Analysis Overview
SHA256
48540a12fa865dc3c8996eb4fbe6e88ce96636400aea2fe33e1bd2a797d6b47b
Threat Level: No (potentially) malicious behavior was detected
The file 7ffc5c8d352a55fb15ffe54c647d81db_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:48
Platform
win7-20240215-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130610" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000716347c11c651a46b7094339a0eb44f000000000020000000000106600000001000020000000eef0fc55b3f81feb2b21aeb971df52596725860b0cf8a68df9b587e1fd5beeb0000000000e8000000002000020000000ee41093300c3ebd049f14801fb5eeeb71f42a19a43d812557cc04d7ef5e5617920000000ab9a20b88996ad7f022c99c0a226a18c0e5d8203f44a00eae4d83f1eed940b6440000000c846001468e89c73430af50136f1efd904b34f2ecd22915eb222107418893ba6a12bd3906580f62ce36c0d046bfbe937acad6e9fd1d58ab103ac390e47213288 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0058bb499cb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73DEBA01-1D8F-11EF-A2CF-6EE901CCE9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000716347c11c651a46b7094339a0eb44f0000000000200000000001066000000010000200000002f91ad9dfa0adabaf93269b57b1899558d539cccf615261e56fae187494735f3000000000e800000000200002000000012044e54cdeb5c4fe2597b13b7cd1195abc1e5806e972868d8f5a3e5d1f0bb0a9000000075c2a7b3a467c938c92daad81ddc8ef8c8e81ee26af1f8c18cbef8dcffa264b7ca754109417e389ccfd48241a4540678b568ae08b208f25e9fd9853b14d1379a150833d3c37351b0acfa9f540395a282934ca5e0c40fd315203f57be01d0b93e7793d591d78e69d6cd419ea3ee6a7ca45f217453e1872358cab643b863eacf08d9bb2780a01ccef511b50ce0a013a11840000000216109d00b9e73d5cb6bf127615ad74471107ca182ee7de338c011cc8e6f2e2065182f29e1eda9afd61489df9bb68b5ed40a93a410c8ff0c1f97e0e08590fff0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2404 wrote to memory of 1028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 1028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 1028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 1028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffc5c8d352a55fb15ffe54c647d81db_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 163.181.154.233:443 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab11AF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1686.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440cfe239104540022180f6687dcb600 |
| SHA1 | 87f2d69fafb2647594aca9fb4bfddd3dade72ef5 |
| SHA256 | ef51f29988150a217d8c23c7f9ee7c8e5bd8632d6eee771d5de6ec96ad666b18 |
| SHA512 | 44eef4d605c253956b213e4badcb263094f4c226432516b83f3918267c14626cc48988f34cdff9e84f47e925abd0ad760d9fa30519a25f10a7f4f7b119918baa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ff5f65b22fe04b868fcb4bc29fe8eb |
| SHA1 | 8c29a96a7e46f5d8b3532c18f95ddc6c3e5739e5 |
| SHA256 | 62175cdb47d7ceb7b9a3e2412053319bd772b6b225c28d76f325f6c34b2325c9 |
| SHA512 | f4210443444f00ccfa94943b93291735e33098e8246f73b6acc4e09cc8ab901c23d310248e1142a9bef7e7a2a915815ce23cf436c316736b9b72b8f0405b6119 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f1b62b6aed88136b032a45dea4b2387 |
| SHA1 | 1dc69750c24000fbcd8a6232fece394be77d3fe9 |
| SHA256 | bbe2ae8b42bdf1b438711a5535d719846debd8031abc994b23f202bf96fa1ce2 |
| SHA512 | 509b8a9dcc34a7019a089f058e6bdf69a9f32d0ea07fcd4589a634bb35b0d62f3b817c5351b12eabd738cd88eb2697721925a6c5cf43e13dd05ea5ef9aa09f73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15d6112adef1c956a02c756534b0c752 |
| SHA1 | 5a1569b30ebab1fb8722897a4ef0ac2819be9a14 |
| SHA256 | c881acc948ea00bcc7baba46a718bb4fa77b701ead877b15776ba02e2fe02376 |
| SHA512 | df30540d02f33cd4fa6e94218598adbf9ac970bd4cc124cb70a9ba73b4883ac870d9ff0f02800d9c9b840884d5d5a228b9726da73bf9daff7765d95f02eadfe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4da150e665aa5acc7b0022f1a6ad7d71 |
| SHA1 | ddb510fb53d04638998e1455c48519333a35df78 |
| SHA256 | 89f44c6f1f01c067d9f4bb38f6c28c7e035d245e9b8faa45660e07490220eb4a |
| SHA512 | 560e3c9847ebcb2ef63aff44434f298618d6802c82f8b9c86e4ccf99cc2f39838cb1291cc6f3369ff19dde5087c004560e514a155dcd1d061a03bf1b2df54180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e24c35fcdae571b03ba3355389b6f04 |
| SHA1 | 99798f0f2bbacaa0d07f227da5739605ae69962a |
| SHA256 | 6337b2f0141c1948e820943a48162a1dedb84fb7e0cc4ae76b4f196b72ae430c |
| SHA512 | 33626b23a969c2d1f680372af8a722490df417efd4fe42cb9df58a5ba4050a3866f02b5c154708b1f86f33b1eef2345796e06463e5550d8906703f5f61ba8bfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9c094c264fbfd99742a33d19d20dece |
| SHA1 | b628de89aae49f7df6f3f83c8183726d3b721808 |
| SHA256 | a3c439f2a3f3ab5ea929e1cd72de11e5bcbef3e1b6fc99d5badc8b553d41e2e4 |
| SHA512 | a5f3a5b685cfd513197b2be1f06aa34ef1fdd90742ae56db4abe45cab0c4e392d69499a1c1e9d7fddfc485910ca54682392b5833e1ba2c740887101384feab0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b1ffc0ae9cb26b512c9767dc2dfb891 |
| SHA1 | 8fae4a3312f5a8d369371948695e6b4abc912083 |
| SHA256 | e6ac0e17b3bc39f81d566f288e7d07b4806065e5393ba2b531718ed4d40e451c |
| SHA512 | b88c8d98e84bc7fa3cd5cd28ddd2f1ce7a42dab5e4ea2f17a4ccb6c412407ac80ad28f77c90f3dd0097fd52092ff3495f70bbb08f789d3b4914f4cf3d259d921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 028934f58207d1a4553a729f5753ad98 |
| SHA1 | b52c4a01d4334ba8e0bcc1bb9d688844899f47ec |
| SHA256 | 65bce10bd95c1f0a643941732d95e3464237b9129c1ccb545d5f08e28746ff7f |
| SHA512 | 8343de8d50bf490db0d272b0d02ae7b4ae6936d832b1a2ef0c6ad832a91ac7e82899ce358da52fd36f93dfcfc5566c8bbba3dd8445e8a10d5419702feda72c59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 808eb47b638f683ae9c92bd3846b7387 |
| SHA1 | 9b46194e7f333c2cc570c9684da2cfbf9082abad |
| SHA256 | 142cd2153d6a672e898851f9f01f94938d51aa7846d1d5005e1e2cb95142c31f |
| SHA512 | ff38ff9cdebe64d8fb440128c45398a6285cd988ee8b474da7251fb67f6622196e75e3a71f4b8767b6cc6635788bc09f4e1f66691632f396bfb92b29659aba74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a28e5a2bfcfe53036eded5c94d471e34 |
| SHA1 | 9a4e7c933a4b114de884914383578166ee24f245 |
| SHA256 | 9fa56aa23a263296a955a43372a0b20a66ca0a986ac2cfcd639bf84c3b776200 |
| SHA512 | 87a0323b0cb38bd454df86585450ef2c68e7b644634a2e90d7495f20600534591bbeeddfd5229a3370f0d50dd7160929ea01b76ecb684c7b87a0594197b3bae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1e013d338f1ccdf76d6556efdd0b28a |
| SHA1 | 76ebf2d716562929b78c46224ac42895e303d04e |
| SHA256 | 1ab2add2be1036eb55482e1abc38f7a35754419e585ad73531d8918732f6188c |
| SHA512 | adb5bcf4b0e3c5d3530ec3199d73e2d43d6345585c9321d5bfa157d43f12904612651cdf467afd640f1981f4ccb91b52a05647e4ad8122b8bad417dc781c5420 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f541d52abdba35a21dbe7dba8ddce0 |
| SHA1 | 64683c72d976eeef4e5e446df03d3c10fcef797f |
| SHA256 | 8c73b07f1be9c2c3a03fb1f3210446cd10115163ae9f99407afaa7007d0393f5 |
| SHA512 | 0aae06958f7dbb5c846f694e271ea7de850b31cf501295e7030d9e0d16eb082f1c59cb28272ee4674da03a920c04b4e0f72fb2dea716aa9655c33b6d4565d76f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32398ef87f1b7a1985004333c5b7dbf3 |
| SHA1 | 7f8a0ec4ff0efd4734fb2d025e0abab26a4802cd |
| SHA256 | a3d88f3a57c1b9bd5cfd5169d91511edfbb3b10a0fd517c4bd67f52a1c430f3e |
| SHA512 | 4eb178e71e518b85f7beb3c01ab774c354e1f2af69873809cbb24f7e92e9eb42bb2ef51dbb0c3816b62d7be74b681828c5121f87547dd09c2bfbc9f329e5ae0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc7bf30c11a61a6acd43f14d8e72645 |
| SHA1 | 5304d55661292904d9ae524bdf18db597d2d0b41 |
| SHA256 | b4af9bb33f0b0234fc9f353e23e2e489bdca65926a1d401a8d07460b66032ba7 |
| SHA512 | fb461e380f661a7935116aab660f2bb2681c6ba5a1292eff33290c69b8c4e68171e1cc4fe26788595fb59c280e8ccf4a54ea08cf5850d02b4bc071c154914725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1678a112dfacb5b10ad4e14383f3e43 |
| SHA1 | 3fb02012c409367a7b0bee7fd55590043bcc62bf |
| SHA256 | a4ce7100460bbe2d02baa003c3e97839646d6d1bb7aefea864085e0ec9c9f6bb |
| SHA512 | 56c0baa061eddaeeb85c103731da0b64bd5cde22bad60de6f8f0f635f786c1875e67e7a51c4d7401d2a8fbdec068adfa81e0d888bb68a601eef85d354e9b02d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b645367e971dfae5e17bcb8ddedcc8a1 |
| SHA1 | 2d4ddd1d8f5dbf2b4cb4fc2fcadbb9d6b7acd281 |
| SHA256 | 2deb8ba289ac47e97c6c8169f0f1c2cec1fff266b4065e251e48f90fd198fd99 |
| SHA512 | 316fb8ef75fff21f4f00f2710e3dab813bd555e91bbaa1b8c25039a3498b6045c6642dbb39f0cfe7fb5334153f43c6cd3fda153597c53155f27453ae4332210f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba46a258caba88a805119c8c7ec8f97c |
| SHA1 | f0531e78d198e98f4e3acac5d454b59c7ef76d9a |
| SHA256 | 2d12adddcecee56fb43dafff7e37f67f4db64a6adf56eb12e8830822fe4bd171 |
| SHA512 | ad893a3470b54fc118589af78322c7cc0bbeafe003a5e98e6d192e5791e22a5552696e9c266af0358ddc23c26a60dfd3f2bea3b481649584646067f5c0e00267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2157e0e2d85b0a4deae340a7506dd3ec |
| SHA1 | a8be1117f65fca92666d94ea9f819820532f161c |
| SHA256 | 483c2066120bb5c1ee94e7285f2c1bde56765d1105b8294cd52515f436194939 |
| SHA512 | d96ab04ede2cb1e008b8e128472e933b3e6f526c18c7f5e341d0848d215deca241f89121d222ed739de3149baf189ad3fb7749ace23e003c27316d4b8228d882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cf692b38f99954f63e1eb0cddf9ccd7 |
| SHA1 | 407b1e15f42228a992b0ff16f2b055e4922bc7a4 |
| SHA256 | b98528d89e70326d97b92f0b4e809729a7861d9e484414e1648c81f93eaf126d |
| SHA512 | 67cb9296dd38c58f72bc8e9469563eaeb016b1192813dea1c95ec008d849e26b809463248143ee843e720c3c14c1c47dd846216869955f694f8175770367b485 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff39f23b5bbca852ba09f585ee4e1cfa |
| SHA1 | dcc0ea8dc79885f2a928c51993cfe3e9d6f170d0 |
| SHA256 | 17c54da704933c674289606b1ffecfd129699af55fa69c0ff0991a237938fe1c |
| SHA512 | 2c2a429ff1a9c17f97fd01bebca8bfabbac180fa9500e374b37abac58b2e6c5df991cb07f2524db15182bca78388d105e661731179842d39bc830fb57d31fdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10d80ec6a3bea7974cb27c24882767ce |
| SHA1 | 036c68fb940e1edc91585f9322b10c30ba881133 |
| SHA256 | 3947d2deac85f697e5dee994bb046ec7ec1f5e2350f47c8b6bc4a91a9f217220 |
| SHA512 | 0d8a9ea1e5ed74c880d167057c39fd6565917c1ab79703d4002caf446cccec176d72ffcba3a99b97c09989ef0a753b259c989bc2a6207674fe29f6b8830a747c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a196c0d790ad31c6a1dd26ac180cf606 |
| SHA1 | 4c6243411fa7a00004a1b16fab1bd44d6e7e8d10 |
| SHA256 | 0e9b94ef3ed3dadc59632547f6db98482548fa11706945942d9c9f58edf129ea |
| SHA512 | ccbb6d2b4ed1b4b44248b307f79b2e100af6fbf8b081f1c2d51ee4cc379cfd09ad3ec410e15e9f0fe24be72137596cc21b642a0b8cc4e4f64c769021aa691659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0e46db4eafcd01e0a77a16247ffcbbc |
| SHA1 | 61ab9927e00faa10d8f935b6c2b82fe394150a0c |
| SHA256 | 04aa481ed847fcee438ebc0d3ad864d4261a605602d60cd498f43a67aaf54133 |
| SHA512 | 7d8d3cce8f9c151e1afd11bf0309b3aaf41a5d9a606921c524776ce0d716cb027b509c79d7cbd6deb41733b7d34e4bd812231aba12d0fc8ebca996c040a63783 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:48
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffc5c8d352a55fb15ffe54c647d81db_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3157970582717553823,8906416784148157220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.228:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 104.166.160.229:445 | ia.51.la | tcp |
| GB | 104.166.160.226:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_3212_TFQTZSSKBLNECZMG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3dc17731c2c9434280a9a37feda67183 |
| SHA1 | bc20b8e65d4bdf874226bbfa23823641f6deaaa0 |
| SHA256 | 62fd679ad0381a8c1028dea4bd13240a93d4da83f215374890ad0763a8a931a5 |
| SHA512 | a79dc5c028fa530758a35fc67087001ccd8062c82aedf02a7452a901bbeaa255d96e0c501d1d81922a34f6cb4630021dd75df149fc2e5be7ba7d0b0fee2dd09a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd5440ddc79587104488d0733b7d4077 |
| SHA1 | 3506fa3fdb3d9dbc1fe7ffe3b0177d614dd63ce8 |
| SHA256 | a48d98db4c8afe5a5a272078c28988378da2a60f90dd057a234c10bc329e8c52 |
| SHA512 | 83602c360bc792186ef74f8ea697c5bd1aa6fd328efce680921df7e92a754cec9ef507b8a238c2bbc0a3b72d1908596632c7c489fb577f0c901c769b13669bd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6e80ef0e924ede113a26798b6edc258 |
| SHA1 | 08ad0b07d90805f1a18298f48771062452dec321 |
| SHA256 | 24426f6811c973480063c4f43ef5ca4f84e8735827cdedb851ef050f8e61617e |
| SHA512 | 5005e4e25a6710c8094738e75b9913190f142ed0613cfe51558857bb49ab394a7888650cb1e6aa1e5b1b2e36d2f1ee9e7066ffdcb1e7cf7640caffd94fff1d71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |