Analysis Overview
SHA256
faff0743da13ec58d580161719fedb462e3ae18b48ad10800c6bbd351d8706ca
Threat Level: No (potentially) malicious behavior was detected
The file 910c58d81834454b15c30ee05a95333e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:04
Reported
2024-06-03 08:06
Platform
win7-20240221-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a954b38cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD8F9B11-217F-11EF-B85E-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a715ca9fe5e1be40b416011449be3a9800000000020000000000106600000001000020000000bacc32b8a1a52f151640d13f52c96b12a01aa66240bc50ef6220206742fd8484000000000e8000000002000020000000e7e2243f9567e19a399185d6aebb20df7af3bdf759736e187276e3bfcd427f4f2000000038977dc95a5f9c9d05d9cb445b89fce9d61941d1347635b779e894f1334737b2400000008eacb7ab55eee858498f2cef3089fce2f16efe8ec958e1b044e33a0e2336b4c61c0bd754529806d7d6521308181a1e416cdebcb8af8cc615a55767c071babd7f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a715ca9fe5e1be40b416011449be3a98000000000200000000001066000000010000200000004d309b98468eb998c999bcabbe7dc1a303c60e7eba965067008b510762445d8b000000000e8000000002000020000000d1cd322b4a0e6a9e8a8edb783250896f79236b2009cf89e812b2aa23cff04fe690000000b7093bfd2c1abb344fe4a10fdb45738ef442a2c2f80faeeceb10ec2ebd1966e65b5fb80e0fa18857c80474adca374a25c2fa3d08fc97553ed1214feca2d8f63a95d9be42f0bc01a5bce3a0c60d12f4222d2a5711d5f3e2812b911df0a29debd7cd6216e795bd4353f2a7c7c1761a5ad17d5b2eefa52e0c29473183b258699072480c8a245b012990d30ef195e1ec1d92400000002021f60fb3c058d87e77688295a91f1b90d1f7068320a78c1db41840a165a4124c38bd714539af3c398cb9030f6c7e6fa6ef6e7f28df0303a5f6a78378575c32 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563721" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1728 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910c58d81834454b15c30ee05a95333e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab25FA.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2719.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea9e970162a521ec387957863a8d2e83 |
| SHA1 | 6d4d1774b1967182a0c580562c5aa516ae255ba8 |
| SHA256 | dd6fa2ceb947140d4b68c66a0a57776b1a23806d5cdb92718d7e2e2409d64864 |
| SHA512 | 2809403b902332a1b9b39325fe01f4c7fb74edc090e8c58d8eb23389148eb6938cada807caced0b05782ab44c3594f26681afd26cefd8559b2fc272a60030897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cee275b8b47596b481c908d867c2bab |
| SHA1 | c3a6fc5451667bf98cb1a53829e13be71b9f597c |
| SHA256 | 4004af2416b26f325fa15a43b0bacef5fc26a827137da41185783a8c0d230c73 |
| SHA512 | 51341e10e5c99222c9d21b0ba48131c30b6d09e24c76502d3e2e80fd1f50257ba9c0faa5ceb60c4f401177951aa3979c8336201bf1c813b834cf1a87a4c0b03d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b00581bf7348551b089dee8f2f16b582 |
| SHA1 | a7009f1ff2697e8ebd9c79ab217fba351ced247b |
| SHA256 | 50a25a15436e987b696a155d91f19bec545bd3a4f4e56b28f88a7fa7b4ace1ef |
| SHA512 | b93088e028d8029d90f30f545a632acfb0c29ba9f3d50899aac887ee66496d95c37857478dc64f76e85d3d1b8fa70c87ed688e97b1c0598d139c11d8676e0d5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab50502222e8a7c13d0d874242c3fe35 |
| SHA1 | bf48f7e09d149ca7eeda563b7d32eac592f8ede1 |
| SHA256 | 828a5ddbac383d44bf74a9c94948cc8e01684e29b5161de5fba5400ed80eb6cd |
| SHA512 | 9e260eaf39e3bf8c23632ef85553a5bfd6029d6694892bbda6981d318ca1562c338bb79a869de39043caf283de30846f39b2432fd0eb6745c506450d1ee463b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc5dea78a12983f84ae82d65ce079cc |
| SHA1 | 681f27eff08a03b9887bd9ed08d981ffb76e07fb |
| SHA256 | 4e17239b758155da545fea77eb9dda8d42b013c811933444050e702f6cccaa3e |
| SHA512 | 55db8c7ce6402034dc6521e3ef76572dd6c457f83fdb8440839be46517ba0c3fab22d7a2df15b93d32eb4ff6d4b3b4c1a08370e6d0d518b87711f0ca2500edfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d912949de8bd21482f3aae8f218914a |
| SHA1 | f5791a3e6a8bc19dc54022712a4305d6ff0a2299 |
| SHA256 | 8656fe3c6acb8ac2fa62afee39be30423eed5c566bccaef9f343aa0a9180362a |
| SHA512 | 94210290ca11d57a69573d3c3a6cbd370fc7f36b0125c46344a51649acab1b1906542b2464210a73c17fc4319b65181e4cc0fbc4a50c2dc6e3e232b63df4b108 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 830511276b312a54271d5d54ff9ae561 |
| SHA1 | 2c041f6d343532bb456bd87af28b099a94cc0811 |
| SHA256 | 52aae7142f31f04b6a38e1b68e5ad08e5e5348a71fc7c9aefe79f11f4b3ecb3b |
| SHA512 | 026a94e4782a4d2d364514ad88f1a9df26e4f11bed51ac5d8fe7b460bf0b734371243e655486703ffe96c0b682f8c528e905cbc0f0ff454210a5577c19dd9e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c2af42c35ce4faedaf50c3fd89389d4 |
| SHA1 | 99361d6fe04773c6b174f7a5215e250b863e98a9 |
| SHA256 | 696880c878b3259b654d14bacb6e997d45d4dc7fed049caefe0f568e339bbe04 |
| SHA512 | 8529e900f952c5b5915bcc828e244240ae72424ba96e05f3074012a6d3deec8e46140316c8f8c8388615a9475838e24f64ae507007ab2e4b52b39f7e943aa421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d34b30b85fee130eca95e1a4e7129f70 |
| SHA1 | 6258248019355b204188a1eacccc5a48f141b3fa |
| SHA256 | 14bcc702405b09c46f282a00d91e31a2232dc51f3337300bf15c8e4f6d1c9b84 |
| SHA512 | 856cc94b7f7e0c14f294187e477ee8f390261633e5df94418e4d8d752f210292cc02b30671cf1c1df308127d81112831a69a2c99b461ffaafa457504ea416cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6c4826102ded6756bb77f834a8a1eab |
| SHA1 | be06b19cdf14c60c98e0b5dd40c88fe598abfd05 |
| SHA256 | d9f09247c03d2045270fee4ac0e783eeca60fa5f054fb91da8d8a9a3fb55c070 |
| SHA512 | e96e15ef6b4e96a057b6a7176e5f902e45a9a4fd451f1fbac3833d67caa0cdf6ce8a4a045b3369d747b17c7ea19c5a8a62db223eee44536562ffa9a8d07d8f80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05bf4ba03d4ce299532b479100d8c915 |
| SHA1 | af8ea165b465d05302d10acf370c7d2d6d538947 |
| SHA256 | 364eee773fbc6fd3a1823966c8fe26d40580dc1c1719964f5aa5dab687a800a6 |
| SHA512 | 6057144fea312eaabc29a0d07c53f8840340ec839ae5c5b8a31ad2d9c518f9f88ebb7b78316be80887ead6fedeca37c1375ff72e3af048f4c06cf7cd1d30a98d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e52c2dc63ae755ac60007ee69341c5f8 |
| SHA1 | d02854bd0d91a85c36a74de20e8bc3a8b36ed7d0 |
| SHA256 | d87332e1652df9af0f42ec4f02deaae29621c5d34c4414fec4a54817dd0913c1 |
| SHA512 | 01a06d8c684ee2cc368475aabafa0a88f4e32dc6d2c5fec47a432ae051781c879ca2cd89c2699aa6bc98d1f492d56a4ebaa49f18ba45f877fcdb14b25e667614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34402c3964fb4b1e07c5faccef940112 |
| SHA1 | 0b56e150c3feaa6d3c16513168438ed00e14f497 |
| SHA256 | 6dcc942a3acba942e60ba3b0f4314aff983f961a94bd0a25577792e7a2424a82 |
| SHA512 | 7be2836f2abafaf770f08a811c866c3369a0b94b2e477b101de04ffed0d204811241488032666a44a669ac8207f2a7d02d2453a3524d71527fac43941680a197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f93a6dff09ed177447892d899a33f8c |
| SHA1 | 4936c3516588ae7f4794e281d07e9395d3159484 |
| SHA256 | 37d79c2e69a0fd9ae012b5657c1a0bcc9516ccb132fb7c656e7fcd8cb89ea235 |
| SHA512 | 1f6a8a4b7ab135f565c9beb924d6a35bcff4e7c704e435807570abbc477f8a894856b1a0bf8453deb59e860033fca0478baf512c65f718f8ae55cebba929c2e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ea16b0e80a629aef5c1260bd44cfd74 |
| SHA1 | 0e95404bffa8d3ddbac3adffa5395c84d5657bb3 |
| SHA256 | f55ff0b84f96cc8d88dd4f4ed083f76024b36f7ef8b4151638917387413fe4fa |
| SHA512 | 05727ab5595c492a816133d50b4d66bb6249c342807e59bef57b7f5a86ccb9497129624d744b5610e51a9d5a483c322a845dc220fdbd8cc6812a061aea9c160e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 220cbdd9cabbeca9476892452f281e22 |
| SHA1 | b851a177145a12d0bf4a5919ee56d122fcb31261 |
| SHA256 | 20640471b3550807da43aadbe8fffc94931bf904c1718be79db490db8c7f4d33 |
| SHA512 | 7b74672e50cd352ba8fead0735977e6e0c04c69905e8d9c5081ab7d4484405f88c0996fe04bd14fcd36ba41634783f8711f6a9d96c235c8929f32e99e4b18ab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587aa0c953a18da4bf190472e1a1dc0c |
| SHA1 | 88f92076412f0521cf708d01b2d475dad95da319 |
| SHA256 | eebd4326200c29607e52b53c1b5d99c9e7dd88fdd517b7b5815c354465fd17dc |
| SHA512 | 25d3470e5ea0ce3d647f4120de07b2ead912c8a9650c8246e2cef3f53d575af6ef36b9ad7520df19a3d99bbca0e52cc5449e51c0d5837f65579335b68e882565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 778fd245471a6227e93eb254eedf5203 |
| SHA1 | 8f4cd1c69192b50c5fde9e50e86338ae92e31dc0 |
| SHA256 | e774454180c9624c00b516f0590e08fa359961c8f46c7173bad63b5988f3b6d7 |
| SHA512 | a7d4f23269c6528f1ac635417cb0368bf0a1f61bdec6beda0882f22969f914b0c156388c7f39d9232ef0eee881cabaad77e33d922a48da565e11ce0fd7fd44b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b0b2d7cbf3518ab762d135a752aa616 |
| SHA1 | 4ab40540aacfa87e2326d9d2fba038346ef7a651 |
| SHA256 | 01d61877bb2a5a5a2895bf2485af4b1f570732de05d67af82ef82a28dc9f07bc |
| SHA512 | dd15c9ae6d285c94895b4f4884fbeaeef6015b549a4edfcc0b434f595a9a62b165c460f7aae32f5b2815e3a650b7bd91ff332b5cc51fabb0d2d93e703bd1347b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 719e400ad83d023da55ba7135ae21e57 |
| SHA1 | 78d9f82ec644147a4f9f391895b8a4391a13e10c |
| SHA256 | 2a2c1912d42e6b2e96dd508cdbbf33f72ec4e35afed50097b9bfd0ba1ca8eeb4 |
| SHA512 | 88fd20c4dd964aecd811f7c7cdb8627f3d53061013156bcc9e6dfc2ee133b58ac57012025ef5d47bdb79e637a1c705b6869a47c4482f1ca0c7e5a2c2d9e63241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa0d2f669ac87984d094c5cba43572f |
| SHA1 | 35a17165848b25c87467494c31c436ceb2abc96f |
| SHA256 | a5ec7706f2efec1cdcf5c886a439a92959266d21d9f68a831a1c9695e6bddfd3 |
| SHA512 | 881928966f4da5908ef4ec53ba1d4095147f041c7f84b922b1bcfe1b054fe02c200dcb36421dbbc3e42e7e016ca3de0579926aa5a2f4b074cfb65b2d62589822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0665fabbaeac38a9b47f4c20a38f21b3 |
| SHA1 | 4f8d042dbb69df7c17a4dbeda3095a4bc67ce46d |
| SHA256 | 654a3ccba5dbf9d43e46c7cec4711c7f106eb18af9a5b56c0449cdb05fe00f38 |
| SHA512 | 7b85f0b2570990446c978a788dd865bbbcd39b2c52658b83ce619a526629cdaf9af0d03cb955a427b58a7894784ccf087892ce09bc8b47b700709d9b8821561d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be2e97964b61e9477a98fd8c9f287f3e |
| SHA1 | 08562758abbbfbedd8b4012dbb33cccf77e36e54 |
| SHA256 | ae11bab86bb999d9045e03ded1479adedf8135c014624204a83d98aae5b52e95 |
| SHA512 | 583c7fbd56f931401e5425ff790f2162af4e7f82d8c9c31077d54a3640f1bbbff0de168b427c4f05e8bc87ab7d5acb2ee9525418bd9c06668e95d6f9582941a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4303020d08316a4e643c953e2f57828 |
| SHA1 | 25279d3edc724cb75698d70258130e4cadb24d8e |
| SHA256 | c817b9c667ddca089d246f9efac04eeb39312d9eda5aaeea92f5c200ec507087 |
| SHA512 | 69db09a165b1921310d21f7478c1b39c30dc844adcfef16be8e82276fb68a6d9d954ff992bf1a8d37afd7dfb0eac602aa6daabcdca51a811e43080bbd60e0cb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ef178f7b76731f7708860da55323e73 |
| SHA1 | 8d75c8261e03865d2eb60cb150b20c6e7dc280bc |
| SHA256 | 89d981681d0f8da66b13fa7d61b79643f831617f74d15fd3204927f17fff1ba4 |
| SHA512 | 1b772f1f43631d81945fbf96011fc25f3b0de51e7ea49c8402516302967eca5eeae6297fe8da87dcc7eabbe8ed0fed19369f941c898cec38f4dbe30e188345d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a030527dc4a77c383202546bd9e113f4 |
| SHA1 | 5c55bc648fbd988a71e4cb083e0ea66c46fe01bf |
| SHA256 | 1970515a05166b6c61cf518f3d87c9f291b2e103b6bd265d9fed8d0ccfea6c29 |
| SHA512 | b6152468dbffe04d273964b89f009009fa4c9db61a1cb8c21c51094fd144f7a83fd557a1c398f4a093aceb6438424f7274539343400b6ffa8ca76a5e56419142 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:04
Reported
2024-06-03 08:06
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910c58d81834454b15c30ee05a95333e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffc835446f8,0x7ffc83544708,0x7ffc83544718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11992493653083068220,15067474979311192890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.236:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | 53.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.229:445 | ia.51.la | tcp |
| GB | 104.166.160.226:445 | ia.51.la | tcp |
| GB | 104.166.160.228:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1440_PNBYTCJEULRTQPIR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6631ad7600b95b58c69f7f012a8a742e |
| SHA1 | 71797993fad4bce6b6263ce105830b8547dd4cbc |
| SHA256 | 7905492b122ead851798972bd3e704fb0fb00e637e37feb6cd051ecd70efe746 |
| SHA512 | 80086a2da2d13ceb17fec5ea0829b30f94cbc674af8f80c6f6b7c102272618e7c32e7d0d7477087c6558b72b88fcfdd22c5c05f0c78956a40044108b498287db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89788bca44f596a5be8a8a1d586c86bb |
| SHA1 | f68b97b0fefac29c8326e3653188d0d6eae02566 |
| SHA256 | 2bd69dbe991c2b0d88d2041584eb797b8e9cd678217e71adc4a3dd67e0cd7bdd |
| SHA512 | f7293d994a01ed7b2776a9d7c95dce31f3fc6919a21acb4263b55aa79bdedad53d3237cc57f322296508e7427f21e856b164845ca2723820ef179a792a9ff7a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68e733e0602b41da2a11ce3f94ca35aa |
| SHA1 | d45bfa108378d689d2101f86397da6252a50a8c1 |
| SHA256 | 7b2929c472bac622d76be94e25b2b6128ad7325f30627dc3815d0ce9915fe98e |
| SHA512 | 2c827d2b4fb08b68a5a1d45fac5e47424fdd0a9cfe239134473a46b87ce9d5d50fe5771769483532efffb045c6c5cf360667a1d9e8fcfd2b97b204ccd8592048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |