Analysis Overview
SHA256
1106d0a8b4aa96f70fccb7bdccb2210317d9ec71d3cd32dd7f9d66b79bd34800
Threat Level: No (potentially) malicious behavior was detected
The file a5d134283559d3ecbf9400116367c9fc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:35
Reported
2024-06-13 13:38
Platform
win7-20240220-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447603" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070743a30490677488a8acf5b2ed24cdc00000000020000000000106600000001000020000000c72351d7ce0f4d121372eb12eb77a7a6ec08c700cc6696bb476767b3a1f1adf0000000000e8000000002000020000000dccb26211abee1d17887d30867845ace10e2493dd5c74083bdaa79a057cef862900000001a02a4b7ee042f831190a36ff608240ee6c453f323932e90d8cc7e7c64656bc28cb89ae418ee533de5b7f6d6535e1144aeaca6bb85a35b1b1733d7786edd20214ffb1ee0c4ee10e20ddd14c1b7894ff0a6dcd41659e97c3ccfc728daa5400202bf5e216544f715a9d20f662b7ef216ed90b1dd42acdba288199da601ea8c77d837c4f76c695d58de0a99759f5c617e5340000000a51eb48b123c2b7d2f6bd0238e64db952a7eb03b0c888257ac03b234f16c09f1cec21464ac0520c2d97b06b889eab7b7eb184d2c5ed04a67a1434fda2b1ec401 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070743a30490677488a8acf5b2ed24cdc00000000020000000000106600000001000020000000581bc73b1bb8bf84f47e6b8d3ffe39cb752eaeea90ffcc10bf0cca4f719b7ed7000000000e80000000020000200000007c880b52d9a5036ad6c3d8487c04dd85ac0f61e9353f8fd9476ad6f96008dbb520000000464f03eb165d9ffb211b46521069ba00246dae4f0d621a4e3996f5813a29a36f400000008cb0906e31f86a126cb59804e5f9f1255889ba2cc5ccaf53edac6ad58a660a26b24736cbbb3da4432b09a8e094713cd914f11345471d70371d364b1248ac831f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D043CF51-2989-11EF-AD12-DE87C8C490F0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f234a796bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2340 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d134283559d3ecbf9400116367c9fc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be2e1f2335e28e75a0d36a768b9d5587 |
| SHA1 | 248cad5a66d4adc8b48ed9eba75468693bffded2 |
| SHA256 | f13be909ad6637f4b613f4639c6fa64a3e361131399977a793acf30e0bdc4a59 |
| SHA512 | c6fd7668f81b40ba1ae76b357c5df0fe6dff06ea599e346cf492a3116844d0bad49968a6a0fc79f4875bd6aa43e393576239eb58e9b3feb86a8bedbfb739a8cf |
C:\Users\Admin\AppData\Local\Temp\Cab3BDB.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3BDC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3CFB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4820f95151f5ea17a57c679cce53f57c |
| SHA1 | 4a487a8b6705b7d53ad67ae6b700d7b17a3fd0aa |
| SHA256 | 2b3e0cffc5c234e8121ddcba562bf7b28508b793e6864cdce685870a73a7279c |
| SHA512 | 546b458d5c376f9df7d0617df7aa200c75ceae070de2ab48c1edea62eede094f1e82862bba0455da9d33c9ce59e9231fc07910796282ea97ed6f2267ced664ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fc4dc4a50be280e547bdbb03284b80d |
| SHA1 | da81e34ab1c3f02b6b11b9ed12b42c59dff25fd0 |
| SHA256 | e06538e3b9b2aea4b0566a572192c1e11411a2bdaabb558c7c2dc7f3ecb9add2 |
