Analysis Overview
SHA256
0cf7be614d6c25c1c1b4c7ca9cbfda0ad01f25cdaec141bae231cdf7198aab8c
Threat Level: No (potentially) malicious behavior was detected
The file 8fd92e7ce8022865a74e4252de78a6b3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:44
Reported
2024-06-02 23:46
Platform
win7-20240508-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0BE4E241-213A-11EF-A4F7-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000013ad652c8eff9128739b8477fe1b4f37d34ba2278f69b7c3b3419d3dd984d950000000000e800000000200002000000013bb52cb93d4e15b6cbafad582e1327f4fda92ae540ec6ac1f001138e209032f200000000cb6a4ca4269baee09c43df7862559bc679a6000c156e47632cd47b5becd9515400000007484ca8522aaa13efe79c13e6b7f8ed808d1a73395197e166c4d21c8f162ba57bad8ff97f4b7a7e3fecac20496ce71f0e57786e952cf47d133258b2467f23537 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000002792b507f4a743dfbaeb995504c31ec374a4f1bc801cc15a405612cab3b2f7c9000000000e8000000002000020000000e955c398c7d335d29a55ed5ce7ed558288585cd0e8c190f598063182bcd619439000000003ca9827bd2df5250b86eb7259de9c387911120e50560ed2ddd8ff2556d3ad8c1cdfc3c1bf1c0ba83c6c69086531bf00bec2faddff97d57e2f102d435d2b983dd22de41d5068209306ae198295d654ec07ef266eb077bd3cc0fc10af62dcef773f2b8c629b4033c382b4f65213b0910e3a0844a011351e29bfc9ea894282a57d111e62cdd03d6d736633df9e35286114400000008f6c74456aa0cb9250ae2e9a6dcf35c52522f18ffc61b74b8d0ee8aca44246e06341dc221bb59bfdbc59faf5baac65568d7414322a239ca186f46437ad1e4a81 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533734" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09e820647b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2132 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd92e7ce8022865a74e4252de78a6b3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| US | 8.8.8.8:53 | 1977966.sites.myregisteredsite.com | udp |
| US | 209.237.151.16:80 | 1977966.sites.myregisteredsite.com | tcp |
| US | 209.237.151.16:80 | 1977966.sites.myregisteredsite.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ed9281e68141d323a02420f2e66c328 |
| SHA1 | 32daf71256090bd7d80970f8127ec4e5ad8cd34c |
| SHA256 | 1ee3d240377275cf6b3ea98fc1fb5db87377a87df79b6136589a2a32fdf19219 |
| SHA512 | b4065a85e3812981fe144aaedd86a4431f78dbe2b7c59979a89872124696e3bd05d18ab5a0779c693702a67951844d202be0ce1c04632b2e8fbff27fb7eb1cd1 |
C:\Users\Admin\AppData\Local\Temp\Cab227F.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2280.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2314.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72a5bfb2ddd5c7b2e13a2244ec82ed29 |
| SHA1 | f4a2451fe5dbf8f04e8b76d701d3e609958a43d6 |
| SHA256 | 2a837873de12d7f4a5557ebbea62a697a45178a05596ecdd44ab509d157ec171 |
| SHA512 | 88a660fac21d4fe45017824c55a62e049b4b6e40096e2d4195ac65172d0c03fc43a400d022119370180462ac1e86c3e3432e8f680cb0822e6d7ab670b5e323f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58858a521be18e84485b2154237016d9 |
| SHA1 | 05d2c9053b0b3bd6409323eae5b886104b6bbd67 |
| SHA256 | 3127a763c7994019b18e1fe6cfd569c5da24853a86367d08c643e310b3d717a0 |
| SHA512 | 0baf1bd8a3fddbcae06d6b1c8e43579832378789355a25d7313ecedf0c3937e53d058f8a48429a1f55b4a53d4ea5bd06a60bd347badf30d515899f8bc1d47822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b005651916a6819ac0aa9af071412f92 |
| SHA1 | 0cccfc65fda54ed6cf38bfe19dbe831150bdf77a |
| SHA256 | 0e5d57ba8ad79e4d8dc015ebc4b6ce0a6397e489049d9b6da7f8dab04a47ae74 |
| SHA512 | e7ddc013d4f9924d7b67f1afe0c85c497f0e04c6806ffc5054ccf639b53a01e26c81a5c60996e76f83b5f6dc873a4e9be2f8136fbe68a3c52a9492c384db5a37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c47e1b9ce233aee2149108f3749df4d |
| SHA1 | abc9a37e5810eb8bc1afac14b6b0bf5e77dec24b |
| SHA256 | dcae052671a59f6f9b9bc0c0ac4635a558d51c743d15cab698d2edee79858e9f |
| SHA512 | f543595fecb610ae66850cc03b2f7fd91a71279b47b5cb7a7c52d6f313d39c1f1b9609a61637e80776b84c5490c51e77d7c32d73a689ce85709671cad32eade6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16464deb8b309490fa6660655da57836 |
| SHA1 | 93fd98ab64ef980f130bff679c273243d4d24320 |
| SHA256 | 695d3a04a77d31c465a5090fea8edf28728476d45adba90a35f2835fc6031b81 |
| SHA512 | 0f18422a92b0db5bc461ea9ca928ec21809af674bed2113a1298f3dd0960f00ddddae4e7091fde9e1f33c162815555d96ded69901b1a057f6234ab860ee81f69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42cf6ec0b0f66b64241a34f6099702b3 |
| SHA1 | 21113b55bd5b9e754c99b09592b02f833c134ffb |
| SHA256 | 23ba5f58c69b67771b6b7cf82a3c050813dd153197e70bc0d52d3d015a407cf6 |
| SHA512 | e97c631507b143a7fd452cab7f099dde8e7914b5f0e017abb7f166c3d79f09de9aa5d1cea91d94957826e313e807d2655134207b6d736ab307cc7904d6fb2ba1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0722e83d9e10407fe46fcf883889f363 |
| SHA1 | af38301b1e9ea835e66baa715b761b6aee43e4b4 |
| SHA256 | 9de4810bdbabd5755e1fba845a16df92d6d6872a5036981c6cd905fab9227d65 |
| SHA512 | cb8623fe883b676fb6544bcd530bf6b38b037ccacd8a1548b439ee8f2a5994a88ffaf679a9012da3b74e16db6e0cc0f7ae242e44c11a25146d88efb10192d698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 558b0de04115cb80d071eb3cf1b6e367 |
| SHA1 | 1297b7de5c182a81f4f17e0143bad74a2df0d01e |
| SHA256 | f27135db688f36e2d38f004b292f295a9879c69b7a67e3ec57eb816e433827db |
| SHA512 | 290fcf0d8d76745f5028e5cd55e3fcede4528a941cac3fcd964cd8525b7ae84a7addd32abe25274632d39dd29c0174623b957831ff5c05c3dd73a79abd667cf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db1b2d1ce5d311a1985efa34172ec1f4 |
| SHA1 | dd2f39d20b37cd76a84ae68c0e2c1b2c75548a2f |
| SHA256 | 843682d6b30ead169b5cccb54f8d4c30f037bf8fd5206752ff2527e6224d746b |
| SHA512 | d74685738fc0454d8d6182c11909ab2a19939cb391e4a222144e8909d386ce254782c7a66088bb2caa597729438159e95e9656a87b22110af580ca8746b786a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d73a2f232beb67a3f20024a9fb14118f |
| SHA1 | a238232f1f23a5548bf5d3b570e32cc7c9023c6e |
| SHA256 | dd8a050bfeba1caa09134b9227c0d3d08fcaae81889848e88de2d4c73827177c |
| SHA512 | dc9cbbb0e04e8317f5ba42df2cb3e5082499655e6120f9f9e61a914afdd4a49a0aaf7de0993fb1613be956ac276073015b7684bf612031193fe527c970e65937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 400b3d4efb95332496d77f9e57f74893 |
| SHA1 | b0e9e97ab128c306ac37b829789c020b0a1d0777 |
| SHA256 | 2847716493c814b344f98bd39d42e67af85ead7e9e9cbc7c98dfb3cb9667a92b |
| SHA512 | f15af4363a181220bbe64544811cddf3878bac41b55d15e0c04367aa57f0fb4866aeb59d10c90562a20e4f814c1338ba1af47e3d2da4e0c264d1ec34de9d1600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ab28205fd5c67387b957bc06eb0806 |
| SHA1 | 82990afecb1dfa729552ec4a9f0da16fdd03e578 |
| SHA256 | 626af92ab32151d70a84e0045b84fe80f02df92696336d5a5d04605541a892c3 |
| SHA512 | 8ddf1d370519ca981778146145719bff5f2b8757fcc9ae47ca0c006f2a6af67585722597765d5bd0b34beb6ab82ddb8ffd808f66d69315ce86d184825b2510cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b96b2c4e14320bd7d42d2aeeeb8cdccc |
| SHA1 | bab83529d1e4f54a54caacf8be7392fa5db3008a |
| SHA256 | 2affb2c464270520b18a5d5cd31cd571394d1f3fa62b36eed7c3b8d81a96a652 |
| SHA512 | 0af9a03bd063b1ae10a6fc8abdfd19596c1eef75e28dd516ca7ce82320f7dc89e251c8bc609dd86de68745c82ae6503311bcfa9393e9ea8ac0e34af4d80aa767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5783805c1e7acda546ffc83eafe74ccf |
| SHA1 | 0652698fbb32f693ec4c7f1f38f342a73fd28f60 |
| SHA256 | 874d0f6ceb55fc8a2d786eb6b41a55a5b94f3f788f7d04366bedf420adeef73e |
| SHA512 | 694f42b498e8a0b32067593ef5e6999c94d7c50c61ff06acac27d229b1bb5b0784697a9988eaff9c353c673384385271b4159afef8d1ef94858bd667a4fdd472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce5d35ef46890262fbe06f83710a5145 |
| SHA1 | ae96864df4f4094669338c0ded4458705635d2dd |
| SHA256 | c7a51f3e364366a57979c2e640e47d7e10fa619e0e88e12453c885a7fc316244 |
| SHA512 | ec931dc6041c388986b116053e38f55492fa50316270695f022cbc024f3aa46d0cef627fd9bca8a0bf3e96a62673a493c0d272644e055d7cae4b2a09796111a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16f8a83c3a09b9278d4a6c36e0e4633a |
| SHA1 | 88c84d1381069971236615799626df34afeb55bf |
| SHA256 | 599f65bf011db59b2d69b1a2b171a52fcc3b79002e53e4bb8462865ac674f9a0 |
| SHA512 | cb66b3377ea68b06417bbfaef41bc7b3340f6a6e228dddb3617c57abe6d939fe23a4f5542b7a5f3e9a85a23dbbaa7f2f53bbe445a4cb8db1be4a4f82912a2aaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 466ac59f323393646bdcda26f0f04a9f |
| SHA1 | 353d93638ee7feaf1c75f738385ed1d0252d97e8 |
| SHA256 | e5db98810ab58fbc1b5d34a7ff6a3bd8ff2ba25a9a77bd9d94022e1f3f713a15 |
| SHA512 | 18e71b257594cf0c1783c0ef107087765b03f5691b310eef61394d53c6154f8bec1bd279fc5c5ef5036a1afe54b1a1894e965b505ab8b2f4f020dd9c3a9a712f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95dc69edff41158b4ad58ff133a358a9 |
| SHA1 | 85006c1902f30063531d0f970c31db27de8ae453 |
| SHA256 | 83af44495c97bc2d1a7d50e79cee279f16e63e9a0cd9994e85cbfa3c8f67e3c4 |
| SHA512 | 9eb690eceffab6ee01bcd1f94a20b6691d6f87f2cdfaf84edda617bc787da6892c068d406f7921b2f290f2feab8495b6bf908777d5b1341a166cb7350add9132 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5c89734b4a9ddf2d3c5cf373ebe31d8 |
| SHA1 | 25c29b55da8cd02312f6639e1fc22c0e4c70b5ff |
| SHA256 | ca5e7c6a175ba5a33a847a9e104a698e36aa8f62fb158263c7636be60fb28406 |
| SHA512 | 73cb451a31dea01ea7a363b0cf618f116d7e3f84a5e8efffb6eed38ecef2cef267d4d5f25df6c9f5bdc28d055c11adf0c6396eef6d52f8c1cdd9943fcf38bcd6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:44
Reported
2024-06-02 23:46
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd92e7ce8022865a74e4252de78a6b3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd521f46f8,0x7ffd521f4708,0x7ffd521f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16316685161804996372,15070813430704684245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.ford-klub.eu | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| CZ | 88.208.121.70:80 | www.ford-klub.eu | tcp |
| US | 8.8.8.8:53 | 70.121.208.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_2792_FSIJHFYHOLECITRB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5c5884afb3a302a88334e34affc87ec |
| SHA1 | fb62ac69e897b0cb317e87f2574f493086379799 |
| SHA256 | 40cde75643da5f19937de3d1e8bf020ef41392ca0457fb9aaa6e3a0df4f3bf3b |
| SHA512 | e7a4fe8eed5885d734a229910f785b4b92fc13123cd307cd475c24a4216206892a83c25c55c2296ea5a014d04c959c087eb6b9b4402fc86cdb93198521ea7e75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32a9796654d4535c9500cf4b56c17ff8 |
| SHA1 | 19fdfbdd8a20d63f549bc0d6758f3b16e4affaa5 |
| SHA256 | 644621542878961a6ca05e603ce9cfaa408afde33f55f6c7317e7867da2f474e |
| SHA512 | f85e76a1e21b05ddb77dedd4b8860a896ef81d07fe0abdc35bce787ab531efcf62106c80f470a90f705a7e8cd51471cc19f2b7630ca138f81c63016bdd29f42a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd6aacafc4b1fdd6f6c180fcc2177f83 |
| SHA1 | a7c50e4421874f01c260aa083a31560b9dc22f2b |
| SHA256 | eabd333f9140944f5752af5f2e44c26b3b93946fb0c7fecf966106b8d5026f5f |
| SHA512 | c2f102fd2b8321a20326dab1edeed0e13b7f354c98555f38e0d7eac85bdb402803d8b458c7cacadd3050f10c1cc7823b739cb3db2199f37ceb57f3944fa8f4f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5ebc1279448bf77983e5d6955690a649 |
| SHA1 | c952fbe731bbe59ab905db40778732de667f5371 |
| SHA256 | 0561df078160827ba979674334a4c1e880ca7f3f24fde2c6e182d30154071f9d |
| SHA512 | a33ee1d3d63ef54ce07ca8630727c477291946d24240f4dcbf74fc3e63834627c5acb2f9910f5629981b6b366011d5fcc529c40961be86f3acd3eed57fdb064a |