Analysis Overview
SHA256
206560d884adaf24d4ca1e09decd9d6e0a7a2e96f6660e6a15f231c60732d5e4
Threat Level: No (potentially) malicious behavior was detected
The file a4d7b8ec74e586226f5cabd80645389f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:26
Reported
2024-06-13 09:29
Platform
win7-20240221-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bdd3d10f6ecb594391953982abb4a61c00000000020000000000106600000001000020000000b61ba3c1173157706111e3a5a756b68b424e14372e101fe1f27b51b507d49d8f000000000e8000000002000020000000c9ae06a107d1701c4ab5ffe6faff3bea6b69f6c6271053be948effac9d1f66d72000000040401be29ca35bb38493360dc5707b269651a6d0650cc8c2e5dbe333b99013d9400000001f2cd5944ab180e0aae904e7c08420300ce8cdc0778e479e12ca853f2260a6f0f3249d113fa339cddd3dd3ac5cadb2739f00a69bd7911e161bb7849f316d5ed1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432656" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03302D51-2967-11EF-BECC-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bdd3d10f6ecb594391953982abb4a61c00000000020000000000106600000001000020000000d07d5492f2e59531126ca86ab5a603e97dfb12fd06fa840a68f93c65b59715c1000000000e800000000200002000000044bdda6b96cd966fac47878e23ab752b4b4fea0cae99971cea8f51d0dc46f5e0900000001156cd20899c0fb1a148dfdebc11e4bb16cc49b363b1966002f5b9c15c7661780bd13dfdd155116e8bdb1a714ca95223101a2cab7634ec2f08a9f650dca17c215059cb1c4eb1824f3e3a22f827daae76af6fda05f78644cff90262e8b623cc841abb54ada95eef805e2c4982a36f4e6b97d5cef60e041632aac3a65c9560d0e3a9ad7482642c80ca13e2ba7a1ccdb243400000001f1de6f73130a70197f73d8cd9df2efbd9dfc567cf7336d9e1580c7b53ecab2dc61d8260106a14372f6c8ea059558b1421d12c911ec8283dd5203f426851a0c7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02201d973bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2984 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d7b8ec74e586226f5cabd80645389f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ccfelomvhk.com | udp |
| US | 103.224.182.217:80 | ccfelomvhk.com | tcp |
| US | 103.224.182.217:80 | ccfelomvhk.com | tcp |
| US | 8.8.8.8:53 | ww16.ccfelomvhk.com | udp |
| DE | 64.190.63.136:80 | ww16.ccfelomvhk.com | tcp |
| DE | 64.190.63.136:80 | ww16.ccfelomvhk.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 24d38d6c60c538b1160712c474b66a1c |
| SHA1 | 90e34b3f9bd96a09bb4dc6a78f51cbe867e17e21 |
| SHA256 | 902eccbb5300a5e640b830f34a7dea2203f037a48488cee9e21c75ed8a15815d |
| SHA512 | cc847543a4d3eca609a0282ab09a26af2ccd1c15568fc71fdb44ccac1ff0f85168e88b5b1284e4d0aeb21746b0d2d271598f642cea810561e70f62ac2cd67c63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9de9aa9cc7fda69f7df4c83cf49edf14 |
| SHA1 | d382e4c3bff0a0b209745e3fd3aeec5c3758184e |
| SHA256 | c157df8be5c831a6a92088ab3e7de78e078e887896d5aa76df41af2600dcf743 |
| SHA512 | 8c559451d995df385c8e6701153bbc0ec219d7988c7fa5e270f6291025783d7f1658460ca0846053f397340a692c2479df4690e30886a84ea811560a6e37ff76 |
C:\Users\Admin\AppData\Local\Temp\Tar2D9A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2D98.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2E99.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46bd6a871dfe25b2ffb57f707dcbbb4c |
| SHA1 | 41636f1191ce9e0e2a648a499a414100aa53157c |
| SHA256 | a506f638a4ea733307e9d19b4fb1295db14077fcc75b086fab20b5f23e6de8a5 |
| SHA512 | a0f4016c35f7e1b3687128463d40d91a97ade1e5dc12d9c1c2fa8f8173fa48fbd2773a21571f5b3c5be9713f22f578fe798d7ce1f024971711e50806d5de60e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 720c08df30eb89149de61d8b6a92aa88 |
| SHA1 | 0f173e0e805315228b7894512db025eab0968b71 |
| SHA256 | b0991e929474ae94ea871f65c49b9e9b592eb13f4dc674020f06be6276ef70b0 |
| SHA512 | 2781e985ce9838394773316776e4ae6eadf26b9497ad239150dd3d88f37b71a1678695a943d2111c2c3fde1965d6da41b876c1f3f0e24a21d40823e22da82627 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d9040a6aa677686f29aef0b89946149 |
| SHA1 | 258bb3963ec91e8bdf146efec4f5d8a389dcad4a |
| SHA256 | 29fc2df7805011d5d78ce42daf1ac73b29951fa7c98f1d24298df7bc45f7d73a |
| SHA512 | 2595f42ca7bbcffc117d377592273f98a3a69bfbd7d6461b81c04e9ea1067a232698349d6c883215e4cddcce9cdf8904ab63d75598351c9f3f5fbcd04fec1328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33cf56103fa5c4656aa4e08000abdb4d |
| SHA1 | a839420b22d64c5233896e773f6538d686e5c13c |
| SHA256 | ab6304ff23fd8d1babad9fe8e0989783e939fe2d8173971146a671ef5e724597 |
| SHA512 | 6e9b90d1b9ce08fec3852aed160593a4436878fe699c081d0dfbe8c540ab8768391e2eb04f6331b855119dd6516ad1c6ceba4171bb0425b8eab7c08c58e5dd53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fffa2760ecbd7c6ec712a787f10d259d |
| SHA1 | fbe422ea29fcfb325deeba614ceb1ee64c255f5c |
| SHA256 | 56c3c205fb7db2dd613ec1459ef570db2d9438296f45a12dba4d5a51ee2c4b31 |
| SHA512 | ce26e5d0d84629f39371d82735b79b9736a2396bf5692e2db564aebc5f8f56a4e51c30ace07716138e645f9482fbf3a3c49e5a3bde6bd7938ee3a793c4ceedd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6764a58bf432a95f2640de045182841a |
| SHA1 | 98a6fb933c1875bb480e29ae689601e16b107b4c |
| SHA256 | 53079ac7e21c0a2a600b8c7e327a924ac71a42e05f84417ce3d2dfe19e992571 |
| SHA512 | b219452a14e14cd8b3101fec94a4b2234341aba44cdeb23a2c93d2f3a82851dcee6a1d9037ba2c97d1ad6b55a88a40ff313dde9fa44672ba19cff11e9cae23b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 204ba5514ec435ef097f80445ac4f48b |
| SHA1 | 6e5248431a61bc7718c8317255eb4ac15e632830 |
| SHA256 | dfacef55cbc6f00e8bf6c809fc13d6b9a46d3b81d5a71c42ddb9970e9e6ef5ab |
| SHA512 | 5ac5dc75c9275d0830c901e5d7b8bd3284d3a1408a3aac89991a7ebfaa294d88237fe676dd4b498540e18a3e703fe4fd15348c97354db87dd7134b3998a27aa7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af609e00bca30d42602e23a4fd8362ed |
| SHA1 | 54c839346de86e15c5bd9e30cd6a08fd4607bdda |
| SHA256 | 98f47c04861f5c4b42f5548a111fa3ec7b8e6672328e94d0b82c1acd2f559aa7 |
| SHA512 | f6f6db5564af6e0fa048353ff9a4b50bcfebe5b38896ed0305268131d77223f67b4631dd749524e8ebad864363af9e6e4de1d32c41f54d3a67899da8b67b88f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96557d276e99d68087d86ccf0002e41e |
| SHA1 | f90d830d1bd31bed143059953150fd656016f7e0 |
| SHA256 | f471d478bd55035a4247aa02e6e82f8d50464cd3827bdbcd6e96067d086544e6 |
| SHA512 | 3b3dc15879f653297f8e5bb9a05af57c722a411ca1ade26f19255fc639f3e5d470e64d1ec940a535623f26417ca6d69a32f8cf25bcb075baec951c9096aa2c8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4675c3225b596b7163f4123d2123cf1f |
| SHA1 | f9cb19aad70104d677d423ed2d78c91e0db22167 |
| SHA256 | 081fbb4e9b7ff6e267f105e4ce6fec9b4cfae37d114ca1894d5e63da81df6b92 |
| SHA512 | ea2acae850b2837fbc64e857f6c1df708262e4436951f97fbb6d29bcf4dc8729339fc29279dbfd922878d0d9216eb1aa555a80b27ab467c8c8134bf5fbd236aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9091a583e447e6e47ccfda2fb320d27 |
| SHA1 | e9bfba93b9d30ecb7b41a10d807dd36a064038f5 |
| SHA256 | 2c1d7c640bc32768fc51145a2ee9b54db5db4b2ad3d5db46a06f9d58fbac6124 |
| SHA512 | 74f8ab37b58ca13a0d0fd1e4e1973fcbda07fd6d04d551ad25916187b6520fc6013d2bbb7c4b5aa6378cb7ed1004423f710bdb9c668a00ba2043a828e2ec74b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 621abb2a81dd449a1083e816729450fb |
| SHA1 | 92b45f58662addd9ff43a5ad72ea2e2356805cbc |
| SHA256 | dd0162ced9e3880f22713ef90eff5fdd989076dd4e378d3572c70267852fc3f7 |
| SHA512 | 6c8fbd0ea773966f5eece1c63019af136fe743068618dadca8dd14433bd04c8b1e63b75908ba2b09c9139934f5c2f1bb1fafebd6212c2fa81c6f26bd9c0ca1a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 436b807480c24187f5ae5bf825d5b740 |
| SHA1 | 09ee4594e6b1e6169a1780b627735a1e49ce849b |
| SHA256 | 059498ca72dd28b50ec2c2768013892c88ff29be6fc4ed8e3a395991cbb54d66 |
| SHA512 | 3e3d6e8f8f2d8c8688ab5971d7f929cf549729f5aaf8d2a3e93c843878579cf14a8c7fd9bd4ec1ad49c5eacfd3d6acf82139844cfe71d744738a56129ee2d961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b4f8ea5e1603ab8ed059b8161bc8d91 |
| SHA1 | 75f780487c1360ab250399cfc27221b68f53e0f9 |
| SHA256 | aaa3a431cd9c0a102d8ffed5e963ba8873b27056261bea6ea7f7f39fefb90aa4 |
| SHA512 | 39fc20c81d55554c4faebeeaed5fcc8f6d27169d2e53c72bdd9a16a71fdc0bd165ab01f8abcd82b0139f11f9bf133e2a1b0dcd661b172d1f84820737fb2be799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85d67dca6071e1c1d4bbce64b1e158e7 |
| SHA1 | 426dd6668563718180a3a6fa13158933e5e8e4b7 |
| SHA256 | eb90d7ff5db04ceabfb7fc1ecd5f332aa7bc0c9243046e57567418e02bb88dc4 |
| SHA512 | 9542139f749fa6c40d6f58642387726b9b31e170675c15d9c7c0a37910d481419347c1eba9c5e9e512b84c4e537683921e032d71cfe24fa604c34de2de2c96bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11d8af7fa0dd28f7ad5f8c3cdf5a3ae8 |
| SHA1 | fdb59b35817709a5945488777a725eb53b10e73a |
| SHA256 | de36d1561879dfaa1c9e15320412b74597f7909d99db6498b4ea7066e871bfb0 |
| SHA512 | 4a632541a66665f226e87d558eb8671254585764ea94aefd3b8f804c7b9e675079f37f836816c07b96e9f8c1ad25500447dd17cca760123a0ab406f81aabf090 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bc6624ce6dd13c00357e0d1ec1b7f31 |
| SHA1 | 4b927c711f7e59b0e7937fa878fe142c743f0171 |
| SHA256 | e77a47c2b025965ab3f4c236fc522679d1204f59c2dfc849aa724ece5acceda0 |
| SHA512 | c8087debe39318fd14a1b4f32a01178a22c9c5353a12f1fde6b82e3a4ab4be3ee445ba48030ba1faac334831cfc5b9bdac3bfc14185140e53220be2062399e52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c0f4deb2b3268b43d8061c3b8c2010a6 |
| SHA1 | 0375d1ede77143782e97a851b0caed87a1fed664 |
| SHA256 | 7174670ff38e7f7ad466b38e05c57cd7160224f8c175fd04ab21f6db96c3b18f |
| SHA512 | 5258f8f823f48251796198645f25f247790d0370756e97ca9c3105a465ebd7f2793cdab827412392cc29e2821249f03902a48d84231ea199578dbe2bd6515c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5a4185efe3f2953b1dc3956bbbffdc7 |
| SHA1 | 56cded53c1446a82516a9efda972f7926d2831b8 |
| SHA256 | b04c81e17708934e086bd415a248ee18a203bc21f5ceec4480c40c31fe26b0e8 |
| SHA512 | 31f2b2138f9dc4ecb98ddcf3d23e40947365fba11e0257d443967f6b0674cea717d96f882405ce2c53615978d95f501f2286dc9d767b3471c23e10221ebbb293 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ebe3a8623e9d1fc0dc5cdfc5172c3e6 |
| SHA1 | b000109e89224a1292fefe2a8d4413cfd17e255b |
| SHA256 | e8da8b3b50ef4e401b8aadf931b39902fbea3de507cf2e706934bf08842dee12 |
| SHA512 | c142fa9087f11a82e37f85b75e7f01016cdc5b94deb83b46745923711d2bfedf4f5aa353945cc14f75027979ad69970f69a5006800fe8035b15b1fd736799e88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef2c64047835bc2cfac31d2fcfd82bcd |
| SHA1 | 23cad2f17b7b4998cce950cebf67451c8a6b86bd |
| SHA256 | 3ea8176dda42729a876bd1bc3659af04c30995a2b212b65bc6363603f0d445f9 |
| SHA512 | 967c03b558e90e76281d3685cbfb18e8226df99ba913f5560fb3f65569f99dec5ad811ab728c1b40a5fdebcff85e0cb2ac7a45f4969c18853d6f292ac3e195df |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:26
Reported
2024-06-13 09:29
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d7b8ec74e586226f5cabd80645389f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18269388348646141361,5879594201562049375,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ccfelomvhk.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1748_NIMJZVCWBZLLMVMH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 052ba95652f6ccb81a8fe50385e2436b |
| SHA1 | 9bbb1a64237dc57726d2ffe17f2ed9006e674c83 |
| SHA256 | 8209c5aa4fcc3ed96fcf756aa725fab2bc37f10f978811dfc2db092040cb2c4d |
| SHA512 | b18870a4bebc5db8db1e14e7ff25da084d983986062bb22a9d122277ba37bf1f945f92f9f3b8a32f35e834544d9c0d62ab0ffa0a925785597afe9af4d646b2a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ede0e2124b2bfcb07f9639c8f8415d6 |
| SHA1 | d19452f67427bba1dbe01496d9ec76416559bc0d |
| SHA256 | 008285aa5b208a3cf55af585077a09ce6d494b1a5201532a7ddcdca54a64441c |
| SHA512 | f2fdd847af601ffa36c0f69f36a519e2a549fc0d6d3c67737b126bb2fc59ea4699010254b86378797fdd158295f5fcb6faaa7b4bebe53d2f3cbd182d5c56e90a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f02fd50e7db81306ebaff7e2623b0be2 |
| SHA1 | 028935462be8601bd82e72d385526c587ff6c387 |
| SHA256 | 531971be27754b1d4477dd1720e3fc927501c2c3de1aed82605b99c5269b98e1 |
| SHA512 | db0919e2411ed903924d5be84c938d4305db3a4a633ffc4357801a8f2933572455364cfec4c493abd9f69c5db428929ef154f14112bb23b1b74bfdbed2e16a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |