Analysis Overview
SHA256
36cfa529bfc437e20cca516c97c4ff58f312966e934a57dca470401b733131b5
Threat Level: No (potentially) malicious behavior was detected
The file a5f47fa27eb290c922c7e6ad74ef1bc6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:13
Platform
win7-20240220-en
Max time kernel
142s
Max time network
124s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bb3f1153f6b214cb21ddba5620ab080000000000200000000001066000000010000200000003adc8c5b3e1852bcf1a4f86a8321ffe7a0a7048644bdbc99946d2eaf3302f724000000000e800000000200002000000016184bca12427e645126ad5e9142cc066349a3057d3189e1a9ba1d214223523220000000c60fb59b837893f33d9b143a0653c2816e91156acef951f4e1987d71b45454a640000000aa238c1db717a595c04934f02a8483fb7d5eef2041b961de7246c14918425b756f97aee287c6cd680b80ec8b6c1f4d522b379dc5c1ceb2b00fcb8a546a36c1cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449721" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 904fe2d59bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEAFA661-298E-11EF-B54F-5EB6CE0B107A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bb3f1153f6b214cb21ddba5620ab080000000000200000000001066000000010000200000007bae2d1e4aa3ef19ae02e8c14c1989ff74ebe94fef05b1bda979c1e2529a8d39000000000e8000000002000020000000d614db346f80928a82788eb08c1cc06b9e499a8efd85cdc1009d0c0d6ea4cdfe90000000e60a7aef3555421398b1a6afb9df826ee583638ed49153eefaf353eebc178de21acb7643e2bf97a25e14e5e367236dde494568be1e25b5d168edc0fe886a1bd0e557d1f96b5eaea0360f15366dc072fc21edaf0fa68b352b238d953d6b356dbbd747400425fa1b3bea9484838d4dd357a2f391caf2da24642982d98c7027be0c93fa83ebc44cbafd67e7310cab12551140000000d5ea0cc6403c705a4109d1ddb796e680ddb68acbac47b07bd533a58be492f1d25aeef902f2f12c8bc00f97b2972891f0261e797f88425ae6606d732f49e5d64a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3056 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f47fa27eb290c922c7e6ad74ef1bc6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8F8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77b146cdc77152fcf1ebdb307d0b6c5 |
| SHA1 | aac69ca7c418119b9e55c9b603ef25a78ff651ec |
| SHA256 | 7457b3763dc4a11369b60f6ad8778d42fa764b8f13952b198ddc4e6976333645 |
| SHA512 | cb674498920e75f113078c3fa84e884e830e73523def5f2bad270f9d77dc6634a5882dd2b75026038f0b820b26abc39484ce5ae99b2f541338d029a6f4d9b7de |
C:\Users\Admin\AppData\Local\Temp\Tar8F9.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAB4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | dcad29be5b5d515a0f3ee0b2349e0987 |
| SHA1 | b59c002279b8993e4aa3d5b570cdc566e0d6f3a4 |
| SHA256 | 2982fa047e3989d448cb97f097074da95113abd5366c298180ece97e7110b30e |
| SHA512 | 14342b4c50f03a44c7789735077aed5f199673313856325b11ad334ea4cff28bb19207d20faf11bdda0ab8d6b14587e850cebf0af88232b349288f57e83acf74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 943cd6ac3564f349c722beac88310b1e |
| SHA1 | ee4e299928cb80f90fd381512f04d4d4d23fed6d |
| SHA256 | 6fcad2f74d173334bddf7d810494de07747549957f9ebb94c5168d733f7eedaa |
| SHA512 | fc2942c0463ac0da37cd9f051485eae890ec5cd915bc12c6c2840783c8f3da3c829d35f4b276a687af698ded6dffc32ec8e6ac3f41e8ea64ee2835d68b37c5ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486d888f4c42cb56882bdfd12c78974f |
| SHA1 | 6460ec4d51a5ec3c8108aefc2a146411847653fb |
| SHA256 | 9ba481c00cbada6fcd01b202481da3bd38d020b9c977a3019bdd9713e42f5c30 |
| SHA512 | 2b1e6ea235dbd50ea0330fb0bd8e74ea33c8c004ed17929a13db2c9ab2e06333251c046d27ba944a3fc619026e93e83e50c362c46459323635f5fc68bec36b58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9bbefc60e80c2677d2acb42fbd88a6 |
| SHA1 | a2b6aa80fa516cd6e9ddf9d9c52745cdc83886aa |
| SHA256 | 9b8b42e0bb236c7083ffc9b4a83001c8a135bda38a6bc76b071f9a4c69e983af |
| SHA512 | f4dc42ae188b2f958a108240fefc56d7af7647cadd61ffe748d42ee0b6130a62ce49334837f1e3ddacea490ebe534b6a382e64372d6ec2a5ffffb71f73637fe2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a2bba41874c2e8b31882b851bc4761a |
| SHA1 | b7807e43ecedba8880af2f4fa13b3beb592df4ae |
| SHA256 | b29bc260f4a4c36be6daa7e4bb9a9f96d4caf5ca6f02347cd973db569550a53f |
| SHA512 | df7598382a5bdd696a6e31a6bfee29a689e57be949c166343fd7bc025a0385b6159d23fed774268ed9b701aa01a60caf19dc6e6c43e58b5740dd2a2b6428b756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4db024505e5da17b3751076c3b3094f |
| SHA1 | b9c1b82239ddc580f941826098658ea47b1e7561 |
| SHA256 | 4cdd2d5d1ff2552c0376b636f4fab72ca7390902d1bcbf2f4fbdc9ba65a2e7e0 |
| SHA512 | bc40f62e64415ae7f9d1a45c279df40a625071441ef667c9411812dcfdcc2228f6be408916aff546a44a0a1e65cc756b92fcac61ab3fab53cdf95eb3f2365b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6e54ef8be554cb966b14eb8a15a3f498 |
| SHA1 | 1b9e5a4aeb0bc28c47a7202114a2c8ddcbbbee48 |
| SHA256 | c69f2857f47dd5815ae73c7bfa283703a6bab6a96e6ab52c91c014f08a1f4ad5 |
| SHA512 | e32e7ea4ed3d0af2cd1914d27435eafab9817800d85712abf8f993d37cd1a636af857240062cd700b7509e702491872bc2daa4583d7793a304fae5909a54f86d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a8aa4cafd4369e6c8da54970727ba54 |
| SHA1 | 5b33490eba7487c3484e5791f17f8a5094ba4137 |
| SHA256 | bf399efb863c3f5f0b149e909670a09b128977360bd814515250c3460e032c0a |
| SHA512 | bc26d4b8b8ddd11d47a4f0d5ffeb7c60a4bc0788bc4b177a71dad516819a3b68d81e785a59fcad296a32b7119f72e1f943cdabefa7fa57f6dd0e566cf60fb3cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a03f487c0d6c418de2d5c965a4ebdc4e |
| SHA1 | e1ec0d9b134bb27289303d3e59e7797afc779658 |
| SHA256 | ae5e3caba6140eaca11afc836c1e2837c1b6a2864a4e560449c1edbfb43be4f4 |
| SHA512 | 98a70485c93eb82eecedbfd8ad2469f25b285ccff4d757dbb6776db2be7982e175ad7fff0134445c89c41e9150cc7fd7b6f02db478f9ccb716b53835cef89455 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f93bbfb48e982ea3917dedc2cb6b56a3 |
| SHA1 | f394e3ee5cfb778b9f397e126ebbae8c4c50aeae |
| SHA256 | d393786dd8b73c8ce1dea97e2ce1f233aa5c6f341a0bc8e414eeac6a4a6b13b2 |
| SHA512 | 84e0ece230a0dedae80e36a7d7405c6a29505cc1ad039cef00819d04c9a87ff41e64c3d27692c980d27a507d32158c0713a572ce52c2f937720f50e507103144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc7671b6e54b6215655974c2dcdfc04f |
| SHA1 | 709c1c57665f1e965d162c6f0dd31ad32203dfed |
| SHA256 | c3ee437af7c37a9c717293b143d6335a128d8de3c54111c83122ac2913308fe5 |
| SHA512 | 6a9cf484518f56f64b3106c25f74a04cf000103cb94edb74864122387c8257bbca2de722ee03afcbbb184efc27b1d33d64336d7e86f0665793b9eab644453f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20c35cf12044a668ada5b7637f14ed41 |
| SHA1 | a970771468b71363bbfac6cb6b0324eaa78b596c |
| SHA256 | cbbff150dc029f17508f99af2a991666a96a39289fe8160aca5f495bf9baad26 |
| SHA512 | d021cf037946583dc21097b8dc8c5891fac20422f138e6c785c1084205056679344397ddee81f89480ecc8577ed8583cc38b7626b36e9162ffd22f20d1ff9406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94775fd24bb3106ac4f1a424f6e2b8d9 |
| SHA1 | 4eb0307573135c37eaeb78d1c9732906b0d5bdb2 |
| SHA256 | 581be9d382a36b21ca612ae2b0a3f55dd587914613d7c81bfc8b836d53734ce9 |
| SHA512 | 2afa6944fbfea8c4c10713aded8a64aa4b9320e053c92c4da8fc701fc4f092a7617fe38d1d728124ac057ad7f44c368a8ef24e2fafa515bc84bafac21c834dc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3d90fa30d39db3c241a594b42b3029f |
| SHA1 | ba50abe46747bbb12e19c1a7f1fcca44464dd477 |
| SHA256 | abfaa5e550e96af9b3edf69f13539210a386d662905b2c523f4e97a564f5af81 |
| SHA512 | 2e884daf2d2352ed85647e69815c727aac0ed99e3de12918d2a3a0ddf22bf2e6cab53885fc1b9632509ea15bb7a5c88f7a9ba3b9abdd764c4f1aad7c5209a0e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d396d775a65dfaea4838af6dd4d982 |
| SHA1 | 35822c0319c753becf38f21f09f8013db2f9c6e7 |
| SHA256 | d72857bcba719af16aa1b32c7b7864f82518bc007957e54d3ece95ef34ccfb52 |
| SHA512 | dc88d8495f0c5f156e91d0b4651d585530e62c9b933906f4926fe32089c531c333cd4aec7afa2c3f9214a6c082c7f6613ad01ae8478a4b463942d974ffbbeec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9de8e9088a20e242b8ce6613a6b3559f |
| SHA1 | 0aec5149447060c5ebec4790af37125480853201 |
| SHA256 | 76e4dbb179c412d1e5541e3649669119fe56989bd10de692b538bbc55a70b64b |
| SHA512 | a8e12935245d55519b9fe0e1d3eb4befa1786314a8109b8dce50afbeb7a541a4a595f4aeb124b1169951be41bb4df5fcdc108ca4a1df13dd8871bbd93fe6a712 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d34a3159b61539f8a87c865f5c75a5e |
| SHA1 | 79090d264e3ffd399e2a1738a251d0895251c51a |
| SHA256 | 28602d40f97a0d2f3504153a83749453465dede44d6e7e31d4425fa10b80d947 |
| SHA512 | 55085f2f092e2559a4fb09ce7270e59907cb07407a7ac37ef0efd66e6ba0b00c9c5d9165a1fa4de3cd39099910288f18c12b753c0165950660cbe35841c19f37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b26ebce417df9db098916bfeeeb2d9f4 |
| SHA1 | d4ecbdc4657a1b09b87c23c6687abcb17dcaf792 |
| SHA256 | d90cb3ea150cc9e47a0c241f53dcb85bc5c8f0ae92c63f0b64bd3f48a94a3c48 |
| SHA512 | 9647975cd6c863828300118bb7b23cf81470d616c56314def457b2302031f97b04e82f54531d48157b65a46259c6141e1b832481496373518cedaf47048f248d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71094e4c13f3ab17343923cccdab05f6 |
| SHA1 | 45b08b6a870907b91fc7bffbaa545c64eed25524 |
| SHA256 | 11ea64b058a56d883ca8bb3c37d53ab0af8bd775e6df231991b1f606baee2156 |
| SHA512 | 45f23d8cbef2b141ad78e8d245de54a7c98e72157023ec654ee7885521ec5d01db3dc8a28dcfd6a368de6de6e848896ac858d2113b310bf8353dd8fa04ab7f58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 656e57b74bb1817ef217011f637269a1 |
| SHA1 | a8ac1a11cdaa3bc3555ecaf22cac588f574f0411 |
| SHA256 | 39486752a9543fd252e86d962a9a61c38a03d9dbe7af4db5189cb3c39ebd622b |
| SHA512 | 35e0ecfa64567ff9b1aff641c66f689d641a216bbfc434600472b4171dd8e2714e4c8646f8ac772bcff4e7beec89ae3f1fdca982d08ed3add988e7e44c1fa448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d46c90eb34cddf6a8f09bebcc32acafd |
| SHA1 | 80946bd1218fd44104ed4dec4aefcc46c66df009 |
| SHA256 | f38d04e2dbc07999ff81197de478f67d33e816fe49ab053773cffe4d655abed7 |
| SHA512 | bac37dd3db2c2b9c799a7a0d3f89c17de47d9c7359a1ec5e9adaba5d4e82425575bdaaf38ae0d46d4a3ee74c615624fecc050333ff9edf3caf1728b800e51735 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:10
Reported
2024-06-13 14:13
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f47fa27eb290c922c7e6ad74ef1bc6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa53046f8,0x7ffaa5304708,0x7ffaa5304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10401863528139231601,15599101244233762149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | hotelismini.gr | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| BE | 88.221.83.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_932_ETHKYPUAEMHDRRLJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a1032c27cdf97c5bc195eccc43a43fc |
| SHA1 | a576b14123fba50bd325e31f99b7435ff2461011 |
| SHA256 | 7d6fbe0e1d50596211c3e45c01b545aa107da3b4c4a570850fbd5748a691bcac |
| SHA512 | 058d9f9c0dba2625050a0e63f42e66124cbb90709257bdcaa96b4c54664d32ef85750a895d6648ef79e3f55a8c75c0aa1ff650f017d1a29e4cf0d67f24a8bf6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | caa0116c8d86f890f73ac3d4e26dc7d2 |
| SHA1 | 124492a10d7cfc75e73a918645ad51a54bfcc81f |
| SHA256 | 0afd450ca9c1cd2d62f76a9a1f83a4d9722629cdffe10e2adaa4c563a2e25a16 |
| SHA512 | 0edc43e858e778ca8a9518b3d0cb82380f90cd14196adb52f9991050019e741ae24bf673194e101a2851368771642104c01674a8cc1ad793cfd330c302c99d29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a33d4dee7331e89d91954da19d229235 |
| SHA1 | 38153db849dbf027b0e982650a7c36fdeee7d89d |
| SHA256 | 1fc45644ed243258a1c5a669aa10118b17bc921e65dfe89128b34c877672cc88 |
| SHA512 | 1e6bd366353ba2ca109cdfe6b09cedf1759472a1c4c2797331b73b7ee9288d9e0c63512d521118690b516d9cd59863952f38223648bdeb980e3f429609ad66cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 45fc15fb071ab5650147e2d6e47ac9e1 |
| SHA1 | cc8cb27ee9cd6892c7f4f3abc6826e9c3693f50b |
| SHA256 | 5c3f576e258a6afe72f04185457210ae023a9015bd69fd09b92109ed4c012a4b |
| SHA512 | d2b527c7be0e3964e89cde47ecc1803addbab46b7f51970fad4d25b3e09db51c898c981783594a46cf0d42221a6243a929f995f81efb21df22d854fbcf1f32b0 |