Analysis Overview
SHA256
cdab1908facf9207bd45c359c701f731f4d8d7fe869ac0a5a77e9bc4a7ded870
Threat Level: No (potentially) malicious behavior was detected
The file 9108bc36420068f5dbec6f7890037fee_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:59
Reported
2024-06-03 08:02
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e48075000000000200000000001066000000010000200000003717d3211d2acdd1514179e786ed0a30815c719a3c9a4413978e5e795d33aa54000000000e80000000020000200000003d410ec6a6aa3b6730183de6806537e2c601cfbec32013fae96190b97086733590000000fe90a8087e3119b17d54f10bebf574bd06a351204295867cf15ab2a46f0340cc269d2cea57d49286a8ff216831cb7ac3e9ebe0b8eed09ca944009fdd499c7043e95a91cc4d4eda1754f8841f8d48b1b2e09f3a33319d9d9eb9ea71128b7427983cda76d60cb348a75d3f15c2e6dea40bca990db49a81aeeece5a217567b220b7c16beae173cf367cba8e7b41b3a2b4d440000000472d6a203b79752bff45508e63165a874ce89c6ccfaa29b63392e120c3148aeb42b4b21fdaa0b5de12a26a0737fcf04f2c88ae0dd1651f1a2308b403f1f9a1f4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8044ab178cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e480750000000002000000000010660000000100002000000093de8ca99f26e52d55394e0b89cedf321e8b11155a9008970a25a00ae4b227f1000000000e80000000020000200000002de468982b8340af3061a4fdb9f6e546baeae990203165dedc0e75dbc0f5253a2000000013207b2f09b1f3ecc927029aa280bc3868cc01bc23e9750e46600d00099e2a1d40000000065bbc3bc72a2399909d8e6fd51b4a39311f5868061fd1a754df4774dba81b8889f090d523d4804754f8c463b2bbbe4bac17113a30c424cdb16178fd2ca61271 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41F78371-217F-11EF-9034-729E5AF85804} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563459" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 912 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v-maxautos.nl | udp |
| US | 8.8.8.8:53 | cargo.v-maxautos.nl | udp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 82.148.219.136:80 | cargo.v-maxautos.nl | tcp |
| NL | 82.148.219.136:80 | cargo.v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab320B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar32FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83fb5a3cf7ea60d27d248f519e5a7dce |
| SHA1 | 047b53f5e3b064914c2344a6d8b6c0c35ac8ec50 |
| SHA256 | c3c9636fbe54b3d4069ec785153ee300408f26a45263f4276e8fa0ea7aa658e3 |
| SHA512 | 3a16cbf35ddc7a9158e790c17d7679b6c5bd278449e29b0567238f9dbbbd7582dd7f3b5593ed10edff0d57cfd3e1c1c612751a1c660e806577030cbbfa6f2fec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83120261a427523f933cf9e385bb8788 |
| SHA1 | 69b5e1cd27d8389834ed383e4a0236cc0f3e6df1 |
| SHA256 | d7ceb582c107b1589d0343859fbf8b7023d527ec2ba60a2bcef42c2d73d8f522 |
| SHA512 | a49b787fadf8b1f867fbbe958cd704b10197d7c422b2f9a2a661be8d8262e63faa7121ff89d58dcbb2056db6bfac174fa47a96853bdea7d7270460678e9d440a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d90d162ed06fbc5a6435db72b6c935c7 |
| SHA1 | 2ef27e6e401e15bf9203ad430969190a58d4d6c9 |
| SHA256 | 1c69faf2c9c0fc2fcf47d150447d7bb3d7f8361bf11be423b13b29c17fa4ee15 |
| SHA512 | 24e3a516c2e06c3eb6dbbe87e17dac5320a4f0b97757e2deb7d690261b1f0711407df6fd385e0a68934f6729eaf6ef0ff56a071331c9efbac011f04dc775285a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e5df314f78928601a61e8b3f125605f |
| SHA1 | 3781bdfabea7265ff7dff4d521877651c1a6901d |
| SHA256 | d37c6239fa3b7419b8aa5bdbe9c12486899b8142ca0d303a392bef39fc06f8a9 |
| SHA512 | 7616c86507f58ab9867f85e4d35ed7d0d3dec446581b9237c0efa55812c02c05958a97ee46fb0eb9396c4d5dd11804841f1e6f49c135bb13b0b04a5ca24d49e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 075bd86439b1bfd396cd9bcff0a8e48b |
| SHA1 | 4785766e9f8c8fab4ad17e0d3c61181e9dbc4d7d |
| SHA256 | 0b1d228b78a6c8015849db55426928fe79bdbf1ca262d928fa435d52bef3af18 |
| SHA512 | 30d1a77a832e13c6516014281a12e8b8d66fdc27c7b60e75dcae595825755bd6d0ecf1bc2cb0761f2457c13d53fa56fd0d70247d9b6d47a4969a6ada6e1b0239 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f829a3ef58da73a3d9abd1e8d7896f6b |
| SHA1 | b34191542a32bc82123148e1519a18ddd0278242 |
| SHA256 | ffb8c57385914bd644fcb80577c8288e6b31d1674630fcf33403c437ca044399 |
| SHA512 | 4e0762becbdc83501aacc6c7819d423fa6d55af4170ff94d05895ef8e90aac706b6377b67ce14e6db69269ac5955970eebf1d6d577c34aa4f87cdee56e9553d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b16f9cf43c6f3f9ebeb687a3f83af3a6 |
| SHA1 | 8bb5f2bea08b39e9c4bcd7f29cb456ab8740c86a |
| SHA256 | aba983bceea188915d38cff75cce4e2854706b752820618f9772f128bca26b21 |
| SHA512 | 5e97c11f1c6cce870aa1a5aeb345539bee851c5fa587051e9cc8f59b2c93df3d385d087f511c0df35b8a06ea09fc29a082ed3fc0f335cb3d018f11d8b971f005 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a42336a1fab72a842519464fdf793016 |
| SHA1 | c89986e04e3eb9c11edc57f59420a509d3da1122 |
| SHA256 | fc78042a9c8fed41c52c9ee2a00b4d0957bf59e59abc57d38d3c71e0bbb309f6 |
| SHA512 | 7b33d538ea860fc8ce5543cea83bf047bbe5f4d6d12e7691930007bf97291aa9b71920d4391a0cc06ab6bfd20377f6eeee2de78f1d52602190627aaa6e45dcbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dabad666bab9852a2ddbfb93e6321602 |
| SHA1 | 43cbeeccd71aa4cfb26f872d8534cf7cc202a763 |
| SHA256 | 94093723f836eba36241b2db609533901a90116f05f313ce193b9529cb563bf2 |
| SHA512 | 805491c6e61518c9bd40312f84a90224a62fdaf2a36cab28668ae816647b56d47bbd0ca2e46fe75dfee1cf89ef1ba382066fe0bce4d62058c2212379b0b02971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cad06aa773d58477dcdb18bd3d047bd |
| SHA1 | 1b31e20b9d7d9d1a65e7c47da28cb30ec5a1efbf |
| SHA256 | 57fa7d70605e7179902ad70a973dfb74158d62616cc70111ab89adfb50a7f42a |
| SHA512 | 96dea26eb627d33e04ac5957d197f653c11a1216314791230b1ab69652e538c55ed5157d4113af3f893d2d3ff8fe4d0f5905cc986ef859a29cfc8bd5e2597d01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fea80e06542ee82fc99625893752645 |
| SHA1 | 8d51e892e238120329f7913ea8bdde39d3505c31 |
| SHA256 | b5caffd641c24cb2b9322692b60127092856b3571f7c9f316a7011b8d1f86652 |
