Analysis Overview
SHA256
d1be2cd5bbbab89526f188166c9170595269cf26291b27b8bdd0eb09ee5e7a3f
Threat Level: No (potentially) malicious behavior was detected
The file a4ee4d705419ec0e88412dc86282139a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:51
Platform
win7-20240611-en
Max time kernel
119s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434022" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000da0ae6c00414ae16331af9f4f571d4ac0230b2263f4120643a0c6e333b009bfa000000000e80000000020000200000003b51c64d5c0431fe36c15aa128ed5b92ba9ff6b9986623d6879a1a182b0b1ce8200000001a19392736108f1f517641506d0d97002e3007f908b1b15d91583f6cbe796e5a400000000880a84b8d3c63415709d4f1e02ad3df489d0f6aa9f22c5b560f21b1d35e96021bae16a2650ce2083c3d8385572d22754cd57fc2f2ee88a3f33a4b57d45fbd47 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{300D1291-296A-11EF-9266-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9032750777bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000063ceaeaa1f6a03b270e34bd2666111ba221878d2148096d80d1a0b4f924cb235000000000e8000000002000020000000a8652a2b2a5235c677434625661af53233532cec9cfd1505795f17b69ce0451790000000cd46453e24740fb382f2737dbacbb4c6484a2c2d3bb7875b91c22d3bf46eb1b9dfa434a79dae8fa025799490cae27b22450c47919a253b72402819d89f0518036dd096eb6cd389971246c54b6f8c40245fa9c261eb6f95982d80025890e45a17db5fa6a4e0367c9722478d3ea57b96c784816558aa7af578d3d9dbbc6c8d505d3de9455da95d158e45b729466cf4193940000000c62cc8d146024ba9466bc75be49017c06b19d57429f84dc8078cac1329158b9dfc38e4ad8a8d4d79c9caeb4e3b8ed146164f939dd80e73e06020c29ecdaec77d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2124 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ee4d705419ec0e88412dc86282139a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.235:443 | js.users.51.la | tcp |
| US | 163.181.154.235:443 | js.users.51.la | tcp |
| US | 163.181.154.235:443 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab63C4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar64D0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17830f9ba66663d42f8dd2447ace839b |
| SHA1 | 90242a5df4f2a76a228980f037d941d6d02af23e |
| SHA256 | 9188cc0faef7e9da8625c4d7412a2d51b667c18a417599f78ff466c1f8fcd403 |
| SHA512 | 54ad67850ead8cd6397628b753a4d4d0e701fcb4760751134a66baa403fa075f511caedde407c17d88760a75084bcdc8208264d508bc57c9b89bfd8027eccffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39a99c2eb060d8d2472b24bd425ed18e |
| SHA1 | 9ed680c3a9a9387a7f14425d553f0f7fb6ca23ec |
| SHA256 | 529ee766a6c17599578c4d8fccfc12b06a78495f18efc9376f0ee6e5ca6388c4 |
| SHA512 | da640a7d4892bb39eb4c6764ddd26485d4997749841f0d62d029457407a13f8c032606e7f1487b3132f5425075556cba04a28f6fd152d40c7e7ee150179e0767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 856d66529a8e3f25058db5b81bf5a2ea |
| SHA1 | ee5c44cf4d211f1d349a47ea55f0bdc21276580f |
| SHA256 | c10d71c765312778c5a72fd2cf4470358adab87c5aa29aa17fca18fce2054c3f |
| SHA512 | 0bbff52d229c3f5b1643d5d580dd387d1599310f0d288e6facbd4168c5abef0979d8f57f50d703a134ec9c1db1ce7d09a2c7269cfd8e32a6fcb52428cf295b8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e9901bfc94aed41f4fba90a5b14cdc5 |
| SHA1 | 5713cdc8ca7831060fc8030044fe8d8ae4ff5b71 |
| SHA256 | 55d69e23d27346e77423862f4d01ad8dff0c58d9dacb3ffc0676c6ee1faad66e |
| SHA512 | 280acedf363642d411d30bbd6500d3c39982e11bb54044515686298adf8a079915290a1f8a762cadb9ca79a58ebeb4c31aff05147987dfe5d1489c8c7feed332 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 701fa1a5feb6abcd6344653272121b0b |
| SHA1 | e4636b9319e2581fc9b6ae0158d43114e54811b0 |
| SHA256 | b800c5fbdf2f1b0c5ca7e085c4871fc9f01cd43038f58f2cd02008da1044ba7f |
| SHA512 | 4ad20637d40f44a8885433b9414f8e970bfa45b973f1f410294300f593c14886029b07c2e4287e9899d8dc94c7f3a2d58ad39cc2642274434ce2449b5eb2faaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 752ec3e3379557a381baca8c1312b749 |
| SHA1 | 963afda42dd70d0af276457801ccc92dc2b32513 |
| SHA256 | c6ff101e2e7175699fa9cdad73ea4b5754cf57692c63f70d4cb8fdaddf0a0bca |
| SHA512 | 2b0799f53bd15e0eb4751dbf68c7050e6a7c1b64ab7df95b0e90b3834524f44144abccc6ad3e8231282e356a4a29ac9b3f6be5a235bfe0eaad62de1551137c1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9a0f6822cb25ae8cb9b3698f77223eb |
| SHA1 | 02b09aecef5d0cd1be8dbb0a6cc1ff534a2e0c66 |
| SHA256 | 8293050bafaaf3476e903caae3cfe1fd260a6b4e33d9c0290889efd874abe67f |
| SHA512 | fbd9270d76ceee2ff9c1cb4de22b587afcbf2b48e28512e0277474fc734336188ddc7245f8af978c00802caaf59d7aa93fefed42dbdbb3b515e5adcc2b5ca181 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf170195635c213a407cbc0eae00035 |
| SHA1 | 233091a1bad647dfcb59a7c7c6f6b9376ed2dbd7 |
| SHA256 | 84277e00d1166b2534b24c9506b4647d5e2a23be2999a4c5e442096ea8ba2d7d |
| SHA512 | 4e92845cbcbcc1ec01365108972927f34b918df26cca5e10377e77a276374a37f16a505db7496513d8db0ac36d4d9eee4e64f4605dd39924d4c6136d65710710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf8679c476ac09b680d47983fc806122 |
| SHA1 | 81cf26c65791dd7a1b84b31d7fa2b3e6568a248b |
| SHA256 | 72aeee73c0aebc509553976d8cc93eac51ef31726487b4bb3659cff175a14581 |
| SHA512 | db26956c9620589eeeb274746dca3bad2a2d64ea3cf9ced163c1e963564ed6a700ac363a2ee8bf346fc52a293b926a568cd6fa2febb2c8f1978548d45a36a123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8413144f322db07af044290d78e5b772 |
| SHA1 | 9f3e03408d66a8640972930b94b33a967969f116 |
| SHA256 | fc57cd923248f0f246d4dda60fcfe54d513f7df99ef00d2672400b8855154f5c |
| SHA512 | 47f2ce510c453d4a76ce7fbdecc4ee03be34dd150bafb1beae5a8ad430aa22d9607d2154eac9cb8432fe68a097d7b024867df2cf7f4a744cac6267a09b2685fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e358e9482da7c5958f8c2232d7dda8d |
| SHA1 | f27c164359f5b328f64cd77de640e97c40c088d3 |
| SHA256 | 167ada77238dbb04842b8f2cc424349c563b38bbc83c91f495ddafc617267a1d |
| SHA512 | 4c6011a5ccce36c49d8ceae2a4c8b117ff1398d5148e8d1d35684ef3418bc0a9b5732e1d0c515975dc58b2e3d5d4a0c3f8a7725746d8bd49553aadd8f7958ab9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef787434eacb9a8896eb330063cc32eb |
| SHA1 | 5fcbe73f3977ace6e96278129ef903cb16888161 |
| SHA256 | 2e24ed12f7fe5e00046583dbd308a600981cdb0bc4f107fbe9035e3532c58448 |
| SHA512 | 78c11ed41a513dbb95f02fbb4218a39d88a467a1f9b8970e5e67ee4e743361a4aafa068a3ab0a465a8603094b4356570ad5baa022a59424eecce3893a1313257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d28951857ba5c615b52f471c5077c6c5 |
| SHA1 | 81bbbb6edf6b1ac5d2cfafb84f01f1035f965176 |
| SHA256 | 18b78673d79a9e3a9c6c6ae919c6aabd7e5e0f974accba94c5b0b7288656cd41 |
| SHA512 | a0f1fad0a2b424fad2da8bd8312a0a4930ab498152f574432a9c2335ec179576687798d27ab0965824006c80422026c6c65d4d2d5413638e99c94d4380188885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 707fdc85d7fc1f924e129b5fdbbc8c5e |
| SHA1 | 5bb10eaee3fcab4d719a009b8693343a61d7c342 |
| SHA256 | c4c73a86fb85c70d6774a40e2ec02656290c6cc259656740619c788d4d21ca05 |
| SHA512 | 971904bf6afb814a4a028d4559433a2d1c40af7286a949bf8255fdb753421feaa88e81669d0ed07ef72fb22d28ffa8fbaef118030a4a0d6ae47c73b820eb7478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45020046bff89dc86e13cc99eb1bb9fe |
| SHA1 | 333bc3ac0bd1f1b1cbb44c5048039b789ee96997 |
| SHA256 | acc28b75956e01a81f3a4d8047d42b8f034c03d2be7ef8b9c5c601afbd5d8af6 |
| SHA512 | a60a64c4d211e6ab240dfb38d2b34cd3dc28a272fc73327ba3c57e40d151fba7ca69f263a2f5ba9e3f7e6d66864326b32cc427a291df2b09471fa8ca7052489b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e93884795fb4fdb282dc9a90e59d1cea |
| SHA1 | 81375f845282565cb8ecb9fbdcc81f7713feead5 |
| SHA256 | a51df9bbeccd3d5be012d357fe7e951c50b05bffec8bbfe3e52160382a30b80a |
| SHA512 | 515a7b9908bb77343e49308c70946fb281de92f1193dac5ac1f42d83c81a68025bbe16cb3d1bdb12b3ab73d378d9a01e848dea06567fe27f2276da9a61165e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c34aabb2e2ceddf7ec8eadfce9ad3f2 |
| SHA1 | 574543e13b2c9008d5e641f27dc115405c4175ae |
| SHA256 | c397a6b297a9da158b5fbb77ad4f303c077d81856ab0a7c88fc4de299c7ac265 |
| SHA512 | c6594fc66c614eebc1c963125faabb8c7bcf10689681334485a11ca0ef5bd3beb2eb53ee0b240becda3b36e996d340848f8425695f1882483247f333a680a2c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8932219e188e1173c267e5c77d0e590 |
| SHA1 | 7bf6f1278420fc49ebd45b350ea3553914f20da9 |
| SHA256 | 1457a9b4325845f3de61763648597862279606f81a6ca7b86d214041f271add7 |
| SHA512 | 50b3cacc48687f33fe3fcbdd537a9aa1190e32e5d28f1058f1b9c35b7c3613e4c88714214666cdf73a6f499cb3fbf450c649c3f8a68a84c7d2420fd3374ed068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff3ed4c35b8df0869ee9f9a85bef853a |
| SHA1 | 3d9f0afa61432f473ed931435b4894a5043d2433 |
| SHA256 | ba828eab3d8cde4347bed17be7996206c6aace4dd2be20b38aa5a72a669f3855 |
| SHA512 | 9d78c1d4736eed24f52ca3e7c9bb24efa634883a13a3994052ece8e7d9d8bf0be8cbe881d5f8413b3b2bc40c6ec896c9ccbb8ce10ac63f64e327732360431e4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9efcde2c07c8b7cfce787e32fcda7838 |
| SHA1 | 63b01850dc558143025ddf61aef7b063e5100b85 |
| SHA256 | 9424205f9a6d393a8c35daa52768bb80dd8e22bbb7ffd0f313d07b741c7fab05 |
| SHA512 | 22bb986d926af9b342deed95a5415a47aa8ba5e17927f901c956bb0ce6c7ce7e332436bb194a299b6a2c4c077bac6cd9fa8f531c0a66dd469fd55e50bf60b6eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43db04184fd7fb9717d4169e3a29f88b |
| SHA1 | 99b8b175da73db71feec27a2d2690c856848c3d5 |
| SHA256 | 55c7465304e544e4e1d9eb7662bb1e492e208bea3f11d85b0cef5c80f11ae1e3 |
| SHA512 | 956cbaf66a79860f22cb19035b5a0d716f978674eb3bb92a689c0a1a624591db8eb537925c9f1bc1d6577ec716c96e77fb99cb304f2a66a876fee2939f82f45a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e272be3438eb7529e88dd56791f9441b |
| SHA1 | 4c4ff14ca168b22f306b1eda764803d667e2cfda |
| SHA256 | 7c9ba6f68fd42da36d02690c59e548b2570cd012918001ff01891033ee7e89a8 |
| SHA512 | 1f74a0e9858719b30052bc302af12fc42aa565508999c6912bfaba00111f4e6eb202e00deea3027fa1b975b68532395337c369a7ebad3deeb878844721704963 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aab6e2fabb3545ac3f2b0a52f853d2f1 |
| SHA1 | ba185e874ddc406e6c00bc393f17ca12508e76de |
| SHA256 | 826ea999d76e0fdd67cd10d634a0b9daae4ef11ab317c487a662d2bad4f5e952 |
| SHA512 | 5d7dff9a621ca7453555197c4218d81394336db8227e2829edd575384a99689ab8ddb1513b5f7d49e0cd9513ee2836b461f8c6c2501c6023a76ad88e2c0435cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec5fc448d1d15b504ebb86bd9db90245 |
| SHA1 | 66f871a6909c2682e10a3c0a5676b5af68b7cb93 |
| SHA256 | 4b0fb827591017632082cbb3543ce5f68230179826c29ba6e2169619265d08bf |
| SHA512 | 6f0a9f7479793ba3fe4cb2c3a9674eeb6a27718adfdd74f8f0f58fe10d7e940df87f84388c801c39a07f138c176a663e99eac86d49cb4bc7aae620c73c1bda3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b0df4f7436a2744d57c8ec9b5f82e24 |
| SHA1 | b1ace311edcc0c783fb6ce41df67c064e6353714 |
| SHA256 | 697845dad5c8cc4afdb756f52591974fa4d1aa58295c4b74cf78180afa0097dc |
| SHA512 | 5f8cc18415367e70a59deb2b2d66cf45ba66182e90412f73168c0edccd8d672960fc37d843625cb32a637d63b9c4f6098ffa918a3256ed9bcb976c044238b82b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8658c32c7bf80af7b624638360211307 |
| SHA1 | ebb35cbe0bb2a0dc7d5e671b56c3acf95c453a39 |
| SHA256 | 68ab0adebb258d0e815e181cd947eba3ef3b5fd96971dae5813902a0a9fc731e |
| SHA512 | 1b2b58134d5da41b1ad8be2d0aa7a7544f0c662e4185597c9e03a0a804070daff55169b86f647d84f0f5407e2c718d2caf8c9c86b7f0e218ef5c1e6f8eaf6943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa966fedd00d56aae6a6448e780b8a4 |
| SHA1 | 3f7e053e621832ca39b2283ebb7eb0806388f3fb |
| SHA256 | 676f52e7566cd45508f778f8f8750636f2f1dd07121e5d9d8e470732b3abbccf |
| SHA512 | 848f1ebfe181ed5e9da66009e5832dd5f7179fa2cd68000aa4f31e40fbb24045478e209e95db39751f6ea3813948910742d77046919fec91f31395eed5256f0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deb1693377a378a8a075ee28036e047e |
| SHA1 | 1a4b46304bd6c628c57b51163b13b1ae4d300265 |
| SHA256 | 53eac3c5beefc1a2563e5fe7f95499eff07fd4e4ca1b9c6e066a33b6c8d20962 |
| SHA512 | f472d60eeed78c72b7316829925b0acb5d532679c0ac6f6022aefa3bc8e6cc773d27b910c7edc98e7b2048dc3de216754b8d5fab6b7fccbcd079f1ada1d8befc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:51
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ee4d705419ec0e88412dc86282139a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b4b46f8,0x7ffb0b4b4708,0x7ffb0b4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1077208600496225461,2961822468041148222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4348 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_408_JVFFGCJDYJUPXFWE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3ebc9b137c06ff1229200326787a157 |
| SHA1 | 3bd782444ce8836cd60c4338c7198a04ea609e76 |
| SHA256 | f8982dc191ae359923a0166ceb974f1a794e66fc3c529a55cb363cc053cf88e2 |
| SHA512 | 7ac07fc924899e3ab3ed6b6a6f838afb3b8e0c19202eb3472398ac4907f8002f372acdaf8da893b65aa6d32629d6a829bf27fb67f5f9ade9b12b3db38ecafffe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af2c0cba46e182a4b07e56856dcb3ba4 |
| SHA1 | 976ee3df99b7cc2b48e6a6d6b2f346a44ae714b0 |
| SHA256 | b0389d39c6193fb855d275658cabc78de6d878d5cc5eafe2415a98f4a83061f3 |
| SHA512 | a3b232174abb6e7d17ac8524864c66d76f6e4c4bf892d10f3c85061e69f2f7f1b5da26bb859dfb0bec21302a8eacb8dfcf298e3ed09c7160e99ea081f5b2a28d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 266f77b650bbfdc6bdc0ebf996c2fa8a |
| SHA1 | e322f600b5c4b22600a58302ba6b8a73cfc16116 |
| SHA256 | 0cde2e7284e9f6b768790b31bcd0a9b0e08f419988e6b2e1dc5f194498bc17fd |
| SHA512 | cafa5e054a3ae39baf3a3d3b807303bc5ed9f893e5fb5c0eaf3114dc567c4f54e4bc6110969dc9920d7e68acdefb63a97773269cb8fe8d8061af9c162046fa1c |