Analysis Overview
SHA256
e096859abcf3ebb5fbade6f13414cc373453e00f84026712e2d581cfa4e03fed
Threat Level: No (potentially) malicious behavior was detected
The file a5d640df030d518aef9635b265e402c4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:43
Platform
win7-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000075bb2be9d2545b17e7e4c991394eb249fbd309c6e7ed2d7bc0047bb3ec73772a000000000e8000000002000020000000ee72233a21705509563b8d634ff5e75ea9e8ff87e4efe7095ffaa3e169a1cbd620000000d503baa55d2623b054e6360368a056d9960a9fb01ca7d44caeb397611d964ff6400000006a54effa4c03ba4feafa6672f96543cb3f5a00bda509d9ba491108cb8d0337c0064b50e4ec7f63e904ecaaf2b021e46b2d6f8bbeeab32930eab9ec98ae5e57e0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C9D4F01-298A-11EF-94DD-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f048f66297bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008a59faedac11ad01b256b8e0a50926fd9e248e3b4ef866e65b92ac5ccca6bfe6000000000e80000000020000200000000a5894dc82556fe5b1180e377f2e71a4ca9a070d2dff1ac3bb0b5d834349c05f900000000672360671e2cb144c1dbc25ac40a64c16b1d3f9243703d9f6855f6bad2f58767bfe574470ffe8c5c00c0fa7efbb1de9a9810bb3dc3b22f7b36ca39a3429d286a8e39624ba6c5677e09eed0f474cda5470976b76495c4ae26355768f0d5413b947a090645386c9b29a11b2cab274b396d006add93c7fad9f1f9289d5bb7f5bbe50034426ac6a168166b5aa0b7b581b5140000000fd55576cf85593b3aee336e03cf0734a4bd81cd5b0d8fcf7a36fae85e4bb46347d048a9f14d27aa792071c6c3fc77973343b74f8f41d932cd5ea25a4a3870bec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447918" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1212 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1212 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1212 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1212 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d640df030d518aef9635b265e402c4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | www.300mbfilms.co | udp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| GB | 142.250.187.238:80 | feeds.feedburner.com | tcp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| GB | 142.250.187.238:80 | feeds.feedburner.com | tcp |
| US | 34.225.136.145:80 | www.300mbfilms.co | tcp |
| US | 34.225.136.145:80 | www.300mbfilms.co | tcp |
| US | 34.225.136.145:80 | www.300mbfilms.co | tcp |
| US | 34.225.136.145:80 | www.300mbfilms.co | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.10:80 | apps.identrust.com | tcp |
| IE | 2.18.24.18:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 54.231.234.32:80 | s3.amazonaws.com | tcp |
| US | 54.231.234.32:80 | s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1A75.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1B57.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd91e32a9c98c69b112d0ad9ae757b4 |
| SHA1 | 8679953fd4afd7259ba3fe454b5df45c9cdf95a3 |
| SHA256 | 875a020657368974d4af279e292539739a4264b4f05f15fd473dd4354a558f95 |
| SHA512 | 0c29160af95be18f6bf747be56a657fdf866ce21a6e7eef10f8e31bf0a046716c4322996a445612efb17eee5993d29c22443928c813ba3b7fc0d592017703ac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 447bc2d465a5f98849e33a529a925aff |
| SHA1 | 8147b0635321af438944f2a99b89bb77cc872d83 |
| SHA256 | 82cf0a35eef06cdfaa2881543cac9845decbcbe4e3dab205f16ed7475a8fe478 |
| SHA512 | 8c28d9f9640e8cc535198c37d75262a7da888c2ddc54d957eac8ec8cf81907c3b86c195d1b30a86029dd93f8e24ccb329258eee513d1d4ee4992384a6884d065 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\display[1].htm
| MD5 | bcd560eba80b849c980a5123047bc8f8 |
| SHA1 | cfc17fc5f3743042a8e00ea8d8b2a1e17a739f89 |
| SHA256 | 5bd1cb20b56bb3ea06d9c3f0abe9223a38e93f3d833df496524dcdebfeb3b4ca |
| SHA512 | 1fcc48ff7443592fd8bc612d9625171563bc1c6a31d825fbf1fa888e4102b1ff0616a425f5d59bb7784a671d86bbf0cb637a98be95de8c94a98dfa9a13349a2b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bc88261c12907cc45f05334f09eee2c |
| SHA1 | fec3b04535c6572728b13c82aef350b558c72a27 |
| SHA256 | 6b350e6ebdd53b8427889f60d78d708adc0b918ef15719410f4918945c16a5e3 |
| SHA512 | 3efccad587e4f6321b21627f5cc7189e7ddaad8c84ce46b77026043707f59f2dea562597b587d61b06b622b6e23668a77aecf11ce74acea1517670895066ad40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d6f42336e94122c2d2d5d37c11e350 |
| SHA1 | e1d5d5f3c874fa9eac4173b4a770982bf4b941a4 |
| SHA256 | 9a47a210424beeef235b24a86f045c72761dcb86330c85fb4b98cf6ffa13a58f |
| SHA512 | 7a9344475bcf9691693ceac349d2757bba6b83810920e6f6891bb46f73e5db6a50a85ab65a18e6cd6c338600ee488446de9867fb959c20e63fded0ea8fb01bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf2a795b60dc9b302fcca41ef48afdd2 |
| SHA1 | 5aa34207fc9fc99541ea7399d249de206c599593 |
| SHA256 | 928a370f68630968cf577c9de451e94d04497b70a6100926f9b9320f47320b3f |
| SHA512 | b360bc409841562e2550674a9803547cbd357ad027e3106eb9a740dadaf3740ae518fe6de299d72636d15fa508d2f0c9c2704e66381f0dc8203ed556bedf10bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c840c4f72f4efe07d31ca41bfc3cffc2 |
| SHA1 | 9afda95f91d9296a6911e547421923c9f2f9a24e |
| SHA256 | e2bedfb5c4e5391c85c38d04e16f62d59edd19be0e7713821ff682b7b75a704c |
| SHA512 | d1a414a76e83de2942809b774bd43a392743c55166dd45cc915ef41c0af8df837f68a04fe6099694a095bd763403f689b88be9a29a493e29f0cdd2051e2f307b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee48023b140dc3ca328c7cf64e8a4a8d |
| SHA1 | 69f75d499a6d6f2316ab866df715978b03a4139e |
| SHA256 | 2784197b32b016c9cd3c1ab678f17e5a09e863801c6726af53dfd139173d0469 |
| SHA512 | ab73dabce5fa4d407b773d652f76bb7d3954022829d00f959ccc3798488c22e72ff8fefff6b20e97b57a9050b5abf8fae6fd8625830068a01e02a4d21130fc29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f0b1e99b98d7d1807af40e87205870 |
| SHA1 | db983a963dfe08930584b0711e83d74cf80b6058 |
| SHA256 | e4bb0bb95a32e39ee30f4620a22dbcaf62b1dc6e1786b3207e0598da11c7e11c |
| SHA512 | 72c0411d67aa90e584cf81aa4d2d31df6952be302b602f80f561a366297b3d2dfee46e4b6a6b7e6df4d1022b3ee4934283e50d5624119acdf4cb09f0c82cdbd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9752d86a90407acdd9537dfe864c3346 |
| SHA1 | 062fc49074e4cb897caeb14a85698cfbf1bd823f |
| SHA256 | 1d3fc4c6bd7fa986b59c5dab8520eb9b484a61de938c942fb65f743bc6677ce3 |
| SHA512 | 6d3549bdb5db1c10f7593f6320a54acfddf3ff2deece9a4b5ac74b48902aef766fd9f5629e9479da0db052662c09d3ad39ef78227472d2ed18e90cee2e73a817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a64b00e4c383ee45ee3bf34bf000427 |
