Analysis Overview
SHA256
6f9cfd39a8f9f373d391de40cb4e6b32b8af67f7908469a2002bfc2190e6e90b
Threat Level: No (potentially) malicious behavior was detected
The file a6c669364388eea845a1015e1c41955f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:59
Reported
2024-06-13 22:02
Platform
win7-20240221-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f500b12cc51044580559354a92981c500000000020000000000106600000001000020000000daa9f8d0ce393c0561b47a904f53ac243538e2a248822b2d60af2b03dca39c48000000000e800000000200002000000035196000cd8e045ec1e82817c282246b78973777190717a99f4160a2be1c576e9000000077dc5478f5312737d5394d649d1c0669f333c2dcc2e7f92a07c706480fbfe743f1dbf53ad1991144cb9c88168179482a2717ee29f118384dcdd3559d9de96903973d87f16226b8148d0b0546a459f198a4c0a0f6dff5c888e01d850a10d68f74ab67bc9b2240a62d3b70085ba37c439f8a23427dcf31ef71acdabe74cdff05defbbfc1ae8b18f83400758df828dac33840000000baa361160787f36c79a05d315b1d28383311c6fb4d7397e9689cf6edad7785eac3595a0f43170a385ca1b19e3666c409718d3970f44d4439e85732651df54579 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6063e219ddbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477862" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f500b12cc51044580559354a92981c500000000020000000000106600000001000020000000e1cd0a110d75e4a3232f9883a8091ffb6ba601fc4f92830f8e9f755a832de4f9000000000e80000000020000200000008f4c9276b3b82e3cce665d407d0daf6f65d0b2c3d806596c6c2725b6994e342f20000000bfd537288705272cbde4334b41231cdc14316eb00dfa519889d8e81c1064ac2a40000000510d9713223fb70a4db092dd026b69b2693dec81b9535ea27b116d35f07e1916ad1c96d37cb5e6554f799e837bfda190b3a1b46d96ec81c20081e7a4aac843fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{440C7C21-29D0-11EF-B2C4-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c669364388eea845a1015e1c41955f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | jsplast.ru | udp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| RU | 217.107.219.122:443 | jsplast.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 86351fe7f8a877265f10e3293bf2d477 |
| SHA1 | 638127ec717f6752412123bdd517d6c79f32a86a |
| SHA256 | 2f10f51857e37e173c462d2a7bf9b6724204b890bfad6f7c7bca965e40c016d4 |
| SHA512 | 10e6d28f56615a87b3a6ded160d0477d65048dff487cdf61fa222699b57747d30ba14ded9a32432936062659b9968c241dc1f778cafa821f8c13d9b35f6d94f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04576450b2f354295686fd046831895b |
| SHA1 | c5d2031cbebdbf8ac98be6fcf56d99dbb3c09a16 |
| SHA256 | 08e83af4e687ad6915eecafd1b3113f86abed1e498337d87de41b4047f3d08d2 |
| SHA512 | dc2a4162d10e2f36fb0952fcf579f0fdbf3dcb97e5c66ff1d17bbee78fd570acad58fd5e34b511ba490884b0c97908758b6a6cd2133362c3b4fbf9efc0164ba8 |
C:\Users\Admin\AppData\Local\Temp\Cab4849.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4848.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4988.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9d42958c452037180991879f827c69d |
| SHA1 | 07e8a5ee278644a352182ef8e9fd4c3e0a02ca09 |
| SHA256 | c99ce7cb19049c9367e1ffed4097fb73d9f5ab18d12d586396ac673de18284f0 |
| SHA512 | 2ba67efa9c4db95d6c012201f40fe8784bfd630222620de2517ad66cc61a76d164687e4e393d02a85d565e5c83e13cbddd8d6543519f5b7af9cbda4dd8b2c79d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e165dc31bb9af078dd323452915bb2bb |
