Analysis Overview
SHA256
afc5ec68122e75bc32df2a4843a4e0326d7535a50ff2d0a51b50116c22d2c573
Threat Level: No (potentially) malicious behavior was detected
The file 92460e078ddee2e7049fb6f3481d23b7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win7-20231129-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e20894ef6926c48aab4f27279b1def3000000000200000000001066000000010000200000008fb7a5d08a65c226130aa9e51362146b3fbfbc89db58e81f4185afe544920780000000000e80000000020000200000005ccb8a54eaebce423eca2c6af8e6cf0878b0767a9e398167d82b1ad31f5ab4659000000047d7d43be88bcd6e408c3c5ebbf5ba11ba2ecaa2eab8d5ff66f80e48dca3c41981302d312ab5a5848efbaf82c0f1f58e3949028815d1bd8e94e3f0bb7f33b69b9f452a9032839a9c757f67f9862b9772d8fb0e8be9f177de8257e4c2651832efb17776d8d582483c29406330eaef70edf0c8e95679782164e86d351d04ac515c58ff4ae80e706a1d3181446d2428154840000000147f0c28170657a440aaac543d6b37ab4909710531fc4272206b38acc425564800108389c21bf92ca8e2d5cfeeb83efe48f0de47f7b26bf6197ed2303588ff34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590526" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46972C71-21BE-11EF-888E-CA4C2FB69A12} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e20894ef6926c48aab4f27279b1def3000000000200000000001066000000010000200000004336f44c569604fc2a8a76eb8a08160d07ba1939ff3f83c7c23eb3913a55db5f000000000e8000000002000020000000182d144fc8f4ad48d53e236a7e10d577b9ca01a151f8b51ec081d674bb39baca200000007a3d56afd4b7dac861c82bff206d9b063a710c89abd95a8fd961f4a5561f319540000000279c3aeecc790fcbb7eddb5f92d4902f1800542404f7bfb3f75e08778495e1b3b2e472cfa5972482dc77f05cd632eab7d1ba9a1304cdf897273d711fbdc0c0e5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f6130acbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92460e078ddee2e7049fb6f3481d23b7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | weightforlost4tmz.world | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2DF9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eabab669f51a9d8f6ce7375427f6b3b |
| SHA1 | b5881dc5e94c367dc9cf77e4c8af0b3df6cf4026 |
| SHA256 | d0885531fa54bc6a2357f28020e49db00e79fa222f387b2d150c52da73c59a19 |
| SHA512 | 75eadaeff947bbbcd57cc798d959910a7671362bc316cd8fcd038926eb7f62c836d085223d4db16981fd98590737312c8e67315a67cf7db013d40602a5ff1c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faa7e764509d66f45bd253cd5164fb08 |
| SHA1 | 4fd27c1da4904d2d60d13c93169a02d0bc026c21 |
| SHA256 | 2da77bc69994b79e88cf8e7f0ba4ccaf83f66c92bd481864efb9fc957803ff0c |
| SHA512 | d2a90fcea1a4283ef5a2c630c2fc661b6d2f66c1e11990088e853fe2b69c2ba80b34eeb419ab7dd00a6d469f87f9d7fa8f505aa1a084d64ceffb1aba23fe9ef2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bbe14a252bfea02a46963af6cd851522 |
| SHA1 | 75e20ee9a088bf8f487b17563ca9736250ea2ca8 |
| SHA256 | 15ce35554bef0ed509d5ce7fd757aaddcab7c8a2cd98e855ce6a954ecc4ed5b0 |
| SHA512 | 3bd6c811fb1e3880a0423ca8dd07232e1bc2a9c6e6d8e6e9caf4f7adff7bbc4120bc44d5a6eb1a9e62f34726286bcccbcb94b4c01673b8f6bf64a00276720d27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58da168786201d7bc14d6ccda5f0d0b4 |
| SHA1 | f1ef44b4493f8b947fb747ac146ea38dc70538f6 |
| SHA256 | c6656631fda7baa99f1a91f39e20ec00fd88a1e6dcf273354211fc73c7418ab8 |
| SHA512 | 99e5699b4acaa03fd851dbd932755da42d82295ac8e1d832523248578638aa45853c7c18f368e2101ae065ee4e36808f955d8db994630cd294dfee77bc909264 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98ef4a851273b802cee56b09573517d7 |
| SHA1 | d42896b1e424caf8e58c0ee1300bd03781004297 |
| SHA256 | f72c68bd36737a2b40cd780020c957399e6e91c907bc0eecfad3d17853324139 |
| SHA512 | b088545fa20d31abdb33e4b916df019d2945a189652522854ca20c05731f0e7c2f181c3b3e40bc6c122c77dd477063cc8411331cfaecfb66cdf90048ba2eae2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a34a575d37be312b716b6ab82529a4d |
| SHA1 | 1376b1af85ef71c6fc14147149dce3fc6ea3e34d |
| SHA256 | c281abffbde775cae3ee7f4934ded539da91781eb39f1517d75574b61f41bd45 |
| SHA512 | 894ec521479101040cb7c15c0bd360ca4ddd595e152e6a3446338e1e70e15e689a50dafb8d10148e8fe9ea26679df577e56465ddfdbd61c6d5016420a3d1f699 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3b8c3bebfcd4e18f320f40c80f6160d0 |
| SHA1 | a8bdb4bbdc3ac7e68306b63865ec12645474bc44 |
| SHA256 | 0ac09c812016de530764ce85d003c6017a96206e0754c9d309be2865b3251404 |
| SHA512 | 37dbfdcf98f48afc8279d3315b9ba8b8705561a25da23c2a9ca349208c4d6640368521259d077cb62945b16af41b9803c7b39c137d3b48c35eb99369b0f28506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2880bb54ae31a88fd581d24b843bec7 |
| SHA1 | e491881a139cb0ba497e538a560be2d88ee3b6c6 |
| SHA256 | 3fabb29828a68cef7031e2ed7b6a37caaf63b820c70f29aecb46fee59f5ba2ef |
| SHA512 | 5792033c78c5ce4a303e0494803b3b8552ddc89b3eb0d0bdded8f2ae841a0697fb3bab82c4bc362d18998bbc3f55aee5995b6920f328049486b5dcfc88f92bdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05b6e3935358f4e215c84edbf0967fe |
| SHA1 | d863771c2a44d5a5e6da1f06aea109c413c2370a |
| SHA256 | b2e17654714865b33c59edeefe8c042704cfb71f10a668cca33875e78860ff9e |
| SHA512 | e91161094842cca64616609e9b9241ba23135eeaef4d848ac9ba97173dd1f86fdc239df88b1d3f23d40f015ff1d5ce83ee07ede0db4d193cc418a44178cf03ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88256340323038122091fe8b3fcfe94b |
| SHA1 | 92f9c394a142ecd079b2052e90c4faf510d9e789 |
| SHA256 | e8cce2248952a6335cca8ce0709976bb6577d8e305163fc7eca523bf08dafe0b |
| SHA512 | 89c31667b2b68e335feadf020d4509bf9a78ad13bca2660a193ce4f5d751f45c0e16ca751a425863a86a81d279c106831b73f097ae18f3506664c6cd6b408c02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5097835935bb5b7765c3fe9c3109c641 |
| SHA1 | 8a97b83d0e98a564a2effe355482b60080b488bc |
| SHA256 | d23588cf03c74c48f08a786530a0700a96757bcf20399699b20cd1d6bfa45e92 |
| SHA512 | bf8dbc312be8f90ac035c2d958999af9940e44c883fc57a780c1c1b4b540b4fde4f018b8fce0a8bf6b147cb0f1e25142a30656887cccf52fecf575746eeec8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49c3c2c5a7581437342f800c56f98dc6 |
| SHA1 | 3100640a2997e2f222c063877e892a8bafe2b13f |
| SHA256 | 3e623f9f9d7b59a2b773a86a22ad0e6660395256dfae881f033b258cb0877761 |
| SHA512 | f8fe82a9687a658f5cd12211b975f74c42d0e2abbded1eec5aec5a0bd425610f430398d15b3697be2524b6e6e1ed96b49dc30e31b4a100b3f5feeb566952bd9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d14cbec5aad40e938c54d0d3d8ab23f5 |
| SHA1 | 693829ee56d84df73c0d22a2062908b2857a5194 |
| SHA256 | e1bf0325bda32c6490ad8048bd5239280f2d2e488dc4617bedaf3aba79b8c3f1 |
| SHA512 | a1a37d5ca5b9ffb1868df12eed19bd696f2172057925b599d72141026898e6db221ac64c8d1b411d44a7248608190e4d351ecf575bb207600bcd43df47f43a35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823bf2586e0b331e11254e35cac62baf |
| SHA1 | 5a192658206f17040daf70dd50e275e7b65a6e5b |
| SHA256 | 22a560c2440dd56d6828610b558509d965725442faf0bcf76a27b727c0aff5e0 |
| SHA512 | de061c8a9e1f4e1d308448016d672ab303889e20e7f0ac63d5eb7b785e8b47a2a1ed8a5e382cc59871b0815a1a7ef275d5d572b889ae858a43e238c066d70117 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b3467f6de9ed31ea73eda92097c8206 |
| SHA1 | 200a025a08b03b94d81edcda8479931f0d4b9024 |
| SHA256 | 859fc8aa597fc6366c78bacd71c4feb90fc9f8664a5017a976078e9efbd8474d |
| SHA512 | 19c1ca5d13bb96d598cd2c1859080b3dd970f4f4f61844cd56aab77a4bb562647f2dfddbb27f4bf396012580b19884578d747b1b01d7f044fc8ee963c2064ba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b10df0e4fa6e96a606c09e007ce579 |
| SHA1 | 043a218883e680785b1916b8598ffaf31c861e51 |
| SHA256 | 64f9d91096c97d287f70026f0a3466c9ed596178922796a34e100efc26baec0f |
| SHA512 | cb73b02d74ccec94dc1596a83037343424a6496ba1f34e4c2f148f4dcd1713bf803b9937b052f7774be21be3c2b6d7bfc378f1a8d6035624f16d0a806c11d13f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9635463f3f6ce3e04778d2df9cd2cba2 |
| SHA1 | 4d79310fd0d7ad3b31b17085433cb4e06c5a6b6e |
| SHA256 | 1f00fbd024ea91515494b3dbe9b24ddd5a0e48c596340f91ab6600e92f4a73f6 |
| SHA512 | 39910339c0749a09ab9eb730b9bca2e875842f5428640a10fc78967b2429bae53cafa06eb4532c3892990107a2c1e485610f3414e3d9c0dbe3b980232425a3cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 614d2b5f6161d9d4935c0b0adc44d807 |
| SHA1 | b999b61b00a1b63372a360a510cd50585fa08fa2 |
| SHA256 | f0100cc293b9bb0ae0e448752a7b1c861c95303ce51caa48b8a2788b5b78b40a |
| SHA512 | a00993beb8a3e5d672d1d844b50766904e88c8b8bef13da4719c3d69b6090fd7b5bcac6463444ffa6e212a449e73fcaa114e9588faf7193dac09a898bea29e3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 196a96fcd0ef29c8bf91b3d7f8065149 |
| SHA1 | 07121364eae7fcdffc128a9b4bf4396cb7c07550 |
| SHA256 | 386202d9524ddc28af95a7eaf39245346163e8aa28c3fafd434a3fce4aa41b25 |
| SHA512 | 5f729f55bda41c58eb8ddbc7200b6f7537ec76fe3130337ac55563b0889cf69e79f8a176bc3c8e6d91ad8813c232f1d647da2e283a06c8a6f47e479a64191ce5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f759400e7552622a4234e0fba2151927 |
| SHA1 | b169203f7c0dbde3602b23e5d224fb71e56f2d2a |
| SHA256 | 1687534171c8d8193f5b3703b042783656da5a037d40f976dfbda059c52505ce |
| SHA512 | 6320c4d669789e93ec428f9dd1107885367eb8381b791df667b8ba0a0bc5e025d1b541ebf2df301237ff2faee051f166f8d640f64fb0605487d4b347eb102c73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f8d682e92bdd7d9260c69f1d06b456 |
| SHA1 | 6fd57bd4b67871929d7a0745aac8806e42202dd7 |
| SHA256 | 1d8f9192c1d6f6d9691923b9306dae32227fe0b971c6fb75493459a303a546fe |
| SHA512 | fb8ac1a2dff75a543ef287e0798850edd179a25b80e702a4578150b541c1eda7fd899e98117be2c0e8ab72d9f0148447fb23dc8aa571892abd12ef6ff334e6cf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
133s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92460e078ddee2e7049fb6f3481d23b7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e53746f8,0x7ff9e5374708,0x7ff9e5374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,581312443161346086,9558133853194062931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weightforlost4tmz.world | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weightforlost4tmz.world | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weightforlost4tmz.world | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weightforlost4tmz.world | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_900_WXUBGKMRXFAQXHRY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97d96af3f74260e8853303a65b3f9aa7 |
| SHA1 | 735eb47aa4a5f6a4b3ee35b9a007956a987efc16 |
| SHA256 | 5cd6c86bdea3ad21fea7b11aad27c61f3e654ec6efe8e56ecc4b3b76509fd204 |
| SHA512 | 97907ec5656537adf1a715a26b056cd5080ca4c0b64cddc605b2ba289650b6d88546d1befa3dcc2934efa6d46c61134660b8bcaecd7c0d94d9581bd44dc8ad85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a3a5e5a6c17649ae2bdf283509c14a8 |
| SHA1 | d2abeacc948f87829159b30235c7b7c7eaf54430 |
| SHA256 | be6b702ef5c05b6e596682f9f362063d2dc5615ec50b702f09c403e1dbba205f |
| SHA512 | e5b3b958e234feccb25ecdb788b203f41316375b8a062d7bd88187d82d3ab0a806b84e31094a7a8859be0c0bf98d78a069e11e6557b32dbe6c79b8c7c72ec7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fdd7d6c2d216d848fff0cf995ec5a50 |
| SHA1 | eab576cfae03920c4f277df84d144b025c1bf2a6 |
| SHA256 | 886db34d39f93e3c87eac08d39fb1edf222b4f938c83465abe3ef6061df3ce46 |
| SHA512 | 65cda92abc3beef4bf3d2cf8c5867ae847fa4f10264fde049c290f11d8f65e1047ea4cb2ad2639397bf2e179911e078bdfb6af4359b5b1237c8542d3b9116065 |