| SHA1 | 1094cf1aa70972fdcd7ec196c2e4938cd645ea9a |
| SHA256 | 484fe4ae32421def21a0b951b1cbb94b2ef768329cc528b948d9942fd05e552b |
| SHA512 | 134ad2f8d206db0fd03992ee19589aec5fb38b0678b86741d8f77d5af874998b2d8bb4e9ed5f2c33c7676e84acaf44cb97ca748fc746013e6f119798bb645031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baf24a7321d95dcf908f21122601eb7b |
| SHA1 | 79377a395b1769955a3c7f3c2ecf56ca9238d3c2 |
| SHA256 | ad24aece342bb7c01ef63f87f57ba5900d78f22243baa91efa4d9018a84a5034 |
| SHA512 | 2254322117e235e5e745e8121c836d2d5635a982f45d259bbe998ee5a24eeafd6db48bb622cd6fd0f100957e2753b2ba1183c260ea23a5518d5244381167a407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81cf0d236ada2b8c9b8801e34b594b41 |
| SHA1 | 7fbde1bc3bc97a82e5b2182fce208061703448d3 |
| SHA256 | b4058971be4ffa8ed0f7b7b1a11fe353993a356c9d41f8998baa26cebae066c9 |
| SHA512 | 90a8ae996a5846cba3da80f04b2f43fdfef85dc191755c49b673fef3c4f919f10a7c599b3e1aeb51b8532ed80c9845ea37130ddeea0c116bc0c1a605d9a0ee08 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3579a4132e35b1fcc9a63a66033a8f32 |
| SHA1 | 2628da8c26e37f90f132ac39cd9e9b788057ec09 |
| SHA256 | e891becdd9d29d0548460f7dbf42d646f10dc68f28a509c0a11c4fed00f98541 |
| SHA512 | 4b1b3c6c55f23bc851fe5f0bc8cf758108965227b9aada8547876c98b522e0257684b466c1e7cb7c379fe78606fd82d9b3273bed89c4745f5dfcd906cc0492a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d257856aa13672a37b11bd20f75c2476 |
| SHA1 | bb03bcc7b688292cb267f4adf39680fc90a58d5f |
| SHA256 | 8d4d8b7874ed9d5bbd71816989145c94a9420df81dadd13fdf61ea7dd5ba0012 |
| SHA512 | 34aebc007f2c1ff1280067200d4e4cc27cea976f826336b80b02f2c9e7c99920d7a78e56ddf109d98b14ad67e9c6964eb666c9cdcadc853c2a4a34bd903078c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae259a7b9759077c71c4b642666d97a6 |
| SHA1 | 8008784e83eb5f461941d433e54baf2f9bb252fd |
| SHA256 | 91fafd1a5f0e4ca28e3e1c10258a3da96b99cbbeba962bb4228a54aa6473cdeb |
| SHA512 | 91ce858f50bba2aa255eefe251142692560b9721a81a7d60e943cb4ce2437a810e91babc6d709f579495deb15603eb1b9240e0b757864bd7733688f8f7d830c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79e9ce74044d6f151076714bd94a1392 |
| SHA1 | f8cc4c07d903f4d919bc857e481c16a114d12386 |
| SHA256 | 2e2b793e798b3cccba5e1991cb24ef35d7409bb1eddfc3459a8b47895fc37dd5 |
| SHA512 | 732b41ab420f44f8d862691f1b2d7c861c4cc306ad34581b1ef14fa31be5770b24012fea8181757bfeb4b68c91f6112f7b07beba74c51fe555a0ee8c62cc8ea9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29f453062eaf6e00c88f5bc469d58293 |
| SHA1 | 01b1aaf1f4e90f196e617318df851de4125438d3 |
| SHA256 | 6bab328f4e1e2aa090d5629df0cfc1591bba3822847976a3f82feebc94afb892 |
| SHA512 | 5b0bd558b6eeb57bfc0d206c2277f5f643da1fbeb68ac808ea9cf0394763ced55b5dff178632378563b3b4c42097a97ce8906711205c5ad2f13c2440e0175f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67e96b2d13ab168d732986262240b03f |
| SHA1 | 2ca6368ca93d4d1c6739586c3117ab1d02f904a1 |
| SHA256 | 8fd03c1638a72219cd132f5661b45e9050868ec6253a6f7fd349015142c52cbb |
| SHA512 | b1a3cc7ed7c269700df852242b349c01a0973cef675e0ce3e4b2bea9f9d8b380724d213cc587eca98a8cf4fcff5437bac09360367f25763edaae3c75960198fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 967cdeb44a84f66bb51fcb6bab3f20d0 |
| SHA1 | fba2c9aa2420f14d4977dff0644da1a93cf72a7e |
| SHA256 | dea68616b36954129659e286ab4f83e79b97f2057bd4406b12869007571cdced |
| SHA512 | f4ef769635cc33867555ab3d85137f03108683134a04acb6d453cf1a72524be84b6cfb728dc0cb6d49f1787fe13b54e48131505402af97102b518dfc8ee770c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2970d6c2af24a79c8d39a2da4e8837e |
| SHA1 | 371bd08e5fd0a666d32d0da74d0badbe5557ce66 |
| SHA256 | 02b36c39337f78c5ad5dc2ad63f40bbdcd77d0b34713ffd16c83719ceab6f60a |
| SHA512 | 592f263f371edb38221a8ff3a9efdb396846c182353cdcd9d92b17a22a8485fb9d96d920f220040ae232272502802789c3a0a77237ba502a76ed1c2a45fb7f6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e5425a8b2ec9c61a265b9faa1f79c2e |
| SHA1 | 31228203750a08b81ac94f7c1c77b4563e2be1fb |
| SHA256 | 1a3df981c01ab50df61480b071f82b7dc9921fe8fa1780683432d90d40bb7f92 |
| SHA512 | d60aeaf60a89c3dafca66858b0c6d1b63ee1e8966d0dd694d30faab377c577761254a04b42b7f7692c2568415f5b3fb7df06567bbcab796ce7f0a30e4906fc16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d95e85269c32f3d8e37faeaf67dae82e |
| SHA1 | 1047bbcac918437f285cf13e3e429e39d6023d09 |
| SHA256 | 65c24c445a2b16696a563b51892a10d8ff0d957bc983c6e6ffecede21c8e30f1 |
| SHA512 | c77038738eb90edc9d78202b1138ddaafcfd1ee0fd45f60658e9594020b84238f2a61da110739c619591dbcb59182ed34cd8e7f9aa1cd3ca520d6f9b9cf74fbc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:43
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
132s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d640df030d518aef9635b265e402c4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14263230268688073527,13340620547363859827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.300mbfilms.co | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.300mbfilms.co | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.ubxtoqsqusyx.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_924_PPLELKZYVZVGIHVR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c3cf0b2444606ccbdddf16618d5e4e82 |
| SHA1 | d8039e7a7f9745f3e1ba1a9fd2a893373c385c5e |
| SHA256 | a8fc6c0680acdd24014f251bece0486d259e89b4adbb414e4065a30dfc77ecf8 |
| SHA512 | 3d48e05aa4a92bb587e310e2a6e6fea65d0f8a1c9d91746fd1a86bec62e7e2ed40ded3213811b315769515bee7a81f5bb9d4e65a342fbbc698f1dadc0ed9c8b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 701fa3b088aa77c5f5d34abc1c837fed |
| SHA1 | 023425b89b351a8d07f40acde534d773fe30ed26 |
| SHA256 | b684d78f7837b21cb24e287127d1617ee1b3e6d16d0fcf3f8b32cdd9c7a349d1 |
| SHA512 | 4ff92b4025944250a8b92d5f257fb4d4afa66b062741af000a9ee5ae070c0535943f5dddad5a48c825d229c30a3917a1a13bf35d4a1efffdb51fd3e7ad319026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e78542abc61740e14d5851ae749ef19 |
| SHA1 | ea11fe1429d72226f1b3ec8b466ab74b399d9319 |
| SHA256 | c829dcf174f26677adeedb84f76ec3abaefea658ebe58f6a54b21b15b4d57428 |
| SHA512 | 1201b3019f9c14f792e4a19ee7e76be91fb8cb5074c08d6c9642de195cdd2b46a23bcc03fcffe8128b70c0d1af19bb99df7b043963e9fb0d72889ef6ec77460b |