Analysis Overview
SHA256
8384e5e547eaeb11b99db13c4351a7167dea70d5720c5399d1a5d50bf98378c0
Threat Level: No (potentially) malicious behavior was detected
The file a4a59b6e35205ad40a9929b0d0687e6c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:32
Reported
2024-06-13 08:34
Platform
win7-20240221-en
Max time kernel
119s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027c6e388a289ce4d817b8bac14b06e6300000000020000000000106600000001000020000000e2e7a67b01b3a15bf6a6cba253062c5e03e696435dc6a4b6e8b4167b745c5a06000000000e8000000002000020000000359e33440c9d83affb337059252e254453591e9db02338536e1763c2e418fde2900000007c5d946e3cba879a851a32af4de1e2b5ee8877faa27924e42ba0d48fec2f30a0f0f13b4c9d63ac72a39186181809b0f7bc5c1124505f8c0b53d8e8a7919c02814b0fc6735d62ae40894a489232eb97fd9c9959d35a5fc69311494fa763d0cb1ccfb0e48acf68a52ca9a4cc9eb30162d3e95761f167b29938bb8efc5c0ab6a8b4c38bcf063406af5f24864a534886c0d640000000227f2aaa0e633870ecf37021968d0bc579c3c9cd7dd4e5dda5fa33ef998163f5661856f54237fc3707c515497213df1585a47650656cda2f8b47ea95340b125d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{775E6E61-295F-11EF-8442-DE62917EBCA6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429415" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027c6e388a289ce4d817b8bac14b06e630000000002000000000010660000000100002000000079895e56022950aabbcff927c8bd1e4289d5e1807d529eb76210d9d0bb66cee0000000000e8000000002000020000000c5c2150f677a71d5a6f49505214d12766341df57f46fb1f4854f8fe12d68d740200000002a4e1b7d225320314066ff58567f27450a64439ee6af4948c368b070a8199b3040000000409d79ed626292dae39f4a4dc08b8445f3f2053546b94e516535580d11bc2d9a0cad013418d8c5a7b8ca63502c7827fcd51d73d5f59145d447b10b9862e2d40c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c011f94c6cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2356 wrote to memory of 1728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 1728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 1728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 1728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a59b6e35205ad40a9929b0d0687e6c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | faqman.ru | udp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\f[1].txt
| MD5 | bf7935c1d9b88fcea60951125aefcba5 |
| SHA1 | b07058d08259d6f207449d7db744f0b14518e39b |
| SHA256 | 00be4c6ff91628b713f4f705ac2725adb6d1c1ad7f55f4185c6dbafe55c32694 |
| SHA512 | ccebf9fa9b06d8190907f7359344d02a9fea9c3f0675a56d4e8278759654ac684070a31227a46c8859a48035d892a826a54d72f608214f17ed4ed82137896872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e926d06b7a79a661d343af42e23af2c |
| SHA1 | fa7ea66ad2d06e3a1baf5cd8ae66cc7f1112b1c6 |
| SHA256 | 79754989693d95c401e51243cab6e075378f0eb0a0a3f21d8a721ca85122742a |
| SHA512 | 89e7d06df660f6f7b0c236692c03aae67d04e4fb255ab1716e9893a891efb4ea1d5caefe6881d384dd3e4bb7f3476c8c869806e249076770e089cdac48e36075 |
C:\Users\Admin\AppData\Local\Temp\Tar4139.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4137.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4224.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4238.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90a1eca2dd2330ab8ff3ef4688590195 |
| SHA1 | 5fa300d9f0005d13a0529c7457e6d883f91cd05a |
| SHA256 | e70fd33efdc74dddb7f23e19c9f6205836f10bf83c4593a16fb16a1a0c716f78 |
| SHA512 | b7b781f4319784a965e823b82ee509106596f09bab01e02fe25cdf527838ba0a68f5140246660715d66b77634a8d0aa80adaed6b386ffee3cec1479fba08d167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baf463929246710e8a3bb72b03da51f1 |
| SHA1 | acdcc4262f7719959847f57079940c5d9e8a6d20 |
| SHA256 | ae0786abf13cb9bb01711ecdc0f371bfb183cf4758831c1530031cf91748cf59 |
| SHA512 | 5cf4f86c7e2af3a67242fe3f09c0c3874857b0ce85a49b1f87d5fee63911d1fa7dbe510ffc56a1c70dd06bae0c7e7fa8bdc6d1579b96f5885dd4a258ec7bb027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22dfc29201fcc12db6014de75b8426ba |
| SHA1 | 44aaa670a12b95c285664246f1fdfdf11f92c663 |
| SHA256 | 1c1e19db2168fb6492d993a752cff51a4b75db2340f0cfbfc60d7211b6442d96 |
| SHA512 | 65a47e1dd3238dc903bc7035446e9069cab9c24315705a3028302f534505b026915222b0780cad3a5d7710a5cd9db59a2fe9511154127c6faa75ff9b0cb80736 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff9e16cc27f528a411869f41527a1613 |
| SHA1 | e31299fef3aac1341407d713f5d3af79d9cbeac0 |
| SHA256 | 0d4aef936519b83c02c7e28fd6a4467c5be1347ae24abcfbb9429cb77231171c |
| SHA512 | a25af8a14e0f7cd02bb58bbecf4995cb55dd930792b183b41eacf5cc91fcd86c7a260fec5b8a7aad3983d610e85094ecc23a4d496e6c16ed15f8cce2fef7f846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fce0f41a5d7c2931bebaa6b8e510248a |
| SHA1 | edd5b009de11fda14c58c0e9f1e1025688d00901 |
| SHA256 | 16ab8ef2b5ef22715def25a0748fc7086d217af67e57d4c45ea6494479ee8e81 |
| SHA512 | b521ddd33b7f3f0c90f13b2b8a1885a196328f83711cb69711ef1d829ebc0f22008248bc606975c6b95d08353834e6afa9d38751101c2fbd21061667e2e87671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57f326bb1ebae132c0d11d611b570e94 |
| SHA1 | e7a49b2b00004d4f2dba8c9b3aefc1b4e197230c |
| SHA256 | e258dd210b747b2ad0aaba7d9224aa8a51879cf975b027293162b6d093567626 |
| SHA512 | dd3c6b110bae02f83e93d0903ff37bcdf83a2cdb7e338e8d1c58d381fbe76f9a508c6d1b49ef398e0bddf3394609be134f191b24a2160c4f562b476907ed1929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379cafd4be88666916de4df7efa26f96 |
| SHA1 | a568be09967850648a86a62f5b54dfaaf358a69c |
| SHA256 | 308645fa8c02578fe4986e4df3ea85e9b1042b127cf212bdbebb6c01def7513b |
| SHA512 | 4cf970d330370de2cf04595ff14b10442b033e40f06c9c2bf3b520525fc56557725d66e2e0f8212f36349c0a365a91743d68ea52ef4c7c16c6bcbf9bc98aec7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36c4001a6218589d5dee699e0e2414ae |
| SHA1 | 8e8e994447102a2a9c6b02d8b9f0a3eb0dc23e10 |
| SHA256 | c39d83296d5b5b3d6db84ca3e1464bbddd2fd7610ba4a59a73f371dbdb913d36 |
| SHA512 | 51ca8975a378346ce8869f6b756ccb9323e6c25269dd9ff6b3db2e279997b46da3e6a846a5d967130e4ccae8b9c56864c5b2165c5f90729e44c3ffe8bf619abe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18398da0476e2d8347068fe108c78bf3 |
| SHA1 | 569aa6310486d005cf44a273f6600ba965282420 |
| SHA256 | a1e23530ff4f65813b1785873d51e31e078bf68a677b748682530fa4819de45a |
| SHA512 | 3c3ed0c2db339a7f31e78845011115bdfd4e4195cf6c7f53effed1ab87cccba78641174a7ae96d9a157bdedcb1eddc6164875fb5ecf698039686663ba7abb0de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 47b5da23e1e994dfc6de70ad9c1a8b09 |
| SHA1 | 30d48a29919e21790e26e7e23286681aba0febfb |
| SHA256 | fd5175367ab4849631288b110e8f0e0412671c7ce37a3755d3247541f2f72fb1 |
| SHA512 | eaecd8210e0d2bb1ca0e0ad605fb77497f11b225b9d9808ff908f2889052bfb7fb959c4d533fc71dc37d06f5ab0b19fa354e0d245da6635a0e19bfe66ade2371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 114067e7fe2a6d3ef5786a38dd4b462e |
| SHA1 | dde57d1c88bcac4ec34068ab266cdccde649eaaa |
| SHA256 | bd889a936b410ec31f1198d0e7c32ff7c70146e496b0f38f4d418c254d792a40 |
| SHA512 | 021bf42da8e909a4cea281139a6d00f4e01bd85e1d56add51ca8a0fd70a0d90b55d7f418626649ffeac6cb9eeb4538748ef6355c97541adf730e0994d5ad034c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38171ff0fdd600009339d542005db888 |
| SHA1 | dabfb541d2e77f9ff1bfee6f9b612829ed4b839f |
| SHA256 | 772bca81c151d9eb615eb7decda3eb281bf37b71344524c24820035445a74ad7 |
| SHA512 | 9afe860db1514dc4e10b9e7ee1a977da4ddf068b2f09134b527be0e374dcf1a60ddf06e72e1b8a6d2e686387daab082f2d325d2a57d3588886b378833200a2ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae934ebe312ce41776b9dd4c7c1fd3e |
| SHA1 | 611c4153589e526451ac81400f44c44d2b414a8c |
| SHA256 | 384df93840bae19b4fca87d2b4aaed0a79953c869ed964b4dbeb6f1bc4431f1c |
| SHA512 | 83bc65b8d2a97768c8bd19641894c6f1901edd61f2f908c64dbc059d64053e1738a5e6f60c7ebc4cae576e3e0ac4abcfafe4a8f45fd09ef9efc1f40e2d3e2116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bbebfdef72fcaf9a4473598d440a9d9 |
| SHA1 | 89092da9da0d6d5a6543af2e85eb1448bd26f80c |
| SHA256 | 64c9b1fe8309e0d3f1fec8410ba883c5629c935efbc1f787b08cf67a021c842a |
| SHA512 | 5fc024490438d31a99b8b428f2952ae0bdd88ca4d18b4724bf37d0820b398102e16a0073645cb241dd2a6e589678f5f28bf05feac92dbce155c19576e59cadc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d492ee282ce8f15ec6494185d9c6c36 |
| SHA1 | e3f9c410c920f037415232e1207e01f9a11b0a4a |
| SHA256 | 08b6a9f2364996651018910fd35194b416192561a3156aca0538d6d29fad70bc |
| SHA512 | cc6487c62ac437f18c970e8eb99e4c2149eaacb320fc15d63204f08d6aa2b1d00ddb09c7a588226c556c2ff92113a063b3434337ed45b42942addd6e415767f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1200db43fb2249c2407a80be8ea3e9b5 |
| SHA1 | e782c867a7bb29031ee8ca02f6b5f04f9fab01aa |
| SHA256 | b78ae9dc90f8f9d4210c3f2747e44605a0ca683a53bad2d9febc6e8f5ac37f42 |
| SHA512 | f88394b55521ce7a0788445618c64f5aab34caf5a713df4b3fdb783c9a3d9c3eb9a51242ad1d89b2307cad52bd7e0f2e0e4b89d64949f84d075a976c8e1a4f07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c1d016d8365e81d35a2e4714f19828bf |
| SHA1 | 8462ae8a2d6271f7d0f1d92196dbe64835952345 |
| SHA256 | 5a43144a0c2fd412bb2e3c9009213007368925d7980734508509250ebb018ab9 |
| SHA512 | dd2b3290250d7d4d8235b52c2bcef8e8fa6f367ebe3a9f7a1d4f5f7a5bde78d55f992ddc58da3b360135ff66160df6cf299141fd3ccfcc43d56fc615acdd4405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 187ead53e2814be4bdad4be833dcd72a |
| SHA1 | 9259ed06bbea5878d4143deec32699fb7308b1eb |
| SHA256 | 9c6fea1c8096c65daf2cc2c68d805bb4170e0d5d19fb18662a081f92489b967b |
| SHA512 | 85fb7b946dbfa5fc92aa1e0cd9deae08951a69364d4d61c49b302908105ae4fb11d52414b1c4abc9fff1dd214086c29a81f8d025d540345ccaf5aff9840095c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a2a5dbaa84282f59c93dea9557e569b |
| SHA1 | e8eb98854181854fc82e659338ebdd5cce607947 |
| SHA256 | 38dac2e44392e31375d96c0bb3eca1a4de1bf64060bb391b574d75b2cf1de901 |
| SHA512 | 5e11a57067527a06d39427813f864039a201a2e276a109bfafc0df184ae9b749dfbdef1ccbcf4c7b07a4d24baa5bbc17e0987f1368a5345ac2cdf6313793cc22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ad8a4ec7c8942fbe04403c99dadaef |
| SHA1 | b3ff489775ae3ab38237d37703ddc975d221152f |
| SHA256 | 505cef4a0d5d421f730d29f0aa803c787d7cec4feb9e5ab746e16dc951f2c3be |
| SHA512 | 3e8a6ee8abec8289dabd74775ddeea4c6ce8baf27c12a77a77e8a5ddd6f7d0a8a0ba2a2b226a46298d234015df2d101f39f7850d5f0c4ec5c5b45d4dafe61c48 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:32
Reported
2024-06-13 08:34
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a59b6e35205ad40a9929b0d0687e6c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,12342829898892796581,5966115183112607576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | faqman.ru | udp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| RU | 94.250.250.188:80 | faqman.ru | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 188.250.250.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_828_ZKCNXCVAFBCKXAAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8be1da07c461a6bac21c8a4a7bea6c9a |
| SHA1 | 7110599af6f66752cd749649bfa0b596ff82206e |
| SHA256 | 7b0f8d5ba6a7c881c610ef9a2089e1045d64bb63d05f68e7fa768aeb8374a8cd |
| SHA512 | 4a954c007bb3ea57a29af11375737e0b9187a221672e494acda2b9e30a97463f898b2cd83b0ce8832f8e74b3efa378a66d4325dfae87834a7485d9e0da63d5d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a42648f5f62e2f1c1ac5d74db7a2d799 |
| SHA1 | fa86d79d4dc4341479068cfebc30f6125c693a75 |
| SHA256 | fd6cf237c6515aca3b17593a7400d294a68aa3f2a898f769528f3e73bcb61336 |
| SHA512 | 92ac18af3c00f50726551a6356cb70de27f5f20151c1e3b16d00646e22a323d4dbd177dd1c7f16185514e35a46404e8f808a7b37bccfae18ad602ba97298f733 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f5ac6eccd563e339361e40659c5055d |
| SHA1 | 4025ad2ffbdc7a1956424db4af8982c6bfa535a5 |
| SHA256 | 495b31e2623cf6af816141c02478146e466ceadb7f3ee451702990a05b7ccf71 |
| SHA512 | 01f2b7edae31662d66c97bfe8d918aa9e7d06840cf02a4f11ea970481b216ffa686f82c614f5c0adfb5ad21500cba33a4e57f0b39f64cb2b0d4125f501623800 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c31475790f73eb1c683dda39b16ef4ef |
| SHA1 | 033d1132e9af5c21f18d393b2272b1ac0afd0ccd |
| SHA256 | b1f4f07957e0a6bdeb9de1cb183999d6d090145943ce63ec985e2eeca159ed02 |
| SHA512 | ce683da49175f8a50bf49c7e6b7898dbf70b98db07825fd2771228a4368e83193a7d11ecb3a3910a387ba7aed9135fc3123c2e94dfb3ca1545b4f8733f2c6fe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7fda204c5163d0910c0ddd8fbe0f39c5 |
| SHA1 | dfce4e37122def12ca44ffb120eb26a5447aa4a9 |
| SHA256 | 8bd4a5e6d5b627754085921a05eeb340d4027266a62e2cf7abc2bec89ce725bb |
| SHA512 | 845ceb62debfc78057ccdddaf41164ffd5edeb36049119b47cb71b1043e8bab795e423f5fa9902d4ca1b90a6e567e85bb508861b7728a32348e692f1d38038fc |