| SHA512 | 81256e3e1c2ce8176efd2fc2e5d14f672157d2cd3eb86c0c64ded390db12333091c62711f504f9477528dc7e129d8d74bb3b4c4e487a0ae2dc32ef6b09d37eab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31bd9c2926fa1fc1c225680b22a86747 |
| SHA1 | aee1197c2ba1b564d520afadffc2ef332fa01ddc |
| SHA256 | 4f021c683a4349f121f0b0c8c870fc8d6a376f4035754c2134282a8da81d6913 |
| SHA512 | 0c841f8e02c96ca8b4882d8671a4c03a4637be8031f84120ddb9ec745a04a07c91ac3ba9879e29033682eac4bda221ba473863315a12889dd3da86a99af230bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83469f122b2bd6bf0216280079269128 |
| SHA1 | 31a9d23cc52cca7164b0179c346465ff083a416b |
| SHA256 | 457913e5541c3a4dffc0efb263156274ef758579a5b97c1f1e4a6424662198bd |
| SHA512 | 7f7848622839779e04012d5424c019d92341c98288b1614becc1858093d733fe3bf52bee8e1ce318b7d1e734bc9824e878b42fdfc976a4fe80afdaf9cf3f112d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3333c2d29d5fef3be54719840fe8ca0e |
| SHA1 | c62a6e5546e03777dbcd4667fad90f636778308c |
| SHA256 | 061f1b492785b480a652986f32066b7ecaba2fa0837f445e109c55ba387b51a1 |
| SHA512 | 8571f2a6655cdfa8a4136083d1bb47d53a77b5a19229c630967e5e648bebb3100f5b8b546556c74a10870230cef97643c9c3d62aa5fa75c1fab12059b7073cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dd9b5c559e3c39817f8e1170d27fe2f |
| SHA1 | 44db9092c163099d5854f52cc2558ad66413c7e1 |
| SHA256 | 800f4efa33d0423f162a55625d25bdbd2964b094d5c1ae659fe88425a36d8ccb |
| SHA512 | 71726779c0bed2b40759c29bc943c51b9ffa48caed0b3ce2a35c44f99ccada7156bc1fd7a6b29682878aedfcef34fbf4f182a2b83f4556ce4987f5cc61171a1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8742bd3c707829b6279fad3f6fabb6e9 |
| SHA1 | 41a4584688d6d717c82791d6097ec95c376560a9 |
| SHA256 | 149275113e939eb83bcb252ff940087865101df5e571550382f19581c10a6e26 |
| SHA512 | fa49b1f7f27bc8f6d3de1dd25c03a534f667bdb1d0fa81e95c08a3cc188f414dd3e436e1dc58ea9bddef88dbceee4b63ecf358f77fd4afe4fb6f99c890111776 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64dbf4d83ff7d03f69fec742d6425b63 |
| SHA1 | 9fdab6b0c3e2ab903b15bf34645a7c27eb6afba7 |
| SHA256 | aad0bc66819b376f096b5e0da5c51409fba6c0d2361ed950b612eee4407df45b |
| SHA512 | dbea9ae583e9e96fb7e11d737f7e940d126b1e4335adf1d15579806530139ec0ca2098a19a248462f7db3b88d51163badc4f84a25e07f1a3c54def0722529635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08efb4e7a8cadcb106849795271892d6 |
| SHA1 | 763ec4a1ec8597e2cad22b68ecb88dea252b88df |
| SHA256 | ba66d98affc5e112a596996c52dd3c7d6888c23d17db452240a6f263f2c14499 |
| SHA512 | 07ff27f8c6267216ef85dc8abfbad7b67083126af0e4a66747ad253141a0acebeea809282a69b5769a60acbf5cb602cca744d2dc007c9dde00347ccc7a0ed5cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 394d99632f4e4c3b5c3dac626ba7000b |
| SHA1 | 0746c41e1e32d7b3e0fed8c18d243a39a9fd1acb |
| SHA256 | 9ea4374d2bc5f48d5a84379f5bd97de676c26e58ba88aa8daeee3dede882802e |
| SHA512 | 9346028e3f3d1bb831014396b5e108ddfcd824288add29e99fc4d0a6c6cd77c1859e0d4f36e55a6a7b34a33d4f3cd7261dcfce71f0cc1a95cfa6ae34135dabb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6d03cb87d832a29234f22174b2da76d |
| SHA1 | 85d38ea5c0618d79ad4ca6e79da51969afd2f1c2 |
| SHA256 | 3f89a9472716cbcbbbc4154358f4f946e4f7af872791743321dccc5ccff02765 |
| SHA512 | 66e745ef3b22717c99fbf5303ab7fa77c4996114480d742aa804f344299fd9271d5ea53389fda631d2e2d012a9a98ea83269fb1d48e1868b8081cbc181c19664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | cc7d08cd3a3bb2b695cd480844a0e948 |
| SHA1 | 6c456158a0a54c84d02c05599427b70d08d133cb |
| SHA256 | 2d691ef4895417cd86398d0a78ae1ad557703fef49c9227dcfe5865b1f5029cb |
| SHA512 | 644fa80c5c8fa14eb3a937ac3e360e6b62157bcb1686dba065d778a5e8105e609b465c1898b8737756d0e39f286e119a0b7143898411bb200579cde70709cceb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1983702d18a53a49b521019a88ef143 |
| SHA1 | cb62ba573dba6d010050d5ca16299189b4da07ea |
| SHA256 | 34f3ba826c14f3f4301203c5c33669d8e400f89608025d6da746a377b625c0c3 |
| SHA512 | 6c6f9ce5689fb2913ad6f14308d78e181e4f2ed5c8949c7eabce947226c9d1d6e6bf280a6d428419b7d2638e9e31f7a3d62c5278a3738672867e3aae2870ea4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ba47008aec71234e5997e9030f8fa0 |
| SHA1 | 861c1280b4eebec3b2b9d753616f436f7a07bc21 |
| SHA256 | 844ad1ebf4382fbe5e4a596045b951ccc1619678e52538dc552f5dc7f4ac537d |
| SHA512 | 2eb6a919f74a5ded360b7a789fbce750920052182328948f286c31e61470406ccc699bd9a0af86b38ccad2e6d3cbbd6ca19d4e652527a2b5d5676ef609e54b8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aa8fee923d7339c6f7b14a25c877990 |
| SHA1 | 6ed450066894d5b7b94bdd5f72fe544f024a812c |
| SHA256 | 24ca30dc99637fe37165ff8c578f6a1dcf2afd2f8ea03a5655fedff3a150078e |
| SHA512 | 8ddbc329e851f46d7888b80a22eac66999ec515470a8e4606f1260ef7c1e7eddb692f38364436ac9cf0065f3d292c6e0d9fe3a6884f3968372f9176c4bf3a0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06cd7c47191852cca699b7d2730982a1 |
| SHA1 | 2fcfddd3753d417e2bb9fa428a1c03108e770859 |
| SHA256 | 06e9474403dde252a72a1b5e50f10a69d9c8237aa1129e9bbb2a547ec9805a91 |
| SHA512 | 961b71656a021efa12c5b3faffd466111a849b6f76ff44273a68d3d83110edb1fad58c2d1e8d25f6b5ce5d7ed755a6da9b8d74680f2983b7679b6dc2a9c538c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 141515d0153f4cd1aa94ac38b6689c4f |
| SHA1 | 375d1d8277b9762e6028cfdfe7368235aa775418 |
| SHA256 | c22fc37e4f777ac21eb0bc2636ddef11c25464e9249f1be85e01069e3f69c564 |
| SHA512 | 4f21a0c481d6983d1b8b0417d78550cf18ae8a6b34a3336610deb5057996a71bac8aa3d173b61b604d29e8751941a6fb75e00508c63ea139ea43e5d6061ef311 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5a454216a5cec07dca7af2ec2d96ae3a |
| SHA1 | 66bedef4aafff1947bf12d462096b462ae8944d8 |
| SHA256 | a8011f9c381cd99a8287b8561534d532e50e9292d22763aef6b4b6678f65f1a5 |
| SHA512 | 8680b7d5b7b9021500e51443fa771bb00a387d166471314ad71227af51a80a500403e14f8b5e5a622f4c76390d66a7aa1760e383e9e0a73c7993ac06be239256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74235be296e23c7b4417da5769a641c0 |
| SHA1 | dc34354d1db0536469ad2e8fa4b779ec55c96bc7 |
| SHA256 | 31cd7b18c2767e8fcb45798393d662989a67dde603c32dd0a9fde58c9c5e26c2 |
| SHA512 | 2947f13b2e0810dfac9b0cc40d0ef4fb015138057888b326ed91208fc267a2b3239437655ac0fb1f82c3c71dd665aa81195c2729cd32e53c209d0fa808e2d3c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75a38687d081b8096f24f7a03f41e11e |
| SHA1 | 97225ee428aa6c9704bcd7266eefcb1bb8d48d16 |
| SHA256 | 4e2dad9a3b3030b283732faf662232c96f913d7fac8986c36d3fea8f71f9176e |
| SHA512 | c38563aa1ef2ed7f263049d51674861d0520d21a806672936dd02d47b880eff1dbe1a7f083e7a6cf61a7936b3f24f447b3407b4a15dc3fdfc7667fafd06337e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f27ab19f8511117393f26d7c51dd7cba |
| SHA1 | 5261bfb1ba0e822434d722e6b60ddc302d0226c8 |
| SHA256 | ca5830dc805117c6bd8ce39081a40136ef06aaf99d5ddda5cf90217925e70a2a |
| SHA512 | 4d315c2e6d587f7bd69524601a40ae0ed78a11d7a9e782f8b387e95e36050758125f75d9e40d3c55ab73ab17d893333b442173004953b8c682ad92f4f445db51 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:35
Reported
2024-06-13 13:38
Platform
win10v2004-20240611-en
Max time kernel
146s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d134283559d3ecbf9400116367c9fc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b744718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15629052615779130745,13810362057306878546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 23.41.178.65:443 | www.bing.com | tcp |
| BE | 23.41.178.65:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_3412_POLDQBTSUCONEKAZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e54fdd5490c7fc884dbfd5abd36ce39c |
| SHA1 | 3d27d4b4f2921ed0a815fb3938ba08aaf80e4cac |
| SHA256 | 6721ec4c1aa7afda321187e7cf74eb045dac7f00b9a64c8b557ead55d1c304e7 |
| SHA512 | b67dd4d6786122dca6f05af8f9bc05590eca3e2bb63f30b53b8b159f96e2a14cd5b1baee546243961e5680fdec2c04d796c5cb03a9a7ce794ff5da7c69a7d7ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 082e8c9ac94356e2d70b8d3c3d4e729b |
| SHA1 | 702adde6a02cab5cbf87f587af453c10a87fa06c |
| SHA256 | 7cd3e3a33d155e818c2e55fcd27a06cd29653d0630afa7573a5c257148794ed5 |
| SHA512 | 973493fa61d2b026db5428a21dd76966539a0fafed5892d6c75de7e79aa684fb50aad8a1cd1fc32cc590d197159e97cc484f5f968585d4c58b4dcd613bf4235d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4e63fbe9dd9da1af06fe9abe93dac53 |
| SHA1 | 1e029d1741f4915cc1439f4e3fb73326e1be0540 |
| SHA256 | 2533be62559407917753010208006131d966fcc8b113c5a9d194a992d3c4398c |
| SHA512 | 246c3088da8dacd99f85c4bda3b7af4024b8ab5a6a51d4bdb1e8111f5ff18ae6fe298921d3c74f0b938de61b28069e6d2dc45c10284e4c287683021cbb9089a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fbe5223db67f5eb351b4c04fe6e3e5b8 |
| SHA1 | a299c943d24aa1f793f2c19e366db87cf077f7d0 |
| SHA256 | c811667eed39db3fe4593380215eb5214f50e1105cd69a9ec385167227e0b863 |
| SHA512 | e261c4dac43d75ef74f3454e1c53859d7e9829156cf49659b6eae437824f95f51f569d0fd779f5700b7b5c4d3c18883ba2d5468dc5a23e84c777f097627968c9 |