Analysis Overview
SHA256
91d1b0f687f2e4bf7f5e34a117a89152fbfac683d54abb958aa560c9ee5d075a
Threat Level: No (potentially) malicious behavior was detected
The file a4d9fb77076f0f564d5395db4c447d35_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win7-20240220-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54DA4E11-2967-11EF-8554-DE288D05BF47} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002fd7dbc4c304ef4696218a1036217eba0000000002000000000010660000000100002000000054fcef403ac665bdf86a4288b73d961b52ad6446cb23bd6c42af07f188ab55fb000000000e80000000020000200000007d7689d1c7947dfb70babe81b47cca9e751f8e8dd878c40ba994368789e9cf0420000000b25540363c7dbcec094f0be0b59261fef135231ff43f69fcb4f80f062001a0b54000000052ea19757f86977726a2d1d583b36acdae4fd85ecd375f3661bcd1ee4085772cc6a59dfd55cdbb32f7a29e63554bcaf2b55f1e5e8b64f7f5393a1cf7ea43fe63 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002fd7dbc4c304ef4696218a1036217eba00000000020000000000106600000001000020000000ee5e699b39f2c8a74c53c425220825bf188bb304717ed3e6ad9405c5e26dc875000000000e800000000200002000000028e64b24211dd018a7c888c13a340572445522217d633100d8cc61ee79204e3390000000b1150c7f8992ad2a1dd4a3bc58b2e9856c953f4561e9fe23c582d88b5828a28b1273fa297d44bac4cdbb4d489ca2a3e31e25d3862d8f77a77095426ca5eaa413cf5f84fb741b74809c51cecd3e9a13afaf15e81a9f918d1dc341206c31e29b9e70f811a53940398028c59199c574966addc4eb748a4cd919f805fffe68f8c96aa1cd78fcbfef96e0d66612858956f89d400000004ba5d15dd48a22056c209379d75942da59ee74d2b60eee86a26b150f0813a0ab1200c37a8270df2b11717928a734932420fba5790b2e7fd307f3614c14d5cd08 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432793" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b037302a74bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 2260 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2260 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2260 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2260 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d9fb77076f0f564d5395db4c447d35_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.dsultra.com | udp |
| US | 104.21.43.251:80 | cdn.dsultra.com | tcp |
| US | 104.21.43.251:80 | cdn.dsultra.com | tcp |
| US | 104.21.43.251:443 | cdn.dsultra.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.iyfubh.com | udp |
| US | 208.91.196.46:80 | www.iyfubh.com | tcp |
| US | 208.91.196.46:80 | www.iyfubh.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6beb1ed8156e7d2a889a93752a3fa06 |
| SHA1 | 980d564aceb40f0ae8aa063d4e2ef3d3f2434c80 |
| SHA256 | 5f35005cf7de15bddc9d7aa25b472cc124712edbff77d5c4ec9e1fbedae429a9 |
| SHA512 | 21601986bd52086d6a4e7f3e4cd56771f36b79ddac883309f2a8fc39ef5b542f0391615c6efcb9dad32b72b62b64bb9296a91522eca2e092f5924aceb3b13141 |
C:\Users\Admin\AppData\Local\Temp\Tar2669.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2666.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2768.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e05e35e7470992a9d9e4beb1c8e8c6d |
| SHA1 | 95fdad6ac4c2f61476632bd07df2f6f883fac96c |
| SHA256 | 752202f926983bd7941460cf91038b73acf0b14124cba3a22413166754ef285c |
| SHA512 | 8ad5cf522646af5f6214561bee32d18248122ded72d151601e86d21a8b642abcda6b77ec1d20ba21bdaf610bd070fd2027a2baea587c8a8811acfac55bec23c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7136bc4bb1e2770f8729c25d34d2a6e |
| SHA1 | 325c2b2459e72f21a73d63f4037f197a210bedbe |
| SHA256 | 5a88ec9925e375fb54d2ffb8bcdbaa812d7ad4a059c8723bcdc16e8c095708fb |
| SHA512 | 27b0124e97aa9d4aabc7cd773c30d4b677fb55c2a9b25e21488e765d4771cc4880f462adcaa887a3f8bb318a0bd5c471a9f585cb3328f79021d6abb941c23119 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74d5d7d68de6b87fda78e10693d85828 |
| SHA1 | f35646492a79c2a80963a979ea63e552aebe3bc8 |
| SHA256 | 756a97a2fa6d2a8e82f1a3b8e26b65d3671225b7a7f6dd7c0a813d547594927c |
| SHA512 | 81e7b61733036e2addb79fd92f754919507eed35217088917b73130a251ed42f45aa4ce16fe96e5a29ab99c7651188ad92ed29f728298820573aa29b6c35a152 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df5760e896670e742a0022d22f7ceb9f |
| SHA1 | 2f7aaf8432bdf4181f7edf0937ec4068d7677451 |
| SHA256 | 1b01a48ab17dc068eaa0da51c99d8554941809f1f4d9571b71360610825edad3 |
| SHA512 | ea9fce7d34038b5bb5ebd7f120edfefbd87b42d0e74a5e679ad40f643e4d07ac7f087fee656cf7d60db435b7b015ca4fa3d0da0d3a815a35f7f8215210608405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a4ce764674a37b940a6aca8f665670c |
| SHA1 | 01856ced7ffa78d4664467104b766831cb7e1dec |
| SHA256 | f2397aa213e6bd44c466ed2ad55778a79306a2dd9fe338c927449489015732c8 |
| SHA512 | 36edc08e88b6ae4411a1be9c5211054d249d3269b8fe3f8a0d98b31f9550bf38ac32e31b5f854c67c0c5e756a3fd232dc277b8f8912d1033a93e2993f7b34023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88366b46dd8000612ebe3a5615c508c4 |
| SHA1 | 07d38553d44247bbf1fe20e2df3bb180b04aff47 |
| SHA256 | f22dc23a8342f8af18ec0b4703678c2ddba10312be6fec6a06223b66e93a0d29 |
| SHA512 | 026ec2b744e9cf98cae3e04e6e4894687264b88266c8aee209953d1cea7b9bbe5cec73f578fc9ebe9c408f71de9f71580e61b632c8aa9ef387ae0198334123df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebf95c63660f85a5c65f97d27159cdb1 |
| SHA1 | 98418d8090ef197020aa2b954b527447720169d3 |
| SHA256 | 31ea00eef5f465aa5538d88c2c103eea616551630edf44a1383bbbb6392b54fa |
| SHA512 | bf709a0e2b7777406a2bec00eb7054815a5a7e79ddb845abd4144a3cbc1778f21fba853ee32f94b48d6efa67595f97f70f4a0511fb9d328cd439ba677733d18e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efe0e16e7f332fa0dbebed034694884a |
| SHA1 | 3021f9410516c5fbe26538a677cf0f597f674de4 |
| SHA256 | 8b9316cb3d0efaeae6e2232591e6e5c36c6517c160a2e960abff99f818a53360 |
| SHA512 | 53826daa6eddbba29f66a5be223d3d44306bbac9700a6451049299d3d3accce16e9fbd04c735e6117cf387f4d2ef59f44db46d69a73d8c17e302e0f3d57ac913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 961ec8ed0e3173330154d44b8021112e |
| SHA1 | 02fe0f214ff1ad8c832a3f68a18328fc3f41089b |
| SHA256 | 2933d65be190cc38ad72e8172164bf5544248a653a160c33fefa591e5f8923a1 |
| SHA512 | 4d93982b9b87c6ba9c49026c220f0f99418337bfd4e03b5415bb1c7b7eccb7688e853e14ea1f93d079336d337fdc346d3bfbb45ffe1f6770aa9c609218c78122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39abe92bb7d9b6039523c89c309ecf90 |
| SHA1 | 35e316b9375cf0d0366c63ef883b1ad5388583df |
| SHA256 | 1c2490fd75176d9f85f7e4581881d258c42a62bb0d401071ef7d395d085b9cec |
| SHA512 | 46a7075427f8f1977020b3b78681daf14ae84fe0d8150d78af619445f4360c58c878a722ba96f756aa9730b4e94fccedef2ae8b487dac03b27ae7a2dfb8f6506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58be12036a4bc50812df029fb284ba6a |
| SHA1 | 8508ae1749b2580e878701688c589a41f9692216 |
| SHA256 | 2a69d31e01e13ab2b53f57bec3e3b427392ba50593577cf3b31db3f1699c0412 |
| SHA512 | 8e73c9aaad5f062b882e9aef87caf4c9a5a2e27e63d67381d760be91d106dd6d8e592d591115770e0683e7c935ae8b00564fdf82d3202c78e905ee1f2aa84ecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2c962dc9a0e5a5b48a49ed128c5feba2 |
| SHA1 | 9670aa756078ba36cf940fc20eed3a86fd1ebf86 |
| SHA256 | 524cd52502e2b4619c37d5759acd13d61ddd90cbc71664072aa6a1b4058d8126 |
| SHA512 | 16d6a190c8ec630e254b130d3d5efeee5586b0f598d9e4b88b36842edba427188de050b74fd5c1b527f960d24bee984343dc029305a07049328ad3a3992c957a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1be207e1b85746102fe7e911e04d416 |
| SHA1 | 4c05a8177e38904576ed19395a7340b36f46cbc4 |
| SHA256 | 61d08d51eaaf24c62b7a3dfca777a713764229368a2ed3753235c6b2440c31aa |
| SHA512 | 5da868e1d6c7e725ac7a4f403a9cf57ce37a040b15102c61a57b19def6e86b1db958b8181365aa558480f9577898e6a15578b7cb18f42fe2cf5df930c0fc6cd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec203ca2d64c4c329f6ebafa2b74f598 |
| SHA1 | fcb22b2e27dad71c3d3efaad395a8622cd60ba4a |
| SHA256 | 8e512086a403e41710496a345e825844bba4b48037c40cd6bf7829ce7b139ad1 |
| SHA512 | 229293821cac0e5bd4d24b9ae524f0be439c21d5ab03141b2561f77da2879f4f31fb44f1c918afdbd54c6a046824229aea37a14f21fd91aec95aafcded052b78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2770f5940ed36ce375e79f8a8a4078c1 |
| SHA1 | d80025d76297174f0375e975bdf7133323186b29 |
| SHA256 | d898ebda090543387b3af89f43d9ecb2a8477aeb05ce6cbd70708ecca4a81237 |
| SHA512 | 21de3aba0e7bf981abd7d25da9a5f10d052088266708270504cb0ea0423da9adfb9412b56c15b5ba7049784634c526138991ea2f575f1f689cc8c3d2231655ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 748f11ed04e2547da080cb8631bb8bb4 |
| SHA1 | 4082ecded438ed00b974bd9a327a6b96228b9831 |
| SHA256 | b7c0e7836c361c998956c83026098b0d18cb95ee295ca9117c35f43db34aa50b |
| SHA512 | b4618c641758e32550a5ca7a65e5690706c23ab5a824baa569ea93273fc19acf32342937c1850fd4df5b51f0e69754303b1aa5d61a90b189a3b58676295fe786 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 8b67bb447d622e187fa01fba9dc5a925 |
| SHA1 | 7c91cded005785054f7ca41f9da07b5e76cfd78c |
| SHA256 | 6499728e406574ad6957906a750b8ab815140bc966a1550806b58fcfd4c81925 |
| SHA512 | 5b6d7d5f69158710445d9f86bee901ab25a5ddecfa66470ed0d2954f9dfd6be194e4990e431823ca26b74c962713891c4d198a4eef6d1178ea53a70ad29be559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58013588ecf91ad440fc79d5332ac28c |
| SHA1 | ce193df7ce8e6d28132afd55ee9ef87897189f78 |
| SHA256 | 1d5cb76572db5564ad6a92252860e18bee6d8c92fb550bf222584bc52fc214c1 |
| SHA512 | df9262922497839b9499d968148acead82012dcee3849934fb560e15e248d0d3da4955535839ae0502e2a0b00bf6c036a8f99d7f0b1ad7331531553be610233c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 971455a14ec9a49dd036951073d51b10 |
| SHA1 | 3682a2d7c6bbdd056c8d95cb72c8238460cbbf4b |
| SHA256 | a4af31d3e83fb6c83926437c3c78b138697295c3af834d3310b4c5d1dfa1dfbe |
| SHA512 | 4a39ca5332b66b1c273c238991c0d88afd12d4a17eb5ad4e4069bec4401a350d2717d7761d7fb2f66b3b243e7bf48b720e3a0c32fbd490183cdc27236434dc64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3107e4176e20d8a8b191d3c0e3c868d7 |
| SHA1 | b1a6740872a7294de7f69082f43c5f926adfc082 |
| SHA256 | 556fad7ffa42d955aac81645a94f9111bf9303af9116803f129c412d4a27059a |
| SHA512 | b845ba0280f1cc25c935a8553b6b4c4c7901fa17a8ed68339d0e2c455b1635f2e88cff9897942c5d257f1030a48d4fef637f13f33e6defc1b77d0f65a698d35d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d9fb77076f0f564d5395db4c447d35_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa228f46f8,0x7ffa228f4708,0x7ffa228f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2114465090881477163,6861078160217713278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.dsultra.com | udp |
| US | 8.8.8.8:53 | www.bluehost.com | udp |
| US | 104.21.43.251:80 | cdn.dsultra.com | tcp |
| US | 104.18.41.208:445 | www.bluehost.com | tcp |
| US | 104.21.43.251:443 | cdn.dsultra.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 172.64.146.48:445 | www.bluehost.com | tcp |
| US | 8.8.8.8:53 | 251.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 187.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bluehost.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.iyfubh.com | udp |
| US | 208.91.196.46:80 | www.iyfubh.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
\??\pipe\LOCAL\crashpad_1308_TYPOPWNQADSORYBU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a121ab2423f1599828966e26c079db8 |
| SHA1 | 3506b41086007b48d4fb2f9ec3a1628890232d5c |
| SHA256 | c15386f56639f46b7e7cb2357f20960c9e36b16d783c34b74a43e0aa2e2db876 |
| SHA512 | dda7b20f49945e921d5a7ccbd6887efaae945ea8f7aa4faae3799309e1a8719b51fcf46b34988ee982b71fb008b5658fe6bf3ff52f5dc82974805807215f9385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09c9ec70cd06240a583084070dfd6195 |
| SHA1 | 88ba37f6cafc28635fe6d5ae018efebafaa2cbfc |
| SHA256 | bda7fc65c71ee947712a951432c234f2642d106a6a89d9aa5b32d6f8e61cd492 |
| SHA512 | 48118a8b0a98fae98acc74b524421b29ba92ee2d5e5fc90586071c2dabbd92f255676158d687eebd49ae1d076b9510037a9db49f7d2c62b4d4e74057484cdaaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2e7d662a120f81385ae880d284e8e9b |
| SHA1 | 330b3a528ff21d1abcdeeaa47d3c9055fa2aacdd |
| SHA256 | 0a7a5ddcb6a5b1072b506aadfb79f7e610838c97ac28764e870fe71d97f47a3c |
| SHA512 | b2013c65812a284899a96e1ab70f70751fd06a6d3e380434dabf6e54e6bdc3ab209dc177f2babf2323fbd6f6de62bf87da2b15b24200bf20414a296fceffedad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1dc03674df26ba15820132f70e1db3d |
| SHA1 | 0ff26b9c3cf512c5f042f474bc7314a64de1c7b8 |
| SHA256 | efa490305e0fae40ad1e91c0124cb0a77642a50663493300c64cca56ffc6d704 |
| SHA512 | e9114451313784aac1b5521f14f5ddfffbaf85b5b45eac569b210877036e9141b69f7d18a6e7edff59627b0a192f6be22b07ee7149493f734d55518dc8e459b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b28fe76b82f21c240553d45f7853ed7 |
| SHA1 | af477dff179d30263eb9d40298cea35ef9c6090b |
| SHA256 | 9a1453ab97110e3340195f98dd9c50385db024ab51f72192abc8c31c815703fa |
| SHA512 | 9911a65b99b1753f388099484d43a3f444c76d7cae0d58f5d6bd204ee9402cddcb467f77e6f10d35660f98f6060509ebbf60823350667d508a0ed308f58b86d5 |