Analysis Overview
SHA256
78b31747356dde5b2740005f0d3ea0bf7fd76705e23aa9c8ccd7708a0921f6d1
Threat Level: Shows suspicious behavior
The file 811722aeeb559e72a6485f454cc4e9f6_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 14:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 14:39
Reported
2024-05-29 14:42
Platform
win7-20240508-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423155442" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44E70EC1-1DC9-11EF-A585-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2392 wrote to memory of 2572 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2572 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2572 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2572 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\811722aeeb559e72a6485f454cc4e9f6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | float2006.tq.cn | udp |
| US | 8.8.8.8:53 | www.logozj.com | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF20.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFC3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 202605a33b881a67600806d8a01b12a8 |
| SHA1 | c37ca716f9f73a9b47d469bcef0610b3f86442e4 |
| SHA256 | 141d29750a96eaa15a9a6e4637f1e97ea813c8013bc79ce003a05e56e62ae2da |
| SHA512 | 756f7491550d1731a203460378c58ea1309e1c4d70fd4d39e422028c7a055d0fe4cecd8c44df273dea8d3e1bba5629e9357d6f39ba87588da4fd0a42879acf67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11da90706a716c51f5d39a5c48084dca |
| SHA1 | 04b6ee13503e8dbda9c93f977f7b02b80af3b81d |
| SHA256 | fae430c48d71b101f41078a5884fa08001f7de999836e028a5e47de09288272b |
| SHA512 | 9d2ad8d6a09f917b7f84524a70f7b794112fc265f50c70cc548492a41ae25fc21351df563a7cc1cad9e8db3a59dec16b51325171545625d4005aa39b8cbd3c48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e090a12e53e7b5f2f88a4c3b07864af2 |
| SHA1 | e26f57c2bd3ce12c5f22e085a65a2eff33afdaca |
| SHA256 | cda2c2f894e4a1d963341137af61e8bda89fc2cf613c2802f5674be908176ec5 |
| SHA512 | b291c764fce772446fba28b867443d97ebb967d1a2c94524ba4cb6430206287c3f51c46957d3d450f46dc4f5f9c5c9069d73d9b252a3436cf0e1574b2fb34620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3cd7ef047c5d5997b7f8c3eb3434903 |
| SHA1 | 09d7e22651ced4ceb4d00b1f40c8cb6245b547fa |
| SHA256 | 0ee9050f169b7fa9b9a11aea14ba7f68f161fa5878af28ada333762bcfda7cd1 |
| SHA512 | 49d6ddfd66eb247c9eb8c9bfd3ad64bf26f8809806d76075871b94acfca6c1d40098f915d39d0c211c702d6b4866db347f1ae39a29e9fc3ef8c5606d4daf6b4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d38b45415928a6faefc6a9a29167735 |
| SHA1 | 2b39cb2f6c917a42273f8a185dee01ba1d174491 |
| SHA256 | c7c6c2a8ed5704c2e2959ebf7ed1aa3866c6ad3b4074dbe439b13ebb60d8b4df |
| SHA512 | 3117ed75cd6e2409e06e7f54bb3424f84e05521f1d7564efa4dc5ef319da9e3c0a07cc642caa58e6c866dfef61985eb011cfc23067f3ad99107612fb14f79bbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b01b2b1d77528463c35510ac9e4494f |
| SHA1 | e6d62e5dde15404b19db7643649051f77a854f40 |
| SHA256 | 0ad8f175dfd70ddacd5ff4c083eafc5522981257fee2614406987797bb92da11 |
| SHA512 | fcf84875da5fe93ebb994073eb3484a3b138799e9567174c492b93ee535dd6c6159cdbd4c95b5b94590cb82406d7a1e6747fbd248d7fcade114fe22ee55d08da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ea589c98b5d67b205d0403c4e25fe50 |
| SHA1 | 7d66c13d5fbe0a4c47d9d923c2d13a4dbac93802 |