| SHA1 | 840e7744e4f1a6fab22d09b225b04035794cbb11 |
| SHA256 | ff37888c3ee3afbd67151da17323935143218e6ca08c1b0a688979d252529335 |
| SHA512 | 388653c7e85dbca5421dad7e44efa264637b4c2b623de464bee759952e797117ed9a5d78fdcf1f0cfc037d958ef29782a737d6ead801bb6d8d7c44e3ec6dd09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 037aec7ef8927ad27ad66a1d4a1369cd |
| SHA1 | d612db3c5c69257341a1e3d9098f8ccde7410ed1 |
| SHA256 | bf6b2c59d46fbd31ca99da2e05a0f8cc932cade7ef97df74c28e66ab1ca65f52 |
| SHA512 | 40366572e2a25823225f2992ea061a7626f0b062a0f98ecb58d81f5424e4cb4395bf1087afb7c61afff08b7923f640c400594151a7e69b96934b18f1f3949256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a924108932b693a3e53acc9ba1032b9 |
| SHA1 | 4e46b87de8f64bbe6f11e45eb043803266b5d363 |
| SHA256 | ec7d75593ee6864aaee7471b1cf6341647414006f801502dad478d765abe0f47 |
| SHA512 | da1f880136d89e7f26499bb10a7f8b62940a1851b7216fc877bbb16cabb97573350c03549ecbdd574c1a28c5633247444d1be514158509233402b87c5a976ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b9fa25790d74a2bbd2f82ccffabe95 |
| SHA1 | db11b6c447830da35b08b9b7724a85a4959fa43e |
| SHA256 | c8a5598fafc03c8f127a7e3bbe2532597c8db6c79baeabab450edc542aa811ef |
| SHA512 | 9aae27ea1318865ac28aea0e8a3e5ccb54f7b952e56c8e4d942606080e1a2e402b765e6c909423c225aa32469882dae3afa76ec2d918fe8c8ac41da12afade8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce3fa1a1b0207c2120d0e890f856f3aa |
| SHA1 | 1b0f70be09581a2856568d9020724b75ad1eea30 |
| SHA256 | 807ecef3d73d1a7aa3c9a071967f3cf4da1e1cbc57bdc89236861bfcb85fb05d |
| SHA512 | 1f543944ba8037333dc343ee206071fe662944e4168a75fe66b21c95c4e6a30e7890760f2358dbe3415f7ee6db6cc5234e0992386f7d1499c2930ae817e1c5e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a25d45f65a606c23b69affdb63a44b9 |
| SHA1 | 6c19f2ff961492d5630437756f74a2dae42c730c |
| SHA256 | f1416b9f8519f644fd6863e98efd7a5f052e2a659f1bd8432b23aff340b6528f |
| SHA512 | 07ac8ad178aa056709d2d9f822610b3680832437125ada162018b7dc5695d10c74f6c31af2e5367467256fe9a575eb330908fb369885a508876f4f58c1da90e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115e3de732678801ff835ab5754a8486 |
| SHA1 | f96f05c1d9bdbebeb0e1b0eaa9935a57c8f87f71 |
| SHA256 | 0e3fd1b11e8a327dd6f5de1f0b0647e987513577ab4c283a79b92bdb6ce8f24e |
| SHA512 | 2ebd3995649c6a706ebb48a0fe080d32eb9234c8a9caab9128cc28dc4ca23e1e8f344bf27e24f2144309050be0512e969750e450c2aee6c7441c47fa871d4bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 224e5d8d8a982335ce06379e28058cb1 |
| SHA1 | 828971e0cafcdbdd74e354b9b7897efdd2397a33 |
| SHA256 | 5e12f6dfd2197150a64b9abca1cd2fde847924af2ad75d65e260ce72165615f6 |
| SHA512 | bef68a0c17f364df06c81a58c48ff7e18ae3f38326b971db3039938562e7ea77f61cac670a1737f74445b3bb66fab6fb39c02a38464752c42d5d86ce3003f1d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 200f338c786601a6788e3dbfd0fc32c9 |
| SHA1 | 9b171737b2a97d6b45d82cd4d42253930e5086d3 |
| SHA256 | ad5aea3dbf929288a25650d4396e61a5cbaf000d056b6f1deb219f5a2c21196c |
| SHA512 | 7ce05f210017770d2368bb6b24fcbf9364fd417e5c8512227b36064b7e8bf3900dc925c2115ec736c2eafe07157887b985782de03868c2b8913ceef93b9cd126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7276a3ae4c9f37c7e2242347b58f5ed1 |
| SHA1 | 4d3218e9422283a44073ddb0152273602b4211bc |
| SHA256 | 29bb3c1d075e69db0569fba02f323ab9e58b5d49795a7429fa608e0814f94e18 |
| SHA512 | 46de21a9ccb9e2d3aed202fc1e42ddf03456a41a74c5c50f3f8b84641a43bbfc6f9d25727090788da94a409479922feb37c234e9f3c910bdbf7d5d2f0442ddc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c503073ea6d187b12847c43d6de31a05 |
| SHA1 | ea05e5c2188b23435cb6dfdaf16ade8d5d05d2e9 |
| SHA256 | f871caf3c03c449278d90737daa88578167492c8fa5f4e886f057a3a7f72d307 |
| SHA512 | a3b34b518752e09538ca24b68a54467cbb009048a45cc3a0c9892b24445586074320f2bb3fc39e3a919acf83ecbccd58388adb421bd162ce4ce756c48d72a41c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6780cb8bf84823e46ed1b04032b8ec60 |
| SHA1 | 24eeeaf2252caf050761b85769c966e2a874b4c1 |
| SHA256 | 20ed53ca43f542fb366c1fd9fd5272e605f74d1a35b73fb2d4e98af949e6430b |
| SHA512 | 526db7b1b94ea90620e5e99b46e87f8a7f89ab9b252779fda7b210200a89dd749fe501c871ef8d9202462a83e952894bdeb29beff68564e836e5d06f1b8273a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c8f95595633ee46449b0a7be9f32698 |
| SHA1 | f26de1df3790f9fc7ed68818f62dbdce19e1f564 |
| SHA256 | 29a0b7dfb74d44542466ce3c09b86c155ac920e2fd3b28cb2e66ab43b52d6580 |
| SHA512 | b235014d2cdc70e0fe17b7463abd59972418cf6c9165f0347e38dab574c0b601cd36c9263e88cec434233defa2b98d28ff00e86e0551764d77ed5ee50efac59f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b87b95a63f0ff6b7197ad578699cdad3 |
| SHA1 | b3164617607ab27a4e1f968736e0c3752f73b218 |
| SHA256 | e4aa80f795fb98b650bc4e3db87fa03a1e8c0b15ab5dcf628e42853261c4a207 |
| SHA512 | ec7b41626bfb495b793286e631cbf377cf8fa4164db4ef76ed508ed60645f1c4e283f8f837677eb4f87fe98c7ced5c38af8ac36945e23019fb15dd8eb7d58b31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7f4a1bea8e6a45caa17f881b7629796 |
| SHA1 | 2bd1ab0ee12ab8950a8cf818ee80ff66ad77f27f |
| SHA256 | 67c6a10ea827b4c304325727a57f7d90e7e324e230174eb9006932e1698785b1 |
| SHA512 | 5f560dd76e47a563854a6a64715e764c944cc18f49fdeba0cd268dde63ac6aacc20b1cedfe0504c055ec47560ec36bf246e50a431f4650d9960fc3a14cc03dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b08200469dec3470e80175cbb1a1a89b |
| SHA1 | 7f0780fb0c5bed97e320e18c089a5a9b4fe2d897 |
| SHA256 | 91c70e4c104bef99d184e386f706bf2298265084258cf884a0d614386e534199 |
| SHA512 | 04dc022e7f3fdecf11fae812a1bfb33b325f0f7d2c2b683e8f68fd9cd50bcdee725a10907fda26447654f9b11aa1c6d3c45b98a290701ffaa051e130f718666d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | eb6a3e0fd556d2752bdd19f9cf602eaa |
| SHA1 | 83fab96da31399dbd8cd49bdc42c2c7869b22352 |
| SHA256 | 0aba4562fb656163dee77373c7dc80e874100cdd528e53c758df4b8190908ac4 |
| SHA512 | 9d96ad6a991b0ac6d497959717a9d55704b856dc9ee2d18472341bda795c20b7bee876e00681a9e754f63f3021a8d3461e3789e92ad409f46d7ae2663fa9bc0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c73d468cdc47a939b17c785484d34e42 |
| SHA1 | f49bffdffa84639ff3109f26808ea1354c11fc53 |
| SHA256 | 386466ba9541622398f5b840ef9f47cc5880f2ef03f53d906a42ee1733e9bbba |
| SHA512 | dcb9a257723818e5e2be7a88269c37850f388217cecce8675be55cc789511a1581b34d8651adcf758401baa70a5bee7600506819ea734dad3e0ec1568f7e3dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 122e797faed8fca8ada4c0a9e64911e7 |
| SHA1 | 07e3f175e8bb194e7b4c57c7232671bf0866bb4d |
| SHA256 | 5d18ac12fcdf79d89f82fb788db591e9c008e1ac0c274267e29f81a5b9312343 |
| SHA512 | 295353716c0ef0860ffd4668266d85d8a0f7ada23d8f10d017fb7e8063aa68861609a123c471cdadebff2160d2c042428d69f15c25e28b1a31dbfe1d9de4eafc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5d81522546109783237b037d55de473 |
| SHA1 | 5e842dae71f8736dcf6fc8acc79a78db66a2cb20 |
| SHA256 | 8fefc7df9e1a8f0064571a521c56d1c1f881d885c8d66a1f504cb670ae0aff7a |
| SHA512 | 48e74029344631e4df5ed6fd49b430ee2a606c60bddd57fe18a88dd317c10ac771e442cf203768c8932ca88f3076a0927d8b6bab0b1985e065092e8136be8a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77ceaa2ca24c77fca8877bfc44cfb317 |
| SHA1 | f77b419536d8f24ec7ae708c16474f6aa5205b4f |
| SHA256 | e7bab33d60051c3541a8ad52d1ffe2be10af4ed879279702a193054757a7db0d |
| SHA512 | 93e0953ec2d7d9525fd176c2309f4a0e8ac6e144ab692efc90c243f816ad278fff9414bfe3f22db2376d34b9d5d31b80574ab680c39f9d0e97027ec89498965a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b978066bfb4b86a8aa40452ff8d13bac |
| SHA1 | 4b3db0a4c60e2efe14535ad0174ad9e32af5fed1 |
| SHA256 | 33656806d66e8a94f069c51857c827eb93a703041ebfad4cc37e0d19de5885a0 |
| SHA512 | 8f555419ad5df62d252e781d614dba17b6cc19c310deea07980de1c59ef8fc2904ac5ca98440d3d8b3e6c6a5d2407253f5081752bd3a87e24245f32c01b1b41b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:59
Reported
2024-06-13 22:02
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c669364388eea845a1015e1c41955f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15333900225525790282,17931423460917568965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2644 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | jsplast.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | jsplast.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | jsplast.ru | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1252_VBNSFNAUOWAQXERF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f9ffd1bcfcf4d2f1c087563bfe0899b |
| SHA1 | 6fa70cf81017e3ead5866931b6e55e2167d19781 |
| SHA256 | b3ae08b76675f3cbbe22c5c8183ba966ad554abd5916f559b31baeb867cf2edd |
| SHA512 | 36a84376fed952f9c608951780d0290c66a504c00df337988595aee13140559aaac9e22f58e27e201fd4c85791d87365294c4afce2029654e4f9fa8096a57aad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ad43ea9fea6df5b9425c7ee18a6db5b |
| SHA1 | 6ec7620ffbf65da1befcd15c845283551433c646 |
| SHA256 | 12f6d938179a25c2aafcfcd5ed068f1236d935ae1117f486c341bcb2596a7039 |
| SHA512 | 3cbfa0e8c5d2847ea17d7f8f2cb6e6ffc0a5f04db6764f9489d06d6a96354d676fa7da368ea146deb7351aad76939c06ab0eeffe47c9b311855459ae3cd430b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e884494e4d6d00436addaac8f42b3923 |
| SHA1 | 646efc58f77809f6628e95128cb047a73271bbe5 |
| SHA256 | 6edb6c37ae0612956ca7ee04c91070a2e34143835f71be8be54fe0c4eb332f09 |
| SHA512 | 4e6f77fb5eeaea377a85e2a97d13d18d306316341351976bbe8772ab06d95729944abe052a489ca962a679f68153ca911bf3db1366a26c6103fe8270afad98d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |