Analysis Overview
SHA256
04514dd7f9bc57caba4006f5b35a9a8b2578247280408090245e08f42fddb331
Threat Level: No (potentially) malicious behavior was detected
The file 91767d347b10695d39408d9e43cef4d2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:36
Platform
win7-20240508-en
Max time kernel
148s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D75CDB31-2194-11EF-B8F6-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572729" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2928 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2beerguys.com | udp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| US | 8.8.8.8:53 | www.2beerguys.com | udp |
| US | 8.8.8.8:53 | gettate.trade | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 199.59.243.225:443 | gettate.trade | tcp |
| US | 199.59.243.225:443 | gettate.trade | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 188.114.96.2:443 | coinhive.com | tcp |
| US | 188.114.96.2:443 | coinhive.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2445.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar24B5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdb061fca15bd22cfaf866712f47ae9a |
| SHA1 | 23930c38505d7406f1369372ab89eb0d67547306 |
| SHA256 | 448c1975a60d1f7fb78a12722b181b57d8acf67082e75ed117a7d2123a6ee067 |
| SHA512 | 7556fc2d551a8a7591a46055ef8fe38d0070e92b14aaf97066d6f43ef4c1ffcc33d9677a647a1419c505a71c0e33c9aae07c0a58cc2e08aa4e5e215c3c15bef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar24FB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a8308f3b9cdbb622869df186ed3872c |
| SHA1 | 15dee88f08de1c6cea55e555103ec1fd7f3b07ff |
| SHA256 | 002d41d5febb4bca9339fcc768834e3095de751825609f65b95cf21488755002 |
| SHA512 | a0ae02bc87279ccd7b9acc7396ce2c0dca8838d6435fdba055682d4d0b989d84faf9f0590af5f96bb3869628500b88f3f9529f3c16b721727a73c98673e3adbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab603ae3e76f5a85f0486a592542349f |
| SHA1 | 79b1e0449c22e0787fe26c0c65f483073fd909e7 |
| SHA256 | 362c1e34aaace888adb4c0cdde62d74a896382681d1a42dc7a765e9f0b08bcc2 |
| SHA512 | d44555f4f818cc4261f042c034d4a60eb243abeb6b42a8b27a9bdc4bdf7a3ad8621b4b18f7782606cba774e991fe73df78f152e2ab634366c2ccb4acb3ae43c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bda1697b268eaf8f082346be4a38b204 |
| SHA1 | 582fde88e7d1b06c09400320fe53fa19a6815e5a |
| SHA256 | ed21b558b1400eb3ac628abcfe60dc5e8a5be51f390508c285b7dbbeb991a1b8 |
| SHA512 | e8b6cad671acf9056fb7c928b763faf2cd40bb327e3e869af7f9c9f1bad1b41bffa4504134e18482f7cc8fffb4fccb45ea31d3f83badc6b34c0565169455ea13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 540a0dab3353340a34fdae295d50a192 |
| SHA1 | 4eb69136746c711c47154742050b4deaa16a7fdd |
| SHA256 | ac47308ccf2f4668c50dc09d8336f2ff78d8b2527171c38600c0f7c00837c582 |
| SHA512 | ab952cbbbd0abf62848e7801afc3f1d470e49364038a871ab2afc53b7ac98e26c3a515de37e2f6c644c99fb66ed8c7ac6e1cf3ecac5d37e0ef5031175b988e84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f00c3ccf30079995e533080008f6d802 |
| SHA1 | 4697d93a840bd5cc66d45b0b9892f96ed9606d68 |
| SHA256 | 8183b5442e62527a163313d388c9f2d2aa7efce5c523a7269262c1b7d3f7e14f |
| SHA512 | 072de29a646574c9ae19a63f19155d7c175ff914ffc5fd753b0f1fda8ac48fb0a8c4953c218fd01e3b06531213d98c02598f5c3e0bc59917201fae0b5d42c4f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ced3df462a0db505b55f476562f34cf |
| SHA1 | 98f913a5bdd9ffbb3f57671a192eae28470d5a70 |
| SHA256 | 66a35330855cc3c3f18c52c6e597825750b2611f2a31560eb45be1c861f224cf |
| SHA512 | 748d03862c88ba549fc4e3e68da11eab05a8f8f982e6fdf71d2020db90c9b0ce1e53ed65b8fd104ee02e3acfb7237ab98ab235dfe893123cbe9a96a46f507a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73cb654a42fa7df1f32c7a970c68e079 |
| SHA1 | 26d4b9fe69e4c7f3992a6469da2fedc009e7e62c |
| SHA256 | e33ffb91345d8b01f279e8f05488d6fb047629cf04c6d566c790aec56608a6cc |
| SHA512 | e764f1da32536511e0c1d5587ce35417b0bbf5cbe3598a5dab3186ff5100a59d5b2a9b183ca16770ddb25232af618f8f9cee82e648caf5468e552854c76a5545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9d7ec6c59df69075b46a8d47888cc38 |
| SHA1 | ef735104a23cb14dc76c0337e72e522b2356dafe |
| SHA256 | 022f89716d1f51475bf1449860832e1406014c2542dff401a26cee8f40edec50 |
| SHA512 | b135a0ccb856866d0f742e0aaa6fefd0b3194a210972b5b15393a1f23ac2441ba0b0702a7ee67fe1362e2f8a57a65af0ab4c602d17234656d21a130b64d8f709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53f05b0eabd03d66df4629d2a6b0fc2b |
| SHA1 | 3357ccf1b7e86a8728ea1c50cbdff27542f9ee52 |
| SHA256 | ba8a84275ca0b1ab2605b33f61dd92c62adf9b3e24f38dfac0027e987b0b60da |
| SHA512 | c34cf5b4c5ddb5ea1999e20ba008edbbcee4e52b48828917d84c8a9794cb85e37a667b8d6020b5779e3ef07895fe52b5526ea457f0280b316d1db65073528fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 390519da4ab504d6e4d438e3da12e0df |
| SHA1 | fd6645a80089dff9ae399b8b5902ae5398c11621 |
| SHA256 | 2d7abe3bce60b4f154b39bd4cc8d9d9756059f1a35222d120955f877ca92d187 |
| SHA512 | 7a1356c32624c7e5a4e8760d131527000a2e605704af89ad29d0e721e6b97fc74ba64086c6143c5bab7725497a8b2812bc81b8343cc0aa5e9e402214e7c0bc31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10174b89515d82137c8649e5dd510373 |
| SHA1 | 6a6b85d34ac29157a98b7a8d42156e7aa64e7407 |
| SHA256 | 477bcbce53bb8c2101594d161bea0c9c724c67c6fb0dd09f57b15bacd622acd7 |
| SHA512 | fbcba38a6a7f7f82a910cd096eb6b1f67fc0c394b6213a1f295a97b14a9be3e77f592f6d71bbcf85ae4b34ee3470bc27b43e21b5ebe5d54c7661cee7360862f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be43cdcbac114caf15dc42bfe267cf7a |
| SHA1 | 86ca2458457ce819a0f31e4e340df9604e06c3a7 |
| SHA256 | 356652a0bd41b15e48b1a619ca3ff44100a6c4ae45c88b0266f367dd24855347 |
| SHA512 | 1073e5f15ebc5526e6d0b2abb2f410b84931c9b88f3714006b3473462b2a63f74da1ac56c2aea0bd15b3ff81745452f003d010a7d1a8f66b950c2830b66b5f46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a0ebfa62a9c1968230b1388425e4a1 |
| SHA1 | 90b3807d566399631558d2558d19813a6e30b59c |
| SHA256 | 5bf2975655be4097df3889363127747d813befc12b420b638c86ae3e397bf99b |
| SHA512 | 49113bf4f06909761edbc470570750c0a4fb71b10585aa3970caed1e85d94fea4c2be2fad9b13a9eb41280d53bb8e9b9ff8df63a1dd3d8a74a51731486331158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ee50b24cf0daed5bbdc1594cb0cf1e |
| SHA1 | bec39392263c8519e3e0a8b84af7d5528992619e |
| SHA256 | 48132ff5822bd91ebc1df9cdfff191a4b703b56769e62dd2c15088bef1813f47 |
| SHA512 | c2798ebde1429bbc67751199edd34b5db943bba5b613e93b6e5aa7d0abb752bccf395d90ac1eacdc33ca5b34b91c1eaff0a9390ebdafb94706d4b7ad9807293f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:36
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91767d347b10695d39408d9e43cef4d2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed246f8,0x7ff8bed24708,0x7ff8bed24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,6290201503910218139,12784576614653848687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3248 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | 2beerguys.com | udp |
| US | 8.8.8.8:53 | apps.shareaholic.com | udp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| FR | 13.32.145.57:445 | apps.shareaholic.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| FR | 13.32.145.10:445 | apps.shareaholic.com | tcp |
| FR | 13.32.145.121:445 | apps.shareaholic.com | tcp |
| FR | 13.32.145.76:445 | apps.shareaholic.com | tcp |
| US | 8.8.8.8:53 | apps.shareaholic.com | udp |
| FR | 13.32.145.121:139 | apps.shareaholic.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 8.8.8.8:53 | gettate.trade | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 50.63.7.161:80 | 2beerguys.com | tcp |
| US | 199.59.243.225:443 | gettate.trade | tcp |
| US | 8.8.8.8:53 | www.2beerguys.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 50.63.7.161:80 | www.2beerguys.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2740_PIQZKHLRUKKRUMKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6632a751ca63c288c56d342d2739bd71 |
| SHA1 | e9bb854645b8df7600399d07c5d12ad7e1bdd975 |
| SHA256 | 11c2efde099efe2cf06119a344b06e4a74d3eb1b84400e10baf153e4efdc5e4b |
| SHA512 | b12b7034737330a3e46f0ca0cc04c1f80b12095076f6531a26b2ebc4dac22c8a04469bb65e9cdd6901bd1014df40f6add5cb4f447b3a6cbe9c541c2163115b5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d2fb1dbb8b6f3146b19859e934fe1fc |
| SHA1 | 0ea0bbd131b75708f895fcb2710596fae40cc774 |
| SHA256 | a7e8e9816f895b64554363bfcf66369a2382e0b4829d56efeb90cef164801ce3 |
| SHA512 | 7dd853be868324472a4421a465bf9f59b55d70afc7180584d820323960dbefd19f87544fc623259f786e6869c06ee99e6a40fd11b5b28108421d05860777faa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e69a3eaa819dc53ea32d44e3a219ed2 |
| SHA1 | e85dbb4542a390b34886f917b5a29c3726ed434d |
| SHA256 | 67508c2cbabd16dd290afb60fc19f55bd2e4c43cec131009650d97c85bf172dc |
| SHA512 | 6e7b0182cfd1dd8d0cac400ca15f98ff307c5cd4b25a37c2af1894b3e76ea524e24f068507851ea4b81ea814240542200c24f57382f1df666d1367884b5c0d29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45732c6d4a0cfec3d5aa0bda87f66dc1 |
| SHA1 | a46bb742f3447a6b458fb1c8b9880b232a5b6097 |
| SHA256 | 9b7c1752d2322ec46494f6a3015b30fe272f5f21659e5492fe9172603f5d5731 |
| SHA512 | f4944275fce9142a4e88ba996f6396fc5fa2c6e08c934bcce03e2d7de78f36e1bc8194545c3c4ab461629e06a447e1809bacea6ce84565230180418e35083a37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |