Analysis Overview
SHA256
e234d2047b72fbda07cb08ac5cb86317e8c2b2bfdfd67b988928c755de95ccc3
Threat Level: No (potentially) malicious behavior was detected
The file a3d489467dbb071fcb5e80ab01bfcc97_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win7-20231129-en
Max time kernel
121s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03FA7701-293E-11EF-8DE0-D691EE3F3902} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f75c875c285b14fa0849645fb34ec7d00000000020000000000106600000001000020000000e7eaf27499076512e1f771d1725876fe30f158be672b36a69454f674e4843d7a000000000e8000000002000020000000a41927d74cf44bd52a16a8bb96a1c97547da0be24095fd461445c624658c158e900000006eb9631e56b25bf604fcb30505028a3f913c01d46458275493785382c5fcb17fed68ff8fd18391e2814be3944586c879ddaf49518937eecca641606a3beaedf955769d2ace83f56fdabb975b29f02f191d23281707fa8a7999aa9fda6410f7241d06a26de5b844ddbe4af76eabe93fa8f49f7242e74e05c3728fcc1f61ab079caf9afe578ee186bbc7c2d5bb922761134000000031864ae982c1f12af526531c8d503304ca4fd78dc3deabcd8968a713cf69e9147330f3eb3adc630bb07aa0154671ac5de9f2e2f722ca6a57f0471bcf9081367c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b005a6f14abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f75c875c285b14fa0849645fb34ec7d00000000020000000000106600000001000020000000e164390d205db42c047ed54d8873c83a1d10a5f7e7b951dc6ed37e56b0379dda000000000e8000000002000020000000e8f0dd3080b98629f8454bb9f5e7266263b0035ec1e03f694ff939dfbb38892520000000477ef060b6596dc3a48b8d29543c6af88b5b3890971d940eff2861eea33b2b2f40000000102899bea6ac73dd0318891e9cb8beaccabe76097757618e36cde9fc88d51d2a7783527edefee0673dcd8aa5a0242a890fbb0956b95b8bc2d9b18dbe6c1b0524 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415048" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1848 wrote to memory of 1756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 1756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 1756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 1756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d489467dbb071fcb5e80ab01bfcc97_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dhl.com | udp |
| US | 8.8.8.8:53 | p.ebaystatic.com | udp |
| US | 8.8.8.8:53 | mimg.126.net | udp |
| US | 8.8.8.8:53 | img3.cache.netease.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | secure.wlxrs.com | udp |
| US | 8.8.8.8:53 | mimg.yeah.net | udp |
| US | 8.8.8.8:53 | l.yimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| BE | 104.68.92.229:80 | www.dhl.com | tcp |
| GB | 87.248.114.11:80 | l.yimg.com | tcp |
| BE | 23.55.97.144:80 | p.ebaystatic.com | tcp |
| BE | 104.68.92.229:80 | www.dhl.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| GB | 87.248.114.11:80 | l.yimg.com | tcp |
| BE | 23.55.97.144:80 | p.ebaystatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| BE | 23.55.97.144:443 | p.ebaystatic.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| US | 163.181.154.234:80 | img3.cache.netease.com | tcp |
| US | 163.181.154.234:80 | img3.cache.netease.com | tcp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| GB | 2.22.13.110:443 | secure.wlxrs.com | tcp |
| BE | 104.68.92.229:443 | www.dhl.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| CN | 111.124.200.204:80 | mimg.yeah.net | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCE1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 226bda52343ce3c277b22f2351688b32 |
| SHA1 | 5f7a55090ad90f0614ba0e2394ba32f23986cd4e |
| SHA256 | a12d16c5cb943cf0b7804c2272f62c5ffd250f506ce98e7f3f5ec6bc6a34b8aa |
| SHA512 | 3851a60c4b2ac0dc1d2e8212a37a62af60f13c1e54b7e4534089b64745a6003beaabd3fce6bab94dd4086edb39307f1753cdadc9a31d22d9a200997a396bb810 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7462beac6f8a74e13b496fa23c19e028 |
| SHA1 | 0c3bb1f9acb741c99478b62c302dd43ee5855900 |
| SHA256 | 12eb232a90ea70b9dd2167213f389a491387eab84a39d0967a98e92630555573 |
| SHA512 | 669fb666cd85014e17457dd5744843676b1e2c41162429136871deeb2b0fb7da2bbe32b2b6b4c9500885ab7d0d46eeac928d058991aa9045551fe929256f2af9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0629cae6399fafa358dceba85f2c87c6 |
| SHA1 | 3c5debe441a7676ebdd2ba978b733b67b8411be6 |
| SHA256 | b8236e2c13208d3215595afe0137746bc3e63fe188e23892e5e3a428b41e4cf1 |
| SHA512 | 936789c2290197670bf28047a020219cf0eab4c9d24498452c66a76e4825ea9b44741623447fdae824acfde7c3e0aafbe2ab50845329e7be1b840710f5876902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ff451ba1087c8c31723d19daf0a67c6 |
| SHA1 | bcfd9dfd0c6edc348004721618746b6dc40f5374 |
| SHA256 | f98a6fc768937e407b71a686990f5b0f1a714a8b88487efcf6de028c57b90c84 |
| SHA512 | a9fbd8ff5344932e9aa83163fa8323f892d41bdc8377a70b888740e28458aa7143e4d2bc8693baebbfec6fcb4a11a2334fa974bc493095c8044e3bc8d7bd5343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a40bb0ed9ba8884cf87c1436bb9ea9d |
| SHA1 | 53cb944a6a8f8bf7a41a3182572a29153670ef26 |
| SHA256 | 7da8213a81d56a2817fe5afde1ffdcf00feda7328c2031473d66c9299a133c6a |
| SHA512 | de1f2d30911ea3a418c8c8ea312b38fe548b7b21acb21fca49cb928eec2cc9d9b4dc7dc5f3c135574e4e1218a9379abcbc5d3c806be7f7886c40b936fc357ae1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd7e449d8019884938130d6061e9ff64 |
| SHA1 | 63d28d7dc16e55b2df9a8f454831f08ece49e40f |
| SHA256 | 1928354af1f3e63a6f65fd39f384dc3640bfe52c66195501bb0d6532a03a1eda |
| SHA512 | e057174ef1529664cfc89d3e4ada877eef13c82a3b91e5baf7dcd9a33750e3c01734d8ce8fe834ec1f1bac51017134c293b14d7b7d192c51816c2641c5a5d917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa08bc45ad0243effdd27f7e27c31fd |
| SHA1 | eb2bbcc8385ec8d1aa4a7b33ff9c5d350bcc3e5f |
| SHA256 | 36b61b5b77face717ccbbbad9040f68475fade297ba968f48c95cd66e692e60b |
| SHA512 | 60641d837916091f45f19180280c85666684e1aafbb135cac0adbc76bc7ca9cb551c8c0f1b85edc32b4d8b55a6cedb6ac94d589df6a5f5e1d5f2404551f7769b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2face329f022d448c1a0e1a7b555204 |
| SHA1 | 86946f2e1e5b83f6d865d83a85ab8fc2dded6bb1 |
| SHA256 | ee74a8a42af667340780ce287dfbdeb35203b26d40748daf3cf97aec02e3f474 |
| SHA512 | 4ee50de0fb0aa634ca8af6753a3f29a00abcc55db9e822867bbe753b199fb1d1d393f1d65eec85e55b58dc8577a038a8722188cbe0966908f783534b272e0fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd7609aa564c0a3dff58649ba463f906 |
| SHA1 | c2b68cc0e791b5adf51fe263415de43f28e8978e |
| SHA256 | 2660fe5c30014a25def0fa05a78590df7641034fcfbf5f932d380dde0a52a9a1 |
| SHA512 | b19292c0cd5a21d55a241983853c9fb4833d33bf092a212920f52d2e6576de6baae2bed7089f8e79ec1cd4bf90f8784ffbc686ac850c0aa54833b21d8f63fc10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0be9cc97b47ed79b4d9824b28dc73cef |
| SHA1 | 267f6d79eb6284e8ed4fd818f412eea340c83cec |
| SHA256 | 4dcbe4d65ca9d1621c98f5df247ff0d2cd3cb26eeb26d1d036d7d85e15db4f8f |
| SHA512 | 1c86c0ae51be0922e29ae851e526d3dd6ab64b082ddc61ce8b325bec720532343dfd97d651d1f8e3e6663fcf9dfc0a0aa14131b94e4d546a975bd9e0a9fe32ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08cdd24fd9b95889d72b560d8ed83538 |
| SHA1 | ce00d466b5f50896241501993475865e0df78088 |
| SHA256 | 95a0d156d5875f9d9bb73f09fd0110a859069d1e714d452c3ee4fd0b55fe737d |
| SHA512 | fb3ce70b7e5b919c39d092afb6cec78637c6c5d0a0d6c7434b04a5e8721804ebb4529629e6c59c9f437321c71fcc82c84a116aa4f61106b7cdb46e9e0b3b1e8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ec47f205c4b8a6269814fed5037d228 |
| SHA1 | a590d9417f1f0bb2adc502d86bc57d6168300a5a |
| SHA256 | 3e235e8a7200cf4161799185f734f44eb7b55707a3672c6a762365bdc8a81ee5 |
| SHA512 | 435069b97305eddb84894afc4058a342a92b247519db33c87c23df98421a68c830a24ec0d3ced1ac67e40e6aae99ca3e952a09e8a2f2368681cd3e49f7439996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1309c1755893d46afce7126a4106c864 |
| SHA1 | 5c742f60723635ae3b85ef2de5eb1290eaf4270e |
| SHA256 | fb189416af594acd82b056c2d87bb338045eb2493f89be9d48509c88b33b6496 |
| SHA512 | 91d82111e8860ef7812bdf690a90a74bece0755b0709c43488e76e4a5e5bee41ab495bfedb4720e79696af0cee69173505dc2e1a1a5df11cd6c7019c15cfe66b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 632557a92e8e52861490ff292e66680e |
| SHA1 | 8edca93abf8d3fc376f8508881b0c57b70a50b54 |
| SHA256 | d5b162eabfeac5b6b65f2ea7435a308be08f8c15e53b6868fc7c147f882b1ad2 |
| SHA512 | 666834463668c5fab6210780aaf93ffe228eb626df45ebfd8419e79cbbc81aacf350ae0284584968ea3d08d4a8153269049b3ef2bc5e5376908a973293c51631 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7565c25330454cd852cf3ef226c7c906 |
| SHA1 | cbb9a5e967fe979708c3cd8895fc606d9972dc03 |
| SHA256 | deb08fd2976e988c8b75f6edb239400efc5ac08b0cc95d06b3f64d7dbe45d745 |
| SHA512 | 3a84ab23981498fbcd5d9d69601b30e8ffaa2b08e343737060958ca5fd9a7fb83728ae761c68e080ea097ce7fb554b33cc3cb63b2fc720367dabde875fb7a86c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb12251d8fb07ba3dd1cfb56985803fe |
| SHA1 | d6794275b768f815696b325cb8c0e481cb014815 |
| SHA256 | 1d4171f77abd1225417a35f2bee99c1f189d28612565e8a6856baada902078d9 |
| SHA512 | 36821cb7e98be986ac7fa93d07df2d5a1a233ba71931a257125219f57bafc4d8d9589657c8a97bc60b26628c34f3a77c5a133d07272c75d090d4200f8950b2b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31114b600aa4cdda55b45e617ce4fa21 |
| SHA1 | 50d9aefa0af7c1df3ffb9e8f01d9e5941eb7e8a7 |
| SHA256 | e9ef9aea7b6b3ca782139aa0ea2c598ede32935f3ba0fec64b0c4fb1299b370a |
| SHA512 | 994401b45b520acf46d5e4aba513b2eb48d4a55c8c454c109a9605f3cb3736f276c6f32c76891ed347b9114f3b13815cfdaced27cd7bd98e2bab694233bc9aea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88b3fd71197d0af3c351af13843f76f4 |
| SHA1 | 7fc56088ecc04d1d6480e614c71a1ab70e7f35c8 |
| SHA256 | be957956a17f1802b3cc039885065c4e32e9ca4545d023b68d56bd27b2204061 |
| SHA512 | c815df3b4acd11d25900feab49ef48ee16b7faa6962c6ddae526462f5efd055bc743a750adbef40eb7e5fd2f93bb534e6d22e81a6d291d2cb518c3fd9d3e0e0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2078232be3be0d0417c979b381f1f685 |
| SHA1 | 4a43d27ce836d4c43a84ffb687cd342489638708 |
| SHA256 | ebcce1809d1ebcdc23e44b0349f0402cf258b2a7cb79b4b8913e0a9207910058 |
| SHA512 | afdd663470f8d3e4120f808aa2681c10d4030b668cbb98fc57b14d9855285da071d15066d7f66e4c4727e1cd02d0d76edad47565064c93f9adf3180da37863ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85c467290030934bd0f286d2c6f7fb27 |
| SHA1 | 9eaeed39d25673c35ba5f61307eae72ed6816310 |
| SHA256 | 1e14d3e590cdaafce3ded88cc4c52e4e6486878a9ed1cd392b11f877f6d44d55 |
| SHA512 | 323b4990b6ceebcde0a52f72f17253c87a44b9c2773ba6a4dc21335cf392f0dcf5a9ab2ec748a425a0ec6a71688e4661a762b1303d5f440e14e89e37153fd377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27a586cb3ade1a7afdd4a6c8bc73b8e4 |
| SHA1 | cb9f86d7e6043a7bed3891f391af518597387ffb |
| SHA256 | 236d49120f0788072a7ad152cc19bb8d2c25bca8a39668ac5ac2d646d91ae9b5 |
| SHA512 | 2351558df51efccb1510499a671867f216f6e7a31488ac273efb18dcec51e8f5bf850323d7c54ce04bb9211accb1ece56916d43ceba1760b858c32003e75b422 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d489467dbb071fcb5e80ab01bfcc97_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6136417136544373199,14801418996185733878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | l.yimg.com | udp |
| US | 8.8.8.8:53 | mimg.yeah.net | udp |
| US | 8.8.8.8:53 | secure.wlxrs.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img3.cache.netease.com | udp |
| US | 8.8.8.8:53 | p.ebaystatic.com | udp |
| US | 8.8.8.8:53 | www.dhl.com | udp |
| US | 8.8.8.8:53 | mimg.126.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.dhl.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4732_NNGGICXGCPFGWAXR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec933bd6e06372309f9ff588cf47c327 |
| SHA1 | 6f70f2339f020c3ad8096fc5229275a9a611fa07 |
| SHA256 | cb2a27c5573e16b02fbc2e8a5b042c225d6d612897a16ec301a454c52fe5d15b |
| SHA512 | d459537f0e37d37e59a43439bc6a283f414e79873461663b44c6f1bdf01ee4558de6793083f12ba58608c1cf21e8b86f370d43a88a925ad6c210f951c30a04f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 317fdd7722a404ef239eb204491ffdd9 |
| SHA1 | 02411e9d2cf8da243088f04231300c59914cc065 |
| SHA256 | e2d7eefb12cd56cfffb5470514494961d9c3d9c51a653e182fcb61f06ab703a3 |
| SHA512 | 1135e7a5411609df9eaeb7b49e7494d607bfd4e7bd58ecec2476c98e27a0e8f8d543a7b986f9e1cdfed9f6a9bcfd19d9aea7cbdc0db04618f14b9ca8ce03b7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db25b9f44e00317a44a21105ba497cbf |
| SHA1 | 6eed9c894d09f12bede4674975cc26b98a54c2f7 |
| SHA256 | ffebc17183bb6947e3c30054bba87a3312f20067b503150a9ee4837bed4cf3c2 |
| SHA512 | a8a1b869eae6f5821312fe20838b44c1b1937364c74b5df0fedd64c3df78b67e4c8a9b4d8bf8834ec7af29e51669ba03ab0cc5acf1a2d5fafe9e75746647b6d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |