Analysis Overview
SHA256
eb8a389f24850bc1235946e51e1183db53629d02da4af16b852ad7c1145e5656
Threat Level: No (potentially) malicious behavior was detected
The file 91ddea14f0f896c0584fc93837054c7b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000007c82fde6671be7c67ad64fd51855aa5f5bd0a499aaf2c60d23109f27e1662f36000000000e8000000002000020000000cf73d88f012263b181c93ee79ab9dba169299dd35bf169490a003b8ed66665f220000000c54f1a0de1caeee3b926ce76166b0c796782dac5b10714d1c338398a3b09524740000000ff13c123b20e18f37c1b15b85453f568992dff4b1d4d99dcd34556d51d351353ec3ca28b02ade10de03f5b7544ce3862388b6145363db41b23a69251ef5960ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f921b931605232e622da5ea41422e77ad1e966ef730c865279753280e1eaa15c000000000e80000000020000200000007f838130d653841524daf6f1addada29f8739295e3a61bedc311fa7220658b46900000004b162aec6e69bfc264ca046a4035e7a130acbe4d85c0b85d76a44d734c438c6122ccd6df522e6d971cca1f67bc580fc54131a618b0c862b28611f468c658b5b77523cab81ca32eb8b64522c6f7bf24728cbc0a6ac2f27a6188d7619af6ff1c2bcb2610d8bb7b041fd9b26c07756c6e804057977171d622029f55dfe96f8fc4a2f7f57ed728c3bc8db3f6d4b5e8d46552400000007400b18857a19e3ba2adc86353c5754632352b23f117bc5ce0a8e1aeafb57468459621a62707b12f4b1c4124e85d14927e4200c9a26e092029d46b9f55efce48 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581279" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF813101-21A8-11EF-B3A2-4205ACB4EED4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b4db96b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2576 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2444 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ddea14f0f896c0584fc93837054c7b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | motosfera.auto.pl | udp |
| US | 8.8.8.8:53 | 020202.it | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4397.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar45C1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aeb4e656a4904fc74bf5d817849c4b0 |
| SHA1 | 5863121b151d675a04cc2c02a0249ec75ea9e579 |
| SHA256 | 0bb23f36d152a849d53a45a4e8a9f2112630dae03710e8eb87ee9e99163ca9e2 |
| SHA512 | 0f0eb89688cc89c889507dbe2f1bb6890b5be97186634e32c5f407d48b65d293b4320a95e5bee225ab473f661328d680dd20380328390257c64a7988ffb2e54d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e905a1e905bb9f0ef17cb7352e4c2d36 |
| SHA1 | 401c0a5841232950a7d9123145d24b4fc4135687 |
| SHA256 | cda8c5bf0af9b4551cd4f7e5ba6afae4875a8f10a2db0bc9ceda326332853cc0 |
| SHA512 | 04a173b32efa647ae308bac0eb9add066d0b0b0846015eed69031036ec043acaeba626d12ae5cf9591b4cf97d8c8fed27542d5fc457656b314ebac96c8637272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1191ccda67ca622df901e8a558081e4 |
| SHA1 | 22836f92c2c9f33d839836f2ec5ae5cea8bccb46 |
| SHA256 | e657a4f67b4144d7e6a91a25068b31ba32588595d5ab116d0e06cf23865cc4f8 |
| SHA512 | 35bcf652faa1b512534828f1df1dbe2dc6446646d4e28cb9e9f3513ca13486871b380de1555306ff577d8ed6850249063cecbc29870c42c174fba1baa08867ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05d101aa5e347fb463692b551b582bbf |
| SHA1 | 617f37b30a0502a389d856e6435842dea4236dca |
| SHA256 | 66e0f0c21a5a9799375dd52d5e6f9f0bd0e71572542ef443ca290dd717a85be8 |
| SHA512 | c7dbb843f0f1b9fe85b934bba491bcb23be543f24676a6d4ebbca8b0d4c707dbdbd8547d684bb1f2e984631c93b2b84fafe3d270bafb260049361e2fe088fb42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98016bd173c1d6603903121a252fc9c6 |
| SHA1 | c22eba919bc4b96ddf04e80339f5d90caac6de63 |
| SHA256 | 51eadcea5f6a8ad60ccafdb9b6f1a23723cb4c43bd71add7d6fcd07ec942b9c6 |
| SHA512 | e28ed7f934b4e5a9de11ea43bc0c1e358dfad5a40f2c05fb2c6eae8cf3c48c6d3d3a1818a2e014615943bb9fd246bb39e1b3f8bb8894576399edbb1f3a04600f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6997755cd0e9283d40f69d4af5457afd |
| SHA1 | fdeb2a55d76ee24d98d49c89792084c496fe8342 |
| SHA256 | bb4a7d8190fcac86ae1add60e64c256a6e2b396c4a31463439af26e75b45e1ff |
| SHA512 | 10c0dc6717c97ea9d4858b9175db8c5ffc7dea3c20779da94e7684e7e598b3720e6df503796551c9d461b56ffa57cbf2a0657b28f9ffe27956f052807793ea17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d57f7da9db8b5db7743730ba2ae3428 |
| SHA1 | 17d127afc64d5baf4ef4793bd07aa49c4a1deb01 |
| SHA256 | f7d377300e1629b5916abb64214cd9edcac46e1669ff6eca31d33c48a3c1818e |
| SHA512 | 2ab6a95f442b0d8d651fdc7d11abd6cf1f874bfd4f90441967dc95b097267be22eee8d2bb192547f75671567aa475be65f5e9a9455bdc9434f07e70f376c05ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5509b04fe31ded4a948b360b039820e8 |
| SHA1 | 587b8a6044fd3669fe584db86cb74671022f2ef8 |
| SHA256 | d50d7b8a1525920e90afcc55e555269a28320ec855171c8f6396b12737af1c42 |
| SHA512 | 9c8c321924da9386a042846b10dca640fb95cfbf8dbafc6829fabf84aa6bb25953dd4ed9a6c7e9d20306721e388647981d17da893275606d35c50d3b07d632d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a1170e667152ffe9e26aff65313f154 |
| SHA1 | 915df6a65dcfb064f73f5907557dc178068076ff |
| SHA256 | 63d9ecf0374e289eb2e0d527d5dfef03dd59dea4b408a602c801f2c631eda7a1 |
| SHA512 | 0a2825ba43bd5c56904804ec7ffdb6845bf27534d69cbc06eb6694c28c545ca147c75da0f0e7f24415f6df13b0823f6d8c1f00bc80fab16b2d4f009c66952c2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7938aec1613d2ca8f9706f9491f3fddb |
| SHA1 | 6f5a3ce3f2ddc7d205b619ace435306c0e59fb0f |
| SHA256 | 2784d7b26058255633a1dd49a89373df3f02534760afaae7a416a689de67c5e6 |
| SHA512 | 7f25e584674ebc76d2e8a1d1c8911ec83749abaf860e12c0ec437b38d5e67e89330fbcad02fe965199b06f522d5bbdcfa39a1168e1859f9a7a21f83390e69e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 331b3ca12cf300e1959aeb5e3de865f5 |
| SHA1 | 4e3c88d58231f556ce1ce6c9f2911daeef4b8223 |
| SHA256 | 7db5f6dca30a2b15b3c05e4d1c93205064548ecccf96e0869222b6ba72a47558 |
| SHA512 | 6f6ed2450879ea1fd4dcd65b4e29dffe1950cec14c6e0428ccdd2da4b5a9b63068c539cd583645c9269a27cdb9e0152b06fc2400d07f3cb491fb21f297d3159e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec503bed095b47aebaed054d027769fa |
| SHA1 | 82c549afbd043401476851bc2ab10c4baff0f2ce |
| SHA256 | 1ac08a9fe0691e98bfa36d706bbb9d9c21d38cdcc2ab74a185cc852939b36984 |
| SHA512 | 60fbad6fca9ba83e9dd24fb9bb8bcc9e4920ba85c3c69281d49b7f2139df7e7aa90bd11cfb26e9ca3837e680f5c4dd14ba5783a5b517372d97dd933410c36936 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc7a08abe48babf4ee33ab7b6d453d45 |
| SHA1 | 1c88d7046dd65076c0bbca3a29537e6afae312ca |
| SHA256 | 7bd9f6731844e2e74e3cbb029884d00cf00220a12be37618b916404e4077a1da |
| SHA512 | 2d486a087830426aa90d3bba507e362b2e6586619cbbc8a64cb3ce4b0100d5aa9e3f8586f988513965f40598d5503e16e8efe27ed1960ad1cf82d747fe6274bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d83ea51dc892d1dcb9b05d852d8cf728 |
| SHA1 | 5846b771dc43e009e5a0aecc41324bf69d725a72 |
| SHA256 | 8a61bdaf5e350afcd11e48d3ee9cdca4983d6d51f595638a4632ad3b105d57d4 |
| SHA512 | be99810539ef49692c0d1cfd03b9b36fd931e88f617ba51320a2c91b17612ffb46693a53bc48f53b071822b89e003b50e587ee2d72b12f1fa37b54a9aa33f1c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 930fb56876070f2c4d7b961bb8343253 |
| SHA1 | 65c0bbecae7c3674f65d892aa495ea8b96b4d62f |
| SHA256 | f6cd4f9c6d2840087297edc237674369c5ec81b25f2d484ac5d196c39ae2601d |
| SHA512 | d0bd8d21916ef28727b44feee3cfb9a8e65a12701d1b3b7fbdb3b5a24d49b4b4c0eb2a49c5b0005c48da37e7744fbf8b4df30093d144aec37402e69e955b98a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6987580e436c7c7c3ecc9c796ee70838 |
| SHA1 | 41802a70bbb77040815f75f47680399d13d2c9da |
| SHA256 | ec879dd44fdf4addd3f486242de509b178ed9bc2924dd991ea82b3567487caec |
| SHA512 | 2ba2a9f1c5f4a0ebebe5af5a6c0c6bafc14fe2a275ac28fb1f39dbd881a99e8d81107b43b204dee9aaf6917d8e19a08ca044bedd256f3431196f4d7f3702ff4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a02871f85b46ad9e143ad8217665058 |
| SHA1 | 43744f338ec9301ba94fd60ae66a3d5b2f9b25fe |
| SHA256 | f7082660460cec8e20638ad18a6fe331d8d4e11f06147a2d794e7485a7af86c4 |
| SHA512 | d7e6a462671d61efa0edf5756381c30f941b31f4c8a803ae69515edabca2289fcdfcc4806e04ad03f75c22e57c5b7e8df8eda103109f46b49283afdedd07d203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a800cb0a84f8b4977cf681de5152f0a |
| SHA1 | d525d3dcdf94b68efc030c9a0af2369fcc97349f |
| SHA256 | b626d2adaad9e856fd09d254e6d62a132a754237598b976560b61242770af658 |
| SHA512 | 88329e26ec3fa71c44e981c92d55ede29ab774a58544e913c961f2549814eae2dfd348e1ed19f0020ed04b416629c505c4fc508329b69b0f8796ccf161e30e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efd9b97c8b976118c9b45dece6c72f90 |
| SHA1 | 85a54776d7b3b32052234c8910c7274f6ada1ddc |
| SHA256 | a43fc00d6f47770d8fe734e0c978f3b9ab439492395fc2891cd417bc64dc70c5 |
| SHA512 | 2c511288243ed63503d0ce2ed3866e8c99e4739079db282c509125673ac24ac35908dada8fbf85c597277393c1b847a5fe2edaf7158a17af10d270d5fd6a0c45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7551130ae32cfe8a0a2f1681b38bc274 |
| SHA1 | 0b2b3de25b0e48ae42040aca8662f889c652c75c |
| SHA256 | 16e8e10fc43f612b0afb919841460a25f15306eacc829d679fe5ec5e8941f10c |
| SHA512 | 9091f40cb015761e9d56efa87d1d107f099e176e7ece37ed83564bbad5e7a498c9c8e187ebd7258b7f9596b7bd901d997ebd3598d9edc74b7710b0bdadfd1779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd5f59e4b715505ac6d70a6e3afa1a32 |
| SHA1 | 12329c72089ba69745d4aa26548d37a82b791f5f |
| SHA256 | f3f74511188eddad9289cfd351db597948b8d9873ae6ced5ac0dcbd9380be035 |
| SHA512 | 09ca290d5d412f5d40c89dc8462937fe5c5d5c1c3e5bef3c60b701fbc3ceddf6e61c5cef3ecd4601c747a0de2a903e1d8a4c2df82dc3d5ff0cba95dab67b367c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
130s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ddea14f0f896c0584fc93837054c7b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15788005095896200528,3252890344095395029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5288 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | motosfera.auto.pl | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.180.10:445 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:445 | maps.googleapis.com | tcp |
| GB | 142.250.187.234:445 | maps.googleapis.com | tcp |
| GB | 142.250.178.10:445 | maps.googleapis.com | tcp |
| GB | 172.217.16.234:445 | maps.googleapis.com | tcp |
| GB | 142.250.200.10:445 | maps.googleapis.com | tcp |
| GB | 142.250.200.42:445 | maps.googleapis.com | tcp |
| GB | 216.58.201.106:445 | maps.googleapis.com | tcp |
| GB | 216.58.204.74:445 | maps.googleapis.com | tcp |
| GB | 172.217.169.10:445 | maps.googleapis.com | tcp |
| GB | 172.217.169.42:445 | maps.googleapis.com | tcp |
| GB | 172.217.169.74:445 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:445 | maps.googleapis.com | tcp |
| GB | 172.217.169.74:139 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | motosfera.auto.pl | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4456_TAEPKYQRCQAFPXOK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f68ea8e72313ed6ef922371d3211d35 |
| SHA1 | 8bf302e78b0cac0ace7d31aa52dbde7437f4b781 |
| SHA256 | 0b57ec7334b2ad334f8f1f81cb91a6be9b1dd864ef78fbfefa2b5230e096a632 |
| SHA512 | f8f5e175938de1059f2ed8ab98f17aba126d4af0ed45df6ec569b6c87d241351ad5e18bab8f9c31416d32ada6f0601a458acef11979ad34757b8d669fdbdf3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5366f4856f520578de600f2330375d8 |
| SHA1 | f9afa45599011b9774eb503cef5187c899c0c699 |
| SHA256 | 1e4a226367e3430a7a5d449f8c269c2fed868e0fe8340affc25da5059aea1bba |
| SHA512 | 42c99bafbc3e506f2038a4daaf904c1c458a1629990dd68b23f019710668d47db12bc53743f5eb3c9447b7e4b303517db86af6e0bc207db494cf06de862a414a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f21783de8103586fd1916783114a5793 |
| SHA1 | 9b7b9c1cdcee821e0e3a1e8407b766476be4dc67 |
| SHA256 | 573671ee1f58b7cd43dff9f1699bb634724b1cc170b7e9a8405041f768820817 |
| SHA512 | b5b1f9379cb4cb8cb3414403f038510ec1160364558495641dcb08357317f08948c636f0783dad590e47f512018d22cdf6d39d5b03a4059d562c5b0f3c460756 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82b2274e98c43b4632a9d293a5de8229 |
| SHA1 | bac4fec4cf2ea53697381874fb6a4ac7ebdfa8be |
| SHA256 | 9b0a6c6052e3aa362e79ab87a6837a4e391787db664dd08b2bbfe9558198976a |
| SHA512 | ed98437bbb420b16eb785682fd947b0ccf02c946ec12812e724f2b843193581ee519135643b6dd5f7a22f81798bebbee60589acd597cac32a3cfb554fe33e60a |