| SHA512 | b6ffc52158a4c4d935fd797c604201ada9c6695215aab77f4c4b5b08d89c3c5bf7673cb311d670d073f5dc9b5c0c3961cb302666a86f41dc31c5eb927127c76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d65c4757089971b6fa5097d604618ad |
| SHA1 | 5b1eaa702ee5ccbc595a374c96bae66a8ae12b11 |
| SHA256 | 4d08bee544781bfad2e4101405ad262ccf72f0d933f31f36d306c88e82b0a459 |
| SHA512 | 0fc7e9216332eba894284394e3418918c0bea8e62deec839a07bd19085207e5c7a65652df87e1afa7b7cd90f62ab18f82748cc7751f5aa63aa4048a7ede514f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b72a1f732ca5e42689ab592c51d111aa |
| SHA1 | be931514e9b0460daf5260864fa8c299a65cda9a |
| SHA256 | b7bda509f2b4b98ed8213fefacdccd709eb50a552d487c607b273765832db2ff |
| SHA512 | 094fb75e537f2f959b31ab17802cb805c73479a53d791425c00f68f106ed62a5fcfaab744d366a2558cfbb06fbc1ded1fbeea2fc18229b0ddb7768bcadad138a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89116f5eb8e5f9f9aa9df80535ab402d |
| SHA1 | c45b98b01037ee918058c65a8edc06fb2fcab78d |
| SHA256 | 33361e068760fdb4ff7e89b1196c5c0c31ae51be6f07b754a6e02cf92be971ba |
| SHA512 | fbdf3ecfb42f26663e6fa9923a616f6eb9127fda5bad4c06f749d9d9f15824af36d6a05a23bc6b1b190d36cf76af206712fd14a8f4d95324f6db4af2e0f4663c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70bd2f5bb93972e62b19a0eae19131be |
| SHA1 | 9884e332a328eb944a222726798bfb0bfe287073 |
| SHA256 | 8b84607c9b422750cf58014727e71ae9a263c0cfc1ccb456769d57cf722622b5 |
| SHA512 | dc325dddab0d7877556bbda38f27eec432437a6b20e701b4dceed14c699e8f693ec4bc37fd9289468291ba728335eb0f49a198a94323bca66888cd7bacb2eca5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935c6af343ebdc0168150eccc8809a2b |
| SHA1 | 0a05e6fde1d8165b83f34b61be31b47cf82008c3 |
| SHA256 | c14c619c043318607f6fe6e43cf6144725acce6594ad5507afd5406fa725cb73 |
| SHA512 | cc412e16fea1db829b932a8aa6c929f317e4f6f4eeed7e0c98bb80db8cb4548e32c2995400490cd8ca909245619bb920f63ac29909f34511eb990c8935642027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 719fa6003e53fa14be4b47ea8946d3e5 |
| SHA1 | b3829cfd6894a357c36db49b35b016134dc55ef6 |
| SHA256 | 9b51d798f47e7e682af3d1a46c851feea895e2446304ee5112b328d9ba4b539c |
| SHA512 | c154c81471d642254e439390c9d1aa30de920c5c5d33a1a683ec2c0f759bcf6f68e8219bf407fa67fcd7e3a332e750496993938df52855b089391841615e6f21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 107c8a3a5c0d1f25ac9abae98ee39fd3 |
| SHA1 | cec59683d36d5aecc73d0f7005dc6a3d3b8e0333 |
| SHA256 | fafa1d0766c554caba7da87d937a6381489ddce3e03585f1a8a19622708e756d |
| SHA512 | 1950a94fb7da19fe48272718b9bb4e7752153137eb74de8706b69ca91a924b0b9ff34473f5e1530ddb7917bdb11d99fa1c32f8daeb31346b2d1824948ef0c831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be882dac22653000f93d1c51a633276e |
| SHA1 | fcbcdbbc925fe2e02873a07243b3d1c692ebfbd0 |
| SHA256 | 580a61ae9d80d231b719c064bc2eddf25b59cc8ead85b5ee51015aac6216f104 |
| SHA512 | 76b74f079b847d1aa03bb903d14243c24ba213f97c760d5a272e937674e5b77917d34c53522adcbbb980791fc6d4961edfaeba8213b89a47273529c5c9af7c3e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:59
Reported
2024-06-03 08:02
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cargo.v-maxautos.nl | udp |
| US | 8.8.8.8:53 | v-maxautos.nl | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 82.148.219.136:80 | cargo.v-maxautos.nl | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.168.138.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.219.148.82.in-addr.arpa | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| NL | 141.138.168.114:443 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 141.138.168.114:80 | v-maxautos.nl | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4748_UQHOPVPQNYZSFPRY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f9dbfacb1e77c690f942e07f6236d53 |
| SHA1 | e2440ef8deba20e132307351d64e84db5c2f602f |
| SHA256 | 1eea979d64183a39bf512ac24d379ce6a08ebdeadda1d1cf027cc6e43e23b243 |
| SHA512 | 2f02f8c1e7acb38bf01ae339ab6af580f807d97ae55711600178a78dab47f24009f4f0625b2e0afd13d0c6db3b4cd08ec46102af51efa9dfb394236b6901519a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afc2c5062c2059b71ec1c71b8a03da03 |
| SHA1 | f5e4370ecb385e0445a73d44364c06e2730b8cad |
| SHA256 | dcbba4374f4ee3301290d85a9d5a39b1606ea167e576f13b77c61be07f2ce0e3 |
| SHA512 | 7a52e97c0a8d54f3355c9619f0efde14f43372fa73a102bc87351ce292e99f852ee5cf84918aaf6c0e59c931ed82f522ed699b49df68d60d4ce3cd2f32fdfda6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acc2247b98a0086d90a1dacde81b6834 |
| SHA1 | 97ec3e03336eb32df0487560bb8d5ac90b46766f |
| SHA256 | 467bc148fc2dfb0fd7b77e98979d3e3734ff7ebda1663f60ddc4442cb7256c17 |
| SHA512 | 0d70643c54975d937d7ec0d5025ae633dd9a6a92dce53893c16a58ab931aac718cc05d9aab22d6e426808bd6eace7df894dc0e2b2c3f10e6fe8ff8d833a4a7cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c435b786529058de04b3b95ede9eb0d8 |
| SHA1 | 7dd451ceead9059468a8f7918c69fe6bb5dc638a |
| SHA256 | b30c68a9831f7b88ccfa1eafbd2f995a700db5e9118e82e6ce84c0b43b59a181 |
| SHA512 | 95258b323b1d44f5e0af2b2efa95a8da9050706550d1a3b4fdf24df3f298f99be43a7bf091cfc708c9dac5bde1acf7557dddfccde832b5c20075ff7e777b14bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bba1e3a7-0200-4cff-ba29-b780c93442cc.tmp
| MD5 | d9888f7e90e0d11efe2a7eb1d6a8e44d |
| SHA1 | 56d6b61886d86a26bba8180715d1da466a0fa2df |
| SHA256 | efa778f89d2c93228d73419fadedf2c30aeefe0cee02dab4013832aded001c97 |
| SHA512 | 68910e63a3baa0ade8687d83b8c53712a06d69d5f8b8d28dea637db4e78f25605df4988b82ca37ec6567f5c39cc0bab24b439c1ec9bf8317db1ae9428a435cef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 385002eb4fc5d9a3379450cc6a24bb1e |
| SHA1 | c61d49852bb0159ca240feefe600b5fc70bfb3eb |
| SHA256 | 840d09c730957c4c5fa37a2c2ca7227ad42de0766aa11d60c3f139f30f0d8aa6 |
| SHA512 | 92f5de8decf13ef0ea1bd7987a338c1b24df2c57d5898c92e122749d619fc630375bdf509b14172f09be8c5323a6918fded5d9a5acf921377135fe60c2be8515 |