Analysis Overview
SHA256
bb8d9f4dc25e6832e372f3abdb0d717789fd134433812e1d5152192e32463de7
Threat Level: No (potentially) malicious behavior was detected
The file 92427c4431da7049f984f05723eb07fe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:25
Reported
2024-06-03 15:28
Platform
win7-20240508-en
Max time kernel
117s
Max time network
126s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50753959cab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000099eb186ce86a98d54d00c0dc45f0b3bb0a1a8200c0c275532a2d071f6cbb9f7a000000000e80000000020000200000006b844446f059a8f168cd7106a51046ae2926371402f8cf8abb197ea36a54873e900000006edf0f7ef0ad16d691ca9a3f9ba0589e4730dff5ace535eb953cb71b150f554a55beaff7b812121a0d21290975fed03d8f4a889d29e982585322f6afec84386440e996e2d982debb3ae9ce3b389f31ab3d00602a4c964d85e4b7e32c7c53aa077c94fab1bd04aaf8ae4a2dd3a540c759899451a8f3a09520ff4b7d275737c32a753195c91fdbd19a3b6ec82a1cbff209400000005d251221a8155020490f43f6bcf014a31bbf996eb0dbfd0a8f616911fbfb54a07457fcefbe8f136210e3a81e8e36d7361b514a37c82e636548d9b774bac6a4cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{844AE8A1-21BD-11EF-B8F6-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590199" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000004c3b22f10cc7b8adfba8b6615f1935238c6a586dd286292ec667b361c1cafbe4000000000e80000000020000200000002bb27f58271514a28b56baf661286011cdf3b2b62e075f5bdabc628f0c998e7c20000000bd80ddd00469e9cbb80464b0681cf5502496ab2fa855cb4f0af790879f74cbc640000000eb9f9c783bc5b890ad91a70e9d571032134cac93fc1087afdc5c295f3401781ca906ed02ec522e1142770ca768d183678f9e6b72571b6d1ed9b48e0e66a5d03a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2988 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92427c4431da7049f984f05723eb07fe_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.prospeechcoach.com | udp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\style[1].htm
| MD5 | b9a5e64854662e0625f64482a2eaf680 |
| SHA1 | f81b4aaf62d7d313600c109b13c96eb3af280a5d |
| SHA256 | 6d15ba315338ea42d3e26309faa89cba2822be957ba0ea5aa80361dc3d4c91c5 |
| SHA512 | 3e95d649830897ab343fe060dd5f114d02cf844a7681a12bcfc1c9948ccda7c483ad68f8172c3c6444e46ef3c61deda5084ceab25588ecfd1a113ec68d018670 |
C:\Users\Admin\AppData\Local\Temp\Cab365F.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3702.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 064ef78275875c5b3c19d4ea5187bf07 |
| SHA1 | 38be4527f9a691fc49e96c4c6436fb3bccc5025f |
| SHA256 | c8a807df0675f47aac5ef01681c08fba8a977aea0ae970bd2b10966c8b6e8bc5 |
| SHA512 | b318de6361edf7705a4770f59acbba93635a72ef5ecbd516a2b70c40b1c0928e34de9866a00effed85399041c099d3aee515247e1c4df341860a52aefe6b6e7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c2beaac597a7e80a99cb33b64f5508a |
| SHA1 | 90f44722b09100fd62018264da10efbfbb0b19d6 |
| SHA256 | af70f4820492292466912f2766d2b56d72a6d32c397cb6b9a8d1e2649f6eb678 |
| SHA512 | 4d053cf66c1b7ca762a3378cebc64135a93a5711b79ff16b861645a97492000d6ed4aa50fe1e0d0f1d1e4bbcf1c282818af9415e8889744fd3673ba1213923bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50e249f8d67ec09b940c803f9a786d94 |
| SHA1 | c2b02cd19dc44d723bcf4387fd100d4796bbc83c |
| SHA256 | dbc7c289e1e56d88bf86fd4ec1b9c9f661f6f00a251fc5e7a4024edec509f95c |
| SHA512 | 9a33f922d85bf46a5f92a85ea609541bcd42d7d7f54c97341d767d0a7e4c5f6ff362e9a8e5e1bafdc4218eec8ab0715a13182b7aaecbefddafcd7a72c9f3806a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad0ccb5df1ee023f61f73daf73788f0f |
| SHA1 | 209ddbbf8c94c1025347f1dfca0cc6843534af28 |
| SHA256 | 0f19d18d3b3fa64d7b8cedf612a6101a9b1fe94936d7eae4378ae9991e24d313 |
| SHA512 | 5edde36a7c355b0dfdafc08777fd83e3038a9871473c7e1c4e141b9a20c9c0850886137a8c2bfcf2dcc7b4ff169cfbcf2706a52050e6ad416ee2de5fa77e40da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 537a76e4adbbae56b6bcdcfad8b374c0 |
| SHA1 | e52afbab9415187045bdef85d514ed65f0da5324 |
| SHA256 | ff7fe167fee3b5406a5ab90e35dea992feba364d3cf3dcc8f5d2532d3c027d2a |
| SHA512 | ad621790381b494afb9b1ef0e9896e5afe22624a9df6b8acdede640fcbe0c7ea175cc7719ecec5e84a5d0c700293a24b185ee608a1586ceb934347aa3e015611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978e0c1558c76708061003fb74da9780 |
| SHA1 | 7aa8b3390c5e4c54be546dcdf514fe27cf4aa53a |
| SHA256 | 2eef6c4e32013e28ffb1e63c4754ce65f7a0fc2dd96e0b6cc9cfce3c19947d1e |
| SHA512 | a99b806ab8aed31915cb6c5ccc02ce46ebfa33ee87790648588e290baa2a2c332b72ac19f97422acd011bedbb69acb3553fed77c01e2b9e997b21191cdda6b44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f4944c5d2ed8e9267b8f41d934f4c36 |
| SHA1 | 6bd1e523059bdcb14d9774f7cd9e3c4b134d7536 |
| SHA256 | 1712d173eadeda5b5b8f851aa4b998fe10c6db46a697c3139bd4d2f950ba176e |
| SHA512 | f9301d19d61bdfc08ba8ba84c69af5e12781b797b5209eae801c3d73d9472eed85e5e421b69a8f04b0424e55761f3631595c064d6b1b1d50a77b01a4e04f38fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c953a3203849ca359b0d5dfeec12ebb8 |
| SHA1 | f46b4e9985793babe278d94787f4f8914c48a0e3 |
| SHA256 | 2696753832bf03e4e9d6afa0393000006ee2748df820fceb4a35f1a8d0e4b970 |
| SHA512 | e3b3d2878bf9e114919c80d71b34166b7600d5ec73c6eb8afdd8560ab1d39c0a8abef1e1bd4dc8ba5afb4cce6d80532088c196843cd530a1ca824fc840fad899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2b2c4b40cb1d7f49143f16ce7d12c37 |
| SHA1 | 83966c7448e8264b5094b1dc3e0683a32e47b1e2 |
| SHA256 | 0583dad472d3398721e4d8092fc4546cb07c1ef95fc19dbed38934cc4489848c |
| SHA512 | 2be9561aec91b9ab72c2f8d3d76c93617472cd1e1622fd7c64f379f75c7891b14937647b02c215d14cb5aefeb2091b34101106ecb5637ee0e744e1b16590c070 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd5b203495d28b6449cfcfc9eea55322 |
| SHA1 | e420ed9cfcfdd1077375b8fc31e5761b4860ebe8 |
| SHA256 | 34bb67758fd31015034c50c7267b719a42a94ffa7d01a31a0e79c45ddda8af50 |
| SHA512 | 769cfb5a59a3836d3669da61be76c582cc49c096b4068d591370a504451525a7b5603547a66d0aab94e4e8d291dc4f61ffbc464f0eddcdec08582a0e84ddfdb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3ebcefb106cf582c50417021e3152e8 |
| SHA1 | 71c76689a67bb868614d125e0ff283f67e332da4 |
| SHA256 | 8ea8b5b9cbc1bcf07943b5ac8d60d60745d0507659de3e0bee2c101b3ac471f4 |
| SHA512 | 22cd4edb9ccda727d0aefa33e222ea02b439867dbf1571319f8dbdcc08c2f2d53e5afb31aa6f7f060b578447e48b41118b92e816280e938e80fa319ea811a62c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd940c1f5f5b4287a3560d4221edd83f |
| SHA1 | 53c3efa5432f7a9623214bd446394eca9583d7a9 |
| SHA256 | 04255650ae70a172366f15f15e9138f774fa08ed77db8d7702ffe151668aca5b |
| SHA512 | 02a489acb62cc511af3afad843e788226806171867d7b49cd24f482ade5be067e1bacaf2a6e832c0205f60569f4c3ba80765929dc2507584d8eb5bba1f7f275c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95144300537b90a5d3f0681e9603351 |
| SHA1 | 8ef8a551de99b74d192b7ac8353626e40b11e16a |
| SHA256 | 9f9069c4852a4327a0f17f54149b05afb6c8b96c70fb92607a260406363164fd |
| SHA512 | 975c3ce3ace46e30546a990c339c86b66e319b43da3e19692510884a873b45d8bc64247dca1927904e938570ad425dccba95367916845fb6953b3211cb930cb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 889283c9dc943ff569ecf97227d340b1 |
| SHA1 | db1c7417c96328ec0f26283c048ffdcc9a6c0b58 |
| SHA256 | 58fdc2d7f96b8032706134f4d1b4803c44655d644aa50e0457f1ca6e937fe88c |
| SHA512 | 3356527872db99783f3cfdeaf05c12280913f3bf597c9b4a286092b6774c95e184ee91866b6c4e80c41ea1dfdc87a53b6e0882cd7c6adfa43dbf1063b0bfaf09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bd330e644cb7a1112d2171416b8f09d |
| SHA1 | 01b85a73d9fdd4ee20584725298ae1d56e7883f1 |
| SHA256 | 1c1d42a0cb50e460c30be501b774f65dc5825f7a3e2edb80785b1d79b2a45624 |
| SHA512 | 3dae5c6f533ea3c44d83861b509e9ff7a6d97d177cce158cba9c4d795b20f0da0d351cb50edad476aabcfe4b2f95f2d4507b90b23fff131ea1f0a428553debd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c06acf6b63ae691aace73500ffbd2d14 |
| SHA1 | 4623668ab84c74f5f9a8b7575b6b61c87046a7df |
| SHA256 | b3981d5dc75d23c1362dbbf07de165ffc55de169fbb8a6c407f6d2abdf4c3811 |
| SHA512 | a55dc480e1db5b4737f715910bd7d9a56391a4feed4e2f9aa0f6787a125cd6967182271088360bc0089defd97650603ba97cb50ef799816756a4dd046f14af7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c38aa0ad3d4a8d28bc20148ed8737d0f |
| SHA1 | 3e5fe32d15ca9dae464a8f1fbc16e5e047dd90b3 |
| SHA256 | 1ebb9d992aad90cfe610890696a68a6d10e30076b2c5a44a81bc142c16f7bb62 |
| SHA512 | 672ad184b5677510ac1b77320e96f1787e8878f033a167c9331607047cdae1b678044950b4b390876e622509fa9df098b5778c3b6efc785d5d4d0672d12a8753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6dea8183fab0261068469c56e55fe68 |
| SHA1 | 0d7d1dcddd345c7799b4bf158fdcc3c192f817b7 |
| SHA256 | 90f3e0833383d5bcfcdf1bc31a14277b095ce84de37a9fa31af0402102947c54 |
| SHA512 | bec957b561532c04a918225ee8ffb9d057889f9a1375235abb9b9378a64f131fb0262e80970aa7f624721ad0707007b70c2ee2c4ab3726921c2abc7b5cf7f0a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3a2dcd7f4c5602b5b429eabd5754215 |
| SHA1 | 62ec69325d4af8e9ac5e84e2442db9e73c0b35b5 |
| SHA256 | a1047089b4a0a74f0a505520412ebd8e799b4ed4aae946c044cac1414e345e79 |
| SHA512 | ecaee5025050db3e14a10e447f22eb953ec015c48aded75594148475e0f60cc37f28a0593e9ce40d6775a32dce18111b4703629c733e8732adbc432d6de320dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9ccbc4e871023342ac4319aa5164a84 |
| SHA1 | cdb43e2045a56396b444a3dc9eca16f7ec490934 |
| SHA256 | b05170fd3122c3681e79dbe257a436a89ea45b87f3b2756b67ae34260953f4da |
| SHA512 | 288329ec2c30618158f76cc35cddefae6b6f79328f061e93dc51713e9af252a013f9b6cf521ef527eb662884c11936eaa4cdc24ec192764541cc9e285f3de091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5350becc7be4cb174c647858cd321a2d |
| SHA1 | 127f001e672f213ff75b329e3f5d85200a44fe7c |
| SHA256 | bc2f32997d2043065dd7ba04e5d7a7ae55659abde2b7942ec75daf1e82f3398f |
| SHA512 | 4f47ed510106170d6e3de5c65fa0838c2edc4afeef01fe315dc04ab1e181ff9fed36081ea4de89e648c01a7a16ce11013a17220aedbd9aa50fb1682aeeb56373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1aff6a38afc45dcad9ec4411e9dbee6 |
| SHA1 | 93de4c83fdd0da8bdda977de0be240b12f88fbea |
| SHA256 | e37d8761020eba7e0c3595a2a1ef38d0e87de671a81df784cef25fe2ee1dd490 |
| SHA512 | 7dcbf36498fa6277aaf655f72bb5b00d8f88583a3065db2744b17f82b1b5be1cb3af3a034fd9b8993e165b7431547efcff366a19c57d1da7994b3aebe3719007 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ae3a4e1ba8dac80cc0d22ebefb29c0 |
| SHA1 | 00589dc95ec189479c0098bdfc7c7379d4fda02e |
| SHA256 | e95af62ba884b6541a48d8af70a9eb10c7a657935df26d824dac3bb62810f2b0 |
| SHA512 | daa5ff4de2ea6d2e5d6081dc985af79294fac1b185b19674d7efd17676c65cb0d94fbe3ccd288cb62988f376cf6b27ac1ed54c56034ef49858d37b9a66c88c89 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:25
Reported
2024-06-03 15:28
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92427c4431da7049f984f05723eb07fe_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10644854593287297247,15118357002640727772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.prospeechcoach.com | udp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 185.214.242.230:80 | www.prospeechcoach.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.242.214.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4148_GTATQZYSMHJOXJZE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84a04374c940454993e6b5ad643d1265 |
| SHA1 | dbeddaecce5457c6da79d4c157193870d2fd64a3 |
| SHA256 | 23afca5f8010d3474624a22481f5f52bdb820d2ca35d2baaf927bf9047c11dca |
| SHA512 | f9d2d387f31e66a5afd41026561391dedbb7a68db6ac40e2a61b860841c03497fcb476e6a641b9df86069c67870c9f6b0d4f2cf58bffd2573468b99527aef625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 562a5342bac68e9625233318462daf4b |
| SHA1 | 31a267e7def8fc04b1cb05be2b833f611e5f4366 |
| SHA256 | 9bceafd030c883f0f20777633964acf6125b098cba66b5a69aeba9e81a5d7bd6 |
| SHA512 | d74747bd4148c50e8b7f8058d6facbf847bb9e66f21ba9f1712a7cfb62e09e8b2c88560c30c051954deb9d3ab21aca48d9a3e43488f8ebacf8dce727d3b3a3f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7d4401970310ba774549347b5dfc437 |
| SHA1 | 007c140cba89748d4011bc1b6ed3830f2c361c0a |
| SHA256 | 27c024e3c778a0f710ba7bef572fa44c418fdc3ed8e12b5b8c79b302b462331e |
| SHA512 | 6b2f05fb0998f17f1c60dc507619dd5c56a403b3f43ca88902deaaadd4bd9433aed6aceaa74b248b85bf1c4876e6daf626642dc5f7a0539b770c743eadd63948 |