Analysis Overview
SHA256
a34b547458b2f448b7f9c50bb49d3b3279599ca03e6715e2a6e73459d59489ee
Threat Level: No (potentially) malicious behavior was detected
The file a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:26
Reported
2024-06-13 06:29
Platform
win7-20240221-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFC18341-294D-11EF-9267-5267BFD3BAD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421886" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2940 wrote to memory of 1032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 1032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 1032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 1032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | www.cf0.60fn.loan | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC12.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD05.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a28db35d12d33d6feddc4991bf025f |
| SHA1 | 9ab5a75bb78ccdf86c891bdbfb8b961857772690 |
| SHA256 | fe5ac973993f3ed729f7eede4d6e9684a0ae7a78adf7cfeda0118ae669ad4ae8 |
| SHA512 | 725af0e28918fe8c1c6613d8b55d2af86992d107a1589ca6ab11c37a390742986e89ab63496323536f225b6381e3eb88c9078ad88c96fad5c089406fad5a6832 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63b895cbe17bd948418295c1f76abe86 |
| SHA1 | a1662bdabe09e17d79f65c3b5510e6c458f204f8 |
| SHA256 | 356aeb60a5cd71027420d900c6dc871d31b359f912e824642bd2a8ea84902a1a |
| SHA512 | a3cac602dcfec74524c4fb37d88582e0148864c5d5eb61a0cdb7a9463f59d08c97ce1cca8965805c9949ed7ff17c0a262d7fe99f2a949ec8512ae85c60586584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37007c99124a5b40ceabffdb0c648a99 |
| SHA1 | a296a502b9573bf6a7b47b2fda57559b228ae79f |
| SHA256 | 738ecf84c6fbe47c20841e712257575a20190a1b79a27effcdf4bd4abf0d2d0e |
| SHA512 | 1f17b2fd958a2a917205b164201fe39feed9b01c22cdf23e5874b749e3baf0aaac2fc04a94d9ed4c7cb930f2f612067d690d682a93db032876c5587e80d0bb2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7b5d1638dd9b886981e3ac15bfb48db |
| SHA1 | df4cfc2d3a5729781216b49e24cfe093076ce006 |
| SHA256 | 0ed1e7875952b6911b31d3e187a3365960dc0044da7bf8526cbb62026ec1d201 |
| SHA512 | 1ce8043734b777edbb634737740a30170bc7c02b0becc2718e209a60e04d19e6d67b3674abe7218f224ba1d231287210398daef3e556ec1412469a78b863b210 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dda733fb96560c0eff3a2baadb3133b |
| SHA1 | 0b4aeecf369a8bfe0f6d7d636fe800895229f0ee |
| SHA256 | 43dcbd3386ee56b3430e5f62dcfb875d16f66523a5870f0dc82e6823eded80cf |
| SHA512 | a6246e1c8d358528aba9320827fffa3df60b445851f54d236a1a59f3464e96654a4b285a90c09ef27ff290bb778c5155bc2dc03c6f637368244c66c62dfe0ca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 983f7de5fab1bef0659c473a586996a0 |
| SHA1 | 4552fac8f344e0512ffe8ca0a3b8954e13939b5c |
| SHA256 | 885faad7feef76f768617033a9650c21bfa9330ff141008fbc4b9075ea0307ce |
| SHA512 | fa1a1e9b5c400d1bbac5a200e970c2fd3b2f71011db6c61a285abfe512a35edf149238eeba61709d0dd3e6c1df57bae9c29b21af85798fec162c948a77e38a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06935ee61faab436f11a800d1fafcb89 |
