Analysis Overview
SHA256
2e2cacff48b72e9011aca112f747ba4005255448b9a7c8b9167e5ec87556707d
Threat Level: No (potentially) malicious behavior was detected
The file a1b3b8d7d64e83dc069a3a6c836f7aef_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:18
Reported
2024-06-12 18:21
Platform
win7-20240611-en
Max time kernel
138s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378177" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cc595bc5c3dfa61a70415372cfadff1c8591bb13aec8bcfe7dcac8f055b6fe59000000000e80000000020000200000007d6a6f99df96ce9050f112e30bfc1f012788fff590e108853ac634153bf2b049200000003d193998e227e9e28f479c57278623846ced0fa78bcd891eb8c6229a195f9bce400000002f108a5ebd0ab9faea7f2e3f6bc8cd23b7b10ab1bbd0bd7175cddc218db992403d487f1ff21e7f86c5088d93da85626eb2bd70a0998b0fa7fe3ec4526f1103e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0075ba00f5bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000041ef9db17bb2192348e797d6380da6cfc1f729bda25db6b595403b0aa5e0da8f000000000e8000000002000020000000a06d7d232ab2f1b2046ba242f633e1cad8167f48aa57f1c712d31239af8938779000000014abdd8a929238c2499d3c4f98f1fd1317116bcfe8d60e9f6e93d980d08974b141f2a7b4d076b5f2797ea9cb6229b7e6ed7399fec3a8d4f73a6cdd23f18894fbb84f6e099780a18a2b88b0f43043ee5fb567be2818c1afd2e1b561ffedc59cea32b57a22f5326d644858b5e9503fef566c51a46c8d04160fc8625894cdebcf6c821212be6c2c32f473d9a055a46353c240000000b53ff65c4b6513adbf974e21235494b29ee23d20beec80fffe5f31c6a522c405de3b7fd21277a23522fe80e7d6bad33142ec46d96c385143254a3978a815329e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AA23D31-28E8-11EF-8156-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b3b8d7d64e83dc069a3a6c836f7aef_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fwd.platiniumlink.com | udp |
| US | 103.224.212.210:443 | fwd.platiniumlink.com | tcp |
| US | 103.224.212.210:443 | fwd.platiniumlink.com | tcp |
| US | 8.8.8.8:53 | ww25.fwd.platiniumlink.com | udp |
| US | 199.59.243.226:80 | ww25.fwd.platiniumlink.com | tcp |
| US | 199.59.243.226:80 | ww25.fwd.platiniumlink.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB7EB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d9f750b9b91287c89f437b15a7205f |
| SHA1 | 6e9890964e4b86496595389c11a00282e58fe058 |
| SHA256 | 7ba24d5a6a9220488f9603aaf784e7cfcba476a54eb4eeee2fb332462646b394 |
| SHA512 | c9431f0190716abccfd7b7e1895c2bba16cd959b1b973d4d66dcf4f70de3b9d293af03281fc373fbb77bd39e4af58547f39296341049c68c891c4b634cbf97f7 |
C:\Users\Admin\AppData\Local\Temp\TarB7EE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcc823b0514400467821ddd9a44bfb59 |
| SHA1 | 6e71923971207473e5b96ceeb81222f0a35053e8 |
| SHA256 | fe6050fdd4585bec39ec6d81fa6e81183428e365fc906393af1de2904342d8c2 |
| SHA512 | 95b9a30382a91742b5093a333d964e64eb636053fbaab2e10c853f345aa8660b534b8adc5fa6a827d300a045be7596ef8c6dd1f2e175d0dbfe9cce75ad368750 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ce4462f41dd833819b4b8d3fc5e11a1 |
| SHA1 | 87dd4f45aa311758e8673c480b079d930a0d6ea5 |
| SHA256 | f393f6a4bba4bc09b9eb1efe5edd42b22c612518cd3ab08bff3bfe9851fd6ed7 |
| SHA512 | e2854fc0d1851215fe29c8a10e6e8f5f9f34b8390090dee6fa7e39b383c8503d65b19dafb2be4cfb829f0ac273771cbd8d1569bad7da67a17a5f83e2032d8210 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54778c0a4e122288a6abac9ddf4801ba |
| SHA1 | 334d874e56366ec7d70110e34f8b66e069164c5a |
| SHA256 | 78ee0d7a850fa3e3fa362494db375a8df7c619dc14f9b1613f959f6f683ac2ab |
| SHA512 | f05d42f9f36c665a2773cc3bc1d8e085a3f82fe856bf2589d78864cdcde8c01541ae4d5b35226195674eacb4c624f1a65c296d7d62b712adea2b1261f1b7a049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a938549173e63669fc7a3076d6ff541 |
| SHA1 | ad98ebf777a89a722cb404924d6fd82839ee848b |
| SHA256 | e188c3dca817572174a003ac8b2a8b4233bbda5d509eb4e68187b4f5cbc046db |
| SHA512 | 79912c8b504c52406fc9775313681afa8193f03e21479dcffb8094fa44edacc294d194192e8e9617f8762ebc8e963aa3a30d64464becc9c445daf23c335b57d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b714876d1011c8b3e242e1103a485fc |
| SHA1 | 3bad9a1d839a9a0f0dfba2c47967a39b405935fb |
| SHA256 | 3256e3d0f3c76e62138f726074d2cd4b8f115b93a0c3f84d713f9e0f0ce00c20 |
| SHA512 | 2c6afe678e900eb2927275cf49241153d63f99b0b8b6947baac36c79ac2adfd7db16e6b2b52e2a5af06bcc49b7f33b51188cca0734a991fb021da94b91c5588f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0d0ac6a28dd4ec859096abe44e7648 |
| SHA1 | 76e028bff1182cb0d765d35de37d82bdd380dd11 |
| SHA256 | ee6658beef4ab32dba1082af2499f82ef357d07ecfa9205d6df7d911dc0cf230 |
| SHA512 | 16015b269069a84132dec237c2f1705754d81398e085b7e4d0338678b7cfe0e7f8ad8717bb57c0cccc46c8daf62d9c134cea65c4d62a2fd7665a6fcc81d31b0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85e2574c823ef0e34806ce4beec95234 |
| SHA1 | 885f40502f12c72dd20817cebe9057de5edf7875 |
| SHA256 | 4a2c2a5c42e08e05bdd5125594249dc4e8de364b98ee9ab0b5c5ac82cb77b32e |
| SHA512 | cc2874db0e3bb56e2ab759ce08d36cbf4b5e39a0e85383e809e06a743e9221c64e4d206c86d4b05b36413cd208f687b7a58dab2a9f7ca9624b9fb5ccdc7b38d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22c6c0495c9767546ad43dd7fb02e9bc |
| SHA1 | 12519c1226e53407aae8e0a91ae227fadb63311f |
| SHA256 | 2eb6cb09d0453e74eb2d147d273fe2c6497d68b49b29e76d6f23a06e1689a259 |
| SHA512 | 87bbb4c7045d6da1b4fb49d41b68fdb9bd5f5330a1b9ca6c06377f049b4fadcc42abd053f38849b5513b772c3773adfc6f9c8c5e492cec6082a7e991214eb974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86e58e3186ce7ba9cd8439b3636ba7c1 |
| SHA1 | c1140754053d282d2e2236f7b426e25b393812c9 |
| SHA256 | 88abd3af5865ed3d7260381271661050abb71340112680055570aa88e99d68f6 |
| SHA512 | f5eace13876bbef3ae097464146296f370122dcdba54a407b16ca5b207a2db29a784b9c33389be57ab70fb87cc60f3a665603952df787b99f343627f9d3b6406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 008927f489195cd89df3672d2b93de27 |
| SHA1 | a05d2f45c4f7e20aadfcf9e82fe8040e20f4d3e5 |
| SHA256 | 5147f4082d096be52df8fd66e65912421404e566d51ebb01f30a3091e551fd95 |
| SHA512 | 6945c418135d2607f98f2e21e5bd36dc849f997b8c0352d61159174bdc35bae22b9946735d1ad21b1ccaf21ac83bac014a9f9b13ec02cc826332a89b64bb237d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad77389f8ae6f7795333c56d2e73e920 |
| SHA1 | dfb3f2991f2e777b841e22e5387c7cbbb976e327 |
| SHA256 | c94f5eefea3eec145a65135b4dedb69f193ec4e7ab306afd46f5fa06853278d0 |
| SHA512 | 825fac4310bd40282f7d8b8f6ba40ee2032a9b324dda12d1c1c3bafe40b7b4cacb0538818b03e16bfcdc600d366ba7ab03f2074b165d0d47e5d27f1af8202557 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1f8152179ef0cf4509e0a26e2ec9ba |
| SHA1 | 3b8954c8528f50958500dc173984e4b4334a00b0 |
| SHA256 | 72b2a61f065eef203582ee83dedb9fc600c883b06d5a64dc9fee4692f6df209f |
| SHA512 | 40b48597e8c6702365dbb70bc9d7655ac63ca89b2eb387a286f015d1f2c7bf7ba333e25372f9c59a8fd64447c433d0f3918faea6f852050783a635142223c4f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d310ed0b3f0d759f3184a667eef8cc0d |
| SHA1 | 7c1718e920c4f9e9d7f8f338527b5b7b2cfb7ce2 |
| SHA256 | b2cca7819420f1a3113aa24a953c5fe65a47d961c261ca64ce7120358fdcc2a4 |
| SHA512 | e9d902ec91ace9f81662bfa6fbe7d26c7421b76b61762b0b44ffd0796547d96595b9e06bfa00a8d04ecddbb49379b75edd61048091d7dcb6e29cc559690f1d5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d73d9cba1b251b385d09bd458868745 |
| SHA1 | 510052c1bc4333b15a3639ed9c89277b12bdc740 |
| SHA256 | 689d8c7dde6c63ccd622c3f242b6efdc7a414e800359b0fd47c43c9aced00bb9 |
| SHA512 | 3a071ffd767059a49efefd3451635706b4b216b2014267cd8315e6b3437e6cf7bc265ec291cca0d7a7fcb2896097a2c6fbe2c87fcadaddcda434368416802e45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 179e1bd63d54ac34b77062b7314a3f88 |
| SHA1 | 050584122a3051c3559e3c716988d166cfc92686 |
| SHA256 | 213d20479dbb7c6c0c100e854ebe0d5ba04c2647eb6bbbbac02a5286ab979ede |
| SHA512 | f0bd562021d063c5c46fbaff87188214cb623dd02e8ae0e39d588b33bb1db7480abfd5ac6492956f445cfa99a3e4bbcd9b5a1c6d30cbbd0d519cce367173184a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 253504193bdaac2c9f555815f144d447 |
| SHA1 | 0600d0276454e07e2ae9233d2c7df2f7f72cbf0a |
| SHA256 | 62e7c4a9a7060f186108368681b06674ecbbd2c507bb44e5576dd360e283b7c7 |
| SHA512 | 19949042809cb7a06f1415753e31f6f64b03eaa9ab6421fbba71bce6fc86b9dd2f733061b15c65499f46e73c1eec31a7e66fc09c94621265bb88bc0935c6a6c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c3666070044f3b435db36c604c5d39 |
| SHA1 | 531787efe00877a8679efbf685d6073f1dbbd6c7 |
| SHA256 | a67765a6add1debf11a5eaec4d9ebcb2d4da8894f2bdfc0ff58b44cbca6cb750 |
| SHA512 | 6317fe70574674319a2b2e19929246bf6981a3d776688a1501ed34f906520427b094b280af6065fd0966c808cc30dd4d378b3ef6f49c581000a5f942f2a9e20b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 693788abd69e385d90d134615ce186a9 |
| SHA1 | d032773348d5cd75932b84e7b1a869bcc678093d |
| SHA256 | f823544904753ad9a430efcb14ccac5fa0ac2b6234175306f671f3e8de2c9900 |
| SHA512 | e178519bff1ad5d42a60258b8de801c09f673d1d7d5d9dabd5ac5ac7131067ebabfa1f306519f38b5f67ad95a660762775d263e16e6844d6bf931e008ed84040 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d5bfea9f36066ff54fe8c722152eb6 |
| SHA1 | 56ffbc868b59df3025fa69ddd1e17cb5d6bc79b5 |
| SHA256 | 4cda2b7c0525bc0f5951e81afd0fcaa7b6bd1968ab7f7fe28942235f0811f64a |
| SHA512 | eb053da76d37818ac258c005d56c21679f25718aed6e35bd79935e3fdc951df4b40fb546c903a03091e0e1df914dce2fe8a1dd2761dad291b1b7bd4fa7b39cd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78d78939c41f944e76ef6dfd5f43b5b2 |
| SHA1 | 92d3649bc000b628dc2229ae4475674194067fe8 |
| SHA256 | 5759636400193b7ef2a96de1d9f9f2f5fea43f15606b33747cb4fe22d6af9398 |
| SHA512 | 67a922c75d3e10bcabb446536b56742fbb560cafaafb0dbfb7dccd57ccf9513ba3b6a6192bc618319a4630af7511a41ee5bd7bcd5d39602807df2d37b17c2faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2393f41d02a93a02e5f03c28c86d7fd4 |
| SHA1 | 7b91797081478768e437ef5a6e0b7b18b708129f |
| SHA256 | 701f8bc2089c9241a3e5a4121379fc53804bf29fe77882e06a81b61994c7095d |
| SHA512 | 0dca92c395c485653b86a98a58be9cbde338f6489cad76a84bf5ee8bf73326e85c6eb363fce20816609d7484a1deaf75d02f5c502f9b9e690fab12cf9285e468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635464cf10b39431cacc3088b1535c6f |
| SHA1 | 3f7d31eef91ab621645ea55ef1550fce99ef221d |
| SHA256 | 6c264aac96fcd7adc6bd528e08caa9122f3f47bb82f80a4d223270148d056510 |
| SHA512 | 7733ab56c7f7ce08fd2527e44a8dcb731abc0c8ea78f8a9cdfb5d6a830c8facce314ef054861f9f0565e5cdda423a3366e3855a011fcfc35ec8cff35535c6514 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:18
Reported
2024-06-12 18:20
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b3b8d7d64e83dc069a3a6c836f7aef_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde80646f8,0x7ffde8064708,0x7ffde8064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11877465794420093263,16834331036758082923,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fwd.platiniumlink.com | udp |
| US | 103.224.212.210:443 | fwd.platiniumlink.com | tcp |
| US | 103.224.212.210:443 | fwd.platiniumlink.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww25.fwd.platiniumlink.com | udp |
| US | 199.59.243.226:80 | ww25.fwd.platiniumlink.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4496_DKFZHQMVNYSCWLSZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7171a6c211e1802e46b9e5d981f97a51 |
| SHA1 | 38386d2a7c345358386cd0ad5ebfc2fccea6d55d |
| SHA256 | 07947e3f57f5e86a75686bb3a05ee9b4e32a554ca4225137aec3c262e0a52be7 |
| SHA512 | c318d1cfaddac2fab97483cbbbca878073ece31ad7f796ff738779e437837b862cc713afefa2833db8a19367eab7e02bc356373a691c64453982ee0471fc09f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6cdc512f6f9481ff2542c61288fe11cf |
| SHA1 | 32ac65e7c95f62401b11dfd3e751d4625015f849 |
| SHA256 | 8481fc31aea24ed599c4263c2309dd7c63357b382040c11567c9e0431e5a88c9 |
| SHA512 | 7af2b73b892775f540ab846fdc559e616a19c2fbc311cf8b2b8a91f467061a49f52ab68f4bea30e2cd58b1e5161812f407b93d4d12b2b103d9295c133833c147 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1bcce338073ad3ee8f0eec42a79fdd9b |
| SHA1 | 80625b2b5f83effde5026d2e384aceaf67a814b6 |
| SHA256 | 80098575116f28f490a00e34d41ed399ca4d5d3c4951613b4e1cc8c424455284 |
| SHA512 | d27f2cc07be491bffff186a23470b96e9ba537d1c9c41fe90a371a18dc308cef1f000e7ee99e40755d1418f7ce0b7f9e1c48f125c4065cb5e5bbad2b916092c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cd3dd9cb30ae242b8a9b07c2f76c3423 |
| SHA1 | bbb3cabe8e9c5f4d8bfa12cb498ad05dc2b228b9 |
| SHA256 | b2cb71f344a7c2d4dbc956b1ff55a3e2f4b97a41ca25e0559d1c44ef90c643ff |
| SHA512 | 91017050eb688cb28055144136116ff82169b11355da51b1ecae65b4fa168ca2ab466b01e94c312d00c0342cc49f820af6c2c39d9536b08150af0d1619fe6656 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aa74cf564c2315baa2beb8651eeb130c |
| SHA1 | 9407cf93a383f856542fbae64cedd01b78fce92f |
| SHA256 | 66407cc545e49e65bd4ea651dff02703d73b8768248af1fecdd7763209787bda |
| SHA512 | cd7546f38bd09b221c0566618e50c7c630e02005df0aaf8151194d6c61f0be3f9880050903971fd0c327016cf62de624221c9a97e2d56596dce75dde94effef9 |