Analysis Overview
SHA256
5c5616acfc7569dd6950963d173cc71ade420a63abc5bfb3b2453c0d1e62d7b2
Threat Level: No (potentially) malicious behavior was detected
The file a351c31f5ca01ce0b49956c0f057fe53_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win7-20240221-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000088d40f2de570e3458f3a9c3fe8acab7100000000020000000000106600000001000020000000b07bf86c8e5c1c74ce52fda0e2fee87d5904efdf30afdcf7d65deaff584712d6000000000e8000000002000020000000cd323c829263fe5025da6780a3184835443cf5248be634969942b5efdd2b0b4e900000008869642d29c64063a1cbe72853d857b246e56f0fcb5b3e46d9678ddcff37d055da285d6183d81fd11fa5aa667ed207e78a5f26df16f0cf40ffc778f9bb48fe9a9912340c9c34218d26fa76da00c292961c5d85430a507e5fc8f8049c5986dfd8e235bd3c419a24fb6d807d7cc3fb8fd7f88bda8e4aa2493325824945450067af74c691ebd72c1e806da4e92dfb8c7d6640000000d359e02fc1c6c59fedb5830062b602fd2e2050d8794c41c11ae849ed62c11324ea7597e5fa3f96f5e5bd33dd446375b003fb2bf6e48aaae86eb7df6c8f3ef851 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403172" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50339a322fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CC8EF91-2922-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000088d40f2de570e3458f3a9c3fe8acab71000000000200000000001066000000010000200000005e5848f83addcd8ccb87065f55bb816d3eb10ebd0dde088899f59bdf1b63cf8b000000000e80000000020000200000006a61f9f850c0a6dceabbb999089d8ec79a63d3c121cb9812e686a222a5da790f20000000168e70a3a9ee530eefcd45fb017fbddf8442a8287bd0d8cdd9675473cf6ec0cd40000000004aa0a8eb8a9f6cbd8f885d91cd66b62fb54f96f2b82fafb8626e3ddab15c1475472f8e424c8042078ebea6aa3e73b4302ba823a4edf1cfd136235670a03ea6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a351c31f5ca01ce0b49956c0f057fe53_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | idocka.ru | udp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\f[1].txt
| MD5 | f7e21af962940a0ae904ad7ce82333d4 |
| SHA1 | 708612aa29abbe5f7c8f39f9cd4e864e6fe0511c |
| SHA256 | 9b578c3d0ee14203e18134e74b81d266f3ab12bfc65e8204a7b2afeaec8d4446 |
| SHA512 | 286a8e9f4b87c635510e2f796ee587ff6ff5f19beedd8e5b9c8f2b240dc8180bc48c647fa4bd07112c3464ab0406dd6c2d9ea68e2fb3ba64d1b5c8c569ae6b6c |
C:\Users\Admin\AppData\Local\Temp\Cab210A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar21EB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dddae5dbb260010600df428f8329a48 |
| SHA1 | 5b9c5337ca434639507d6fced0f1a2c7780b7040 |
| SHA256 | c5ac84a397f5e32c07abe62f6d996f3c93a82dc7253e534b26bc000d4006e4c9 |
| SHA512 | db32a02a3118ab67d63277caa620fe3387ced24e4040b001618366c11ddb8a1155930e42279cc76977487702ed349ef5311ad32906b1bc070e87d31f1d52f250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3531bd5be6841691b7f724e2c65cd739 |
| SHA1 | 811e55b0a0331da706083d2a82441f63010625f9 |
| SHA256 | ae1635598eeeaa73b8f4b4fa2db917d6a7c675d7aa19697fa28bda72966d8b18 |
| SHA512 | 26baef2578bca0cbc3035de3bfe413aab2e716c9d66db655828abb0156145007ba70bf52544a353681f57aa903a3fecf8f7e74a29c770ae1296afca798e6d9db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 280f373ef9f568f7249d98cc0325cfed |
| SHA1 | c93d844b27e3575c5f7a1b0e64d9838b3dcefa16 |
| SHA256 | e96e548993dbad6122d0f83e4cf641e4477f8c06b12511a281b5e7db4a12b72b |
| SHA512 | 9a0c38e4df0b29fbdd449f7efd825469353f6372a6ad196da8ee61a3b7455cc932149e39e635d93dfffddb5e4c2775b4f223234cae10a55788609212194c0c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7823088d979c38f2e6a4b2061b02e9c |
