Analysis Overview
SHA256
2a72816967504e938cfc63fcfe6dbef83093b2115bf540fa4e1a14d0388d8afb
Threat Level: No (potentially) malicious behavior was detected
The file a5d52574a9ca2709441879e466b7d2d9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:39
Reported
2024-06-13 13:41
Platform
win7-20240221-en
Max time kernel
121s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54021901-298A-11EF-A34E-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000194bdf251f67e64cbfa1d0ccc96c100300000000020000000000106600000001000020000000cd5534d5fe67df6b3111af0a7092dc0c57cfd7152cccd3573dd7bf2a258f3380000000000e8000000002000020000000bca70ba142d209b2d76a499668456b61392c49a5c823f13f35480bd10f0bfa522000000096b0076fea3e66a07e34bb66eef572a3e646c2191f8c1d894b865fa365e6249a400000004aae21a106b240f80421280d48ce30f1280ac6efb36d72fce7ef3df651cb08517e621988494f1f832220d39a0dffd4b3dbfcf9b9d17b962a7186fc42053dbc95 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1063b42997bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447825" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000194bdf251f67e64cbfa1d0ccc96c100300000000020000000000106600000001000020000000194784a8d3e7b3c56f18d88f2fb3fdf477cb595512b9c06ed627cd337879bdd3000000000e80000000020000200000009f3926cdbfee6c25466cd7044aacffb98e0b577f2afbb5fce2256b517c8ff5e9900000004575fbee3b6c90166fcf1e243cc7f8e64ca306ae25306ec5cf8c17bce8c6a3652b44b0c076ae59ff91c22b7559b84026d257279d4df8cc2e6aa0c722bb147c3084b184929d4f02ff69ebe4928f2b4f0636c9a595dd9e8a399df0d5380e8c5d5fc050f92702d350dbcd92f710fa3a532496d1f3ad0673570f37f028a81eb051d0ff06848a9ecc15f80de4c32ea536ad94400000008c737201382b5da6d03178e175606bda646c72d6120ab5904ae3b6d4dc43beabbd949594709f055e1930deec363c91a8c4c3235b04801f6724077a6a21489c51 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 1928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d52574a9ca2709441879e466b7d2d9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 23e309f952772bb085d769f381473539 |
| SHA1 | d22609d9887007379a295d7a9712cd796aaad469 |
| SHA256 | 40c55d2f1dc8e918e0d366797c8a64e9057f11cf5a046fc0255462491e3098d3 |
| SHA512 | dfe75fa208d269a5d602b978fa753a54fe42d37bcc1eb24a910fd9ed16cbdbaf4ab962336c09f3e079dbf6baea3d9c67f04286ce84719c7b8f80a493b1f14123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 099bb7d10bf9c095e41d1c8d5cf307cf |
| SHA1 | b9293c0fd113814c444687c5e2ea944dd14595b2 |
| SHA256 | 505d603bbe98fe83f5e714c14a1af419ceec6c79fdb8a42ee6823533fd04e1ea |
| SHA512 | e754371b3c3696b48d86d7e8ec81712f9e777855399ed31cd2d7194ebf0eb1cf2100a8e5971849e761c1852db3dcc3930e27dd2d7bd3add049cfb342a14c9d44 |
C:\Users\Admin\AppData\Local\Temp\Cab347A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd9115e13f09f7498c4b020d4fabf6e7 |
| SHA1 | e06fd99daed1c89833321f9c954c5736972d3254 |
| SHA256 | cee04d9f9ce38356c255405db3d092e8cf1e71e8b506efdb0f24355d2ca98cbf |
| SHA512 | 98393f4c2bd2aaf3fead3c69bbc64fdad9c0d7e943890b36fb6208ecf4a2bdb6161ca8316a8ffb9f81d44ae1544f2e0d879e12194f9671957abb7c7b66dc75ac |
C:\Users\Admin\AppData\Local\Temp\Tar4B83.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4C75.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 252403bdacf318240447cf0760fe80ba |
| SHA1 | 8edacd01e199ee0635ac96ea6779a868ea74af07 |
| SHA256 | 2dd174df78e3b545ea194ff6654694ae6faea573cb2ee0bc220f74a4f10aa1a6 |
| SHA512 | 68fa2e17005543fde0307033b71a9b24417757a18f60105c6e4d4552b6722451075cc188ca9ed12cfa80fa0f1bd178efc4f7e7dc7f92c87e8d9134a6d7971a7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3de46b938ebde1137d5dd0238a6636ee |
| SHA1 | 009818f53d5ab0c276c132b586c8c9048d5b86b8 |
| SHA256 | 3e2e04e8342fe393135005e61c9de8cd62a4da9c4288faddb30d9732ad70d2e3 |
| SHA512 | b916676fca9d815810bb8ffa1d4346ca49c4ef10524c93218bb08647b798b1b3a9b1f72afe0a99d53287bb2b83413f4cb179b2667801a524177193f88b6f84d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f183914f63307cb25a210c39cc16af68 |
| SHA1 | 66b1a1b6de34181ba78f74e4b12a30f19f72024e |
| SHA256 | 68aa5b163a55584e32ee1b2113bc302fccef18711468954845254751be3ec8b1 |
| SHA512 | d3fac5af16f463af968dac4ceea8739c777244539cc5b0627ae9a2a17db465d27d679026c50af0d74a5657414d475ef17ece1bb5168f53287f9100e4f0ccb5a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 142a4af475818eef1621eb1b2131654d |
| SHA1 | edc58d46d2309e3ab7a2c6728a0cd3af890d29af |
| SHA256 | fff88f2d999f1d634c8cd796e2c761fc6a97bcde3e8300d90120db4a13082e68 |
| SHA512 | 9ab5fe275534afe320c12268627a09867a9595491a2205e28a431531cccaadb65c4873a5ab71841629a2dea7e95324c9d547cea39e899b55b23d69f6b927debc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2958c58b6db9887bd6a0f668312083f0 |
| SHA1 | f938bea742b2fc9e57da61d1d2a847a2b0d13e42 |
| SHA256 | 6d987dd13c0c12f0e53d6b40f2a46a2b9b360530cccfbeda804537f9cd55c819 |
| SHA512 | 38df73406097fd4edcd0b4cc0dc806a7a11f9537fb3e1223bb8d3bb2c214129f3d17bd86c944b31b53e30dd64ef91265f76dac5ea0d77f9b32d7f20980a54786 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84bb4eaf33c3272ebd5179f23b927383 |
| SHA1 | 44a12196b8d8d5882a3c09ef02dc44db2f0a4666 |
| SHA256 | ecd873bb41ae3dfb0ea333b2570e45d2bc9444672515ccf776c4c90b62a338de |
| SHA512 | bf2a7a240372acdcf5bded8b91b1cf592d2b47839e35f84aee8af1c98e5dca8ca0a76149dbb07add1b2ac2bcd3e7183a23cd21d63414c77006c1a58fe5d37b83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5956ecabda95bed7b008d59f98d67d66 |
| SHA1 | d6f0f5b294d8e3f332165b8158d67420416ab09e |
| SHA256 | 8060ca3403b5251b61bdefdf8144a29051804d1eb84a1acd66e8d6c830510764 |
| SHA512 | bcbd55dd43fbcd1754f7f3a0d0f9497320955c513ab50f32c6eecfc3097d6140c09cb60b4a0eb0cf3a271d02e7378aa5af814d094f1e49e8b7f49998ac23b69b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 060222d1bb9441f9c560b5aab9cf7d37 |
| SHA1 | bfe9290e2c43e2aae8c228a7209d59235ebffcd7 |
| SHA256 | a23d749e9e80e5fc3ca177da5a625ffa7bacb59527835f6a1b8afb6c186cac0c |
| SHA512 | afe2ab4c0cd50929f142a4bc4fa294351a2d3663f6d560b1accb1617e767d4201587b0bdece3939cbce109bd8ad23d39cdeb72e85db1d0881f11058bd0c90273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ca50817260182b5982fb812895222ca |
| SHA1 | 1b88a5c751701904891b71af0838c1476fdebbb6 |
| SHA256 | 1d9388d0d12239282a541fe9d85f65943abef93e1212badf01fc14d06b0ad1cc |
| SHA512 | 6bcc244a622a7506c5da5babb6fb7475dc8f6d4d570c616fa43369ad42844afda40b706cad8b1d1c38429f7b27bd76671231d86abfce559934b49869c3493c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 478e45c5f9faeb5c2597e4dfc6791193 |
| SHA1 | 3058a7a093566d010b3feb5e8eab964581496229 |
| SHA256 | 3e227dcdccf164314a8ab2619d598093fd194b538faef1a0fb44b661716d8e4b |
| SHA512 | 13cad331732caa64885dc67c8ed29c0ca320cbf5c0724b1cffd423d589c86091cf61a02720825f029400c3850d2c6b43184a80d6308a490d9893c9b1ac2148b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 29f85d8cf9f857012a08467161f547e4 |
| SHA1 | 048a455153a46097ad705b4486a1af2e9192732d |
| SHA256 | d934da54e9c917539f8cffce74241693be177d67abd5eec163fd85798178b33f |
| SHA512 | 86ac722157624f2feea2593a4cd408a72f4d147116b4f554ab154769c2983d2f5f1746f85548ae2463d9486db417636c6817187d670466d91718f9f85e726804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e891166e7e5f517c05f28106ebfdc2a9 |
| SHA1 | 3b684272a1cb52c5a87ee7a4a95b6562f448c1f6 |
| SHA256 | 1191c49d1c3a509d0a2c3cafd929e28141e7569c4b81313e6c8d1044ec7a086b |
| SHA512 | a951aa4a812a13b95cd2d586f464ebc700f319ccb2ed98ca8c3f79d1575463175b1f82d921779c0ff864d6e86bcd544809d12429be8bc647e27b424c00f83f82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbffad56d6cb3dfea18e7b0eae3bf269 |
| SHA1 | 9f7bf3ad2ed09ed5817d2251a85aa6eb0f67d562 |
| SHA256 | 3d920dde6c5045ae15d5111c919f93e75463660ebd5c523a70894e2344296ebd |
| SHA512 | 85121e7fe35efe7bc99af8c5b95f66c4bc26e2ebadd9c08b9acbdaa64b767137ef34259adbf56cc804539aa75e0a56bcdcec6a21586eb9211d4ba373d0fd2c05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab00f45d5a8d721ca65c48b28cf79c00 |
| SHA1 | 598f91547c010506cd1bcdd1f382b1abc0b5ae5b |
| SHA256 | 3e9fb6cf84c2c7a1dee8421d30f9f7794a9509772ecf9a8499903c248ecd46b5 |
| SHA512 | 5bcc31e631ca2929e4707735957d359d43d69e4fabf7b27948a25b621626e4720f9c08f092ac9f22ed0aa6806c7ad2e2eba5b504e8106f343d583b4c1a7d0c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1aeae1bf52b5b3997f2c2f7f42e9156 |
| SHA1 | ead85cc7e3dc402d05afd422029e2235c5eddca5 |
| SHA256 | 577167df84d1762f87ed555ab9d23b0909e50ab03f2d85d4660de03fa5be4bd3 |
| SHA512 | ea8b2f657e1b0a5b1e8f9e315e5278e57b46810a646aa1c65fbf28330db923e08ce84bf303d675e312219ea03e057f03b4b043df62402ca2b48b3e00d56f8a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d24be3f89a0b0b5fdf36cb656fb74d7 |
| SHA1 | 01a81a59729a015ca113d99684cbb78b55e9a114 |
| SHA256 | bb476a6a86b9cb3b3dccfd299b9966cc9d5c54c9294adf497ac6705a352863d7 |
| SHA512 | 50b518f19a6ba679b92b8bb22fb8096f2f9155e93db461b041d630489c7e757440ccabc9fa9dd00c957e121aeec370306f86d28d3bbd062477124883e473a2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5fcb8f039f84912e4d0cdc79bbde1cb |
| SHA1 | 4f2555b51772ce822c17362c16f537348fb49649 |
| SHA256 | 5565b26a03510ccf659aa72c390ee3d1e487136ec8d22b05b837e61fd944b8cd |
| SHA512 | b1d0aaca28a16c6c303ba8c066a1d8aa3a04b537688d177c5308e5fd1f35c6ff5fbd9cea7bf12feed569249128a78f12aab27824f20a9237d1afa27a0491172b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 626edde854acc95b119068c969724bd1 |
| SHA1 | 277be81f94b2d5437af235de6802734f82f9dc56 |
| SHA256 | dd0415ed1cb28ea48921e6e322913d7208b51ce9950cdf8b34ef5d9d3f8c4467 |
| SHA512 | 4302954755f7e2fae5c6ed903a1171c0995ed11469321d8bd0131dee22a898b711f903f780561e4aef12ba24929d7f7f5a0e887e39546f23c302f90c74f7fb42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0903a8cc37c7ca0fd410521188ebf27a |
| SHA1 | d261165d913eb85199e68db378ca9dd59b7bf404 |
| SHA256 | 0f0e18348ad783fa41f26719be2e99a2082fe8e016decd001c1818d0e7649e1f |
| SHA512 | df244019df41b899202a65144d698a28081c473b765eea52a194326a94f1c2734197ee827bbf361e2e6b59606459029c2b11ad72c0ba6d4019140af36ea85585 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d07b2a7595e6f890589dfdae8598351c |
| SHA1 | 6fa9d39a943b89107fb75de86b52b8fde64a69d8 |
| SHA256 | ab6c3aecbaa4c0c3a29035f0b62a0748c3ff865a46ac854155a15bc2e36d6139 |
| SHA512 | eaeb13b8132584c19c64ee3546228f81e418539925c7f4538ecba587a7dd1d9857bed9f5ab00f994cf64806a194a2d4c7f679e7edb53cda229e2627706bf5226 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:39
Reported
2024-06-13 13:41
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d52574a9ca2709441879e466b7d2d9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,18332077905920495407,13556246970801251771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
\??\pipe\LOCAL\crashpad_4748_OJPIYWJQXQJLFBKB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db9bc048b56203856e954d6e9e5469a2 |
| SHA1 | 902c0f20c045c48abe7c2d1cd6a71c6e5ca30bb1 |
| SHA256 | 02b1d9dedd13c99941fb69519972a573f29a98e11d5d1d5f4ef70f9e2f5b45a4 |
| SHA512 | 17f410689a066cddd8dad52890b539a712bf7b4a1f4d15c792de7df0840637f8986c27bb11729e3f802b7d28c09cbd5976ad3ce94928f29b750f3fdb488b60df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a7a72ac7f78029d2189e826267605f49 |
| SHA1 | abff72cf8804df32e579efb875ab3f97e4007389 |
| SHA256 | b3fa90f4da390efcc73ee8ed76d0e7ee6ab2b08c0dcc6bbb2172bdf76ce812fb |
| SHA512 | bbf8968c81e2eb2ab4083bc67ce2ea4f50a75f1c453a26aa6b2e16d686a60cf7d6fe292f142b41712f0f8cd9feb853c0bfdd9d6ab258344684d1b6295457491f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdf3917485cc4120b78fea16ed07861a |
| SHA1 | f261f6cc52b3ece2f0d3e3d9bf1df398ecec3e78 |
| SHA256 | afb9eb8aed0dff9019309b59c93b74b47fc5c748c58984027a578e62760dbc2f |
| SHA512 | df5402890aee04ef12908563d7f46d6dadc39e232fc11987e7bf0f8fc0c731e3ed03abc50287c5ec2541f17c3538b49e476c6d1c9abed9fcbeb1dca82a9eb04f |