| SHA1 | 4eb0e2630a9cd06fd079ebdc845d1ed7c696fc74 |
| SHA256 | ad15bcbb40fc0aaaa4670e41e37696a2f7cb7cdf8fc1dec64a289ef2cc7e5347 |
| SHA512 | 2c8c9e2535a0548fd70b15817ba431bcb9e69fa313a4e3c8daf0a11df09ada93a1fec9c8db92f7c091e5cb9c2bba3592129c1eaa268ef483dc4438a0c9736e34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9acb2d59c0d665f80825e7674b1d2e8e |
| SHA1 | 47358272813c37ae57690e56800bf0842291b7ae |
| SHA256 | f31ab3ae70dab489a7d5be5e690ea9094c942fba18c955fca5a802221680f762 |
| SHA512 | 90d7264c6417db0b308a0e7c383b603c5c3b4bfed0587cc4794340fd396853c7e32d0b7e73de714e5692a6f5c36b55538834376f7e60d922994ca4304801aa98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5de8fed60a8516c7331a33bcfd34aebc |
| SHA1 | 021727e3a8d1e390d71c68aeb7a85be910cc69e8 |
| SHA256 | ca7f1fbc4db7e94e9d8f0918d67020b372ca4ce7973a8a421edb28a23a67f8b0 |
| SHA512 | 73055b463aa0defa4d05fb41011b021cefecb6a0527264e582a8775e906abf4dd161f94c66b975c87b3824695abcc4b7d896575c9de4e6a00f4b15e35206e01d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d1a6591b0163d9942f03f959e0ad80 |
| SHA1 | 15a82206305b10000469e036063839c700a16914 |
| SHA256 | 5d6e861d8b64a5bbe33953b3ea3554c82bf6658064875a942f2dcbbcda1e5d97 |
| SHA512 | 69e61f06c5e57879b9e5ca48ac7712ae3bd3f9b4052025d97fac86e573e76b4d08cfd6efc60f29eae9c9ed9e97fe3958598853d6f78e227593794faee0543dfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2daf493bc0f31be1bf06585db665d22d |
| SHA1 | 2036b027ac51f5956af405c8579c598867c3e4f3 |
| SHA256 | 7e05b82a4685c586e062abfc74bd2f726818a292dba714393f43bf84c44b6de9 |
| SHA512 | e8ede0143625fd254508f3c3829414fc3c0dceaace994cc4943228ce0a600d6d87762a848c49132b64ca46f6fb0ab7d145d6890566463adf5407e7216f1918bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f69015f630ca525f4b3c0646abdf8c8 |
| SHA1 | 3460dbb672f0037f66007ac2bc77c32c1e08350c |
| SHA256 | 77d16957bfd32357418103b784b8e7423b9c76ffe0e0afa458886d89c9e1e76b |
| SHA512 | 7ca76d0d4e90e10f203ebf8b0a21c95b54b3cc1be308d5e2f5b3aec809b8420287c47ab4eb3a87a91e79b56682a6bd82a72eb25d5a21b637bd103b6be0fcdc5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b895546e62a0bfb159daa93178b1421 |
| SHA1 | 7e88a593fbf6d2fbe51216b923957930f6450e43 |
| SHA256 | 6140cfc85671be853ab7d0605795ab03abdb3ea2aa9e69049c8873519492fbb3 |
| SHA512 | b84b03a380b4ab7377a0fe99e9395361a0115a68299f17332ca00c8900eceff757e107f5dd135f664ac115d9cdb1ada1a60c52f5afc6c75fbffba6022aec6055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d56d876162d8bf4bf9f3f38043993e43 |
| SHA1 | 618d79fe746902f127a9d21aa9874082751808a2 |
| SHA256 | 007063e6ba4ebe3c0540231cc7bd170b7ba21276de7d2db6e088f75ec6bde5a4 |
| SHA512 | 6552e5ef3b5aa5085faa298158b4ebb4e1e88a0713df749651613004be1d78add3a94336278c42aa8a993280c17fef339a1c4736a09db63bd8654d3bc7e96cfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d6a26ff42c970fd0b4f2c657e5f2ede |
| SHA1 | 38d733eb121c67cee13b005139ad44ab7964a3b9 |
| SHA256 | 1d17d1f2017715a3154c71edadea77594eb9c2417f263fb018f481d99983385d |
| SHA512 | cfe77e2047df16753544588266db319c650396d515b9b83d1ad169d1b1a2614a4be066e34ee65f9e83c28cacbaf4f7217f032654fd7294038a81af4df70bdbac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a517a2ade744723251a99919ce3be77d |
| SHA1 | 9f8ed529f4047f3bf1e0937ae39b20ccc96e746e |
| SHA256 | 723849fc612f3953617a61d5eee0f3d554c1fb7f333e471f29337d15eed926cd |
| SHA512 | 5e601a343ab03b33ef66d4cbfc8d9363b8eb333b1771849fe5391acd2a67ba4eebd687a13bde988f6140c62ea52a3484b4178422d796bef777955d2a6ee00551 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9fea8edee41ff751270281ca5977168 |
| SHA1 | 612fd31761fc0a2d181af654c6af581733e91a22 |
| SHA256 | 1e35f72599953500ff12328a7fc0e4e744ec65a4e96923493b25403ddd9f06d3 |
| SHA512 | 66d33c56469059ac46ee0d99f43a87f2ffd68831cc3b0aa2928000e00afd9736f51a49793b17b16d4f4a2564e8cf6ef1df4184b4759badf97983655977b73990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e4c087c167ce0b3d923a73389452093 |
| SHA1 | 26f72efc08b28babe6dbc983737077e21dcf8d07 |
| SHA256 | 2197821cc30488d21d44c332700791688a24f22d305e423a8dcf1dc8a179c39d |
| SHA512 | 884ba7519555c092b56d00643852ac31c91a0c6d9d5e2b0c390d6ae553dd3cca1a690323877fd233cceb40a5b9a2b962da8921c48a6a7292ff5414a70ada0212 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe444b2ec7608754630a7238f172e832 |
| SHA1 | d5e087d3f68923ab16333e89f7628e03e1350cbe |
| SHA256 | d0d234211534cf0e680218b7054c75ae91e7b1e717f3b63f18b79aaf27c8319f |
| SHA512 | 0955f9c37be3de2c212def2a30e78f125f85cdffecfee9e9fa1733b7b86e163bbd964ae6ea964c303c388768688fbefafcadff716b7ee01d21eafd1b01b7c5b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:26
Reported
2024-06-13 06:29
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee9746f8,0x7fffee974708,0x7fffee974718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | www.cf0.60fn.loan | udp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.162:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 162.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_1720_ICRILPBNGBPOWFPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5560b207ec0a37c65a48a6ba29ef8d7d |
| SHA1 | 419ef40ff7730fd23b1816563a20d4d55c1a3743 |
| SHA256 | a7b65aeb321ef9daefd77da69d33177decbe34a0e001b3b58556f619efff0771 |
| SHA512 | a06dd7594e8a08c33acf8f7a5bf1360a8ef014161c5a47b335e0a9e8de6d62cc607604cfc9a226fe74d90d43d62274c50bb4e7a82c54e26e5d480748e587d54e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f47cbb05f424064e9fc7ef93fe9f409f |
| SHA1 | 06e57933f3aae04a7550632762bed2e5ae940399 |
| SHA256 | a629413f8b283424827c653ed0057141d4804be620996666c1a92c0abb833b07 |
| SHA512 | cdb25b1ba18e7bfe64dc114efb8ae1a7bdcbad4987d88c6bb3cd57734845fa2705d23ed50c378d3cfeca90148888405d5c2b67fa99d720ec9fd98b819dde013e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cf4b16a674c80944bb7fe1a336f15d5 |
| SHA1 | 2dc7fa16fabb97b6b2276b9c92763cdf4319efc5 |
| SHA256 | 8488df1e0cb6f11fdb37b3f8022dbec267707b4ca0e0ab22508be80e25590e3c |
| SHA512 | 7d1f8b3fe2228309d8614de57dd92d052762647603091e5fe9aa52d1f0c81ad29af3c4c7c091f2fd6803f6ddfea6d61882ae8afb328f751f2d6a3c0f2eeb57a3 |