Analysis Overview
SHA256
4de2bf703624671729b2bde6de1dd87bbc06219c3fc02f2d17eb82a041dcd492
Threat Level: No (potentially) malicious behavior was detected
The file a4ea6e42b1dcb39dfd97068a82a4bf56_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:48
Platform
win7-20231129-en
Max time kernel
122s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40651fd076bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa38b62333d6cb4db9f62c262639c318000000000200000000001066000000010000200000001ec4e8419270165e6e549b17982f01492bc6d4a30b0bcd92c8b278f9edd065e1000000000e80000000020000200000009b0ef0caea67595bd67fcd0d5f8fcbbfcc242a35d49a7c06fe641e0ca37f124c20000000d8f2d863930e6f616433a3e21efbce4ad8b99a2ef6983256c0d37c6b95563f7640000000f91c422081fbf9d35d5dd0c4f10517c9082cf9d1682290dd02a3456bc264131ad717025dacb6b71157369115955af1d04101af934303d4d61d02cc7090cb372b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4DE5241-2969-11EF-882F-5E44E0CFDD1C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433840" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa38b62333d6cb4db9f62c262639c318000000000200000000001066000000010000200000009a3b525f12364037d3fa5da5deeb980f419c68395e0438530758c323318e2515000000000e8000000002000020000000f8f0750dc9b4a4a505b8cd0ab693c558b35a4e2749bd6804a41619172a43eb6690000000fd9f7572fde5597fae340e303bd18281afd51af5e1b5690a2089b726748eb6dc6c788ddfc5d146481aeab920bc6d172868bb0976ecbf2d62fe41a3a81ae191d97c7f0fbcdb68c264290e8c2ba09616e3cfca52e3fe94354bca9015862d87f1ae26077f6679cf0a6fafe23b9e40838fcb1c7e2db420d80527c2d0e9f8b4d11c8cf89dd25b9a0b5efffce105476fb7f94440000000ade52b581fb16a975af888ba630caed5e66a3547e140e23896da6326e39e9ea54a6b6a4bd782670d9c64022f6c6c880f8e3c820016814f6096975c3eb5bb312c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2136 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ea6e42b1dcb39dfd97068a82a4bf56_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pneuex.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| FR | 18.164.52.115:80 | w.sharethis.com | tcp |
| FR | 18.164.52.115:80 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| BE | 2.17.107.129:80 | www.bing.com | tcp |
| BE | 2.17.107.129:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar87F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dd0e161dfdbef226fc7e4904048e739 |
| SHA1 | 756ab66a03458e9dbf25eb1ba38e1aaf915578fe |
| SHA256 | 1c9d03657327056af71ab6ba213f7acbd6e79a3470a5a2df7869d10842f978c9 |
| SHA512 | eb0d4e92adb23fb9dc758b26121e4aa12229d896d190366c62990f609667c273fb39eb9e90c5a93465b499feaaa413188d0ca4e317f08fb28a071c21abdf8ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d0af020ea2bb1092d1eb5d86c0b13329 |
| SHA1 | f34515e419d4ab4faf8c01fc8c8741393eb51f1b |
| SHA256 | 5eb3f83fdc4273ea3e8c3a67cb6d63bfacfb62e19fb77dc64448fc51a22e98c9 |
| SHA512 | 2ea1e0c292c83f9fe86c213f4662c259c516e9353f0fde4d471296a87e1f07da16ff761f813bed23645b214c2d63963d5cfe86f6b8041a6a40641e8c5e7a9448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e0c5a7c413447edc6f8b4b885cd3d89 |
| SHA1 | 54b2565b7c8600b0f35d0d6b9b04b4a0a1b1c011 |
| SHA256 | 3b28c8f4f83e3f47fc82c2e0ef497e55e32764952cfa3ea3ddbbcad74b5ab7c2 |
| SHA512 | bcc13166314c3e408163579bfd869f5384b4e9e604ad4c71aa68287e2f593897ba71486a7a332ac2bdf48d4e1345873ddd7976d81d6e2b779abcf01b35c85c8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc0d9f41225e16de1d86ed7bfb9e0d6 |
| SHA1 | 09dbeb038fa9ee36e478e75a8c33fe9f0d01e474 |
| SHA256 | 3eeb412b3df1ab0c58329ce78d0dacb938479be828102b8795e50dea71cd1e4e |
| SHA512 | 5ceda185049110e520efdab09c93c45ead114e471a16676e8216a220c0aedd55ec6fbdc9b9be1f5e0df138503c31a568a58a09300d62bb60cd87fd55da703fa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e4f0ac93f6003087cfae71c8ceb118b |
| SHA1 | d8bc0db0575e6b1b03a550d81671bc455747ddc6 |
| SHA256 | 24d86e16c2d1846c102e407d5670f19a743432501186b8ebe5894d5ebe211f81 |
| SHA512 | 7e51259da5bce3309fc22b551928f69a9595b0608123af07cc1bf1197f78ed73ba69d944476d903417aa28312b8bce5918eb9fff89b2573de39d4d347e6ffc3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 292f3bfae1a99f9ec9e688fab4a278ff |
| SHA1 | 77c807b249b3b396eebe0549d9fe11365655437e |
| SHA256 | 395fbb9f7704f32b0847d8a2864bfa15ea360f119374a82b2a0c9644f194dfa3 |
| SHA512 | 485c2ff488bb175e881f3e5464b8ec706ff92b898f76f9ffcd8424eb4f9135eae0b34533158633d97d07c7c76e3970e52cadbb8e2123138bec27f69883cb10dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23287f09f099ff4453e1488ea5ffdbc2 |
| SHA1 | 3877f47733b15f7a104fade9562c7ebf3d4a2549 |
| SHA256 | e88e0df057c4b231e4f2df4c69a78ef891c98f35475cf6143859ce1f24b56395 |
| SHA512 | d9a7e7f1c747cf3742891c37042c2e7ea90941fc59a3cdc2ff61ea56bad00cc3593c12cbc28c751c7d7fea4c41e60378531d913470d4a6fb328996a9c44aa950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a974c8701675eaaa975745123064b6c5 |
| SHA1 | 3889d6ead7718057f3fe66612f8c6b8001fe5e46 |
| SHA256 | 6136b6be1078c7cb1d0fb92949cd92dcaa308dd3b4bad583eb5b694675b92d7f |
| SHA512 | a4d7ba804084c5baa8600b0abeb7a51e66c2768737ccff92f1d8344d69e38e312777bdd292b521ca0403d1c5343c9ea8476769d456dc69709774993ba468cd49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 499940aad3318897aa1b66ef599096dc |
| SHA1 | 66edf1e8484da4e152d4b2a8a0023cd433f835d1 |
| SHA256 | e89faf7d9149fb5706b96bc2b413076a16984ced1e3735066775732d00ee9ccd |
| SHA512 | ce4ee6180e975cf8c719900a9aec4db55114af748188736109810f745d9968cb2f921cb17b8f8df1224d9d9198a43e065ab3a314cfdef7da13b9d6de98d85bb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb4122cf5b2c3498613e5ea5ab0fa6c |
| SHA1 | f87fd3b7c4527acc9a5fb1be2fdaa425b5d70d2b |
| SHA256 | 40c46912aacc7c0d11e1522073d932963503f0baab3f0b17612214d64b09655f |
| SHA512 | 72bb8913174bcf03a180188fbdc960956d82e4252dbf888a1ac4216eaa0a09251d3f9c23f1f9d462f5f3ef05e9afc2213c484d9c73d8bde0e426c9c104da463b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7382e4fc9bac583b4918a211980fb4f |
| SHA1 | 50150e6729f898271c4bb5d7873159ecd5546f32 |
| SHA256 | 2873abc2d9b571f065213ce3aa972bafb1d3a72cfa6d5d39580545646f585c3d |
| SHA512 | 76372a7539ec4f3d661b6cc62d3728a8d7300693a40f382c057c5bc33b449d2f860e69b429ae042f2c6677cf5507e9e363b7ac5c7434742892bea0a7db4da01e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0984c04217cb5f96e8c34983f72538a3 |
| SHA1 | de6f62c116b1fa3b93e035b0ddb04d5c156d57b9 |
| SHA256 | 8a68cf998685435d1d323188639a915ae1b26bbadc5fc42140569def5a7e3187 |
| SHA512 | 61f8d2a29be47cd0ad4405121a77375d5a139750baa3e23367a65ea1630c2559a2365d09073247495c4514644507d37458c7f21291f3984ce226e5762079e9b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb7a77c9be2aa87c5e02d39fdd500d21 |
| SHA1 | 5cc1d0e8820d020ee3026c5703041469c4fb6343 |
| SHA256 | 596b2600a6091c48a53968562fcc788ba93b73af69567ffa3ec179b9018f951c |
| SHA512 | e4ecab7cabbcb371304ca8b8d4fdf0e2421b02fd34c5a96d5c15948f9d0c29cedfb3fa9312ee82955ce688328abc6ab0921b228def95b1480bee1e7e8a9ffc79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18af0baee32d6984e4ea3e93b5d97251 |
| SHA1 | 0fe12c7b4e71d8c7a078e34dac23abfd90af125f |
| SHA256 | c8187e96b2412227f781335ad30a3a7f8a42159639e5099c158fc5fb0e3c4fb0 |
| SHA512 | b6f1cf6c0199c0e09b802b5bbb653a3669a07f637b1f422475848efa3edc31f14a2814574f22a7ef23f39176eb0784f9001b6e8aba953dfa02a29efcfc104714 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75d56eef4a928c5d79ddacb06fbc22fa |
| SHA1 | 0735067a78d584c04673d8d23a0f84e79b6c66fe |
| SHA256 | a2a94ae0fb188ffc14b6af3dd3aaa21cc057a71a845b1259ad9738b6a55a72b4 |
| SHA512 | 7d90f4ff2bdc4be33fee0560d77bb798c478863031e21404749d32d17ea26487bcfad10541c76eb72bd91d1fd5be1eefd884016c663839919d6a0759ede1ac29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea2411d3597340c1aa0252cdaa338e31 |
| SHA1 | 528f35f9106611f0fd9e109e1a6458c15a6844d9 |
| SHA256 | d4cb48ad61a0b212232ab4f73d0fff1a877140c479971138b9e5a60109836fe5 |
| SHA512 | b9de9dc5d8da08c10a2b0f4287296cfa8fa20861c514636300e92562d8d0c28929ad7ef2a82e6995825bd4da9d06788a89ae33cf3d9d79aa77682b25ed20d2b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0161a67a07b8d13128fed398e17406a |
| SHA1 | 9da5da726b4951b4fb9c02c547c2d0820ca5c7da |
| SHA256 | 616ae349e206cc38d7e4ea46b511d63a64e11b6f9d25c4ebc41e37b3dd34468b |
| SHA512 | 44e20f154fa135079f2208f2312be286f91ca90507cb36a2dfb1bf2e818a34cd88ae5c653096d8ce1e8d6e0a0cc4aa0872c2531de998dac6d3e876b7d82f68ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3ca635d04c298c31c3ede877469a9e5 |
| SHA1 | 37af5006e9259886be4f1a091d81283861646277 |
| SHA256 | 540b6be93a3bcc699b7eb00d1daaa2b4889e14ed6a9ea20ee96b9fff1b947d89 |
| SHA512 | 540bc480ecdb210cb4523c3df22234a782c8853d4b6c3ca2ff62e8343c2bf5c2bffa6598a32caad851da101fcb71938b1938d765b7fe5f3679a99d33484a01c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32753230cb56e2d2002fd82c34601db7 |
| SHA1 | 13d19f4dae424144ae1b19cf624c0af25cd4d1a3 |
| SHA256 | f9938fa88767985f7a241d88893b96c011ff80c1cda5aa9f831fdfc8ab431fb8 |
| SHA512 | 8a760f99ffa7a20961dcdd2a9f03a25bdfed5ee1cde73812fea97bf9a30e989267a357571f165a027f596217cbac4bc33fc074b4eb32f42887c4e342f38c176d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a66f48ed25d556779d53061c1bfdc2 |
| SHA1 | 5c7fd6127e476c3d24f702fed59cc4468b6b88b8 |
| SHA256 | 43c5c014eddbbf2305d53ca5e1413fca3eaf3db4d50e79f9303ba64bb387f41d |
| SHA512 | e84923ecf0e98c4f552965ab12589ffd5622604b9c369901cf0ab9baefddad072e73615fd86174569f3aa626d3177f05b6a7d79aaf102c913431ea3d8b23deb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ae1a4e9231eefd09cab1f9ca5ac6fe9 |
| SHA1 | 885e860e1c7b4f922ce37537bbeb7b69dd441d1a |
| SHA256 | 5b62ffd22ce27eb158130c4233d8cd7bec6e1ec94b87bbce591d7eff0651f5b6 |
| SHA512 | 6a858d6e9096ec8c63799024dd164294e2be75385fad491968692ad4dd3be975a2871a15f50f7b1fb7b4980305dc780f83b0de42a64a1511374c7ae4685d2e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:48
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ea6e42b1dcb39dfd97068a82a4bf56_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdc4846f8,0x7ffcdc484708,0x7ffcdc484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8516936991890734844,5609565694210460405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | pneuex.com | udp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| IE | 54.74.6.207:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| FR | 13.249.9.11:443 | count-server.sharethis.com | tcp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 2.17.107.130:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.6.74.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4856_PUPFWBBLHMGGLUBO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2af83b8a0c7b433985c896667d59320 |
| SHA1 | 15e504ce39616e34c3badda3373c5fd4d8cef620 |
| SHA256 | 60bbe4b2d3e2210de71bdc90c8eb2a3b0df7dd84534ce4f8f6a12e2c40e6123c |
| SHA512 | 862b1788efa5c6b3e55c997f42d4943776f92d1f4100b9ad42705ab5b1d0127e24629d3fff3bc2e2cd022d9505c99c4b2b3927f8fe3ea121d181805384e0bbdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 54cf7ba34c487158f955b0cf1556f61c |
| SHA1 | f4684d0ab5bbbd128b740ef4d7b88f004cb9894d |
| SHA256 | 73f3801a1e21bd53b0df56dbd90fc8db989ca54a0c339c6c715f698fb02edb68 |
| SHA512 | 79f45358248aff7106f36ee8595fe01beb57bc0dde1eb89182c553e45f6dd58a678a9961044fa21f770fe2fef9a8d80516c14944662a914f467849afc9730a18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 866e6df801987db3a87dc08c550d199e |
| SHA1 | a5b360c889bafd4a87d37bb1ad4deeb006e03ca3 |
| SHA256 | c5727c180a3d6dc4e1645289f6193d78d30af0d678fcc485dec8c933412b4f43 |
| SHA512 | 1765bc83217ca1a04972d90f37a34e876a37e945287570b3d83438f7108a53c999bfe25ea2ea0b4ebd96fa431033d3aa5cbaef043292cabbe05232f44688844a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40ed53634ff6026c49c63e83f243f306 |
| SHA1 | 2ca4c541ca981b463a6148c9efb3b9436fcc0ff3 |
| SHA256 | 584a6bb7356099cd13c97a6ed09b1dc0ea88ce33d1f8bbd4307f930caf5de755 |
| SHA512 | 31850adfa2f53208ded3bff0c6698732212e7a26651d13b6f825925ab46554cc633e8fdcfa1c7ac4b5526dfb9f4088088fa433261a193a16423214bac6cd87a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d0738014488b793fd254b4c9bcc445ea |
| SHA1 | 36f4f3ac436e3e1827bd91282bc79aefe296e28f |
| SHA256 | 24b22739ebb00ed04cd2eb6b6ae3399cc57f286631a8a85e9fda73a8b31da9b0 |
| SHA512 | e347ffea41608b6968c92e7fbf2855459b0e26abad1507126a04615c4cdded57aaa2ea8f06f347edbde38e43cd7af788b049f99725eab605b8abd0badf44886c |