Analysis Overview
SHA256
a40007c1f4eba93cd96b814bc7657be2497895f1f6711e18375c4251f5a2d78d
Threat Level: Known bad
The file 9cb86dc64ca83459ddfadfafefb1d408_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 02:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 02:28
Reported
2024-06-11 02:30
Platform
win7-20240215-en
Max time kernel
139s
Max time network
143s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px1F63.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B3F74E1-279A-11EF-AAE3-FED1941498E6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031a9dca2169c2b48966201d5afbeb64d000000000200000000001066000000010000200000001a67144bd4a1ed28579b82a454a97501dececf1ebe0495158c7f340a29c5d67b000000000e8000000002000020000000e2d137f53dacba4caabc4b2639a3268177e327d42c9be8d35a54f7642161395a20000000a1bd852c7c5113cd75d66e223475c407533b858f41ed043bdb64bf32dd3861eb400000005220aad14ed3a046201d8ef58863ce5cd60c09720a6d549b8e3cb8844b001c172897312fc0a8f70fbac66e999724af3ce0b4465c9ceac2cb8b63a4c47c14bc98 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e30111a7bbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031a9dca2169c2b48966201d5afbeb64d00000000020000000000106600000001000020000000a73dee054394b051f4849ac8b33fc210d817032184356b91236be5ac7f434b43000000000e80000000020000200000004769281fa0006490466bbc3dfb279c832ea3baf07bb8fb1520d33635f03ef53190000000acfe38efb2cd967c76bdb8408bb0e0ac1a47fce677ddc93b8a750669539a865f1e98452aa95cc3de86a509672e1b1c770e1cd1268409457163d002eae1ec39b756b981ad2d203622a15587e2ba71c56ceb6fa5a0083436ea8dab9e06715003718c3a4eaa8d2228916600cfa3e19b20f2d34a701005758e131d8038d0967d399f07ef3d5d04b0983ed2b92be76f7000c240000000c9b6b7c092c3f8c5d7321b403649b4637791aef495ecc582ccf1690eba3ca845d47416c3e8fbc09cc818cc837152c21510003aebd4bd43f53449818f5fd77bfb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424234752" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9cb86dc64ca83459ddfadfafefb1d408_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:472074 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.map.baidu.com | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2728-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2728-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2728-19-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2728-24-0x0000000000240000-0x000000000026E000-memory.dmp
memory/2412-29-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2412-31-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab34B8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c537b493eb008d5fa87116a841d546fa |
| SHA1 | 5c884b4f710e23e35892fe9d6157e2399dedde23 |
| SHA256 | 285dc957ccb76cd1f7cfe6893c74c27f887457b6afb991737af9f727c9a80cd4 |
| SHA512 | c440dc85d5be45a05bcc1d5df072f676b3c0389db6a14bfc7b9ea65ff4b15eaa654b7d1094da967ab1e88a1ef27668b809b444d92ca678f8946ff24be944d1e6 |
C:\Users\Admin\AppData\Local\Temp\Tar35CA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4a1f1fef09e3464354f9f42e478992e |
| SHA1 | 341a43de035eeacb5ff5b3ad48f75596c12cff1b |
| SHA256 | 9c3668a9868b6d84a36a1542a691d7d2f4ec92647d56fbe846b9507081d4f5fd |
| SHA512 | 3c0d52a2d7541399e430f090e64c1b11b310fdbd4841ec2d4c73597e2fdc89961cb9601f6583ee025588a5b628a57e438ade3023ed1228aa92087f8fc89476af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63265d9f0ec9a832922f73c956a13aa7 |
| SHA1 | 47b4372fc6155e78640169935abb90ac3526c73b |
| SHA256 | 29f4d306b67fbc01226d8315d9e04e3e5629424b8c4e3747fcfa72d69018b68d |
| SHA512 | 45084c0f31a66c1c16e5e11ee62f7eb14ad0cff0ffdf6b426db7d6ea2db656c6b3ef7e64cea0734133646a30cf6d173042b2f67abb119235546b7b1215d1faef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a014d1cd6aa8d27cf63f44a257fcc9e6 |
| SHA1 | 38aace827ad531ee4c0e7f898e26412b8e4ae1a2 |
| SHA256 | a5fdb9d26ffa1c0d5e4a67f87e4dd09f90bb5a7c860e1bd6264aebb8cab18d2d |
| SHA512 | 5ad3b0ad5b1cfb70bde168a8e13d1ab6306b2c2f58090c12420779a841a5c58386b533bc44ac085ec99dccddb7e77a7cfdd82eafa280df4911d37c3b681f5e0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2db6b44af4d8bd692491906a41738a5a |
| SHA1 | 5bde8f79543b771080ff1b8d8091c392f60e788f |
| SHA256 | 925f6787faa2ec8ff9d743b8b86bfc87b3fec04aa5158c64da247652f9e9eb01 |
| SHA512 | f8f76751697d677cbcc4470d8448764da55c649eb2f99c52ad1c9c34076192ea307ab9bfc4980c7fff6e92e6c71739d4fa1a89130a6498e97882b1062d465995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1795019664b402a0a16c32d5c1b78418 |
| SHA1 | d5ff6eb391c8fe1ae017277e4975308bba53bf73 |
| SHA256 | 1f3551c97a271e0ebb1ece65832a1b179c05cef8595ca244b3817d21d0f211c3 |
| SHA512 | ee5184b09b3471809ed5f207588d785bf4b9afafde0563d0f1aada0ef3f71603b52b0426be8415658adb9cbcaa710869aa2cdda802f3eb139fc53880fefdbf16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1008aa22d4114e1981d7d765c0dbe01e |
| SHA1 | 7cdaa5c70271a2423428cbd661fbcd402d28d068 |
| SHA256 | 8911e0d54cbf8055c691c4c00926ebe2f0d0c7a0863d7782c1a11d8b6d92316e |
| SHA512 | 9c156bffa11e711fbb3059202747afde1201390e6ecccb643437b793a88782f69d053e9ed79670eff1c594368f054eeadcdd979d1026cd0e8c587fa1d0d990eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75741e8144a41589b581283f8c94e683 |
| SHA1 | 785d6ba67543a5bd43a5346c1b16cc076713c7cf |
| SHA256 | a8d8785201b233a1f5e189beac221df4c5f6fe15574f4cb8435bf3b32e5ef0b0 |
| SHA512 | 287f07bda29c881f39e1f693556129be400918570a07d88202f866b251730dc54822d84cf1ca7b4ff1853fd1382c13dbbe581f321c5863fb0505bd4a75df28b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccd0dfa67a7742713f082404cadda9d2 |
| SHA1 | 60153714b127988936e10aaff4b307d8647ca797 |
| SHA256 | 894ba0e756ed6b1ba522be0a34bc770397e580a60bba4a03c509e11902be66ae |
| SHA512 | d6a8c2f91d33e13821df068c404c2596076781c217b96ec4c3a10e5263dec103b64db9bee09c4cd310bad168e09ed1cff1083d6a1ce53ba1b69815a46017f4c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1427423ecee4dbbfe4856e0605d6a2a3 |
| SHA1 | 389e9972f506ab908f137f080cd65e18ec8d2f96 |
| SHA256 | d07cddc9c58391eaf6f15c68eab6f6019761f3c73bfebab318980483cd1684a3 |
| SHA512 | 7e0d130c596183fdef1494a1dd0f228e5543d5dc15adc96b5e96626dada10e4a89c822b64fe465c174a5e7f81652e9adce2a527fb5b3129f6883a7b4c7edf978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 887a78c5b061a30669bd9f7558dba459 |
| SHA1 | 74e985fb6e963e326a85c88f59db7fe05ea8bd15 |
| SHA256 | ac785ca4f32b218b09b96f1d2a6506b3ab9946a33d93fde9e4d1eb68e14c3f47 |
| SHA512 | 37c5a4857236f3ee0c74791212130fec715ccb6bcf6a06a9327c13c4d4a783712fe997aac21cd4474e4fa90b59bcbc091d641891010af142000d9aeb0610aa64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb919e757f96fa238ffe3776d7afb8e0 |
| SHA1 | 15a2e222347b5c2558952b6ca6f456199a3cee10 |
| SHA256 | 1fe0b6dd6e2107c5dc250b19da4f65b913d1db01203983da440cbeaed6ecd1ef |
| SHA512 | c211d0b9c841b492af8e71e07ab4d19914ec429a4b4ce7ca765241d646d96772f5648ef7640e418dad115f812bc89fb83cc647b0c6918d6d224ab71ae1453a14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56e886db1f73e6519c64de31111bd850 |
| SHA1 | f384f85a715b27b8b98292eaf5b2ccc753fe49a5 |
| SHA256 | 0de2502b34500f4306572681ee7d8cdc90e158a48ec469f6875664ec013ca755 |
| SHA512 | 5d14e5f63b986f178527f56dbf6d51c52db6a44be4df2bc0ee6a62ffcf208f73750a88098069c6b6ad72386f698d6be0d3e9c5abe543055a44ec0bcabbc0ecea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71abaf0fc70398538fa5f38433854471 |
| SHA1 | d5df538389e208658ec9fae9e2720aade53263f3 |
| SHA256 | c79ccd3e385ca98d479ac5b894feb505bb2f7840ffcb497103d8bb67586930b3 |
| SHA512 | 8c02595f7ad8918c88fab617d64ff89b8167e63a1cda142834ed3f61330f9f4a47d76266215e3c12ae0969fb23b3ac24501cf1ce9e363e19c41da2b0aec268d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34927c1926e97a055084f90f8f84fe55 |
| SHA1 | cd66c0604076b27652b57625ecf87d75ef80babd |
| SHA256 | bd7726cab2074d903edaefff609b4a2f125e78ae7792a1896d3c22a07828e035 |
| SHA512 | 7359c6dfa6a572af9bf4c2275b642ef38f4b2075a1342432771cc41f01bf87c4dd5630e210ab0ba482642b6f1a3079efcaf6103da71f138b143279855e47af11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9605e28b465a4b286f5918c1bce19d4b |
| SHA1 | e44964b7f9b1351542566970c4f23bebee6615a8 |
| SHA256 | 16b45df6be92ca9116598530e6b646007b97fb91d3ce415d95c464e0de576757 |
| SHA512 | 339a0eb2a4f35f0aac36cd3c10fe502583679cfec8adf75946f1fb0f88b90b9af0a95a83a17e1f9b3e12435e2c3de0c5f3e5bce7c504503293aecf555c943baa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a5267dc4fd2b6d42d72ff9f6d2d4e1c |
| SHA1 | 3273b4f8ae110b4f5e3a1476fdedc7b615f27a2c |
| SHA256 | 4461e3ea355963934dc6fb924523c84529736f620a84cfecc6c25061aa3e6ee8 |
| SHA512 | 8b6aae728fae3a305b4195f1bd1eb27f80ca5cf1b937df37fd84e3ff8b77c8144b398832863bb4798f8d2166cea74e22b53383517df12c7cf681ae4b8d1b1630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b124e0180766d7217b3023659c37c2dc |
| SHA1 | 3407c414b2fc771484881bde8a04d6cda2e4557a |
| SHA256 | 8ab72b0012dbc33da316a14d200db2dbeea0810545c42492f15ef3f192adffdf |
| SHA512 | e72a98e2ad2495c95f2b9f6a8efae7a54df6efd9075d76f11138e7615b6e497f5bf1dbb6d0faa74bd36ff8ea25310f3a5e4d3c1f907187c34c2f000b1545385b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08600a7a938ce2ce7c3ed0610460f76b |
| SHA1 | f1443197a1803eeacb8f2aeff22ba47fd993c4d9 |
| SHA256 | d1d41a7f3378d92aa7cbb8d047ad537f43ddb3c4a61ee1c8a90dfa5f74a8f314 |
| SHA512 | ec4188a387915d07b1bbd669dc2418d0637385a03b06666cc713b250bf2ad4db289fb8edd0ea32e3c852881f6d9a88544d6860f3168bc3419aa1ada867d0d2ed |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 02:28
Reported
2024-06-11 02:30
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9cb86dc64ca83459ddfadfafefb1d408_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8266829282853220332,11965836033035936229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.map.baidu.com | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.46.235.103.in-addr.arpa | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| US | 8.8.8.8:53 | online1.map.bdimg.com | udp |
| HK | 103.235.46.245:80 | api.map.baidu.com | tcp |
| US | 8.8.8.8:53 | online0.map.bdimg.com | udp |
| CN | 119.188.176.49:80 | online0.map.bdimg.com | tcp |
| US | 8.8.8.8:53 | app.baidu.com | udp |
| CN | 119.188.176.49:80 | online0.map.bdimg.com | tcp |
| CN | 119.188.176.49:80 | online0.map.bdimg.com | tcp |
| CN | 119.188.176.49:80 | online0.map.bdimg.com | tcp |
| HK | 103.235.47.17:80 | app.baidu.com | tcp |
| HK | 103.235.47.17:80 | app.baidu.com | tcp |
| US | 8.8.8.8:53 | m.baidu.com | udp |
| US | 8.8.8.8:53 | 17.47.235.103.in-addr.arpa | udp |
| HK | 103.235.46.213:80 | m.baidu.com | tcp |
| HK | 103.235.46.213:80 | m.baidu.com | tcp |
| US | 8.8.8.8:53 | 213.46.235.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_1948_ADDTOWFLNYSFROOB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57c4069f6959a3d56320c2d6abded0f1 |
| SHA1 | c53e51aef452ae9939910af5eb97cc4f74be9061 |
| SHA256 | be96a7ae34870777c35d5ee687220958291b76b9881653258cbc23423e5d0d79 |
| SHA512 | 960d114315825f9a0b7e93ba4b65f74d11498250a5ebd484736143b6cdd794ea1100c672051f1f760b64c67093d1a8a2e26519c7e84fc1cb47004ff895eff319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87a6257715ea7a915d8fca765d41db59 |
| SHA1 | 7953987c883e9700a50b8eb2a812c16f03a50ff4 |
| SHA256 | 4caf0ea7d2c2fa1516459d9a9c35e3361b362202c91c6fa7a740f9d10ebd67f7 |
| SHA512 | 4d595556c429d926a7c9ab54a10d817ba54675de4b650651623bd508948cb7b1e44b89e14136e8f517b2aad6e07cbc3a2c26b5c36b7ed68373367f9c8cb9d1eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96ed05163c5040c17aeee33979ef1987 |
| SHA1 | 9b4a323d1f0fde2879d9423a7c3a10c555edb157 |
| SHA256 | bc7c8fa1bcd77e9a7f84a157bd7a82a1018be0081883cf21ae6d5b6bcd43ad9f |
| SHA512 | a2047fea96a60e7160f19ef0ab85e3a29b3782da3c90b7c301bbd76eb500443ece06601c2e478cf9744ebeb977bd04496096f142e328921a7f0f2f271fd364f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |