Analysis Overview
SHA256
f12ef1bb9d57947cda0f2d69584f14a2022af4207993df9a1d6073aad8d2d4ba
Threat Level: No (potentially) malicious behavior was detected
The file 804543903132832a7013392c515957c6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:34
Platform
win7-20231129-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003ee6d76363fecc40ab60b5c4191981e900000000020000000000106600000001000020000000c07d39f17f28c6916f49b81a7c2823b454bda4ae4a13a286b22461c6d80695b1000000000e80000000020000200000006b1743aa42a2aa9e4153c47499e5053ea7b89538472df54c7c645e897f6b340790000000c97ae1c126000bd7e6d4e6d6bf2284f67da85b51be677ecb08dcc1734f03fbe9dfb662887f117a8204ab3f1737b2812b6eda446a5479c7dab1ca20364ab320e7a29870a2a1533cc2089a58944a34aea7e37b02224758730c314f90c1241e28f2f943c3427f921ec485d88ce10653e04ac35edd99c465a649475a2105d242304c16d3d2ef8fae898269ad941c011a009b40000000bf35f2982ac8ca7f9ddcd4313ac74d6f6991e73a8af8ee474a65c3959868cd1684a1a4f41ffc90f3bcc14d1f6e8dac0f30a785314a8fc11c11c3b1a9a5d8e7c2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C2B5DC1-1D9E-11EF-8A74-66F723737CE2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d001d510abb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003ee6d76363fecc40ab60b5c4191981e9000000000200000000001066000000010000200000000ab4d3a829745664ce325d04b0988adbe463a57a7203d8982909d97a05ae5b2b000000000e800000000200002000000099b2efd3660d771f962a28b3b2b99ab0be53f0c3295fdabd54a330ef35f2549520000000f2ea00a0db99aec5f1079ad3c74665b0be4fcba923a803532414321cd2cea232400000006909ee4b5318b4d717aa0472d617ccee5b565368d2a56d841be558222500c5003d51cee0cb7f873f4042e576c3a5481ddfde61aec8025a672102cf5ee8a7def2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136959" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1964 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\804543903132832a7013392c515957c6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.113:80 | www.bing.com | tcp |
| NL | 23.62.61.113:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A5A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e792a7455bc47c429cc59a2c8a840299 |
| SHA1 | 43733d9474af6f6600b590b475d25e775430966e |
| SHA256 | 01fa2ead2c99cfa2cb0ddf7ca74cf042b13ea50a26688418c465d8449f6bff23 |
| SHA512 | b8679571b1fd3e4a4e2888eda92792afdc4884eb1e202becd35634d113c43f2bade3b5ff1eb4bed9faa86d4f551a0cc598a66c9027ba6973955e2d82bacc7f70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fce0e249b8e39693a5fff5f88579a65b |
| SHA1 | b34c08a8e79664abcffdbcd56c65724085f149ec |
| SHA256 | 397a07b1f4724e79e7bcd3af0d0d184d77c7651fd5de1c8a5d7c266624793ea1 |
| SHA512 | 4df87072a3e6dd33d22760d04088e40532bfebd0e03330c51b9ba366b543f17c1902b10c604b89dd6dc263ac38d30d5e3f6f1d1796fc30ab2da68e9eaf0aa3c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 646b64de23826c781bd696cc6b8819ac |
| SHA1 | cdac103406f1f2913940e3b01baee80714dc0dd5 |
| SHA256 | c439eac93cc0e829e67f309f25a0cbf9788916f8d2d4a5ada7a13bb3c67d6c22 |
| SHA512 | f03e288ebe90dc7dd7bba3d0a282227ddca7433b8e5829c5353f05d503584acabbeaed89e2a15d2db62bb4e9eaf26ba11ca1b1407fb73901ce748802639e554f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a47ff489e1b6e4d3b61e724b2232384 |
| SHA1 | 769a96c0839347ec2b357b082724ed4cfb02aff6 |
| SHA256 | b1dccd6b5da6458590e017280cf4483a49c38cc0cc53887d9d9c143b1f1a2509 |
| SHA512 | 519c878340034c665e0c1d9473ad46a5142309875c5f33b20adf4a5567609debb5fa1c05429a4821cdfbf7fc632f77494f508c8d6086aceee4657213392e6f96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26830df8c3535609cd3fad5f392ab249 |
| SHA1 | 9f6ff16836141ac58b006ef00e285a7d6d742bc2 |
| SHA256 | 735bfd29c6f136f3be57ea19a75bedaaba9a5f9cf2b6921b8d17b7821c33b020 |
| SHA512 | 31659c09f0df3f41843a6d80472f1a72ce0749f16f76bf70a83dc6aa8dd47ecb30d0285789e457139cd400621c1eb51611c85c0fc23efed90c673831616c2db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb6c5d2fd94c33b2323e2594545c3a2a |
| SHA1 | 2782f24a8130f215f7d54bc4dd92679207a1b86c |
| SHA256 | 6bef06a2df6ea36c3ea24b14cf31ca385a4692ddb9bc0d39f89440964d199b08 |
| SHA512 | 34d9904c0aebcbe56d98d075c75960bf1ae3c5bb96bb5b3b963d7a29c3eb2bb3f4cef1d4afad09bbdc01280b1ff6c17d3b309e80a6b25af4f7ab8e4848385c33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c17fba96dd3f2f580cc915a8182b8306 |
| SHA1 | 3308f7ded690c1416576770e98f2f7b8b7c9ae43 |
| SHA256 | b134c105d731e08030aabbf262cfc2340b40a22d715b581d7f8ec89e5407c823 |
| SHA512 | 1a605000a54df03d8b2250ee974295a2bb0a083147cb99eb15d80d381fb4981b2db8a6eb6bdca0e13497df9a87b3479d676b5390827cafd233f7cec839068169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2135d52628c7cde75b4240a20692fd6a |
| SHA1 | 22da228484dc0fc57f55885d34fb52722b314b09 |
| SHA256 | d5cee902e9df0e32621d12e61230a1a170eb1581266c0195122b09d2bbd09611 |
| SHA512 | 297aebf4d4f7b55dfcb8f27320739cc5cc1e7cee52089e9938fd4ab2d4a48fa0a0d7b0e085844b2efe90899dd392b51a5305c8e60bd04ca81d215c106187ab87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6866384f17a8eb6d7c3782103c433354 |
| SHA1 | fc45b4233ccff712465f8a38144900e42ac4deea |
| SHA256 | 29a037b907557a7bd644e547ce3b8b0c88d9547984e359cfd323e39869d075f1 |
| SHA512 | e35eaf583d6ad31a46df53b8e4387a7b3a51305425ed7517b506939b5e5591b04dfa70675b5fc38a92ee696e327db3897751b9e435cca0b9aee80006407b71a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1cc3fc2cace3e0d48dc9e29b93319a9 |
| SHA1 | e042c4ce48e73fe8cb9e49c8ba1d1e029ba78baa |
| SHA256 | bbe3c5d47bac64b90ec37fc65c037d771cf1d61b12f5e8ed9cf5cdd4d5393d59 |
| SHA512 | 1d840156f4d1e1e5ea3703e8f5b4f489f6c03d460d0064542e2923b64b25ba44c37b1fd26fa2cb8227e947a903ef1467cb56a7270c959cc353a7c18940864a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faea0eddbd82ac726cd35ed69de762e5 |
| SHA1 | 0d3634bb76222678ff9a7ce7bb29d4d05884f4e5 |
| SHA256 | 77fdedb36a04b8f60c6c49c9d102a0466cf84c725e6ac4f9812441c506e0490b |
| SHA512 | c665e53cd0286ffcb04a6545e7ad7bf0d3597b9c8d2ba4a24c0984985699bd8027ee60fdf759bf73ab39201c30e3c3920fca0f67b8922879256015eafab6570a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a20333a6c3194eb072f9f146dd22c550 |
| SHA1 | 2baf38893784c3a6c159921bc11b5ddd1f3655c6 |
| SHA256 | f2b405fdc7105f36dbdc2081e8eb0a31427d264eaecb6fe00737f57b37e0af67 |
| SHA512 | ab78b100e29d9cf46c2f3bb4e3561376718558e1a51b88a187c8215edc076a9c18d9fe0119408457defc7391f2ee571c0ea25fd711e1fe0086552b1d7dfb12ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cd1c650a713b1d2adf492ccd07db788 |
| SHA1 | 842692632601bedf1a18971f37d9fa8f9837c417 |
| SHA256 | 9e6b22e3150f9f59c892f5a0d7617884c48d59bf51b25839ff2a491b4eabf40c |
| SHA512 | c3cb964ecd00ccd784ef6db4942f84ef4ef1d00bdcf7ee3f1ea9f018bb68619aba9dc13ba812cbe33f681ebf89b5928be3398adb8951f4c1e47f88c910a0f402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42774d0477ec68e211d40a6b1cb3d8ae |
| SHA1 | 6f3d6a9f300948ed31feec9415be268af9ffc695 |
| SHA256 | 4bcfa4919f84192ad799885d7050f69fef8e6797e5dc6b08c078da86b4706630 |
| SHA512 | aeacb73a75da399f23e528cd1e70c6112ac4b793036b18dd688ee40bafad7ddd6c68d9c4061b9e082fa9af92f1bfe316491bc3bd225bdf8e7691375ce22651ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7db98266b3773a7d070bd1b0142648b |
| SHA1 | 8680765abc7dfe58ae271f63df063e45da9e0a40 |
| SHA256 | ae8e5529b25d3e403c753beedeacae33c23d16ec6a7909bf4d9c33b941a8cc8b |
| SHA512 | 347cafe1feea3829257a6b2fac7388d2a49501e23f6e3d80e9a54ca76810654f3473fc19ca6ff259312ab4a870e489ba5483b63383e4f30db60d2db2f833b329 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffa8b2bcb847931d3f477ed52eb5a082 |
| SHA1 | ddbe4d6c79d0eb1ffd55820402940f200de03792 |
| SHA256 | 831b6bff6c8eaa8ce2feb919a5cfce28ae8bcb47a57c37ac1cc3fcd62ec6bbe2 |
| SHA512 | da4a51df4a4595798cdecbc5e05cdf6d381ebcda2e68e9940deb4b70a99901c40df1a38b1326de9c16caed17c09eace2cc7ed818186e7c7e8f9913add89408c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49659716eaae283145f2ab3fa65d2ce6 |
| SHA1 | 35c1a4408048bee9f0096f9ffde540f0f831fc6c |
| SHA256 | c6fe1b1b4da12ea3eefcfcad91da01ba55bc04c4468166ef26070f058fc49aeb |
| SHA512 | b5ed87618c95b5544d72c7ff085c13e722b1a527ea29724bc9b0881125bc20b51fe15557288b18c20e8675f2a6f81148954503884981285ca24be2cd26ba7daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d18c80a46e016e7d90938e347e0cc31d |
| SHA1 | 7b5e365611eefa0877e46f03c9eeab0d023fbe62 |
| SHA256 | b3d34d2ef05b4e5a2eff671b4224b8bdfae92a73166387f425463db531923b34 |
| SHA512 | c969f839d3965eabc917603e564fd2a955b6000ea311d26a6c93cae3519032b1bd31fb19f2806d3167b4982b51ada9092ce53e868525736dbc6172c5eafca31e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ef7c90613b304b1cb15d31c11f7f016 |
| SHA1 | e38bbff984bf75636d77040206b663c8fadbe2dc |
| SHA256 | 45a099295deded04fd56f21cc0cd504e26f6958b9872d6d2d69fdd809bcd4661 |
| SHA512 | 6a728019b3ffc6bdf6f083cb9775a7223d35b3a7a97494f98b5a14f43bb1999a850eb66258b4dc404190a19fdf9137c1dca766b4bf86fff543a979ee39ab6b95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66f8ab29dd8423f07b5754f72928efb9 |
| SHA1 | 6b326ee41acec9cf39ca2d99700bb39f40aa3d1d |
| SHA256 | 03d94a0a93a2ca1c753422f53c38d958358a9704f8ae7262284f0566ee4b960d |
| SHA512 | 4d711f8e10dbd587d153db2b81b6f1cef64893cb604b84a1de137271636437cb00f52223cf0197d76c604cf020bc75c94ea91cd40c3990db5c72d9243dfe034e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c10187858a98c05988f6537a051f7ae |
| SHA1 | 7d665d5b18ae90e855fac527000416ebbc0527f0 |
| SHA256 | 0055d6de28032803d2100619f6b151831ab9012f0eb97c81a4134aae5fd121d2 |
| SHA512 | b08828ba00c5876c6a54670fe77f257bc7e1e78b45be7d5d3ba0d0ef73b2ac5ed6680938721c722b155f55a8bd1fd4727794feb0f26d1c1270a43bb4a277ff9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab047058d9cc983c09612d43ae4ca747 |
| SHA1 | bc315122e86e00b652a7c655aa09b1028c362dd8 |
| SHA256 | 4056ea9fd1fe3a08e99597649d17c9651cec9cba7fd95892f95d601ac0718933 |
| SHA512 | b44d2681b9524fb5fa18144b5229e4fa7fec32e61d94fea5331c5bac504b0ec8b422352c7e60719a56eaef47032b4304764612ce22d8455f91cee84948a58e80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8ec00c164b76b89c6c21f955e382ac6 |
| SHA1 | 65dbeb910d156212ca045551938902ab64f4bc0e |
| SHA256 | 39badb7074d2f9714a37f7e3f110a3ec82b12c3b21e4ef08b7641082d5878956 |
| SHA512 | a6047dcefdf817916193e025fcda2bbcb6ba41f0ac14fd88836ed99fceecb7d11a04375aa58dc71975016e5265e8ec2b430ba5b7808068d86b3ea3cf2a1ab268 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:34
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804543903132832a7013392c515957c6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe730346f8,0x7ffe73034708,0x7ffe73034718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14346364238361994156,10877132723865414260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | deepseafishingforum.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3268_VSPXDTYQEWMYWLIJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e8dea4194817e40ac82e5b9d987f8f8 |
| SHA1 | d4ba4ac5c81eedb40d69466db3f3a9304a56c67f |
| SHA256 | ff14fdfee9c5cf85e6c9564c19ce03b521be14ee58f8a8e6219bb52c498090f5 |
| SHA512 | c31e9d22fc460a99d7127793fafe1af99e5098d2f56585c551570626dad16441be83a9cda259a5e36e210971f1c37633d1ad7cfcb9d5b102d68bcdc5028354c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0a0dc1d9cdbc1d7a40b238f0893f7a4 |
| SHA1 | 2edf77353730dd4ca5c883482d171fdfef87744b |
| SHA256 | ff6741fb174fe15f34637461bfd6b5fc98f18b3586b59fe9e57694e91dda014a |
| SHA512 | a40e2a7b0dd03d26400a751cfc7e0c8606a5b8e711640b59ce67d4b48e0e81bfcaf7dc126783d0950ee893ab4c1d5d010a623634ecc2e9a8af7dbe8d5bdec977 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3001d572896557b071659578ad9d8a61 |
| SHA1 | a027981150c90229de1596ed9916c4a5eb42e86c |
| SHA256 | 2edf1590f9a1d78a960cedc9b47df384e8702656839f03f85bf34ed7444094cd |
| SHA512 | 17e4a436ff053f84e0b76280d31695768ede7fa169c6ddc8315e9e5f8b85a354467cf83346d8859373a991d5514984ea3dd89f75ffe2b3330ba8f6928b423a91 |