| SHA1 | 37942d2c3bebd5ea4bd33093dca0dc575f1fe39e |
| SHA256 | f47193f96e5eaa441c9c67f3420bda5c2d6f5f36fe7eb9091b5976cba5108c12 |
| SHA512 | bb51108bc70809c3e19ab5198ea2e0ba5117201e8267b255c5e1f2f7b19f0bdadf3fad04b678e90723972cdcaff017ca6dd9135fae491268d9dda449674b19ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 118b5fc1f5a470b82f7913c054f3d826 |
| SHA1 | 03bc33241e2dba94cd33c73dc9e5361c08f11ee1 |
| SHA256 | 446f427ea0ba1b7206b059a325d34595cc914d977562057f68a42812a2b89de8 |
| SHA512 | bd877383b5a734737402c4afc7559aa3d42e7a37a6aff85221a5c2f5fe8d0cfad148b362fdcc2217f194e7cddc286c0c05fa42ad63ee0749cfd6f2ac57d18fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d1375670ccb53ebf19659fd5df6f5ba |
| SHA1 | 9de8bdd7e1f3a07ae57926ceca7e6c81552356d9 |
| SHA256 | 93c34b5f67a638642204547ff6c0ede6f1a0a61a232dcebd55c776a746cf2687 |
| SHA512 | c98dc3782ae05ba7b4204d0b5ccd585593775841ad22728804845fa72ddfc4fbfe4ba6881c32afd9e134620e61884e21e14eac4f625b18a7916e000be914af53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ec73382892dd670e923dceb905b43f1 |
| SHA1 | 777775ce2e5248dd7339b8272a51897227a19c5f |
| SHA256 | 8fa1c2e489eef46e1b7aee937a55cf186c65868506c66afa9ebca66ff6554df6 |
| SHA512 | 07c549ba4cbec0c8895fefaaf1d8723e84516ba37e0d27b56014f26cc4765120f35ab24e2bf6dd9d81109ecdc93b79a71e6cdcfede36cafbb1a69f1ac592caa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0bfd2cf74a4fdd19a6b5ab5c4544885 |
| SHA1 | 3c1d018fc2040cda2992e0c0ce6566615ef43a05 |
| SHA256 | 3beb0f604789267437484bc4f5441da605d87ed8068cdeea828033116cfd024b |
| SHA512 | 4e03d2b055286f660d6cda99de963a30688ad35760f04bb2f40e4a96fa64bd8cf921e290abf74fa41be8608a5d6b885193b16719074a5c791e5c1fb304d4059d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23926cab5443aa2b2b736397bca88a52 |
| SHA1 | c1bb4bdf90ed548d96bbc97a8e939dc1f0aa13d1 |
| SHA256 | 96b14123aef2cf2c2f97c9310c59477e7e1b23dad5e4a57731255e1d008eea57 |
| SHA512 | a9c6a6eb791a4c5b7c18b11c67348daf1b4e7045277cfd6bd796283c491605b8f362868cba7e339ed6ad525678622d365dc66bd2cba3d65a2fdf43ba9a8915c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36a45665c7667e93a4ea4bd61f65345d |
| SHA1 | f10033e0dab579e9b9e04028af40692028412550 |
| SHA256 | 0e9829ada22c210bb0a4f79a0d5e5586c15f7f89f4911e77f449edc28fc7d1de |
| SHA512 | c2c27264f57a8ded1f2e51025fcbf25d4d9fb4d950aefef96a4d30f1cb95ade21a61b2b8f3c85fb1cb669534ed7d9bad1573aab12dabe8e32c475c0eac390f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcc9a8b5d96d2e2dd5eb2f20fdbc2663 |
| SHA1 | 1329faca279cb1b5f7eb03800c05182c9470a041 |
| SHA256 | d9840cb9146a709c4e57a864ec5039d58b0dd3dad9c2691d48b283d874fab49d |
| SHA512 | ede947c4db61d04d9a8e35168991b0a5958647ca51f511f9eca9183b2ddf2a86398d95a40e27a7f77e0adfaa075de2453ccf702a59f83babb54e0c4e350ac64d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 113be2720707ee4ee9a40b5ac5aa4e28 |
| SHA1 | bad68140a0992a66935993cf7196e2bd63472dbf |
| SHA256 | 537cc24bd2914907b85e7cd5552d54e435928a225d2e0d98e2e7efef9f72dd88 |
| SHA512 | d7b644e218720cfba97d1d4cfab871cdb74ea798936b1922ea1511689b19ffafb8599c2cdd036dc958588c3cbbd3656d554cc40eac6849278906b8f5df3459ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec2a88cc721c00b2a39d5a1d0f810e8 |
| SHA1 | 766b2928e10ac8eb3e017c8df507f42e63f0701a |
| SHA256 | a9df0ff95a244e37df1849bb81ce700396af832230d8108ddd82d223571052db |
| SHA512 | bfb054a3764d876163102416f5ca3962b2f37613d59a1a3cb9daf4efe4c3b1834037be198f7090a78ef61971545f48e0d3f33c709db1faf3b4f384632528cde6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e57edbe735b534c947ed37754320b99d |
| SHA1 | 8083c683c8d1f3ae750a54aff1dcd4b32fd8a91c |
| SHA256 | f55f223a8796758b7bb891590bc0f8c22a3767467de96f42246b755e9c80c78e |
| SHA512 | f289f76a021f85f3659deb07386f2c52d1eb0bdee23e8de6082ebf23fb119131b21148f3d9921d9befc04597de4c1644f4211101c50f1f0cb55be02087d16718 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ed9ba379e27aba6be13c6438bc924222 |
| SHA1 | 95fc1a5bacc2059f58cca7d9dee93d30b9b3d3f5 |
| SHA256 | 2bbd2ded0f3f9a34eaa18ec609516cc543f90653bafe919e68a3ca4e13d94698 |
| SHA512 | e85282ebade5e0304b9ccdbd1e6cb0b93dfdc04c4c3e0b023028c9dbbea0ba36d257fd5497ecd480eff33ee03b9d42fd8cc83c6f9366183f57959032b8d78a6a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:15
Reported
2024-06-13 01:17
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
158s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a351c31f5ca01ce0b49956c0f057fe53_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc825c46f8,0x7ffc825c4708,0x7ffc825c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7875935181536041743,13397916550787814866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | idocka.ru | udp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| RU | 176.99.4.61:80 | idocka.ru | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.4.99.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_464_AZMDRDHUSKZONRRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a4253b0609e45c554a38d7fcf9c9603 |
| SHA1 | 330e75e06195d9275bfa99349feb66b4933347a0 |
| SHA256 | 4f91f900c3370196169e73acae4908cbe380905c07a39aa56e863bec366b3d0f |
| SHA512 | e75a7fb317f3b5309a1d75f81bf787840ac6926b180de53835a71f1f396e2bf57b7038f82d0fe17e809598c9b36e1a7581b810a23332f9cb5fd521c37fbfd597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b8f00bd79f890955803750a0e0048bb |
| SHA1 | c6a3af1fe5bc85c49a5abcf27d38167f5851783f |
| SHA256 | 386a5ff9a9bd7d287b4664e7465cce20a4eb0ef6e52c575835e7393376d83f86 |
| SHA512 | e894259c1b8abf1b3ea914cb89349dec8531894a11e3418a26107d83d3e1384b0dbf2cdc2dc0bce40a427acdf1e3ba6f1a659619f9d6caab231a882af9db8026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58631c69aedc6159995a94e79096526e |
| SHA1 | 3f86a8d96b15a9db4101db0140b34892af5a113c |
| SHA256 | e55bbc244ba325aafddfcac95500555c8df25133a9fc235597467b75206b8303 |
| SHA512 | caebc7a2e4331a25549bdb9222a366652e324f19a68c1c07cb0a5199e216a2803c196554efdf4a7133f6baabb7689877aa6f9753c5315bad72cc4e57dc885e9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4b0e5f7fe34397e7acfdc2ac19c4b54 |
| SHA1 | c51aa0cc7431afec49dda55b4fc6fda9f4f2cdad |
| SHA256 | f0a113c25d3be5c064ceea54ce6d194a795b658e9934c111188c9bf160012763 |
| SHA512 | 36bfb633c7c6e194fc1b844118598d9b6157ef1700dd98f9f1c5953200995c0ea258a7526889f2f8e5a128a340b0d996e1bd8176031d29678f2de35a1fd3e19b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 156eb6087ee4f61ad6431bf471a66b23 |
| SHA1 | 0400511e03898c1931f20bbddb246dae68e5c562 |
| SHA256 | 6fb940da2eccbc54e598ef0fe798a36b4f827ff48e1996a0da2bb9a74bdff702 |
| SHA512 | 697cf8609c3f58bd85a85c001f8adabdf891bd81d25f2fbac5fd3a31d5fdebc2f7a16817b828467a0c53d1725ca4e7b6ea26d11a830f940d8484dfcd155553c8 |