| SHA256 | 964861b632ab05d7b305de54b146c8cb5473dd68d7243e05e512dbb4e99dd65e |
| SHA512 | f464f98922ba1d9fa2e7614b4aa6c2834f01d775d2658628eb0dc43859e0d8b941045cea1cb71fbb04d2409297df844fa87ca2494830f6115322e9ffba7b41f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7ce9d41e6780a988ade73a76ea3de2c |
| SHA1 | 7a360d46955af04ee89d532d823772a39778ea81 |
| SHA256 | 9a00bcf98da7dc55a034c9a72c5f6b8a950ad8745164601e8eaf091dde37f3b4 |
| SHA512 | 64c5f06508524f8a837486c626dd95cba1e4dda37803d6b96e120dc576fbde6d53b70a19e43a6b49dada0f34470c99477f1426d7f3a5500ddaa60177a0192195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c1b936e793875c2eb2156d432cf7afb |
| SHA1 | 11c410bee36fc30fa4f3e672d0434017592c0fb8 |
| SHA256 | 1fb2dc39e153b2641cc8d6555b4f4d92f399c7e477613b774dcaac999539cde9 |
| SHA512 | 5961742886caf66e5a84c66b6973fecd3a5490c3cd09c4c09328ec76fd524ed2af23c6298c008c3a919b0a3d92e445db6b2fe91883656f58e1b9fff6a8530a56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f465e88f4d92202842bb9ffee5b16816 |
| SHA1 | 45b111ad9819a3160cb0de0423a1579dacbbd0b8 |
| SHA256 | add3eb8f7d914024f30dad4ac8a31a34b4e03c5d3f75b2cf2c0335e568b2e2af |
| SHA512 | 5599b3214702bd4070746ac266e317babf5bbc484ca40d918bf4464f883bfd83c275c95bfec79d4b8cf5796490298786ecffd322a30e2054c7cc2eccb9f26858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f033f6905addf3be759eb4981fb396d9 |
| SHA1 | b185ac59f33611c14151fb5d917a5cb515c3dfe8 |
| SHA256 | 1b722d93f61cbdf26ed56d32da8983269c591b84b2276337f0c9e23ec450fe5e |
| SHA512 | 06adb06a90211d011c7d402933d71c1092c6d697fe73e61d140704243d6da47ed3334144395899a84c78c9c1d104b9549b192c9787896c23c8d1fa92f33510de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0abfe650c58dea28c5b324db0c362566 |
| SHA1 | ea84281e39fbd15c73195a6f0535ba075e94c3d5 |
| SHA256 | 32e04d431fbb1a62bc33c92502c99ae7958dafbe90917c9740498dd3d3914adf |
| SHA512 | 02eb8047ba4c2cfb5fd4663a72ae5184de9b1b132eb66d9eee0a9297924d4e1d98b54364cba1e6efcab9d00cbe42194caecd38722df6ee269a6af39eee188c4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fc197db773d0d153993e51753ae8627 |
| SHA1 | 0d3473a74d8f1b9679ea2972eed105def82522af |
| SHA256 | c50d6374a27cfbee37774401e1a3f2d4f54177f8af8c4e03a5c33e579da7edef |
| SHA512 | 8f40a97b99fc7515f9e4469308f3db7702818178266d390f0ee035ebeaafbb03a5897f73d443b155d2777f7b743bd7803c3bcb3d3e245b4ae313ca217033218a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de26fc370a7da87b3106e5f2841cb573 |
| SHA1 | c20ad5d2ac9a7cf59397f12115fa2d69191d2a0b |
| SHA256 | 6eca50c49495aa0358d3d809e3f3612f5d4e58533f7017ef8311be75da5b9955 |
| SHA512 | 5bec91a05f08634b9e58e1503a14d56e5600f8cd8db03c8a7fdbc866051f49877628165429d6a77039bf79fad6e880c94542e20d8f307ff0b14b53f8a936df21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6466e36b8576430c0c2f3d208c4a283 |
| SHA1 | cbb2f40e8f963bf2da6a19befbc49fe979255681 |
| SHA256 | 5e6a3fb86a9678c432543cf638d654ad2c29d21d3d8f59abcefdef261532404c |
| SHA512 | 81193899830fc0ae6ddb4f3758acf547dc528fbb174c646b72c11d81503efc7a5411cb5a5fb39ea011fd815bea74bd879aeb24172c5cdcd8c8691a2851fa3000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6872f44bb68a49beef66d320742f363a |
| SHA1 | ff8d89bd1233add4e2b58ffa06c1eb730355eeab |
| SHA256 | 911ae2de3a382872db3085e476ab7748384a162f0d31a9cbe48d5f29d1280608 |
| SHA512 | d2b2c214369a3f635a5038d59358096724d46fd0a741bf64c66e9e5b74d600c251bc16ffac656cfca73f1f7039c941ddf1df953bf86d8342246eff1c5f37301a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524ca9965e9d2ce6a0925a1eb3ab38ea |
| SHA1 | 0b174e6c2c943782f24841d7e87581ef93f9b3a9 |
| SHA256 | ed45d0a1723160ad230cc8de465bd899f9d1dc3dce5275e159f92dc58333506c |
| SHA512 | d0106f78b2ae76892f5fbc2cbb45ba2933fd21f8a7cdd99057b8393ee0e40edf157bee56e9d738d86f26dcb5447cd39a87430a2229b29e8b2e41cb913499a5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b07450a9c798f2d50262455d80c137a2 |
| SHA1 | f6f424e488889f5d1c4aeb96567bbed4e19f7085 |
| SHA256 | 4473287750b7c0a015cd5fe042ad7fa941721341da27f971cc56568f7ce7afcd |
| SHA512 | dd80ef82ee32d13cd35ef16a553a270a5e3c490468c27341665afdf588109693c58789425e54404c639a26bb68586216c4067a1a976c4e1bcb4b6d2ea74adc3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f5b5760ff326604d992f20dd61b1531 |
| SHA1 | 1e47f19bf42873efddb9655803cc293e9ee14684 |
| SHA256 | 1f73e49bc0ad05a1fd28ec7e0dad5cfceb01bd7093a445113a7e4737132ae6c8 |
| SHA512 | 4cefe20b016c5b24336e4f0247c181af518590c084835b6edc2ea89113566394be47def84e6742279fc7b33a4ba7b6e0278e1e27aa0731aada85784f8c944b8b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 14:39
Reported
2024-05-29 14:42
Platform
win10v2004-20240426-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\811722aeeb559e72a6485f454cc4e9f6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba7a46f8,0x7ffdba7a4708,0x7ffdba7a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15006795335155794207,7076687326219976852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3312 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.logozj.com | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.69.104.23.in-addr.arpa | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | float2006.tq.cn | udp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3544_PESXNJPDLVFOLLQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20f80f416feddbd8ad4dd8fbc38bdb9b |
| SHA1 | 48906826caf937d654f9dda9f5048ee4dd3cff81 |
| SHA256 | 8419b4214b116e0572fd9aa5f26db2a2c24f920479da6f69f6871c33a7cae784 |
| SHA512 | 71fa3536969071ba9826cf77bd306a4c65dddf8eac25bb183d289f14ececc0ae6dcc7d3d07bc0724821627a1c53132fb2f5c54d4f787087795f898ab201f4d36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1726821ab0c25b037ee66538798c103c |
| SHA1 | 0a7241671f54aa8406a53fcc4c845bffa96ab5d3 |
| SHA256 | d5c607a7cef3e3b293ae5aef3a13f4d4c005ddd1cfae66d825f465480bbf9ddd |
| SHA512 | a048d8683e80bf03ff3f7cf444100a549cfa5dbc761f6f0ba1c5221d3214df09d2dbdd71d294c8300a4cedc06707ada2df6df47888dd16a80c49f400ba107bec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b69e83fdf5e87608696681915902b5a8 |
| SHA1 | e65cdd2dd657eff3dd9fd091d95e7853fa01853c |
| SHA256 | 106e1bdf75895107c78a87ab44f9d3656744b181d329a6842626352eb5b3e9bb |
| SHA512 | 37c6a7778ba25469f964704da9681714ee235dce952d3d3371a06b399f18210877509e341f03f341d8879bfdb8dadce127309c608da3e485807bfd298ca220d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e803f0a616a46b7cf26e08fe184d5ef |
| SHA1 | c88fab36d6f74f50ed686d0848f4da18a984feb4 |
| SHA256 | a7d6c42ccc8c5eb7f1e555ca09dc1892fd0303547be30d2967081278b22fa184 |
| SHA512 | 07afaf85ccb2cf6a6994e7296ad8b347a2a582573663b185f8bb4c685cb413d978750992861169ff212c92bafc29cb825103458010780cf810c156331baa512d |