b8b5160d11bde40fc4f9654c4d6b7fc942c652ff660f5c01fb2e9ddc929f5cd52ba88992bfacf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09c3530deae207a0c23665073cd63866 |
| SHA1 | 46b4ee73cb58f3eaa7d81b3507d88df10a849c16 |
| SHA256 | 70046e1a11878a90e7325fc04b50eeaebdf95fa88701c72d41bcfce4b223fa54 |
| SHA512 | 22eedfbe4bf358be92062b08050b9562f64b9565e33cc9d6b8662f3aac9b91cb6114d6dcf4760fe75c36541c1f666e1a997fd07bfd13d1da1112a04c523e9048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c12a470223303505a1b78ee6e30eef |
| SHA1 | 0c6249095e9552dc9f4c7216925e0a56dcc56fd3 |
| SHA256 | 0cc04ff9e0313509e5760d088d82966665183ecbe0db24a948071d0bfdcc6712 |
| SHA512 | b3492a7aba43e5340b1df874163a4a09e8809b16236d58ac59dd5e65347ef4a603ef6bdc24cd8e194504608f8b2547efc82ee7bd264dec20cf46f013545d43f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 20:23
Reported
2024-05-29 20:26
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81ce5cf61535b7b5a477f4aff0833cbd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17111587723869110456,14801809995120602462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| GB | 216.58.204.74:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.acaprensa.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.43.201.23.in-addr.arpa | udp |
| GB | 216.58.204.74:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 110.12.61.179.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.radioforge.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.206.141:443 | player.radioforge.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| GB | 142.250.200.10:443 | maps.googleapis.com | tcp |
| GB | 172.217.16.227:443 | maps.gstatic.com | tcp |
| US | 8.8.8.8:53 | static.radioforge.com | udp |
| GB | 142.250.200.10:443 | maps.googleapis.com | udp |
| GB | 142.250.200.10:443 | maps.googleapis.com | tcp |
| GB | 142.250.200.10:443 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 179.61.12.110:443 | www.acaprensa.com | tcp |
| US | 179.61.12.110:443 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_4468_QGUKFCITPLGFIUAY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f7b7b155b5764fb7403f6eddf56ef88 |
| SHA1 | f101bdfd3c7840054e37083f13e95fb7f83a005e |
| SHA256 | b77edd3c2312243ebd0043874c443e412125d8a46075fbd04dc7e620e9219a49 |
| SHA512 | 619b016de74e2bf5e01348d2b31ecdb4cacfd2551451e74e13f180059932583db8d9d9553bbcca1cc6d196c823ab4e20e0a0a4e60c5ea43aa53903fce45664cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58e652d7d8b33caad6fc963d23131dca |
| SHA1 | 84725610c08c7a788a4fada08214ab44bceabf3b |
| SHA256 | b16619d3e8a7292c13bee4f4b74008ef67377fbcd0bbc16d2107f7df8c6d2c17 |
| SHA512 | 3d74df536f167b1cbe0f3ab36783e82cd59b05a62a5ca3c3684a79718f4ead24642f6b0b66afe64f4012503a9c003a31b1a0cdd248c4425408cdc43cd663e480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb4e6b653e4d5242b06c952d1a534e31 |
| SHA1 | e77d775bd016fe6561e419f8ff1632e5dfdd060c |
| SHA256 | ccddb0181d10982a6d533cef3a3ad64d62f2c4dbd40f254076d161535d44bf60 |
| SHA512 | bb9c6f8e964ae12421e579adcc045473c5c3de120d98ce4e78562e8bdc722f20bbf4a94b045f23d60978516d0ce8a147bfa3c02b2ba01f1857b45dacfaaa8281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b77216b1e8280eb444f102f2b97b829 |
| SHA1 | b3fc08ecc485ed005fdd800f2c15302ad5a1642a |
| SHA256 | 0facd62fe4daa51980900aba7e0fcf976ffa5674d3b708138b490450531a874f |
| SHA512 | 03bf6b731910215107cdc73f5804cbf2082ed8a31af663c9d2d0963ec1df6e6ca843be8b4b30af8556c8a61d7f940323183e051ec7b9b5047162dd46be566288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 19e01efa6300881bb72854dbfaee1142 |
| SHA1 | 9b7f3c2f0da92fa2505cd3e838989f844f65a622 |
| SHA256 | 79d86c6a3a888d8e2c1387a8970b7c039ee93d09a37a26bab42a9a7983e93a6a |
| SHA512 | 588005413f040358ec346511f807951198e07d42719409d2d36fde9e57fce509ebfef64214678d1ee57b49e990680cedb4acd5a572ffb0e2f8a6b7d37f7f7f32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4757d71d0e98968f331c2c2e714e880f |
| SHA1 | f4cf6a68f11971cd70a491edebb9d0144b4e515d |
| SHA256 | caaeab3bb01e41357aeb934b91505994d749387ea4372bb2978cb10dc1a1ddfa |
| SHA512 | c99000248b08e7a12b52e4f268be65e8f6f607a0092baf93b377ba17f9ebb103b3f9d2e39ecd483c8ce0a4e5f44f90a65d2325ee2dcba6ba018620de6a6949af |