Analysis Overview
SHA256
60ff9deedaf54080a5d2f1ff72752b9458e7a41dc3df898fb8a374b77fa35235
Threat Level: No (potentially) malicious behavior was detected
The file a476d658742679debd599dbd4296b19d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win7-20240220-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bdb5df64bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcefeff917758544a5cc572758679c4f00000000020000000000106600000001000020000000f588181a4b2b7e316df0ea7f58863b13bcbb6cab8694c0250da8d4385e80b963000000000e800000000200002000000052898b33a1a9c7129c6644d8cf62220da5e7a311fed6e487f49017bfc7b0a4c7200000005cc90bcd60d6b778d712b156012a3c0d0ad9d2014507da1821fd1e7f00da74d740000000352e0cfd39cb063e9b7c438e7a3f28b7dd6a89c318ccd54ca87ed50f577dce611da847c96570f4de9152fd89cf5c97f30c0c239783f2f842c27a7f1c6c797ad8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426224" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{096EBD81-2958-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcefeff917758544a5cc572758679c4f0000000002000000000010660000000100002000000034431d9dddef6da661bd67b53bc584d9a78c4ab16357965377ec5f35e0458d9a000000000e800000000200002000000091386da916544b3462156ce212706d16464911b4c7159ac9ea2f8ac36774108a900000001f41996689a1bab9e4e2d73c4b462bcb5501afdf60cec21c44d477037ce8f54549db006548540e6015ff2004327ef91f67d79156a90014621d98fd928fbb5a05b2145bb6fc19b528cfec6302f4b875903798966c1baaf805aa37e286dd7fc0ab7a25fac010e3895bef0200b5e149291581db3b32e14e815217e24801f36e18d37356c717da628eb2713828912ba5744a40000000e4187e96801e4ccffa6660c781d52a6af8460100846696300aea62a3439d6ea5c057a44d440bf3f3de3eed6bee2c2d86d3a936a05e503d9c7e2d854837616c01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a476d658742679debd599dbd4296b19d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.valuabletuts.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| BE | 23.55.96.209:80 | assets.pinterest.com | tcp |
| BE | 23.55.96.209:80 | assets.pinterest.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| BE | 23.55.96.209:443 | assets.pinterest.com | tcp |
| BE | 23.55.96.209:443 | assets.pinterest.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar536.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac180c62a7fb742d782d3cdbe47966a5 |
| SHA1 | 4db00e1f03e4ec0adb269022122cfcbec40d8c64 |
| SHA256 | 9096dafc759f61833737bd37ac51f2106ceef72ab0b49a61427ab6bc5630e775 |
| SHA512 | 37fa1a6691753327d5edf56fa67d96eaded4483ed84edd419efd570c4f21f5146def8e0f3ebc4d832a26e9f1e8ffe5b01fd603eea7d515e75aa4078c01af6e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b27c84bc72970ea0b8fe1da959364c |
| SHA1 | 5d816355bfbb6bf99f3227f7df689b18281d9883 |
| SHA256 | 077fd56c06f70c9798eb6ac837925063de9711ee6599fbf0bb39c49187fa2daf |
| SHA512 | 7babd7a50b0ea6c09585865a13ef11cce18a920f2efb3c93bc0209e9f62b0800e462854f5dc2ef686497a5c2358a7d0fe0a046d3af9cdac1d6743a7ee6da1379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b6d67d54c89b48f4772166fbf345b61 |
| SHA1 | e1ecc91655e49f3934e659085b5ebc3db472f8ad |
