Analysis Overview
SHA256
5953a01c12d24dd0d33f0b814e28e1055f2aebb45b9614e04acd6c5588c72852
Threat Level: No (potentially) malicious behavior was detected
The file 8462bab4e0c186fb336e9cd19e6745f3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 14:00
Platform
win7-20240220-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ed4a7099b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239338" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002540e6b419b6bb4784c0b3455ab06cba000000000200000000001066000000010000200000000257e0894950c78ac36aa05cebed6af193ba3e8c355056fa26780d87cdd92783000000000e800000000200002000000005a69cd5cc269f0f2b30345cb9cc8cecee6a33347f116d61350c89c6d92249f490000000fb499b57c457d791f855005a7563ae9c99a3acb6502c2e24d4e86b500a6939eaa6b05c4d24f9881698f079f5fffd5d4179f59e5a8d99da6a1bc94cd817377fb618dcd61bfd01f6306c70d0e3bd5b94d443925ae08fe183c6c49520cda983523f2f60761aba615d8463c58791615d6adecf6cce22367d34da02f52bf5d85ec0ceaa8576cf6b19a5619c787f1948c0e60440000000348cba782435a425f0ddc69cb7229638800cc85bd5ab1c27914980f87e9200aaa31b177f5ca31112bd02a7c7750fdbd9de93d8aeb4ebda330c8a3ede1553ee04 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A392611-1E8C-11EF-BF93-66356D7B1278} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002540e6b419b6bb4784c0b3455ab06cba000000000200000000001066000000010000200000004f66de71ad02beae8de86fa1413308699203759970304eec7aa02948b24a6f51000000000e80000000020000200000002a20917eb84339dd1691947696097dc5be5161c1356b983da2d1617f27228d3f20000000298a1364cbbbffb361a50ab53f07af2e3644cacdf4220bcdba84f3c3c415a06c40000000be04bfcd583e396d574252a8ec6dffa515536bb6554f9facb7a3b1a44c38051f68770e9e42714f8f7512e95849c2ca3e011dac66f87d242b729380c980df2c93 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2040 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8462bab4e0c186fb336e9cd19e6745f3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.soremar.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar19AF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6029146a13947a6b18e3421c1320ec26 |
| SHA1 | eac41887c4de9cb36ed78a4704046cd7e63b4cd5 |
| SHA256 | 845eb4256823fd2735c93a8eb13661026002d9a9542c64a0fb9c0ff61936d5da |
| SHA512 | 74684e73c27be5be349c1a1f73828e47ebc9bb390072ff0b55e8eb31ff163f8a06cf0644de7cfdbdfab87262ac832fde1bbfe17a91fc4a042b6ffdc0da33af76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a327042a463011f0c19fee9ac1f67c1e |
| SHA1 | c00604c9d5a6e52e608858cbaa80e0c8d9b83ffd |
| SHA256 | 5fc2e47b3fbe2ef87ac7477d08e014979645be27cfc5709437e82795d4432aa1 |
| SHA512 | 9591ef2b704c18e565ef95ccfa1968056487e85915d4187da1bd966fc76546d6edbfc0284626cdd5feac07a58827aae9ca295a6968c2416354ef4119ba59d946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0f99fcc2deae205547e6a307f38c15 |
| SHA1 | 110ef13a03a37256b56fa777c80ee2d061c93f49 |
| SHA256 | 60efac267895bf7dd1125a3699a6ee873614f865684c37e9432eba490464502e |
| SHA512 | 0034872f8668963a91c01da37741b244cc03f0f2623a82479ea9dfcde8a685f7bb6565b3a35ca5801b132edf3b4724a9a9c48f40660dd51664e6b641ada04e79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d8692b85a55de4bd02a54fa71637dff |
| SHA1 | 3f1fe37eaefd7f85018d7499902cb7b347bb1c67 |
| SHA256 | 118ab8670552f6fa4ecdcda91e8178ad12c3a9f3b12f0a4ac95a60b7a9fa541b |
| SHA512 | b1d54f5c9136fc046bdace6330c3c35f3326e10b1b5191e19e2faa5c9a761dbf44f0e3cb8a41538aadc60c4672c646019a1b814d9b81102df342375fff757651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a506e522edd76b1d23dd1ced42c35cc6 |
| SHA1 | 3aca10c9495f07c015d06cf655c4d2f6b9a0afde |
| SHA256 | 036c7987fca2862be9d14ea93b528830f92d4864b15b4b047e9916f613ead249 |
| SHA512 | 434ba5ea36c83e1669e749ba4ec3abb7c1652c5ee849be6461fd7788195644de8d7446edb2956d2157a353f6019b7ea819ca41441d7e19a49c92e248acddad83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93fb54e9c5902b3db7410fc3df78c1e3 |
| SHA1 | 4192f1ff47856ba4e27f7b7d300bc080e129dd2f |
| SHA256 | 28554abc399324161f8d28a7fc6c041fae7f788c8990492d398f587dcd66bec2 |
| SHA512 | 2e248f81f105261071eb8f34fc76db22c94dcf20e4b11b3825a4cf25bb4464a05c8011e6bca28643b07a8ed6c9a14e428a2a4e096dd088449d96db42354a2b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd027e33339fb32aabb24b0af3fc5539 |
| SHA1 | 474c2909c4eee755eec51d346191cadf29774744 |
| SHA256 | 03edcfa3966f3e49d1b1aec1342735337c00baff0cd33f33bc58224e4532415c |
| SHA512 | 47524dbb384ae52ed819d6c71382fd33d512ae10b1ff5eec7d4a73e6d98149ac58a18f34443623841c02c9b9dc83e09f6f88ff1c04b1f84f96652e1da59c3c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fab2596a23e4c7b1939a071249b52cf |
| SHA1 | 251c54b6bcba7f28cabf8cc11963686508e60d73 |
| SHA256 | 21bb7e81e13f4660fb29e01096f9e4c041df47068bf08cf48f2cc1ed6f903047 |
| SHA512 | efc9092609d00a549d175c34a4118a628f6f231b2e459915e16d096d0bd3d2831291b93628806c6378a86cdcd0acf03f96b8d7c97917a3244184507e090d2070 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbd821287a10aa5e579f8c5084ed4cc7 |
| SHA1 | 62291cd606bd21c02669a1a1cd9955c03b520ca5 |
| SHA256 | 08c0cd32dd4362d36855e3f2ec2e4b4c6c5c13daf92afd38f8bdbfcef87f7ccb |
| SHA512 | ed03abd6012facf2cdd85ddf31f34249fe15bb4baecb69e3d65d9923f5737a905c5c0700f4f77b8465b745f59a7fcd28a207bc73516521ba14a38b869ee653a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb5e1d3096a941ea12fe683cc0893b78 |
| SHA1 | bc7bb58fb69818ceb56cd53aa3cfa264bb670774 |
| SHA256 | a2a7a0b008a5ca8bf113c74e019e41c19a51bcb10781c019c54e7c30691905a9 |
| SHA512 | 4212c9b86cebecf4b005919f14d68ac68cd7ee628f8a4a9ee274fb669eff0d93aa4807e8b8e24f529978b45f98b718d99b93e8e38840df15a19182634c432e68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85bcd1f2d4a80fd123ca16c00c511f10 |
| SHA1 | 089d882ded368be7ba9711d6aae65cdcfd88c11c |
| SHA256 | 521b159d140bd31139203cdfaa7b4ef2d829b9833b6f8fc715c22197e5117dd5 |
| SHA512 | 287f2cd822a1a4f2150d1a077ac6c0b1b85e48436bab0aa0589676f54a00a847d0c91c30da0c09d4f3ef368009d10cd3d061b61b9d2f4366574f32e1dd03da02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ee15b8377e2e85f1f35ce8c5f75fd57 |
| SHA1 | 8da17a750abdfd2e2ac984544cbce43614cf7208 |
| SHA256 | 7dda1cf7fcb1923862c400eab87f07390a55ddda4e77d28580cda85b24d8a40e |
| SHA512 | 88fdd7a8de78f12448ee4ac7e45234b7f0e06b6c696711506ee66d51525c661acf65ede6dc801e3ec59a198f62e78dad31cdce87752243d3631bff31d7b48dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1080114f5c085e9b39b1b4048f5389bc |
| SHA1 | c3c3b6e8e3c3e06ead37bac5ad3fd34a47a024f8 |
| SHA256 | 3d6e7daa17e193053994c78f3c80dd576600e58036c1e9d85412701bede69c2c |
| SHA512 | 03e8636c16af7feed3413c26bfe1315f8f073339846bbeb8cba3abc48279e63de0afba29ff7fe924ea7cbfe4ba145b5ed2cebbc2e5ad8fefcfdc9fd492ac8d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d8abf34c544b0e04e35ea30664e7f6 |
| SHA1 | 21492d597edfa83642f7ad43f2e64610e97fdeaa |
| SHA256 | 4ed89008b7f106a8e2d2172b1f7e1394dfa73985f835b34a0aafd8e3652dfd85 |
| SHA512 | ad5e8c3a87d5c2e7181d4eebbff67d480ff337a993b27d7fa4c94e39e5050a5426c856465a9b51bdba6de527cf1a6acaac57bd766d5f8fae1ca03e8e0a3ca223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 462c7b8236a2015e1c3743107be505b2 |
| SHA1 | f6d0edbfaf8bb8c8d1a8228c26909d92d2307b2f |
| SHA256 | 877404cebe55dd364115ca753536624a57185d9e0662a9be77d65bb9c8403ae2 |
| SHA512 | 64a310d44e3e1842572faa0985aa713b39e9e818cb35046b2e36e394dba128663423fdc6afe41355716dc6b399f36f8bdb5904015d336f1f67fd0f35c1e9ce79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 374c0122b03b90c90cab0c6062e96820 |
| SHA1 | 44009b879266ef084ed7a4cd4a6477496925db2c |
| SHA256 | dce27d26c31895da0de5a7f4a1b0ab228bdd9d55ea1fc1006a6b2847b96b60d6 |
| SHA512 | 46eb83d4187c4b2554b5dcbd649919e664f3659ae6fe14dd8bab1069d9bffd5f5ca67975307a083149f81c0537233f7d11e157412e5903d658d9cef53711b6f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3f7b8a7cc4707c0907645742e297a67 |
| SHA1 | ea66d9baeeed63ba36046d6b248a9785f8914a92 |
| SHA256 | 6fe60418e174055e85cf38d8875d1a88d1ecaff08de0a6926d9fa12cb5ff276a |
| SHA512 | 704d1474fc040a2ba706e7daf7b6fee1d4c52addf454f19bca637f92445ce0c732d717e86f55f21e44160678e331e20034999728a101b87cabd1d13a8c1cb396 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88493c379e92b145b365b1649339acfa |
| SHA1 | 0eb561ce0bae3fb135a7354c6d30db37ba6e0876 |
| SHA256 | fe1ffd388a185e7ee4cbfcb137e774b7102840a0f8a02b1f7142b0976729b617 |
| SHA512 | a1e57d9cd3867c5bbd097cc2da183694dc5889362bfe27732d6de3f72d71dcd7b16fba7f903f5243d8c1adf579510ccf3de1d79fbd97c99c4a29d58a6e3a7354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f8a89005cb6f516b5500c7cc2ba27a9f |
| SHA1 | d689a93f97c33ea40c4af4769ecf766f1e8eb06a |
| SHA256 | 750a480adbdcf4bf2bb64f7f845e8c920e6972ee4bd1d4f03ff416ca01022d84 |
| SHA512 | 10cd164a5d8c6380813d81d26e83fbda457418ce6cbf4889b0c1d56335ffee89d80966c1fe893de6f6a29e0d6d0c04e65bd960194988772efe23af42da446b6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 374354a308e96f659552bb92476fd1a8 |
| SHA1 | e9e7dbcc726b73d9375a0960c46d6d3e28b558b7 |
| SHA256 | acf7b1d73dceb274f2930a1784b4e41faabd8e07ec218ed355bd4ac280068ac1 |
| SHA512 | a5304621e4152be7fe47a1f920f9e77c5b282a45f3af553359a0d1b3e3942d97af69f535952ad9790d3ad881e5317ae5997bc2fa990353804f105696a90c7a6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21f50bb6766cf26be2979bb4b1f33e12 |
| SHA1 | f2418d54e25caa04164805d623a399a65a4419c6 |
| SHA256 | cb4ab1814cec7d266a16d42d9975be624e5606c5a1dedae3aba28aa1d8ac36c7 |
| SHA512 | 3e5cf669e778d7617d0dc447652e9b7e8c761e282df54be284ee3b212d564c66c4e506a7594402a5990b31bf51310679c00656d123f6f29fc40992704a672585 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9635b39d765bafe26f91459a7c55cee8 |
| SHA1 | fb670550f31d74b13bd01841fc538189608ada2a |
| SHA256 | 1f66c36a6663ca99679f502ce758718bb34653324ab72b8a71380a57ba4b8948 |
| SHA512 | 4ca46074013df45b4bc304bbb8e23de66c3064c8f06d70a2d38789093f03a623cd5fea7f51c767e9f6bab8ac46b4ea206ec9f36f055435f3b74a2288722dbdc5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 14:00
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8462bab4e0c186fb336e9cd19e6745f3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9162829085965040973,2894959173813356321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.soremar.com | udp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| FR | 213.186.33.17:80 | www.soremar.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.33.186.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3972_EWKEWVEDSMZXFBVT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4109379bc9a8ec9e32e2328f0263e4ab |
| SHA1 | 8740d39a0744b53e151e16a10910765183f1a55b |
| SHA256 | 4d95d0b02e273fa7bfbd9e70e1c23f011aec1e0286b97036301b128f0cf615db |
| SHA512 | 354b61eb18d97c137b567035a1da0d634af1dccb077ead8212b57e6241eb8ac590c409a09237f4c38069abf58500cf8c3929b3ac6fd7c7a47d7fb2e8604e4e9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 45e5eb2e259e98f1b3cac8053a542f5d |
| SHA1 | ac587804a4aec48c2032c6dc17d57ddb04182116 |
| SHA256 | 37249f4708d0ba4b841717ca70b37761475c7eae8d2492d03465bb9198b4cde0 |
| SHA512 | 83cb2eafc7635d7afd7287a8a2a316748a710aada173ea121387741f649468de48e58b63cd189b025205820bba739b47f297f4ad679d73d36a621366cbb8c57e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7bec44a5506ff6a4f089aba9da828b7b |
| SHA1 | 1e9833593ad3c1bce45529516ec96e50ba7e1adb |
| SHA256 | 11bf6567d078bfb30f0f1dd63d3473dc4516cc5c9c6618686cf17ecc287bb117 |
| SHA512 | 269a374ca9084f7ea55cb413ed1b7801c10b6851378b9b26e04684aa04056e70dae9b47527ca5bc6e3aed3d36c93793ef87ca45d19786c7a8677a77744fbb420 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 06b053870aeafb9626a3b5811ccd994a |
| SHA1 | d88305e47ea47e234be3659546db33e5bfae8717 |
| SHA256 | c3fdeb105b90eacca573ba56b3c14fa5a8690400884388cc0c789d20b9a4cd42 |
| SHA512 | f2b890bd469f7f2cbeebe1e3aa1c6ae5aa01d73e21b60a55cff405ee4bc236ab8d1d494b555772b2ec1370f5b508b1aa6edbaf30024df01910e28b4c40b66627 |