Analysis Overview
SHA256
94ca5834b64d25acf933468f7545c1d8bb6b65cf59d8898b4778196bdb30876e
Threat Level: Likely benign
The file c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:38
Platform
win7-20240704-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000b05e49c82e963cdbe06c27b7dc726b3b05ba72470e9eb2cb37bf17a52c7b6ad6000000000e8000000002000020000000d0d562dc8924e786a20b9c6bba1138f55886756b7dba21194b695f1db662bc6820000000caa0333729f037eaed8ca0c2f248b5e57458ebeab83ed9d741e649a5654f7d9f40000000e8d6003b92b810000732076e67a95304771d1ad6811217c9824f65213ab5e8f745b45eccbbb54eb7cc7c4565a182766520e51f6acfe900fdb4561eba8b004d9b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740425" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000968494844eb8e76f8bf0b8058b399a830c6b14667f047b973b678232a543d2d9000000000e80000000020000200000000ac59514afb8b8e60f610e1bb7e691b30247aa5c948e273ccddba35dccf58b1b90000000b7b613ccae813ce3cd73f702928843a3130d593ad2c6b7040627e19a2b298037fd059490f40a03db1793d63e9949457d49b9a3ced079158e398c1f7ab2b0ad971818c82501da63633ed21ad440860fd9a5bbd517dc889fa750c4bca1c04c639f60d546c331647708b0104e751360b7433f8db6c2048c4c4ad41b320514da442116c0d0fce472b958822bd70ecbb71d7240000000007d373386ebcfa0c52169f039aca98c985304bcf046cc30f6d6b8678d51fe48ea01f07ad3267fc91acf4b023da3cf9b490170ae3af0f6e140493aa4374bb5ff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E7FA081-62C5-11EF-BDFE-E649859EC46C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b27f46d2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.petitenympha.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.petitenympha.com | udp |
| US | 8.8.8.8:53 | meninassexo.iespana.es | udp |
| US | 172.67.149.119:80 | www.petitenympha.com | tcp |
| US | 172.67.149.119:80 | www.petitenympha.com | tcp |
| US | 8.8.8.8:53 | petitenympha.com | udp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 8.8.8.8:53 | i.xgroovy.com | udp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| NL | 45.133.44.3:443 | i.xgroovy.com | tcp |
| NL | 45.133.44.3:443 | i.xgroovy.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 92.123.143.210:80 | r10.o.lencr.org | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabF76A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF76D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f017b473499304bc99452b0654a92576 |
| SHA1 | 7da6e4a7bb95262233fb2f84176f39040cc1e97c |
| SHA256 | 951f24c73b20384a3f659e94e10f2f48077a126c8dfb0a691fb566737ac7daf0 |
| SHA512 | 7b2bcd4bb05b31446b2b4e6cbdb669e1aa2919f5fa6a79e5d14cd6d34542cb00c0d3245bac14c8ae883e45192b930be13a3ecc4a786228834fafd60459796600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c66dfd2c6a020467c1edb32eaa133e33 |
| SHA1 | 5901ea700db90858baac5e61f754feaa99a21919 |
| SHA256 | acdd770c6eae4ea47156251bd749b03ca3a6c9bebebbdfa86941aa39318ac50a |
| SHA512 | 93334152fe23193b9c581b2ebd03b13c21f65b6870d3020f9d097a8ffab64550e4f59ce38be4212987c7a2f447ca65d57cc6c2ce09b6363f03d21cd75a31bd12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1102cea7d9a24617aa2bbed3383a129 |
| SHA1 | 0b2618b7293046606a6c7378dc10964bdd4d43d7 |
| SHA256 | d52f1b7825c14cc75dbbc263abfa098698768bfbb8499d5b90a5d17cdd2641a5 |
| SHA512 | 818162ebe93bce3ec8321ec70e1560e450eb04979b84344d8e49138976e5fa141d4fdb36372a4e936a3dbcdbd9052afeed0d8ed19169c8c2a63fee7922c5eae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fa6d35ad2c1039b454ddacb8577009d |
| SHA1 | b5c8259bc3f845ea11abd05de0cdc0175af49daa |
| SHA256 | ef8efff8f985438ba55e12cee1e285ebf20183151ca9ef721b1fbd85519bbdad |
| SHA512 | eaad2658299b4b945693816d771bedfacf89f4360f7539bc2e1a76d47bc3a25d32b0b7003bf446fe176c7a06748ba3b8b88ec5d26f5d659f22baf291efb5d7eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98647ab4c8c450fdf00f3d43da55b8bc |
| SHA1 | 6095cf02362e18abacf16b355ab29b093e018ed0 |
| SHA256 | e4e50e622dfa8687d07747745cb6eb23c22ef4796424ad3729b7804b05f48377 |
| SHA512 | 1b38cb67358855535d38c4e26a9dd109b54bbc75e5bb7ff6999f0f68fb518dafa1dc975d167d7da1057d25df7fe7785149117773bb1e6ac002b1ddb603457222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44b6b2d856564f77a86ce841bf892c03 |
| SHA1 | 707a2f975a0538b1463214e3ad8e5eedcc69b5dc |
| SHA256 | 94f18d489a6d5c4d524aa692e4852eb6c4793f50f1e00a9d429b77a00dfa1c38 |
| SHA512 | 76d0a12fb6290ccbb518cc680ef7030bdeed13fb1e3dbeb95cbd66b6c266f300f0f54d427ae78a7f19ba165557e9fc3aecb547c49ad18245df77d010d6c9a782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ae0b43018a6ea310f3ca6a6f20fa269 |
| SHA1 | 9291687c26dda48b0c9ac17ec75184ce9ea1b616 |
| SHA256 | 3a564b4bdc9229bb19f50438a782c747eddd235c7995ef709ce69916ab66a362 |
| SHA512 | 7601d1e412100f0f9bf17955c860fe787f2d9812c1a9df5b4fb7ec7b34c7bbaf43c4c361ceb879447d8ead816eb6e93bc5559985980a04abc2b2cc630f6e586d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4789f9c1f6e3fd248aa98a5d164e4a9 |
| SHA1 | aa607342caffc78049a7dcda929e579bc000c290 |
| SHA256 | 1a68a8091b9f7a687d1d23728e1736080d6422a81b9a747108ab246bf829b19a |
| SHA512 | c3b37f60dba128d55029199527ea8b4c26f7294128bae97784653af875059d4b4359b3a4c0a4c245ac188a7283c54e2ce277feb6173a95cf82524d1a0aceeea6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e92e6cced3b688a8e51eae4d9e9945 |
| SHA1 | f6919cfb2700be1e381ddba6e7f8b38d5eef0e19 |
| SHA256 | 5137df3a076d3e56e47b410b29d47b855672939fb5af01bc388551967b98156b |
| SHA512 | dc6ce85625c43ad3e35605293fa3ce78be5db010c9e02f5386d4bd51fc4cb7be3fdcb3251d6750d7be08e59450eaefbc078cedff935942fbfecfb4f247e98d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e20f7dc42dfc48fb3d8228e98227c166 |
| SHA1 | c78bb241cf1de0b2e924de0d1b460c533259421c |
| SHA256 | 8416e43de9f7c546366856fc0bd14b5b7753495051d96629eceecb46338ab2f3 |
| SHA512 | 1d9a45588cc5bfece5cec212808417c7f73ce931a7f26844cf425910878ce76e7c4ca7972e788161978d90ec23898c35c3501cbb4aa6c2716e9770d710e8d62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b08d42a72202f7041c0727aecf71411c |
| SHA1 | 11dc094334828e1caf778bf5902da3fad0d897ef |
| SHA256 | d442dd8e660306815ddb5f4053d6c19631bc18fedf23648e3eddb9d1380e9896 |
| SHA512 | 443d92b9941534eadedfab5ec391c2aed8760347dd0da40732a8e26eef69b90f18c9c03b6fea2a5d56ae6ff4859852aace5f85f2b4d0823509ab59a7afff14aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ecec74c7be55626f459659d0873da120 |
| SHA1 | c213b84d507d2a5e429cd329c3ab0fa3c7277867 |
| SHA256 | 6775e5090e5958ec13e072f75636baa3dd73e05b83e486f86962e0ddc0292242 |
| SHA512 | faabe09eba6581a2a18004deaf552d5ccd6610cd8b4997ae88a8835dc89769a8674a504f1239e051c2a94657b1b14e88e7c558079df8f8cc8b17ff5767e91bd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c65a6bb026b94f60104e90de354fd9f |
| SHA1 | d02e38e34be264775ff20c15d5dc860ba691f4e5 |
| SHA256 | 4363cf50e90ae05937f3816cfa455bffbc6dadd76c045a5738b351221286a0b8 |
| SHA512 | b0c162bdff9d352824ae2ef814b28d6304e0e5cfa533be33dd9354b4c3b8aef1594cbf2f35bc9629ab0a69a897343ce9e2e214fea9186e197a4e3fa268a622ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 716d819df0fc1bae4e1abff298276ad4 |
| SHA1 | fc04c6e2710dc30977352460ee3e05afa26d0d2c |
| SHA256 | 8a1af9df8e5efa67161641d73b0416ce9aef2018e4f710fe876d92a10bb0242f |
| SHA512 | 9970d7b577a086e637dd67b87e8be94109a6a9498d47a846428b80208e449d4b60cab85190e58366fb0cf822027a8f7e97d3d93e30286292aa89e9b4a1b76717 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3413ecb7f34724eb20f187cc347341 |
| SHA1 | d6446d40e27a9fe9454744c2710722b5cbdb3aca |
| SHA256 | 074f27ccba943404a87e87758c8910783e3feb42d0c1c3e819ffa0b26aaf67a2 |
| SHA512 | a226bad685a672e3f347abb062627e54c158fed099901a4bca478290f84d93a5e65788923a598981f14e9d1b0babf55cb07a21eb768bcacc0cf1fa44fc3f5e71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c4d65135e8c3d48cbe595999a2cc1ee |
| SHA1 | 40e9594472daffde55804abfe9c39f0ab5349271 |
| SHA256 | ef695515e57adb0443efe81ac8a1b7241973dc614c3127c1298bf50962a9e248 |
| SHA512 | e015db75cfdb07b735876613d28eeff60bf0f3257028690be45c8dbe4649d0d505fbe05acf4e0cbd97c06db290d8c5282f466b7e2551f8b5db1a4ead130d2126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29c2e957847a83354f7ac6edbccf56fb |
| SHA1 | 6269085b3617dd2802c89efa4e39ed9e6e475dc1 |
| SHA256 | 259b846053a8da785774918d490fb9e7510c725a3a641c15249b6bc719aed13d |
| SHA512 | c56721ad1284cf89b680f350caeed9f49e049efda83c15809f9bf48de05d1fe19bbc95706bffe807e04a1c725bf66c0a2e965b9b23a247c341366da3f82514eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a522054f5ce9c143dbbbef824f377dc9 |
| SHA1 | 6373af6381a9d98d3c50b9a0393201804a53cbe2 |
| SHA256 | 4ee95bc3ebb3f35c94491e7219fc70bed9b1071c6e233d00e3738d9589c82a6b |
| SHA512 | 752abfabfab4e233b5448a26f0801504e0cd45bde5447c2de8a2a42b813f00efc2e42ebfbcd703eb4c7726f0d103a283cd6aa5e0de0db338f138d930612f31b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38861c1ee85862646e369be12bd886c5 |
| SHA1 | 9a46f533ea7825bddf13f5c09f4b8a6d1e186f0a |
| SHA256 | 494e4915d476ecb934b1c45f544bad352f5fa162c90eac4d27acd0cf6284d4c3 |
| SHA512 | 9ec955f30bfdf86c9e566701753102246db81d1f90cc483b4c040d172156dd0f1aecb0c3c09ff0409f335634196d21f9718ceb3d2a97c87259541fbeb31e2640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6077e45a604e7aae4eebfb88f9610e18 |
| SHA1 | 34fc92b4ab5eb336d7c46ea940d4964364ddb916 |
| SHA256 | 793894fe7d2fe8195b75e985a11e1f2d6be5decacc31d07c60bd4497f3fb4ce4 |
| SHA512 | 00ddbf82d889f2705a7d53bc8ae2cfa92080e05d37278a194ef73e4d35ac8f7aea5151a81293583da4893213888e9f93e49438d48724ca5f5c3827765322768a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f40131b9395489d35e1d4967148462b |
| SHA1 | ca044d8ca8bdc9aa265f9bdcf0f14797cb4a7d90 |
| SHA256 | c14e5b2e76b37850c9502c4b502ecb443ab871d623a1236710c50174bb7da535 |
| SHA512 | 8bcd666549a010b060be9e270742cbe1ff24dbf37a946fd98f772a211b1b164efdad175c872ed062c00299d1c617a487e7022d8795251d197df9a435435b5480 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:38
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c073de004e6ae6216de3b0abd6984d3a_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.petitenympha.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95b4646f8,0x7ff95b464708,0x7ff95b464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7405425003549595137,13221030039255481947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | meninassexo.iespana.es | udp |
| US | 8.8.8.8:53 | www.petitenympha.com | udp |
| US | 172.67.149.119:80 | www.petitenympha.com | tcp |
| US | 172.67.149.119:80 | www.petitenympha.com | tcp |
| US | 8.8.8.8:53 | petitenympha.com | udp |
| US | 172.67.149.119:443 | petitenympha.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.xgroovy.com | udp |
| NL | 45.133.44.3:443 | i.xgroovy.com | tcp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
memory/3916-6-0x0000000000400000-0x000000000040B000-memory.dmp
\??\pipe\LOCAL\crashpad_3444_AMRXTYCXRJVWLZEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 090c403948b6e0fc3112347f95bec614 |
| SHA1 | f1530f5a51d5a8e1279c47e52214e75f2443b739 |
| SHA256 | f98a035720aee99f09eeb0270977e1a5d4088c3adda374677b3e2653fb33c857 |
| SHA512 | 185896bcad1b5dfa19ee02bd62977e2c48ca294523809af5ccf742e0c71517066e9a1b9601b48f9730ac3f70cce6271e8834082dd498457e4fb9f1c167a609cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e99c862a4e24f462dac22c3a4a64d672 |
| SHA1 | f19e08d30aa56727392c093c55eea5b43a13418e |
| SHA256 | 94f1936214f06758f7fe154bdcb31f2f1f899862a50f6b4dd7d7b92bb77261ae |
| SHA512 | 1321b085f74cb68078398fce61d483a444739c8a64000f324e3032d6cf2fda73dbe7c61490fefb4527b4734132575ce894d967188ff2cd0fbb54ae0501cdb874 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33617600bbed7e42a8e56e4204ef67bf |
| SHA1 | 9e237945c83153cc68c4a06f3cadb49d1f2043ef |
| SHA256 | 0df22ea1f51b3e48c25f940b31454292f036f7aecaaf07b8a05925838398fe01 |
| SHA512 | 6ed66e2e4d5916e181cc4fcefbad43f2cab291701efa213e266a72fda19ea4c986be3862ef48cc5d77611864fa3aae4e78e5fd5257aee88ea2f07d67b908fd74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb757ac9c2aaf2d60fb9a731bcd10f28 |
| SHA1 | 5f356a70a9de36ba4cc30767bea5b1a01742830d |
| SHA256 | 6f01dcc0ec287e7cdd530070b3b853068c05496e4295eec0ae4f956c3d3fe375 |
| SHA512 | 7854c597a27ebbf6d77c69b377423b8dc85e4df948732f01606e6fb38f376e8eeb7043ba7dd8db543912980a06f26cb6344367fb38d962778694ac4a2c081bfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5fb56e8b3705565dcbb07cdbd4639988 |
| SHA1 | 57e293d312143d99e7afde47b9f6adefee0864be |
| SHA256 | 2e49dadd7782f556a15e3cf714df6f3271a9377f348a1c5efe9412d8dec0f0ce |
| SHA512 | e072ce439e18964d832bdb5adbc190be4c7b52d921e59ac5fddeb04823b8d90ad8b2f2c256d89fd8116594e0923b266455a57a5d9db746bed5ba8f79bea1868d |