Analysis Overview
SHA256
c8906ac7fe435de2c67b5099df3336c1713556994c3293fd6a8f03388ca6c464
Threat Level: Likely benign
The file abc577488dbed2af798e1b8cf5d059c0_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand PAYPAL.
Detected phishing page
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-28 09:06
Signatures
Detected phishing page
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 09:06
Reported
2024-11-28 09:09
Platform
win7-20240903-en
Max time kernel
143s
Max time network
143s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308f7fe77441db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438946663" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11821AF1-AD68-11EF-A914-FA59FB4FA467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000e36aa297b29a3c82de3b09f6f5e3b06a3c1968119d12ae19a7602cd9a18932c7000000000e8000000002000020000000917d0435495993e46148144383a2b83636609f115dd28675974f9de43b879c8520000000fb2a26cbd748a87dcda733bbe932cd10c4f071865906ac559a2911ea1874462240000000a8118a50937ba99c36041c33efdc0e58ecb9d2e5c5fcab33b0200a5bf13d041715f759a3a3d7c90a326c55d6012b0bb04c5db2752aa810842ab227869ffb8527 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000abcce35417831076f726f38752ad719c184495be3e15a3528244e99975e57050000000000e800000000200002000000018bb37492db4d33707c10a3de947c56acb82bd46db958d28be8bda92d90daf13900000009c25687afd24abdea3d8d0900b939c4e22bce9365d8c2cf77b0bb962e6e38482187b29e7cd4deea2140c3a41d964ce8427d5db1a4451867a753154ec3de5035d52a627a6e26055fd4b3b3c694ef8885c2b0c435e77302ee8354899a7356a069b825f56f270d9e97d51ba8e7709804f5f13e787b9929607498fce528b0034f50216a7ccd4c0f8aa900765b528dba808b740000000793f09a13b0457cd10627141290f52733f5139deae2a417a31baea85725d1c50f45322ee41a58129db6cc7f994cf81e7cf8d491459a17041a31fa47b17c366d7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2976 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\abc577488dbed2af798e1b8cf5d059c0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.bluelithium.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| GB | 142.250.200.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| GB | 142.250.200.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| SE | 192.229.221.25:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar8AC7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab8AB3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51f8dca1dd968459680c20e3a935ebde |
| SHA1 | 4a6d1bc346f85e59a3b0d1dda352e211d80a7d29 |
| SHA256 | a07f11bb7d84a550ba04352649a2608fcb3c92994cad129c4d8420c20cc49a2d |
| SHA512 | ee65b0ba6226a4c1f5b67f9784438f463a9239c3bbbb69cc997f975ec24c2cae7a73368a4b4be0cf371e8844644c4f7bb6759b901cf3212df700a98bd9b04882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64ca8f5b6ea26d679c520dd1d45646e0 |
| SHA1 | 30f8ac09e5542236cbbdc7710438be4c05b3a88a |
| SHA256 | 1bd4d514d9aa51e65e0dd31726690811738b4c25b056d95c7711f4922b414f80 |
| SHA512 | 02729a8e6bcbf73380a4b2b9bc423bd0f528145f24e47921c2767993eef0f3d2d2cfa367cdd86f0991a82ed6e02fa40d09b039ed4d5e0648084b105b5b5061e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a973396d25da748b31e4bc8ef72686b4 |
| SHA1 | 1d46ce05fb97f53a99340d4e84d746fcd379a27f |
| SHA256 | a1b26407964a5e5e1514217a83cb21b8d3334432a7284df47eed22715f040ed5 |
| SHA512 | 6e5e8d42d9b02c4ada23681b0a3880be3196d653673684d123c7ca865c1d59a97756afec4a1a39fcf81028727e118bb277e17e22bd4e8cd4fcb1ec8afea10efb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27d1b13ede20767070c26390cb574b85 |
| SHA1 | 16d38486e64593d59b94b7dc48aa3b8c7a1385a6 |
| SHA256 | d1b5f04369532246f4d06b0aea63b3f697b0fe5378a3339d01a29b4f46b40609 |
| SHA512 | e8fd57e6ac55b5acad566ef6bfebdae0bc0e650a8fc6b796a654ac9e8deb62e9ef1b1b2fd9fa1cb0d23aa9d61f4d8e858bba6384a2395461ef0ef7fb54b8d8a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24587471eaf136c6294808d180f2d924 |
| SHA1 | 6fd051944bb36a8ce8c0552615d4e4276a4b2910 |
| SHA256 | 6223cc4fc21f87205a63302c604fe26f2f252828f8e0ebc05465512ab2b33238 |
| SHA512 | 7831fc70a7528cd51007d3b3469878ea93c24889a1f210a843e068acb1826c60e64bbb2c9f12145e09386b015451e349b8451a15c22d7061a5aeced5915bcee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9394843f88cb1b095177180660549140 |
| SHA1 | 53d16f6a143008472c4e7902d9c3ec2e03800bf7 |
| SHA256 | 07008543f195b86f21b51643ca4a085c8aad5ac087ce1ce2bf44feada0febea6 |
| SHA512 | f9c6a34020bb9482e22554da2838346b9be2a1ec31ff0f8e85da9075fb4e31813d6d540c8be9a500f795a3ca20d6d714b8e7c5152f33af9f7d5c74dc596fb312 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6a3e6b2d776f76645cf37f14cdb9e6 |
| SHA1 | ab0d49d402d2e7cbd6934d177090bc7e49943657 |
| SHA256 | c344cf1a3953138a6e13c869010c876fa7abd3d38215bc82d1e87ab1c16bb72d |
| SHA512 | eaf66e308f8e1a5938bc6f5b872ff2af2900f256bb18a9b719bd06a3c89e74c6dadb91325c5c43c83d15d0b413ac6180484e2da24dcdd9b56bf60affa5944161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10bf8de59e5507f930ebeca9602d2d28 |
| SHA1 | 8edf0ab96568f7bf300f3d65dc7923d6e9773ee0 |
| SHA256 | 700a3214ccb595df05b86a71ae8ba2878218d5353803a56e1d2337edcd73ebdd |
| SHA512 | b034a3861e4be8fa21bfd778a0242619b503d24b91a640b2a479fc3fa21fb63fe8b93f72b698cf420685cd5f5d3210bbb60fd3927781d05eb4155a42de386a84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91eaaa437647c6e0fb9f8e2f4443a731 |
| SHA1 | d74edd233e497dfc18cc082096dea724fa98ef5d |
| SHA256 | d942a371959a0f1538e92da2195a6959bf333a724bc4c9bd08c106168b7880c4 |
| SHA512 | b5f6effec0ae9dc3cea6862efd485a7021d9e9e1689a4e1939d1626ecee8d24df676bf2d91e15e76621d9664e61706f05ce17eeb6944dfe01544ff6aebc263a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7aa62dc1d120d919221d86992a26ad2 |
| SHA1 | e92ffdc5f5a356387ba4519767c43971d423a607 |
| SHA256 | 1c9b73a4ff18a3cd6fb5291a7c7597cda6633def97781d961f4f3e4faef35fc6 |
| SHA512 | ebdf95e4a28f738dae848b6975dbce0df042eb1145133c153438d8d35f91487db54e612cbf059a8d6bc24d9f2393f90f8c12b06e9ab54c90b1c8985dfc2e3465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d104a8f8dadda7fd3e9b8e326c04277 |
| SHA1 | 36f511801fe74c7a5fae882378d9ff2e071f1a84 |
| SHA256 | a027478fe3271069c5ac3cd9c7fbda5ca0bba506fa751ae76f0eeff85b82ef2c |
| SHA512 | 7c0260c7a7f93c0c6b0179df96bb04fb0e3b892472fa673eab1c2440dff00f8533cda945cd66a949f3ec61aad1748c3cdef1a131fe4caed28be19116a172676a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab3f12c5fa55bcb3b243a5093d51b715 |
| SHA1 | bdc9fb97503aae0b656cce6f973dea634d26ad9d |
| SHA256 | 6cd125ee3874570ef354a53ead5e7ebcda4ba848749a6ae6a3dbecbb2b83c137 |
| SHA512 | 513be847806db9152247a5272281d30c31b7855f09abb8e651dfd49289ac818c85f13db7584ef9191ac865efd10a933d19c94b3669089d17b8278666cc5f93a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854bb1e36ee194b1804683c100e11d81 |
| SHA1 | 0f14b2bf803d16631b69d1a214835264ce39978a |
| SHA256 | 337dbf8d5fa7199563ddb9415db3a9b1df163c109821aa7996c78433edc46008 |
| SHA512 | c5f43eb884fd40d18d62c810ce4be8747835d0189d51845dd9a6dfb8d5497b95c6de4d6af893b2de1f63e7823ca6b08071fe4093c92d843b2a1283ef08c41808 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0e698c2d7376926a97bbcd98ebdc8b2c |
| SHA1 | 5341e9a697e74e22763ce7481df45b0261effd4f |
| SHA256 | 3fba2e20ce33dc2c5835c998468a61b76614fe8775e3cd0e301701b0b2e5a97e |
| SHA512 | 6a353871b804d1f339ad6dca9869f2cb0e92f187fe2170b577e9aa4e294baedc7c077c6e2bd020d0b81829bcd76f2631b3fef4ca49ac4780931c09bbf09812cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a05d313d2c5af1c9997fdbaec17d22c5 |
| SHA1 | 0e7a74738374e76f11b9866b13f631d25a142ca3 |
| SHA256 | 86302f3cbd6db358022e2c5ff1a08eb6da12b3703cbeb01338ff7e4742457793 |
| SHA512 | d446da5a6d53558b9d1ec984172289d0138d5ea38133dff4d6b7dd3dac65963a793cf320fdc00b7ce7191930c58e8857b74a5248798d20fdcc712331f6872175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fff4ef45f6ee398274e494315e284012 |
| SHA1 | 2dec3008d18107b90930813d19348de2b20a0062 |
| SHA256 | a13a75ddf9b356681344ea4491fbbe91a10fa454e040ba7d94d584006bec3250 |
| SHA512 | f150764c766e0de81101c8f9af1583d68eedc819d6b299e35f2f41006ab4c3348f3b7ee8fbb1d7fc16c673c2d65de386c865da3075370ad15c1abeda377cfb9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cdc75fca0aa525dede6c09e74b9c4c0 |
| SHA1 | f660e4f08c9e5b92d11ad94a42e09d2ce9bc0fca |
| SHA256 | dc492188f09c892d15e148d4f585b33905bcbab76dcd056750c6836e975c658a |
| SHA512 | 7ab4ba3b04680a0780877c9a1d0524fc8614f5e93d870081a70974e51c8420e8e8d15079875bc3cdf960c3f20302ff88c01fd512fe781f3692983f38ebded129 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d3d5f6a291d4b14c3357d7f5f24b81d |
| SHA1 | 23df1fe1aa85b4a068f915831cd65c1f760fee14 |
| SHA256 | 3357757f37a7c11df990d78aafeea53b4db34cefc07520a46ccfa86fa47b5528 |
| SHA512 | a3bde522be9ab051d44bea4ddc00fe1c593e9d33e14a923dd800b5a4518745e415c3ca7f50815369ff8e0be8d4bb2c163ed86be1177ab0d3e6afb2772594ea1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d02ba9fa241672fb6b638a7ff12dfa8c |
| SHA1 | 390f100b91d5d60748606f6feba3e06a9c0e07fd |
| SHA256 | b58089da9e8ceecc2b5312ddab98b7b0d06dd9ef4b05cc264a0ab70118b24efc |
| SHA512 | f515e1a12581c56ef102a5a08a93baa2c42a9734f7e90924a3eac2f2958f48494a3e9b68d67a5f161e76ebbf4a8fa6f071c4b5cca283e0ea45fc8749d320f525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0c141f531c19f1cf5ccc93d519c6a2c |
| SHA1 | 23fbf263292d22ca45356519a8348879ae714e80 |
| SHA256 | ce935f55a6f7e79b42027827ef5436b108dcc0f66a2a62f2b5ccaaa579ea4412 |
| SHA512 | c1c379e2d7522d17e59f647b58ff8e85fd41ab6473f146ad4f9b15e3909631ea8ae4b18764f758914323f9287d5c5551e2c827f138071de0bd09b5905cef5582 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | aa19b835553712be957a7f6c5b1bbd32 |
| SHA1 | a613fb80c7d93b563c4aebc5a98b72b9137abfbb |
| SHA256 | 53aebb08926d998183466d4cca816c90bfd7c70cefbeb5f4e5f673cf4d0e8efd |
| SHA512 | 0aa16661f44c907e6838a6a794203d76fa76c458dc7291229b8a581abead5129f5b33104141c75452a8d4722a6516e55c0e35c76fcae23e3b218a2e48c0658cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1636fc9bba8934d76e6ed3df3888dbbf |
| SHA1 | 140639ff1b0bf9897ece76650f006a9122e1b199 |
| SHA256 | f85494a89855a2e231c7c65ab18579d52eab3d48c0cb499a062c0b9a23cd7b9d |
| SHA512 | 34832c8efce9c332bcf6d47d40b0edc99abf4ef91d9836e6cd3a02d955486d440ab82c3a4f9b74db93e0080573224c94804f3bd174f077b85ed02b0bc1d50f82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5709a7f62e7af6d57e97aad45ce6cce4 |
| SHA1 | a2bf0916b661a5595bdfdd4734094708b8019013 |
| SHA256 | 48fdf63815754514f6e0bb71e5c9dabca5a97f55db017974f6b76262fc4b9ca5 |
| SHA512 | 2519fd34107471a461a6fcd5cbe603121a836fb8c102e8fb4812978bf66ae68d939496e66e53cf4a11b2aa63a3101ab12e7eaca5d1021fc293577e55d5d52759 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 09:06
Reported
2024-11-28 09:09
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\abc577488dbed2af798e1b8cf5d059c0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11448615749404049150,7531726379019101550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4196 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.bluelithium.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.67.1:445 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 151.101.3.1:445 | t.paypal.com | tcp |
| US | 151.101.131.1:445 | t.paypal.com | tcp |
| US | 151.101.195.1:445 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2672_UNAGQHMNFJLUXNAH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61499c6a7ba40917d6c107ebdd16486e |
| SHA1 | a1336d89c309b8ecc1991820cfd41d17a5119b8b |
| SHA256 | 20ebcd7d797d303b5bbdc678da142993208a37a1d62bd19ff9b4322a58b636da |
| SHA512 | 4f4277c7fed9730ce0f5d2817a495ea5e14266b12b3afddb4832ee40dea7d6a1d3813ba46b758e98a1976d82fda2216da318ea15871487d8881e5d259909ff16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9d38aa423d876d0666d365c4798cc8b |
| SHA1 | 7a35ad1204e1db80fc6290ef4fb9b2b12c40d369 |
| SHA256 | be77992dc45d89e01752fcd1a4884d5a2d63f1bfe79860fa8ec1f28a858ebc0e |
| SHA512 | 0e86fb0441e6270ad38c55614fd8d309e177d3ecda0a0e7899ead053775fce6c37239257cd6348825f33f1a4946f8e10a349b20501b1d3cc80d4bb6bfe389f68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\204105fe-99af-402a-bea5-6882daf67539.tmp
| MD5 | 9ae99e9bbf9684133aa1af7d8312998c |
| SHA1 | 70736e5e7037c0f47f809f11b781d5610ebc9cc6 |
| SHA256 | 839ed4e6af6dc6d25503ea61b5daba87b0d5b8849c9d3f494d532306409c3fc9 |
| SHA512 | bdc82246178c4cc139248b55b5a375924fc589548810658d374548db1fa1003f4f15c5805cc4463b0b8cd82c0611e35b05181add57a2e9581f511e38327964f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c79dd7b24d49ad2ffbc0a511418e05de |
| SHA1 | cf2d2080eaebc98202768876b3a079bcb43eb32e |
| SHA256 | 043f98f4173fe1e89e23acc1a00e6ce3dcb62e28fccf36d94077c3973be22c6f |
| SHA512 | 8fb73bb66db471d0436bb3e62343410e6f9558b13cb29df1f1fc14aea766fbc881305e9a1028ae63703f958d2770ba0fbbe5be2aa0779e3d50b3a47f6eda7c77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814ac.TMP
| MD5 | 0ed2604bdea027e3680b81619321d41e |
| SHA1 | 5285daebe6b978797deefa3070a07dca88d553ba |
| SHA256 | 2aa4749c9b8045029a0084f69dce7e21cf061009019733f0d31fbee4f105e2dc |
| SHA512 | 1120646db7b5170de7fccdebba56e2941c33070872ab6dc20a2b176114bcef20bd23072dd97f33b71e67c150f997721ac51ae952102ea36a5b4c589f1431feed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1de426a9de865cce1a9ab9157da64a1c |
| SHA1 | 5a0c6c855d823e74acd4d1715b9e42551d2f565f |
| SHA256 | f68d4538e636d3cbf6440c3692d0bf018ae6fe84c13308c01a4f036fd3d66e8e |
| SHA512 | e314c3c96fa4aa1702b47cb60d8fcbb1cca7ba4413678629e0ce38ec7a0305354dda62c5f0f5e1dd1bee1d05e297c41d378202d7602fb3b7d9cf631e80003033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2660fafce8f5b3d67b977eae8e63f6ba |
| SHA1 | 0378e191a09620b92c30945684eae5f50bbf08f6 |
| SHA256 | 34ba7715c2813de7aed5dfe8f3e75cd3b8b08207f578aa021be13b8008bdcebf |
| SHA512 | a12322002a9c5b60290410a5f5b302969ceea314b3239b90acd9acdc18cefe3c57eef67fba1a37dc440dfe670178235b9c65e5044ec462baa023142a41e4bba1 |