Analysis Overview
SHA256
ecba2d66486521fde6f799c0151d9c8902f39e25f432fed0731c785a40547ca7
Threat Level: No (potentially) malicious behavior was detected
The file a4d52f292321e81093cccd38615526ff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win7-20231129-en
Max time kernel
140s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3C7CCB1-2966-11EF-9066-F6F8CE09FCD4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091669ddae2d42b4fa55c175f33954e7200000000020000000000106600000001000020000000f68167f5cc443c2ec5e9108a5e3c21a8fd945597cbcc49ef1b097a39f98301fa000000000e8000000002000020000000166f0f5e508718df1be8b7ab9b40412ec9dfef23d806915fe172116b49a6007e20000000aec19f810ebbdba8ef9ded51180ee38bb22484fe29e4a278222e2b7188e552d5400000009dfaad9831760546d4121111d56725d2673dc3914b7436ddd3ff9c94a5cf40dd51df3846a5d96e6bc688d3130f9c9d80e1650eab268b5793b3903ae07125acbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091669ddae2d42b4fa55c175f33954e72000000000200000000001066000000010000200000007f94587c0d5a43a69dd0204765279be1bf6d224327c838d96a702cfc9bcbfb6d000000000e80000000020000200000008aa4a2257588b66dd4edd5627bfa497d7628188a300dbdf1f6ece0409940b8f690000000834047d413134fd588fab18ba0f153b163d4f07729953bb09b8094ddca2f66ff38db98f5eccd9bef2ed8f68b1976353e950e30022cbd3e7b268c7bd1b4263b2723f542534c2764a36516d58c5bf5b136c81b7748c5e42bbced527b89d11533344e1dce6e2af5856bb7d194c4664294b08dcb96baea47de79dcc3ef5af5c0bd7115155e728479e90736d89a7a62b32aa940000000056f0df0e1656f5bbf68fcb8c440fa9f24986f229185010d3135ffe5fc724f725f866a431d445bb4e780f96436568ccc3acce433b20980954297ff74601a81cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432496" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9076127a73bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1684 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1684 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1684 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1684 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d52f292321e81093cccd38615526ff_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xcelence.co.uk | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| US | 76.223.67.189:80 | xcelence.co.uk | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | promadis.de | udp |
| DE | 85.13.155.51:80 | promadis.de | tcp |
| DE | 85.13.155.51:80 | promadis.de | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 172.67.39.148:80 | static.addtoany.com | tcp |
| US | 172.67.39.148:80 | static.addtoany.com | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| NL | 23.62.61.154:80 | www.bing.com | tcp |
| NL | 23.62.61.154:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1075.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1319.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3R4JAD2\scripts[1].htm
| MD5 | a7e7f156efbd603766e5cb094a4cb35c |
| SHA1 | a4a3024460fbc2e34efbc847926f68e5aa3a4803 |
| SHA256 | 5c81b9892b702d32c7bf58ab82e60a1dbd770636cbc8cc96366fef3f020df738 |
| SHA512 | d1333de03ca99f5e2c39bda264d7d46e99a5ae60adfed44174c4bfc885d1e681f12969b1e34301a5b7da153f7f54cceebf815e2e0e9ad788e797ad332b335260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15370e40a397dfd18c376927fabdae6a |
| SHA1 | 64578aae95593a6c3adc7847288211dfdd393685 |
| SHA256 | fac682be5fb9601bcdf48eea2c006d45d86ea769b59d2847bd3956a44c936378 |
| SHA512 | f9317b4f8671a7acef2418d331c823d2ced961a577959f4f70f134594f46c558a9b9415589c7977b32dbdb88799f87599bd4d4cffdd302c010dd99fdc53576be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 44dd40c77e1251ec87bf5c401f0a2952 |
| SHA1 | ea3439a8cb34098ea1a14b93098364cfaad600e5 |
| SHA256 | 101dd7c69ce9f62cbcfaf060950dada5924994029e1dce2661fade72aea119e3 |
| SHA512 | cbd9426e0c8fdc3dc032bc2cf0d5727fd76a65e2568b495a93553d518f31726f96a9e7877b26b509adb592249b34bda9e1453ac928218f67df8e6b2abc297c59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0963b3866f21d5e89d4d8508849b7f7b |
| SHA1 | f3b70aa6c6df8def8c7f834f433b8a531b2e9161 |
| SHA256 | fc906dd07ffdc3f97b0dc296b135a01bf28744869287ad13c56e0f33c824e20d |
| SHA512 | 61da8478094309bd0e9d1248df50978060e9de880b8efc5b88a396741e59ec7b7301d2559b395e9128655f6444f39106ac0c193be20096fb9d029bef81f15f90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a7e4545559f09bdf14a93f62e677231 |
| SHA1 | c19e3eb3c0ee5c47e15bbf29e71b723ea38183c9 |
| SHA256 | ada816516428faf45ea329f922c7101aace82bd67979dfb958e3939ff9c966a5 |
| SHA512 | ded6cd9537aed339e89a4388a2ab1fdf809c82ecd3ebd0b13d4df63f47d71555bdba6badcdcf2f1c000890319e7a3dcd4dccaf241909df0b4f43e5c315353ccc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66bcd3603873a9975d3fad884d48b82e |
| SHA1 | e5a07ce9a480314443f85f410fba83a3f3089a62 |
| SHA256 | b79b688f5dbdafaa391d0afebe8bcf0f352379ee4c78af935b663c1ade6a9df4 |
| SHA512 | e1ef0992e3e54bfe9478baabc6e42316932ed8d23d2025bcce2451186d9aa6fbb0d9a4ba4a1d12aef579adb6580e7c035c09550376beda1d6345bb99e6206802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78288508bdf019fc60e4768cd52d87a8 |
| SHA1 | 44d3229ca23f5b5eac65fc079f811194c2931127 |
| SHA256 | 69f4590213ee66a1f00916b8fe9836833c3cf32c430f7086d2647cc48958ab56 |
| SHA512 | 7c4209b04c10edf3cc0dacda28ef011f8ea8e54b7e7d5afc73d940071265ddb34e577f2aab40e0e6abfe8286187cbf8703ba61cebb64407e8f1130792d8ed281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b052e97be472ddaaf35c25701977fe0f |
| SHA1 | 7f5e6836b1ce37e6e80c7cf3a2a167ab492f1c59 |
| SHA256 | 332a8c192f56e87ab3119bb2bc247e2a5b214b611c29101d7f414597612f2ff5 |
| SHA512 | 674f995d21c5713bb2487e9dc45ab3dd62988c89e4f749b0d0e706c95f6a21cd534a236bc2c47966a6b83d0fbbe1d322becd406df61984a80ec0404b3b62f862 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8de723b6dd58ebfc3ef8e760927d6db1 |
| SHA1 | 38763fd717aa19ef1d058cc8447ed84e165a772f |
| SHA256 | 1b1bb1a74762a0756f0c3c9e30081459470d1b34214a9c08b7c1e5e4654ed74b |
| SHA512 | 93a54500a597ff86707a94460cfccca81eac00f3c56945618b953764b16edb9623cf2810e98c99ca8bb9fad100a93bba3368c3bcc3e06fdc45e8134106af1a3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47db466bba489246741598824eb541a |
| SHA1 | b97835640351eb22598250fa98d36ce44254dbe5 |
| SHA256 | 39d855bddf4c18e0d23d13f4b4cf191964b241b3e5477308e940aa4fea37e017 |
| SHA512 | 45eeb302418eaa207def65be224bec292ba5f00f6d062474cfe8eaa2a1dbd7607235fed3975d678306e1ee323c96150f21d8875fcecc830cfb94e0d42b02eabe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e50502d7ad059fb3010afea5a7e28777 |
| SHA1 | 7c4e2620117ef8886c7792c460f31d6507f31ce0 |
| SHA256 | a5d3b418ec8bd4885ce16bb2e0f75207d545b9b841b20c542198fdca07939b2a |
| SHA512 | b057816fee0681eaea2031f598345d9a66c8116dce984ca35ccc3b7ad636e50a69b35c98200be7c0b6cf70d3024450d6e542ce4f890e596791cb7840c4880f9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec50ce962a9177b71759ea699160e265 |
| SHA1 | 734a477419368d0984a667f080445e540bcc9010 |
| SHA256 | 56ef83eab98e9764f6e76cae090261afd766e11493f8b628b0b3358f18932d8c |
| SHA512 | 0ebea5a41d9953aff2405d35e6bb5bcbf670687998d4495caf25e1c77f2cc528a6bb6952e854eeae4cafa6c7459bfa994746a26aadf9bd03be0eb31f0cd34d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0f478ca8081861388a7c5c8d4585f6 |
| SHA1 | e85e6fa5c5243213d284c923d569c15e9d9bdf00 |
| SHA256 | e5f3478d3ac9bcb1896fa4311417824d3d21e588a0bbaa08576139a924615657 |
| SHA512 | 77debf409df35d34516438fe296e3fa48e8e5292102cdd5deedf2d31cd5fcde28a8529901fcbc9edeb16430ed37fe0319cbee5aed02afcb8c537d3e8cd6b466b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b2865ddec397e4beed31ac5fd1327f0 |
| SHA1 | cd4eedad9982941e124ba85b04b8ac9bfe283eee |
| SHA256 | 849c13462cdfc35fe17dc30f59a656d7609a0b8514ab353dd06a08133788f966 |
| SHA512 | 596a9a0817d02c3c83d293527ca382fbad8f8b423c94156853f64805ce48e22eb8e8494087056d94f26906ecb92ce4a7047226db297c5fc823071f4ccd6e9d30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efd429bc4e6d79c21ac45150f8004b97 |
| SHA1 | 520a729ce2bc66724331d2fc99acbb5a28df3979 |
| SHA256 | a4958784b7f8c14e40309fadbc884991fb2589f83238104bdc1959b86e2ad25c |
| SHA512 | 4eb584ab90a9331f91e4657f00fdcb6e945d0750c416146671dd47b212c9a990a85921cf934bf1bc836ceb7b82d1f9a191c21694aae3d8277ec52e1f5bf381cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa6825c34cbdd894e7228a8907a6248 |
| SHA1 | e566244e8aaf7579958bd1e833f02b6a50da5d12 |
| SHA256 | 92b1d670600a26f14464c25d75de5fd61503f8729e8c85c24383253665e47d98 |
| SHA512 | 8b18c5b556b65a7b2fc0316c9101393762f0c6fb5c1f51ec25cba49bda61e221438e14ca5998994943082b965a1e5694c6ee2ab21d83227e48ced335f6901716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3156f01ca9dad1d623b6643be2b0302e |
| SHA1 | f97e4b83e0d1dbfe8839100ae824214e155087ba |
| SHA256 | 27bbe1e6f3bd61d270e6bf9b6fdd71ebeb520590efd80c94c4e551c86f633c7e |
| SHA512 | a6eb99077a20c586532df5f879c8865eaed90988cdab60e04ea62053caa5706db7705605e33bda45762c6bce6dd88ac3eb528a6870d129c3caf960c2aef18113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8befb5a79d31aa7f11e9d6ed92615b15 |
| SHA1 | ecf2da5dafb8e3ae5940371660c75160b4ceb408 |
| SHA256 | 686280feb17843547bdd08af74abd20d66141d8261981c8beb1c809c9499e163 |
| SHA512 | c1579b56f12aaf041ca26e46e7fae0703ddfca7f19d6a3b10fa5ab7d1511ae94db5c243be5660fa3185fc8096ac199a02410d80fc722c0d1be9acc69bbb9546d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee091456eb8ffb99379c832102322530 |
| SHA1 | b48ad6e21c6e4ea907728c3131d5b6b3bab5eb8f |
| SHA256 | 23e327c52c7791b029bddac4842c46bde00ef419968efc0488b5d6d623892770 |
| SHA512 | 0eb8e760cae342f9ed08b7b42df9a37502f91c3b7ba6acf60c99bc9f2fb85d4b57437ac8392681fc11c61df2fbafef786ed3d1ff7d2d63dd34b9258890a26cf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adae6d2b9263802fa5f9cfbcc0ab3290 |
| SHA1 | b19a680f27784ac695bd920ed8b3c35b3c174828 |
| SHA256 | a558c52b72b178b70482cf47be18eaab385e57afc96d4dd439cc14eae9396724 |
| SHA512 | 4da3c4e50ed95dd964f62bc6b52b901bc5582b5b817315adb95891680d580033480965f311bd229a290c59288eb083dac5292ce504a6acc3aa7db66b39d0bfd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6c8e012a116a24650eaf87b2ff523dd |
| SHA1 | 5f8789f26d59dda96f971877416b43532500bc60 |
| SHA256 | 618bebec973285df0b44f891dce231b92a8d422ad4df278ce4415d5f841f5d8b |
| SHA512 | 976ad9f84e7ae9ca36957f67384736225b22e4cc2193e64a856ae0ea9bf1f23d331fa5d5e52c8f79f82ffa1bc30cf46f1f3dd49154223d1786c167de952da5f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8ef3bb41c8da88fe3442c4be961b710 |
| SHA1 | 3f2609c550f7990dda6fb2e126478b8a6aef9584 |
| SHA256 | 65726b1d26a2d776e9ea6ac7e7749ab1e929d21c3400e1cf26e095d7ba035931 |
| SHA512 | f44ff9ffb055cd1c179c7dcf85ea22ff870118c0e515e80fc54e98f9101cd9ed4352a9c902f5280aa8eabacd1da6dbda4d0ded167de37ae2b41202e2baf36ce9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a9689c41799ddb0af0cd6cf7b6943a5 |
| SHA1 | b47577c6c4b933c98c4f8e81b42b6c4d4824fd5f |
| SHA256 | be828a1ee06edc96a8db19f7d83e1d63a3ddce335a32a9e1c780fa11f973bd56 |
| SHA512 | c65c57bdd563f0edde3eb01e96d930a873266c926a68a49c5e2c8845be5a0fa7e0823dd26d8fe61196cc4144309baa269183a591ad9aaa3b239b2879129a600e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0760b8b21779d26f38f7861e59794bb |
| SHA1 | ebecd83660cc64c35cee8fcb687222b699d3dc4c |
| SHA256 | 64d92588bf3b11dd8b58f190c201a1fa8d7c476d54dbfdb6969ffde2dcfdf7bb |
| SHA512 | 8a9800671b61b4412be38b0684bb9f3e6c51709b679cbc8c58d1d815771981dd0767b9e3f5fcfa50767e7eca902dbcf8eaf8dd75e67225471a699d89227b5cb4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d52f292321e81093cccd38615526ff_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69fb46f8,0x7ffe69fb4708,0x7ffe69fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1100025657653525926,16204190949465798870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xcelence.co.uk | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | xcelence.co.uk | udp |
| US | 8.8.8.8:53 | promadis.de | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3936_YPTLJWOWYULOTAWW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f05349773716e5a13472b271cce97f9 |
| SHA1 | 2ef3b4d6abac05cad360425d83ee2a33d456c33b |
| SHA256 | 3f1f0e5dfb2670582ca17e4dbebdaf9559de31bde8fa1505e67cd8fc588f9c75 |
| SHA512 | c298518a2612bb65d39ff8c392188802bdd9d93caf5ff468b8f8f610e400c51cf4290fc215cfe5d8e7edf4316ed14a6fb4dda64586559a3c20bd0f3dbb1cb513 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a478db94b2fff327fed5a907079ad45 |
| SHA1 | aacee052e33ddc48779393cd990a134afa67080b |
| SHA256 | 677272753f591121d013a14947ecbdd12ae77b9d2343442b085bc8981d767289 |
| SHA512 | 7c1086ca5160434799027173d8a9476b041f493d486dcd99dc131cca39ea2ea27e008a6a401a83dd27bd06dbd9dedad883c90b23194c36d47fac1ae7936db9e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ede070f5c7be649e66ee9f9b57681448 |
| SHA1 | 842365b2afffc556bc9321be6490b4ec589fb091 |
| SHA256 | 1ef69c1761e38bb39f7f2f9c2205d74bb518bc6dc488c27b65556a315ea7eab4 |
| SHA512 | 8e4112c1657512f6e498f03509eea59eb266d8ad2111c0e79c03282b91cb940f295f2f04962b1f1190a6311038f24813fd632b3188c85938edbf0b0a9b7b0ae9 |