| SHA256 | 900447a79e825801bf9ca6f11697d8f668c90cfb39fd21a4867bc9557f095bf3 |
| SHA512 | 73129171a3212cc3860a667738863b7c2297140292a71eae00e9e872d7b3ddc1a390a10d6545f7cac8a7714e1d21599ff39b253ee26fd566b118f9dbe6a1ba3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbbdda5b571eb13d98a0330dd136246b |
| SHA1 | 1770cbf52530251eb87010725137229962588a13 |
| SHA256 | 238fd3e5e06532a3e0d5cdfbda3cdf0275598cee2ac7839d5717a9c7ad750a04 |
| SHA512 | a5f5a9748555972e229c0fe4d31eac46c54a9770025b3db576afd634d1234acc632602f23443c990be32078cbc8843279c4c98d57ae2b6ac58413defb286d975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ceceabc030482991fed10b44e83d5ae |
| SHA1 | 6bdd604ad5773cd069d0320fa15385c425c777e2 |
| SHA256 | 1bf01d2574600a9cdaeb78eee8ed313bc6136ba95b3f04c671479a558ed4b29f |
| SHA512 | 0364cbb3d6bddca27b49e2af51e377cb6d3b195bf89870ff49e24ba084f9ebb6d9eaf84f75735a0ca63b2e58dd5ace277e81e6166a248b5c596f1d80ddca601f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51d2aa73f9fc4eac22c23da13861ed52 |
| SHA1 | ebd222172acd21a79388dcf5f72cfe9a917d1919 |
| SHA256 | d1306d437236ab09968cea63f1c205e5f741721e94029b53b4ebb55d34a1f888 |
| SHA512 | a8809ca50d5096e2f6a88015a2a693f0b9ca47a307aa378abe35d14b0670096dff4d1ebde8df58f3ac7c64a1d0a121841fad37d3d1b64fe3576a00bcade25a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cd3d353cd9a670da2244db39c3c969f |
| SHA1 | 69f8da272e54ac53f18c73e68c5b301189fb17a0 |
| SHA256 | fdd04642a36fbe10b3b48d2d7a286bb9ec7788384fdc04d226a677aed0f20980 |
| SHA512 | 75d2ffc93e54565f755e39d1aa63bd3d62cfb9d6db925e097d4de0c467a91639e801689fb62a74e79edce6ff458b24f2bd7ec5354dc3447a660310bad03ba068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f9a600fd286e8d3279d31a5c18c607e |
| SHA1 | 6ff4fd402b22f2688afdbb6de68e81e5356c507b |
| SHA256 | 88df22e3d4c6020bc3bdafa91d4b746db39fc9ca4ab57921356c667b995dda1e |
| SHA512 | 4d759d24bc3df1e20abc016a5e03051f21ee5123901f95731f9acac39e5686bbcc3a80cc29c16bfcf6e830ce132416ada26eb1bc02a4b156400faff225f6f982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d4994a0d929040007889f770337b99b |
| SHA1 | 6c723ce4f06c6bdd87bbf6a1bb03e11477642c8d |
| SHA256 | 0b8293775a48f305b549df073f0b07964c92b8445f50bdb672516d3a8df8f299 |
| SHA512 | 6166214b4a2a40b4f4ffed530888886043ac2d02f441bf36a7d49e0ebd945d43376b909c8a6ef36a2c074ce05d7e73c75a8fba06c685166f5829e1f98da5d7a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 450f93be84298afe821c9af31d108548 |
| SHA1 | 73f8f1eb19e6645a9c5923aafb52a73cca2d9661 |
| SHA256 | cf6d1863e9157a079b3badcc160b0c16359b778efd5558efb3c679e0af4438b7 |
| SHA512 | 9500f65c26a81e5c1d34007299891c3aaa6dfea06934a387e84b821177b191a985c9176da2371b00243e640d93a6996585cf3d4a1f428192258db4965fc6381b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 425c4783f01719ec2da323f2496b2845 |
| SHA1 | 52ce620a69922b89e0291cd9d8d997ff6ac3304b |
| SHA256 | 261d4e791d46324ae910df5d49a112b287e21054eeda3d59155f99c74dcee118 |
| SHA512 | f59639559049d1f1fd453fff14ac2c0a43c68187a6e7c35dba9f61a1575019d98dda4e26d847849e9285afe88bcfbcd1d40164c7baa4ac2ec22be5f855921cfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec469ca6651600f7678a7cecac5830a |
| SHA1 | 74e46a8fe28c02b116dc8fd145694d71a5b80b29 |
| SHA256 | 5103f159a1ccb08a3882c3d8c464dc3c10f3f6667b673b414be525003041eff6 |
| SHA512 | e296795a8dc5e1c44a6a68b064b5a7140add6a08a11be11e6a85ef63933e2c115fdb7399f588500622efb5796600afe6d16f2791a2ffe076e9d8deef065403ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e972aaa0c94f8c2843f6810c0dd54ec3 |
| SHA1 | e524573e162f99a97c5c8e3c049f1efee3bb84f6 |
| SHA256 | 2948482cdbbc22c8283cc6c5d2b9f3bafca32d107978148ca14a02cdaf4e75cf |
| SHA512 | 647c8313ca6621b7424a6623530b773f5fe2fc24e2d156602a69c0b1932bc2b4a4f9e5123f7375faae9046122c49f27438a4f64e4aa192c9113562450780fb70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15caffafaa6aec526a35c75dba0a66c5 |
| SHA1 | 2f3e26d4e689cb01395a88c73fb4c41f6eff8b9d |
| SHA256 | 7e40135a884ca3f3a7bcef8903ac0a9ed7adb232c6dd45fbbbcad91cd56bb071 |
| SHA512 | cb8067d814379d2067dc9bac2fd1dcea6ae8969c331be47d3903962bc18a0d45ab2c8a1dfde91fb641d7ad0c644461e64d04a8fce7ebf6b3916e08351526977b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a6a42b64c8c625cc17838e3a65b6dfe |
| SHA1 | 98ff75deed6a37ff824f1d398a7602ad4c863549 |
| SHA256 | 8d41b16829050a21d1b182a802205db45fa8394f0128df38f94694f0aa3248db |
| SHA512 | 43d1c8dc9e892e0759803d09898ab1c44c3b820227c86d969967e3a30c6f17ed716513fc3276560f965cc66ff8273af44c7b035458292f5ab3131adb08027946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2e99de47bfc1c756610b48d3dff7eb1 |
| SHA1 | c25ef3f37fe0ad83a218b4c8a1379bd02038fa86 |
| SHA256 | e7558782a9e1b89a6b0a8707f761ce77ba1b9c16554433c327b230e9960909d5 |
| SHA512 | db4345c385f9ed9d02caf47712ec1699f82936af21816d5b76b49905910142d7ee710db4e1de7f8b4dacddaeeacc2395e2450f649c451e5b7a52c05ce5c8552d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a501dba1b947e4c2db8d8dd0c7dc5bd |
| SHA1 | 590f275bc53656783ceb6686c9a5ac0f73daa057 |
| SHA256 | a36dc57a7cd39aeb3ac1a1fa34534cd94a2f483c4298ce9593277b32a7300e75 |
| SHA512 | d80a220766c9cb5590c1b887ce7e93372c20ecf3065d8e88d35ed934edb9196973fff98b6201adb772195056d6fcd44d0c8ed3e5569e41f773165571929aff39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ffc430fda0a6a3ce29d205aff528af9 |
| SHA1 | 879e2811913b3acdbc7892c4f458c611d2e023eb |
| SHA256 | bfa1f37a153e32a2f2d9a267a3f7d956e55e849a9d0dd5d5220e457dc6fa75fd |
| SHA512 | f6ecf2489d9b3ffe66886a19f6bdf86fb63e6d47c57bf91cfb0a0d0314b7610480072a6f6bc1a2481972e86bdc7e417220293500632388e95baf7fe5f38cce39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 86cfd81fdf967f6d9c9d286447884aae |
| SHA1 | e492ca1eb2f7fe23341cb7290bc2929b9ccb43ef |
| SHA256 | d1ed04c0bee586e3239865db60e9a07c0fdb60164b354c579b1ec64f2bf73d05 |
| SHA512 | 15d8ef11363f43be1a39273fa593dd0175391a07b26cbde9ad473360084552727e64bb215d9dd191557702a32f9aaeb5cd0f78491a37e06da424633d604ac1a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a2932532356315b91d7467978a15c58 |
| SHA1 | 6e976420ae0397265564a4305ab5338fd28b0564 |
| SHA256 | 7dc56cf48d4915cf1ef03a06163059b4c538afa04831cea56df3faf20c46e5fb |
| SHA512 | 59bb1b734b623d4626eab70e4acdf8137cf1578b57f179d24a257c2c7a86f74d8a6a6a5c19b25c8595e254bfadecbc73a27468d9576d836a74b9d6a3db799e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22dc205aae929a648953354a7cbed2e7 |
| SHA1 | c6a1eb32c0aba6f44d7c6993b63570448e907247 |
| SHA256 | 0cff72bf318ceeb571008751172ba4da28d5014c49ca40e328ddf82c6348d09e |
| SHA512 | 84cc338d5c3544a6f93fde9def7340b15dc727d4c5efaa0ca136e2fc55c8745fe92b71c3fe62d28a33eddaa36dc2aad28994c7acc271bdaaa39df7e8dbbfe910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ab341136088540d5ad992a7e9cdf2a7 |
| SHA1 | b71e946a2faa12c1880a21f8d0cb7f84a533ef35 |
| SHA256 | 9c27ed6185f8115c54bc5853da32ef4b6206eb4234c50ce8e743d407f797a813 |
| SHA512 | 3b1507e4d12177e47822f5f8032ff5540f3e10e2dcacb190809401e26ec15bc7a78788cc5b9c6c09c274417e6342403511bcac33aa4c6fed1370633d1b18bdf4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a476d658742679debd599dbd4296b19d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa40d346f8,0x7ffa40d34708,0x7ffa40d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14122202216842810249,16411656518268213702,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.valuabletuts.com | udp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 151.101.188.84:80 | assets.pinterest.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 151.101.188.84:443 | assets.pinterest.com | tcp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 151.101.0.84:443 | log.pinterest.com | tcp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.valuabletuts.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4128_PEVDZYOHQRDCKXRV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a205ebc0275eef7ed03624c854c59ecd |
| SHA1 | 8456b4255c84458e84653251a74de25010420b92 |
| SHA256 | 6494d5b4fee5bd938c6f4adc107a46429cfda236a3b60acfafc1a5b30e066f5c |
| SHA512 | 6d2d466717d153bc3a76e370c5da75ae5b98463081db616386422eb3e765ff2e34564837921a0bce71819276105eb44f5d69d01765ec8dc9233cfc5a28ed691d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e56b0c9d2547915ac4e956fe61fbca48 |
| SHA1 | 27cf26cc6b339d394d9a00746815c7b47e04fb1b |
| SHA256 | 5e7085bea61c8a82ea36052450389fbcc62c3865d2c754b5e1402731a2922db4 |
| SHA512 | fcbd4d022647a4836716ed18605988aa410c8165320db01a4b3f0cad07094283f92bc7edbaddb2e85fd32bfad9a6b7c581078f3e0b72114e18b59d3e40f28b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 090a98b574b8d7eedfb40f83926d550d |
| SHA1 | 46437d9ecc54ce3a9b23d77849c59055efc83cf9 |
| SHA256 | 61195c0e2fe7a3a52d0cdcc5bb70e5fccbfcf75a71774e4ad3d4b96cfa80de6b |
| SHA512 | 10b323969982545cdb4207d7c6b67cabffa91bb6aacad6e6928a3e95bc0b4878daaba30d3d82299e0230f4716d0fa5ca4e4c03d04befb627a1631f30befe9db1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8906f5507977072cdbbaa86d5111e288 |
| SHA1 | 42a7e8d5bb1351887c7d8d2d606ce0fb56a32fe1 |
| SHA256 | 0d1a93795f0a4f3164f7772ea39af778d498286dd77b5313955026a3b2a19a27 |
| SHA512 | 1d132d37431950168f0e4f8845d896887aa73ee21e2bbf4ee783b7c7e35d4cd41cb7e9aa5b64af05abdbdd81df4a741e492b91ee1f059d46efbec243b8727d15 |