Analysis Overview
SHA256
ad942708043fd701c8ba0ac5df0e5c97c3e7488ffb78337188e244e1f2101adb
Threat Level: No (potentially) malicious behavior was detected
The file a4a4a35a5afbe6631316a9dde5bdb2ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win7-20240220-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70de292c6cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a28464eb3c9f5041935776f5d11eeefd000000000200000000001066000000010000200000006a7dd84c04ed7134b14f0a15765eb7bcb61fcd7e354f50fb281124aa9f721eb3000000000e8000000002000020000000b25d979d6ffe7616b665e1d5cfe6767d26e3c8f9b6e8cabff1ca2276883965ed90000000e965fd6c6ee1669985b0935a62e030248be1d4227267a69bf8253d5b69b5a3040fdd0a08801078950e085508857756ab842f33f66b8ef9857ed1402a0c0a8085a93a4b77e5abc4583d42ec20d72a6bd49f40b4afc12ff1e753b6543a567609a9899a7c79dc2d0328e46e2c5d820f1f8cc7b45ddf9308319703f53149d830216b1669adb00355a68f9f0931916f0ef2d94000000060fd9921eaaf0fb469de02ae0c5d448f862ca68ab80e65bb789177d314cc989b66bf2b023e4f218c6bd7e8a6fa204b08f5249c48334005f22c246cf3bba4564d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a28464eb3c9f5041935776f5d11eeefd0000000002000000000010660000000100002000000022b99333a69b5b87ebe73c810bcb1f0a929f6a47a11ddff7b9bfcdf10b8c19b0000000000e8000000002000020000000cc326e51e8d5fab732e2258e7bab1f2029cd63661062bc80dd70fea2598df2c220000000141617984f101f4682836dbf382942c2bd5861244cb813a0c6b80f31c77bdd624000000091648e817d7cbe26c84ff701c6feedd4521616d27ba7955b9ae38574409fcbb192a52cc0ed8349471a091faba43cb9fd95711b5e8994209cedf52fdd0f1857fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429359" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5609C701-295F-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a4a35a5afbe6631316a9dde5bdb2ae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 188.114.97.2:443 | coinhive.com | tcp |
| US | 188.114.97.2:443 | coinhive.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab14BA.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar15A8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ba1ddf04cc4e3d74b0c3e342667a2ba |
| SHA1 | ebe4bfdd167d3b7fd82db8866abbffd271d18f7f |
| SHA256 | f4408434e3627c68e5555dc2ecdab5530596ce946e626a6cc4fae405ce2ed7fc |
| SHA512 | 5a72fa1a7c49ba8896c04efd123d6a576837a3eb9bdaf2ca313605ae57694f0dcf91f6bb5528740d26112f573298bceb390b15a1eddc9ff869523074f943ffbf |
C:\Users\Admin\AppData\Local\Temp\Tar161F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea5dd234d04489ceeab74deae8fd96be |
| SHA1 | ecb87955eea508297cedcccda04ca2ece7811f54 |
| SHA256 | 7a2e51ee4823c0d1924c4736bd7313d411f9c1f7de9c38a2e3be1f1a9795720c |
| SHA512 | e4cb766a9198d7659da2d9cc97fc292c486f886ded04b70aa62131b7beed3a9ec43e9150c0664846de21f4bfb4a23c65179b44e1cab9b53b8ba70877a50aca89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67e6878cf8a841672c2250a37920fd50 |
| SHA1 | 92526baffb0437d103ac28dc49db29f61b0f9ce4 |
| SHA256 | c110dba1a5db554a2b934e2ad15d6e8ae2972b199e08f9087144aa68c646c3b8 |
| SHA512 | 7a2572bb88d91155338d4c127f3ba0771aa22c7e7f1ffdf50bf7874817d696d533e779df3e788c5a09c74612135335a680921cef710b22efe4062b344a7c6bde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 079a53b5f1afa6047e52d6e42136c004 |
| SHA1 | 544524a8aac006f67a3037a54fe224b09bd57a2f |
| SHA256 | ed6422fba3163deb7f1158762c09859d9f13b5560b70324b4ba6b9b304162357 |
| SHA512 | 3f7d20626c9a2af0941e5dbd59bcf58f0eb9c5f327b409c5fbc3bf2276bdf56fb05ca57f4bc9191fd86ebdc30427157dbf7ea78cf2d754a8094fb12af410abc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5395f3b8b61a441c2f371dd23180c993 |
| SHA1 | 5d9902ec49404302c88db218a312854ecd16c40f |
| SHA256 | 6ced83461daf28eac70ccd0844df502c43d9db238564b70459f14173b626333f |
| SHA512 | 4a0967defa4cf3b7f6c1442343b234a25e29a9171da8fea7dbb49bacd7a10ea80f6f3a3429e2dbc83c54d4907e7a313dbde9a63c983ccb59b0f7684c90aa96fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 090f9e5af4235bdd8c8a67e248b2bf29 |
| SHA1 | 7ffeed081be197a13af04775e9cb266c52fc43b8 |
| SHA256 | 175c78beba9c1ba885173b3a510b8a3a495dbbee633dfb309f116827baa7475f |
| SHA512 | b1a6f76abdbccd6a78ebcd13599bfa92566ebeba0a0f64d7e235240c687b30a3447a4036fdff17e147cc8fd18289e328a6eca4fcab930d67179654985c7fad4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6390f991b7d32b6a9b0876223f3141b |
| SHA1 | d2efca3f80d90604c1e13a1cf122cd8ff895edfd |
| SHA256 | 0eb1ee15ca96eb35e030a79182cb6731fa5296ac09021c6e26276fc3c6179e32 |
| SHA512 | f20e1f3925181fa6fbc0955b2c24bf535f96141c6f58d2941715bcaff117d823b12cf45596a6f0ae3f9d3a679ba35d27beb0bf2616c7f2c22820cc89fc471019 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a0ecd513378c3aa4b70297a88e40af1 |
| SHA1 | 72b3f1fb25aff33a2a10c4f272e479d941f7fe93 |
| SHA256 | 3b8ef843a224f96976ebdad8006bed6c1183a3dcafdaec9e8e2b6e9545350e6d |
| SHA512 | d8cebb9a65aa2a59a0efc7b2c57b9f5a8c09ab629a12a4045820a8b73b1b68cc836881f4067fb1dd1859cb2ec72b344c7b092d4adab48b3458976e557d77b87c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 176713de0a63eade456f57b4f791a53c |
| SHA1 | fc7ea699bff676aedfc3109712ba3a55d035d993 |
| SHA256 | 9c0b2bb7a676686512699c51f5bcec95ec06bb51f6c53eb8955498cb24df37e4 |
| SHA512 | 1506246999ea40a8f8759982aeac6d96b977654c69774742e25c85afbbabcbeb26855ad2b2fb23816ce56b59c940fc5a458c3979c12d679f87f93fc479e7b20e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c70b254021aefb069342299385c2c412 |
| SHA1 | 6c478ebdff2bb2bde70a579a4312421d9ebc24dd |
| SHA256 | af1553bf0cbbc5e21c655a4842328dab47ad493fdb558a7933ca672d9ef7f09a |
| SHA512 | be7c909efd74545ea222942c798130a5a17ed5bdfe4e5364eb01f719a03a62fa23ca6b3df213bf0959d465057a790e12b18bafcfdf7cefa2712349e69c8611a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42f93185516fc24c31b8aa46c85ca959 |
| SHA1 | fea602460aa4cd8724c367df253cbec4f8f92f3d |
| SHA256 | 96066cd2312bb3d47b137dc134bdb16562138584ebb395270a0f08f2f4459700 |
| SHA512 | c0ef09fb32841e6002d368c51ef77fe36c126643737fbf4c2b732ddc4d5f2298308e792382993a108e6283bb0c24e5fd77d8799471975e0d0f8b0baa03d7e9dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dbcd7bb10299a8cc8974e347e19a693 |
| SHA1 | 097c4abfc1862ff36eb420a6dcc0d73d5cfe3c47 |
| SHA256 | ef96e1126cb0a0109f987009bdccb8ce6cd0da029f2ca91dd8b7408751f793d7 |
| SHA512 | bc7175badd3f4169aa8a91486f0ffd4ca4d0ffa9c16224b973133e8facb2ab0abb7187328082f8f49979e99cae5ab56f37430272e2c6578e7664a5c7005327da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22346f2e116d3161105724fea3c70ac7 |
| SHA1 | 9e0277b943cc324ea7fe841a0a4310e859d3a8c6 |
| SHA256 | 06b080aa3376fafc080036c8f843358d57febb606ae462ec0dc4681198854164 |
| SHA512 | 3efce04f38596bec6b0f6f5bc202a1b606f8bb8c50aef7a67a74f667389116dc888fe71f8d0fd92ca1494e2bc3a0c5a6faaeeda2c865bd823ff256122c0a9c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 44426bea3d835668f999c2387d7c6706 |
| SHA1 | 3a4f95f11e7879a7a22b1bf82c3a1f8a0b22adf4 |
| SHA256 | ec53b360a43296d87876ae88c45ddb47cdd7a53b1312963ef2b3cdaab0fecb9a |
| SHA512 | 4d15bd6e005d2c991d1425e918ac6280555737bb20737dd0c542e682ba9b8ea20bf6ed7251b184a84498dbba69728839930f0981cb95944404504eef06538748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 808e972661d97d4d73595d13f4bdee42 |
| SHA1 | c3098bd0fbf894ddf58346e327a3ef3be69653dd |
| SHA256 | d442b7b8bb07c11066969df38c0ec5a0847b99b78dd54286d9eae8deae330b48 |
| SHA512 | 5e4d7e3ba43d5816bc7152c201add0289c575fa6d3f73ee2e063111f2be833ddc76f263643c007c696f51f7627a93723fd3ddd6cbb0574f6661fbbb4534028d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bea0c5e7167477a171ae056fdb5aa9a |
| SHA1 | 547612590c7ec48219bd775a27fdcdd35f000af2 |
| SHA256 | 51d93d91a7c6fb4ac4a018727b23ad49ac2ec297098c5273536d338fcfab8bbd |
| SHA512 | ce7596605cd74b5291c94faa7a57041ec77a7d1364b3d38b683c4467ef582376ddc1391eada1ed6e4e29a32ab6a9333f6fb9df0c2d772ea57ac9da7a4e99f35b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 803979f047ed5e23b48a6e7888d05a9a |
| SHA1 | 52d8f386a83ae7492cd6196540491449a7713986 |
| SHA256 | 143d63c8bb0e2451fcd6cb4836cf36c37e3f7ebfcde52ad7cc591863815a9275 |
| SHA512 | 643a27c781c3b4ba3605a3cfa646ce288ee8bda37e658eba5273dfb19fb30fd74a8cd1949c89ec8809749945a11b84cc893f7cb81ac0b4a683d5c2a54d3584fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 244abad8be439776442b9dc43b31617f |
| SHA1 | 1c7a5cfa6173581f3c5efa7ce2dc9217666fd79c |
| SHA256 | 675ad609409c0137f01844c43d7ee2c4a64ee2ba8cca9bb980063fcbf4a9d9f5 |
| SHA512 | f65681fe7e03242d6088f91da954c90a6bf8e0153c54fb0e2004e61accdb733be33be7cecdd70c2ad760db894d07767e6c0150d39a83684ab195ded1243ad031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e35dfe1d2f18782c6887b19a7b9022 |
| SHA1 | 93eaa9c0b49dbeb722b0ceafd144aec45df61f50 |
| SHA256 | 5efcb8b2a974faa91c1790b9e2f15b31e89dc703fa07809fa28ff682cb5d68d5 |
| SHA512 | 9109b716e81d139575c85e64b63e3addffcd396d34593fd06d5113da3ff4195d027161ae14c74d828518b776a95b6bd8b9985e76ac4879835fd2d97bc26775b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d3c151e357fc7aa657ea1d76d457fbc |
| SHA1 | 681471177cb6bc92d28f6d687bdf2c956febfb35 |
| SHA256 | b35f2541b42f0ec6953f81a193a483b8f7e49efeb15eb84efed01f7727eac7fd |
| SHA512 | 83ad8fe895e98db8bddd84eccf0b4ad8c68f8cfb4803576a9ad5f57b7c975221f03e0ad9857e54989aac453a349919ddd16017bad2c304da128708dc7e2e1162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 99fcdad86c2a22a8a7d2a1e0a16d6a47 |
| SHA1 | 9c2d7c8666f3b2f3bd6649af58ecefcf1cb4b504 |
| SHA256 | 77926241263ee689a018516332b01468d4a5c04171097fba31cdb4bc8afbfe2c |
| SHA512 | 05696dadfc0d49d59d08339850d9af4a6ad96882bfb0520d8e9434f933148fa6db2e9d8a8ef246d0b576e7b320845b465fabe3abfc905f600f4d44c7edcb140d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b99a88d1d43f381712284a6ab299093 |
| SHA1 | 141959661a013bb330589ef89618fa17e4310b63 |
| SHA256 | 37de91b3347a95d6cd9b04cb94060a1eaf7eb6790905e013ee98fa6025a5c9fe |
| SHA512 | e3cf09a5b8ce22f9505924585f4ce84c29a15a107e3d52e448ef64538a3986fca47ff982cfbd3b0e158a1382b9b4494fe0115513f0b10eeda67305e9b406a888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0fe46f2ef86d4cbfec93c69b2b9cce2 |
| SHA1 | bfc66ac3f2a7158074a9eb6e905bc3f42cb2a083 |
| SHA256 | 71cffbef4fc88e0bfe95d3f3e307669c440405920b5f57a8defcaca8828e8efd |
| SHA512 | bed5a072dba47a4d8d663359da77aee3894511f9e6d32cb8b014dec74b7b9a3a7ba39ae4978279aef92bd65e269b1177871e325e6aad3b1d00c1ef23569a427f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78e3f740f76367602fe4bf5f4ae1b76f |
| SHA1 | f518b6abe45d1ca1ad7c44f9c55267c606efb09f |
| SHA256 | 5bf0238f4fe293e3d9ccf48eb51165103ac4ea1357b055d2d270e13f96ffd735 |
| SHA512 | 1af4a2829064eb12b63a966f669f92df074102361864b2fd743c3eaa7e802f5f9a161ec77d7bd664cf20f939fc89ea023d7a775b9a81c9ae87d5c3aa3dc2ad73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b610ef7d426eab0d62c6cb813984b66c |
| SHA1 | 12df20b47bebb2d36ddec10b1e9467380d5ca21e |
| SHA256 | d1e580d314969df8883e14dde737e30c35ad9efb877d2adada2577ffab3d9f5b |
| SHA512 | cad1c365b715c41a03e39e68128938598496d5b7818a52a492d3d82be0d9d852e1d2ab6a170e1bc763765622250a4238cab8aedca7bff92b1d53a7e7595f487b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a4a35a5afbe6631316a9dde5bdb2ae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4268208421491881993,8450281544796340814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3040_DQTAWVFXMBOIHUHF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd0cd6ae93c056f220ed00e5d5c92068 |
| SHA1 | aba24866d98b06db434092a7efb4e36f6d2d19f5 |
| SHA256 | c2c8a3cb1585df6ac45b87d7fb692b2da3b9ec362eafac551527cd8033fdad53 |
| SHA512 | acc8eee00c0d45c8b062d0664487c1a8a1de325b807e1d02dd9c6edf546be8a22286cd3aa6f003878659e7e2dcc530f69b19ad53d728d59908b5dc00fd698d93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b81a2cb2fc8448cb92a2120b14686138 |
| SHA1 | 468031518c65c314910b9d09f86d2f0f54a0d55c |
| SHA256 | f5a59654fb466bcf476dd8eea648ca9d9f4c6ca5318247860c85f6ff688c97b1 |
| SHA512 | 96b68fd8b24c8772e0bd88b9151cf1d06193c3a7b05c9475c05b4f0a6e2438e366dc75522ce87c261954dd52f3ef111a16b37f46079eb8402eed5f1caff5d22d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b239fc19c81d1f869cf5712451d82116 |
| SHA1 | 556fb8aa0321297f0659e996707089762bfcee07 |
| SHA256 | e7670925adb3da3ea484d3d57a734c22f04862ae2c9ad3ea100ac1bcde3f4326 |
| SHA512 | 6a513b58d0180f57b67e04bcfddf3f2b2a3974bb5c6a3b6ec9ae6086b0c62374179e569efbd06a53e60170f0bbfd14a8f27036a58cfda4a967d5ebd396d3cedc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |