Analysis Overview
SHA256
8cc4ee6359f4ac7c43333561adedb4a3a03bc5ecdd12e5c17082afa617b6b5bc
Threat Level: No (potentially) malicious behavior was detected
The file a3b4a94a7a8b05678a45979ed0e53ef7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:41
Reported
2024-06-13 03:44
Platform
win7-20240220-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424411983" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb29cad0f00af2448d937e550ac34cb500000000020000000000106600000001000020000000a1f5ddcd9db095d32ef2c51b35e46f88b3fefbca98f65d6087b59374dcb0d252000000000e80000000020000200000000228c6c2dabc68cdde7a888cacf6d7ebd75923a542904c4fb84c2457c4cc0ef79000000003b889f98a4c8d6d306ab01d2e4b0c34ac6069c384d693e44694df5d954bd84359a18920966f46916633b2ef954fe447c9d8875aaa72f3e00cc716635c0d5144ae7f06100e596ae9ba6e60c2cd2de0f9b241e8ba42b211ed09f8128157db8ba455faf17e888802c3f89bfb50a30648e83ac9389bbd76f8fe43b9b9a9669f0f02e6b276f898ed3c7a61a103e9af176541400000002acd3208707f15e9a7a73cd498ba373f39764be4383a7295334b980e4bab1947ee85c5dfc9d060cbf1a6fdd178cb48b88aa3707a74177f554677b25697a9206a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb29cad0f00af2448d937e550ac34cb5000000000200000000001066000000010000200000006a2bd44242bfc92b0039b1e672501e18c5d565f7dc5af6203c77f795e2f4babb000000000e8000000002000020000000b001686a57e6c442261567a317e942bedf537964d4a32bb0cfad4766a03d675f20000000092cd017a007c5f90fab4c7eec5a3aaf62c793f2d67fc4fa8b2aed4d09f12c89400000000f43ee4e5944c5ec0d931d4d3eb9b6784fa8f5c97644f3d9186bee90005c6b13774a53bee26271c4596b52e8703e460e1378a2228564935abf778d431e9dcd0b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0124bb743bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1188CB1-2936-11EF-82B1-CE167E742B8D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2092 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2092 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2092 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2092 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b4a94a7a8b05678a45979ed0e53ef7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | ensiklopedya.ru | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| RU | 195.161.41.70:80 | ensiklopedya.ru | tcp |
| RU | 195.161.41.70:80 | ensiklopedya.ru | tcp |
| RU | 195.161.41.70:80 | ensiklopedya.ru | tcp |
| RU | 195.161.41.70:80 | ensiklopedya.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | 9093ea2450c0748d52354192c7eef419 |
| SHA1 | 6890e0306db2982dde3c99be2af203816b503ea2 |
| SHA256 | 1b60a22b3c1466a35242911a43d38f6ad4ff9ed9741cb16356519fd14e60e8b4 |
| SHA512 | 6997cba22799c5d82ed3477ab76d59bdff3d5ab8f9213f961f86fe0e9045a5e52d455201f6cd041526350135a0cc3b80fa95ab8c4509b8cc8d87f4b282be7180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | 2e0ff4d59654dda6a1176c7d8b3dc2c2 |
| SHA1 | ab75f3a27f6b9d97f3ba4238d0fe1c160aa8dcfa |
| SHA256 | 605403b46d65f0c4b0245a39a52e59a8b1229a7a7dcbc4af7f488e77da03e80a |
| SHA512 | 9d82d2b9fa9b44c73604a8f6e3768cba0d4df9bb81612e23f4d7c1b786954dec8867a8efc4ba7ad5687e5b8f29b899a3be6a994d511915f4b84b26faaf3884e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43a5650f5439ec6ede915dead62ad5e9 |
| SHA1 | 94f604af14503c28111ecd290273899e10c451d9 |
| SHA256 | 704778acd4b28396b032dbdcb1c06df0807c5515005fbd88ffd5d08eea84c7f0 |
| SHA512 | c1301ba5b53128da3430ae37c33e2dae385bdcb6a42ec4a3cc1962079d642d97c76739dae511634aa3148abaff5b2c1ad0f16a8098766e477b7404111736e477 |
C:\Users\Admin\AppData\Local\Temp\Cab32A6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar32A7.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39cfd157de3cee9fd7c66faac63cef90 |
| SHA1 | d776c58104f28892985859493e4b528dc607d3b0 |
| SHA256 | c403d3357f60cddaaba2b19390fe5fa402354ee2c81f9531dba2fd4f3211aa7e |
| SHA512 | 4f39a6da001694216423ee77155372d1af296bded1d1aa8ec64719ebd71b60de41afa31141071adddda13dc6b4201b3f0a670e020736443e64d9cc799b97ff7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3389.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01eb933c55a7849fa559ed9979bb1513 |
| SHA1 | e1242aa36f831976e8a5c8694701560500b39b5e |
| SHA256 | df320fe3c0ebaa81f8f36969986f90f1f6df155f48af5ddca9d96e7f32cdf353 |
| SHA512 | acff8b155eb553154cefee2d5f3945587bf7b8700c449d4b2f81482d645d7fb5218ad589a8a3e7313fe4d2873f8b136ca6fc78871fc045c974c7b5abecd26609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3215c2d2aaef40b5c8ef5458f854bc29 |
| SHA1 | 815112b35ba6f44dce4458b2c6972ad06266e45a |
| SHA256 | 330995eaebed03b6e59fe0a3d6ab979940fa195ccca99e40fcc295d03a64c4e5 |
| SHA512 | adea62254b0dc3b747b723137b7a1b5cf7cbfa8252db79cd11b931685e22272d50e1587352ab7201958e928049a5fb48a89aa65ccf60677c27c23f97375cbb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d60b0c2ad9e0c8d2c2b9a7d2c6b81e3 |
| SHA1 | ab4703a2ca78c01e850120d7ba9b9f70a92f2bea |
| SHA256 | cb60af75f1cb3d8fc5f9bd50e424a6276e9aa7353428ab48a4edf542c90e133b |
| SHA512 | 5cd71204549ad25c599df6db4afa6cac36162e99c627abe8137538fa575e574e2d2217399c67e3f8cebf066ecc67dd8479695f064b8589e0afced20aaa68fb52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebcc40bc203756311bb720a998eafe60 |
| SHA1 | 61cbac37a885bf49c2f7e615ca4aae75fd691a41 |
| SHA256 | f48fd168ea3896d86db8f54725df612ddb4d892f94ef76a13bb4197bb9910a2f |
| SHA512 | c4560087c838359679b13b7c063f8a68caee5039f2331710f726c86a29db06fd84dace8d888d6dd95b1e318ac18629ac3c90cb3d1fc2b1382ef90aec3c21dc3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5ecf5c08f5d7788763ba8401a7cc2f |
| SHA1 | a553aabeae8d05d01abfdb6d20124f074ee6cb06 |
| SHA256 | 41c066ee66384fceda4312d70c16a6ff1740f2f6ff80d667a721f0c1c6b7269d |
| SHA512 | 99a8505494db37533d547624137aee81d78377ab83dce18c933fa84bccd2aae30f8a7b06ecd5bed53bbd98d4f8b3c5c880634ca393f360038166e107adf8da21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2adb074393d3bc2c1e17c666e4fed59e |
| SHA1 | 618c4990dbbff504d2c30ba30b2d8392958a2ccd |
| SHA256 | 845b5184d476a5e2d6786e246a6653e73c21627e749d0ccd17d2e4b1f12e0589 |
| SHA512 | 3d888687a6eb4d07eb9e39a3a9cf33e57fc312081645ddb1126e5a37a8d2eb2ba77d87cefde1dccb08863b9ac7dfe999ee609f1134f3c269a3ba6e64d0719417 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e6ad50d8a7e8e47778cd5d5be291b6c |
| SHA1 | 84545d1389cd811d3dfef859e3abc72687bf3e16 |
| SHA256 | 5186032ae2912ec4632b948dca41d16ddb29256287a48b364b4349f65ca0f932 |
| SHA512 | 70d86ea563e1c207f55db05138e5b270af3197887f072ec2f43869e620f0738d611ece8d537581c6dc3517d9e660a1ee16787ad6a1b46f6566d971f050046ff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2952d72ad5500e94b833aa69c89d3c9 |
| SHA1 | 4cc87e7e1c6404b62fa5b2d9545951bdb54dc96f |
| SHA256 | 51e6bbf7de81b7a3f9014eafdc4ee0ee647ebbfbf3c3cc541589af0937ef56ca |
| SHA512 | d2be743cdcc8898a2535ef309f6a7cc03aebe96a22b2f919dca67293b334892e7c70a745a91a51329785c9eec132b9aba20b47c709ed0296d551dec8a06b9fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e8f6e3cd9d7c83a7b8a830a93231fab |
| SHA1 | 6fcf2ab66bea995da42fbeb842050204118cd31e |
| SHA256 | 0e534e4b777c7e4e7c8f9dff6fd5ee7cbb60b66a060dbb6ff47d73ddecd92d2d |
| SHA512 | fb6cb4b3a8c906ae815a2d4c651f64df9418f4163d932e4fcb0f0cc84485d9541e89e1f4c62009990aefa1973761f3c08b7deef8acb62bf0363e888cc2456930 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fc99d587feaa5592c0a12b5cf3055c90 |
| SHA1 | 9895ac10fd18ebd39bf2973aa93755f474b21e85 |
| SHA256 | 6a121f83c05d8b2abc206a3652d534aaf45c5219be35e6f11b58d0c6265df47b |
| SHA512 | 69868b369937799ac90db9e5af0c95460345d57755c1af5ac62a5d443470da36f6dbf99b1bfff7c9b2db7393ecf46c4d1a9636e8e50f9139feafaf9fad54c0a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f9f9215e8e3fb122d54e8b08704ba36 |
| SHA1 | 0770e7c25e70693149e21984ac9ff872eedda8f8 |
| SHA256 | 21c70a14d87f2b94eb5f67cec37e3f38ba4fbe4a88c35e7a8a973fc4de2bc61d |
| SHA512 | 5693602bbd5deabb77ea55d6bc91d10d70a80b0770dc83f671945c3b61155c72e2980932086a6e4e5d1c56dc6aba1527e019bda1f439198ad9b03bffcd2e34eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 693ff78a1ac487c620769741eab10c2b |
| SHA1 | 6b9f793a81bc2c732b53fe40ea3efaa3259aaced |
| SHA256 | ce9a1ce8d24fd91fe545fc86c0c22da4a71628c31cdb89025bac28bef51937d7 |
| SHA512 | d85644eff2a56af0ac198d593ac305d9157b8ed2fe4df95365b0ed1e5f42cc0ab7c605491f47b9dc180eed8f17fedcbf375a790b7f2e4d42c595a2d371cd89d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 327e2a01236d17cb5e48a9d77ec20dd8 |
| SHA1 | 925b7e78919460c2e7b556d3227a136ce1744513 |
| SHA256 | b7a328e1009173310895d8be462198cbfc949fad6998040b5ba0577d8e56d96e |
| SHA512 | 199335b3b650bd00c959ca256c851b8a8c8469b6708682244b1306e2fa40f929baf18e14d0abd36d220719ac2e75503ce85498e7b1c08e855f3c471127070365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afef52a7ae259d23371558c00c400a04 |
| SHA1 | f5b947d10f06c066d92a38f63a27a7649e09df89 |
| SHA256 | 7fc72e551f43cc4cfd386bfca1feb4f96d65a96489329400a2800d1a9c0e2416 |
| SHA512 | 626b9cafd4c937deae6ce08c866f445d0ae605912e10092bf8ad37c563904b87e422b4700546064eeb7adea7b526f47ebef8dbfb0383703db95f67ff5c3c0a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d5b868e8f12cfdc344d0a009e544e40 |
| SHA1 | b5d7bc6ee4267c70b17a5ad7120c999ca2f5effd |
| SHA256 | 97aca57dc8bab0877f469b4f70552669da6991753e374cedd05f0dbb759488f5 |
| SHA512 | 4f96b33430cb90c6037b80cb487006de20013422c95c289c2d6feaf5a86c1fdf574e8fd6c03d33107ea1877a676c7c53a599fd2e4eded45006796276102ae4c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc4bf343a2d94397c2b5b0b46e3e2103 |
| SHA1 | 390acd10cb3198c1f19cc74a1bccaffa2ecc101b |
| SHA256 | 040e2a406e7984844cd3b9bd7127c5992b2bb04a6c410e3b015f31f49bc4d22d |
| SHA512 | dfd5974930f8e94ef79e379a01b26122d12d5f6a02e67a3c64e10fef2d8d3045ba0cf87711495f93e59b8356de7840983bb51de0d6d7e63bf3384378397b35ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3f556b9d1acb84a9a6bbd0e1dfe7c61e |
| SHA1 | e7c497d4650c015cd376ac3e5a78dd6c73040add |
| SHA256 | 80b5197bef33c9de2585b8958dd88f5d6d332611181350860906df8cb52ae391 |
| SHA512 | 4a3d8518a7d51f9fa8b9182b031b669506b24304888dad39db379930c900f8248b4be49e485712a671fd1bc20d469e9f82853f39c72234285daa3e1f985ab573 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c495c0345d2a5f700caf9505673af58 |
| SHA1 | 01cc24c96d2c3e4203986e7e7d7db3607f69667e |
| SHA256 | de12c8a5d81ea15cbdf2a0d80ccc1294a746114b1d858ad4e1987589bd26fa0b |
| SHA512 | 8da80fda35398a1508927735b18c984c49c87ed093120cd763ae7b0d9ff3232366922d46ee6bd50141ca7c5ca2c27587f1d083be473246b0da024f3fe4315edc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7af7291509f9aacc6960db15e426286 |
| SHA1 | b30c698ee55ef5f279791569a5936792ae7c496b |
| SHA256 | 36bbe7c31e38e1456aa304d7d638587bf9f6d2b9355a04a0da56844e18ff5236 |
| SHA512 | 65806328587b8c118c106cc3af466eb3295557267215c30f797dc390e238369abd6c3c6a5c1c5b389d26c859a215282ca99544009082ac5486dbe26c77bf4643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587eab5b6944d935e52433610e5d4464 |
| SHA1 | 4436a7943b9f0f652d99251ad61ae794e678bc02 |
| SHA256 | fd09cf641583898de25cb40e028d339962aeb0ff59a4af7ed2ae3f00096f39bc |
| SHA512 | e40e3f4faae3e524668cf705052e75c2410f993cc28679b695356a91d215c70b239c5e77de44c4b20ae776d9dd0c4fb057bb21d0e807ad9c0366fb44a9e1b2b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d2c75be3c017d0a8176833de2d502d0 |
| SHA1 | 885a1c729c7afc18074454b35df81d71d38e2a12 |
| SHA256 | 738b9c5c105fc6dfff75f0c3e8aaae1eb6400ea5ddc700947ae85d3d87669e70 |
| SHA512 | 650da35d3ad668a128e8988d1a1b5ad1ba8e8ce3f761566d74a5b5e02c01c57aba563b018b217ef92251754466d78678e70f8d908f52991d8ffaff4ab1ccfdf1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:41
Reported
2024-06-13 03:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b4a94a7a8b05678a45979ed0e53ef7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc199446f8,0x7ffc19944708,0x7ffc19944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,5438858649138122754,11447371551506217760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4412 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ensiklopedya.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ensiklopedya.ru | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | www.acint.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2904_MTUMNZKUCECWOFME
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6289c076081b318f9e40a941d24d586 |
| SHA1 | 9eb82add1629d27e6895f5db2fb956467dab6b0f |
| SHA256 | 2bf33065a5349eae91cfaed940b79013dc9e12615187c0995821595c5282c8bd |
| SHA512 | d804ed20a977c23636d0582a45c5ed2f8ea9ecf9b30fb97037b0caaf18567c1c45c58328c4999e75435fe733a01a9664683cff8b05996a3bc41849da29487b96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | efc450f2dee645c6ed18b5899e43628b |
| SHA1 | ba19873655de246fd8ff9dbd9018bd2520ffd674 |
| SHA256 | f51f2bdad62a3517c4c6011207583baa9b753b8328ceefabe57849ac3c2f7a12 |
| SHA512 | c8c73e18d5bae3c9612551102b650b4bbecdd1a83b993a85710a7a54ea2151a88a2f831c2851cacfde867ce67249ebbe8942a01d46c46699bf1a74950044d683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99aeb57f9b2e534b7865be75872a7830 |
| SHA1 | 033cc3336f6122f956a93db7a2bdf39c608b8a30 |
| SHA256 | 74105fceef6e03b7412f7bc5ccee084621dd5d1c5b12c4d71a668432ccbc9a8c |
| SHA512 | 0d67d44d7dd9522a030fde911783e317d8e15b253db8a8f5dc6c840168254ce8ed33bf9566e16cdfff7e4b23d425ce3382bec2dbf326291c7286cb4100e5cf66 |