Analysis Overview
SHA256
9d67146f9781d92cc99f1d4ab09e6bbd428fd2a382c6a5cd431e14638e771157
Threat Level: No (potentially) malicious behavior was detected
The file a3b59b125ce9c106d876045512468661_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:42
Reported
2024-06-13 03:45
Platform
win7-20231129-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424412030" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD14D361-2936-11EF-B7D6-72515687562C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ba885ea1af78b34a916a9e05e63150b800000000020000000000106600000001000020000000844cb9ee7d3ccebcb2238f035f56070d3411e7f395580d84c818c4e4b09eee88000000000e8000000002000020000000d1b14ff06add05c59a5dacadc1276cef14549996d15899cd57790120aabfd6c220000000a596b623b1d461b88490730edd25037302d6fe8f8751442df75844d46e785db8400000004cee49beb726fe3bb0e28c229ae451d4cd7053b05eaee65530d5818aa3b80e425beb5628d03c67dd76da6f6708e148c9968307e727e71c53aed44924d7c1e362 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ba885ea1af78b34a916a9e05e63150b8000000000200000000001066000000010000200000004d709c0b771c22d0a993fb54e67316b21ffc1e98c816213d799b143fa2e59f96000000000e800000000200002000000067fc0dd53b431b4ce5f3f15baeac0c59e1e401def07be7a1258f9b97c2fba50790000000d4c9743cc7be60c3ec742f19c58d673b5dcad581d3cae0a879245a162bb056e94bef563e8aceb614347685e6fb96adc799d63e7581fb1688a01a96d70d35112713d1885d0ba4399a1b2ae30f562262ce786cc4b21169c6e85123b19948b59d96540000637d2ea2907632a21e6e3775c21a4ba77500a2b15f1a27ea853a2ef05fae07141d9d3d279192429043da0bdbef40000000080c9c1207fb05eb49bedd94646317a0296bfe4100d347a67cdc64537be1f54944e957102845e91b53f2fa1c2c2bdc5e40892fd157d9b32f525f60426679991b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e46ad243bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2328 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2328 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2328 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2328 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b59b125ce9c106d876045512468661_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.knightnation.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 104.17.24.14:80 | cdnjs.cloudflare.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| US | 104.17.24.14:80 | cdnjs.cloudflare.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 192.0.73.2:80 | 2.gravatar.com | tcp |
| US | 192.0.73.2:80 | 2.gravatar.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 192.0.73.2:443 | 2.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.urlaub-auf-krk.de | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8D7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8D9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e41effaaeb80c6a03fb12a9cd9fe08e |
| SHA1 | 37aab770aede544ed3a4f4391470f8444ed518a3 |
| SHA256 | 97287d4b294c6f15dae08112f819ed76bbe316222b4d30e9f954a35386dec145 |
| SHA512 | 68652963d8766b091f06de09adff1e59d4b8e1f6f86e11286faaf0bf72ab90a73c940df0496c9f5e064629ab3afe95bd81576187f757d8a00ccd9b504bc99014 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f0f02c370bea5271a6f1d308c74f8629 |
| SHA1 | f49a75c42fee2082b4f2e84a98c5f6d17715998a |
| SHA256 | 8da80800f3cae0a1563102b850b2d05fc25f2d00ae743ee689463ac448266d34 |
| SHA512 | 629ac2ff46cb4164ab6ab2a6c556e206fcaf5da5ef8117d7c6dbbe5985e19202a884c13f41e8f88544492ad3eb2a7850660b177b9ac1d9cd218900730e966b6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce70959c38ee0770b445dbbac4da0e73 |
| SHA1 | d09e666dd9fc19668a4e9bf92af568be25dfeb0a |
| SHA256 | 5221e5560a6e05751655d9980085d01674f4c91d08712734063c313f6447853f |
| SHA512 | 143299d9c1ed69c8440bcdd58f9b42e16715f16f1ead611b7c6b2d187c5a1156f04f3cc50f99fec66e1304e0817e1cb382dafc25f36afb82dafbfb96bbd6d98b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24645bb7930551f94d81e17ccf40a017 |
| SHA1 | ec992b906f5a4bfb222f20ba2a85d9d8f0e92163 |
| SHA256 | a17d05bd398a7e986e62e9eebfc80b8f15cc86ec0337edbf7a6384c44e82785e |
| SHA512 | 9db660cc48374081e9b3c011cb042e2188c756b0415536cf45d5197c075d50a6049659a22c9673129b5e1d0fb89ae3e51f4f50a4cca66ab33bbb219af0658920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f2e813d0e87229c2e91c629981d8e56 |
| SHA1 | 43ddc42263d0e57ff62b2018dd2054600bf4e53f |
| SHA256 | 8df90937585a76c550db11fd9e9a4079ce15b990aeef5e5a3fbe688ec1ef3aad |
| SHA512 | 7992813b037c0ff7dac1b5be7915c2e10c706137c0503ee385403044519f5440f91cdcb738c79848c9382ed3f06bebe28110d6f93ad1618836e8abe900a7e7d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea95623804026fd9a578ef827ad9e051 |
| SHA1 | 5a972cb19a2af76762c40434e7e37cceafe4f81c |
| SHA256 | ea44880cbf796f20199f871c20b355326792ef98fd06b3c9ad0529783e1a63b5 |
| SHA512 | 59d013fb9b9991c06b281e92cc67d415c1c64b70c89cedb41ea5362a3b210427db2e2d6f98ef7a19808ec0212b052fc5790700696809c4c94c3d4a244ffbba5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4d701a3452bdcecb915f84179b5bcca |
| SHA1 | 5f9614c2e957748c4ea518869d59adfd11b0b777 |
| SHA256 | 5f22a278c1b91327d928e55a96427a58650450145a2672382ea232bb02c4879a |
| SHA512 | ef5b63d440aabf4d53abc809ce0fe712c82526a01ce3e14d606f9c56d4cd4cfd612e0b8a7466841b7ce9cbfb3296f8b62ed3a038b685867fc8470c9598b9208a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d5504b1d3392e11b6a0a4cc9b013d90 |
| SHA1 | 11a733a9345b1e2d13e6b25ce5d1b9fc5ed6f2fc |
| SHA256 | a75564406862dffa5e3e711825e9ca6d79e8d8d721e49969ff4549a85cf7832e |
| SHA512 | a94bd3e072e0ab4ec936da346dd91af3a532b1487ddaca58098dab6efb895c602ceb2d6510591556a75c1233654a5fd5b6a60e11bca18ca36039249afb288868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bd441e077751e106ee5fb5028e1ff38 |
| SHA1 | a5b05f9d4c4eff8c668738c32728e7aeabe8abee |
| SHA256 | 6dcf462b7a6a2e09b268716f4605f183230b3836f212e133882ed6c82f9f8a10 |
| SHA512 | ef1759a51deed6997ed5b1da8e15bc9f2b577ba2302873d7a59ddf6833d1029956b7ec39089acd050c51e4bc63d7a68a9b66e5e1672e2b02f24311cf05d078b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93297b4f5439027e062e865b0db2714 |
| SHA1 | 92e33442cf2abe2dfae57cf8d787dfe12e328bde |
| SHA256 | 093174d206903d2599b51a1cd4b6fad2bb2e536dae29aa2b2a2f2303528c036e |
| SHA512 | edaafeee215433bb678e9955895a5cb552a334d33a773dbf598315f646c105ecc400481b8dc712c7ecaf64dc0213a394bff488cc7b5618cb5df8a6fb8865fdff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8f3d9acf6549bb3ccccc32530282b66 |
| SHA1 | 00e2ec4b15637ed9406b68ba94c52df9cd70151f |
| SHA256 | c8372022bc8e6fba11a72b2cb86d090fb7091cf47e4e778719a95f7ae74a3d86 |
| SHA512 | 522e2c2a7b3bd549f028493556dbe01f62ffc4060e4e9b2e721cc11cd66099d28ba62d14f4bca0d2084bc0057828ccdea99abbdfeb1c9c8ae43962704432a328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | fe39259f987cf381220e571ebb7ef198 |
| SHA1 | d8a7fbff47a796da8b9cc15dceb642f892b5c52a |
| SHA256 | beab56988edd202588406e21778146fd3cde58d76137e4afb14631bd9e32f81b |
| SHA512 | 579bb1a9cd822808a8f96923b63a832248b9df242a814baedad5e6265ae53f8fcebba888314f9e4f1c2d7446a623c79f959d38d67c3443d21fd001e1955e919b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a3b66a12c1b9fe48a1d36c75a56d009 |
| SHA1 | 86f61549f064c634af11207a28b14d105c192740 |
| SHA256 | 0eaec76bb452b8514852078c9d65fa2c4321e269f65f34405631acf429593b46 |
| SHA512 | a94db918999757c2da28ce396f2a92324915eef1129ecb33c2b6c9544ca76fed61d8367fae6cb5e8e863eb9930ae85fe75b21b51ea92591248ed8439b6126ec3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3c1906d6098d758699889abea036437 |
| SHA1 | f8132cb929a81187c18c807cd1998ba0d18be758 |
| SHA256 | ed65c22edf452a9251ea2c461625ede81486937e44885b0c559c6af18cc506f4 |
| SHA512 | 4db10a03376c5850a09662a0bbd23949a9d6e1aa89cd4f3c5138ce99e08d90b6d7b6c7b4e6f0f5aeb7cb333486e34ea28e240c005b4591b227a83f50cc0a31b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9f49492750cf42f07bc4392a8acbd27 |
| SHA1 | dab08f5832c1c06a64e0dda694e9d8a06b4c2eed |
| SHA256 | e8312092661c2f258e970d380190b4d63dceae7c1cb050c6524a56085d4b4843 |
| SHA512 | 0e27698b3dcbd09d3058c6c6ee8f3bee2c357d0c76bee75b8bf9935f8fd4bcb39733529544985b8501dbc690925d779363e44f374430a700c4934506da127fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3260351c36f6986ef3df0dc471a88103 |
| SHA1 | 01a851416c4c26db62b598ab4b4cef0987e3fb13 |
| SHA256 | df677959d331bc11a6fe3f2baa114ccb8248f1d3bd2d7f8e7487bc393db05252 |
| SHA512 | e9ec701467332606c6cd43615908b9f406646db7c8714f780ee366c6c74672a7920b9ed9341c60c8b0d3665bc606c36c157ad15e45a6b14955984e381c880ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 875b2cddfd63da88f5e7977e170ee91d |
| SHA1 | 3e74cef9064337c1a4bc86743bdb8a89be0023ab |
| SHA256 | 793e3fbcb3b9b1eca9a7e3247506ecaa64ee0efc4388269f00b10baa09ace5f3 |
| SHA512 | 7a6a791512419d12fd321dc72bf36efbda1999d7f48cd63af27a70780c0adf0ad1e9670fb89246c7a33c6dc33b84ef2546fc4dcd717317405e0a98ea92e89f4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cebc00e6f6868b62860c035754ddd38 |
| SHA1 | 46acd5c9794ba47667529a284c982e92f927360f |
| SHA256 | 5ebb347a3aa0e885e80457d1623276fe9fcf4cf60da89c20973df181a07b96c4 |
| SHA512 | 676e4c41b3c2054c5dea91330f9c2fe738c0ddbe400c4649284930b1b1698ebe41a2d6cacb62c54951eae79ea5115dc31eac27dbdcaa2e1ca5d3843863d97fc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91d3bedb4861484a27c5440da27c7732 |
| SHA1 | a8ade02b4b6f9970858e4dffa450eeb4c521ca80 |
| SHA256 | c58a4ed2b34949fb80c727d5d3ee6926c42129d5cb56ced505e405c11fef70a2 |
| SHA512 | e1c9e17b2023cb96236e86db0aa463bd7c076ad7c3ff5fa3b11076a64afedaba359c482438365fc13a41976bf6ac565d6178c1f9f67b9d9a4a4810c9f1518d22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a837eccf6abb9926ef92eabe9a898ac |
| SHA1 | f4f6a701cf7504d590ce8441ef5179f81a42eebf |
| SHA256 | 9ed36a0648a644aba74cf9734ca862c9bb44e44fef48e5b7161f443c3a9d029a |
| SHA512 | 8a1b14f0629fe88982d51eb90a18f00aa7a7e6afc56dc02fd96e3cdee39b26eab0ff69b29503c9235a4d52a2da2838da5ffe3fd84c58e31e12dff3d9435485cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88b0dcd9dc909f5454e15d7a2a145eb6 |
| SHA1 | 7cee13c57e0851e47bff5d39405f32f83967af00 |
| SHA256 | c15f00a75d9f12e6b80128b09cfb487e4d1d3c3bd7890e956c7388d375aff164 |
| SHA512 | 9d0a6bf60734e69c7e89c368e97759e1fa5bd6e294276959d4fd1d6c7f24279c246fbeb1c827ff534319e1d081afa0b2841fbae7801c878f19038bf5055bf06c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbe36d21a13231008e805cc4af36bb27 |
| SHA1 | 1288acb7f4ca1e1a803d04ecf81cd969cbb63133 |
| SHA256 | 3eb789219501d4f1f149a2bb3195c451d4e84d2bc1f5e0bab17bcb9f50e4cbc1 |
| SHA512 | 93a2df5ac49fafb02c2abd9dcc86fcc06aa7f1b999bece059cd7b0185d304fb2cc20491614c5e82829756035bbd068511e1f81c1c874fa9f97f27213d9932f91 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:42
Reported
2024-06-13 03:45
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b59b125ce9c106d876045512468661_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b3546f8,0x7ffc0b354708,0x7ffc0b354718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1396,4534820247548780353,3533705528647721525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.knightnation.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.knightnation.net | udp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | www.knightnation.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1324_AATCZQNKQMLTMLCC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28494be186ddad4d2b8002a91316d2eb |
| SHA1 | ca681058eec8bcf8e32d63a57faa6f88e22a540c |
| SHA256 | d0d9707efc347da1f63700c022d99b299b0e5c90de8dc26ae9eeb13c8d5f33f4 |
| SHA512 | fd6b4e11a9e0ac4f66021b82aa1a4316f9b0cdd74ddd27deb48ef3315680fd557286e44693b6a0d3c2987c7adc1dab9af0674086074689913d7749eaabe4c47e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4dbcd3a1644d61ec68b169b43980a953 |
| SHA1 | 04dd6777142a76c8adcb4da2f2627a2329e1081c |
| SHA256 | 69986933d3826e753b477d94e5a75ad5d5b26ba84937288057d120c2b55debdf |
| SHA512 | 3eb283d1f6c357e03ce615fd8010b35e104541edfe812cbd74d4c806e0b055f26a7e9b1b7ca0e92f18925f2ac1b8586bc58ffef8e716586342389b56b4db08db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2eff3f16b93213e41de870adaf64eee5 |
| SHA1 | f7714fced10713a630861e2d563ad48d2c0f891b |
| SHA256 | 5057c6ab7dfb21d9045aec5d6cdde32465e4e757e315aca42e37a7b705aa2f39 |
| SHA512 | 17d92d1b98882dee74b5fb8ca9a6fa637e41e92c409ccda867b68fa32222a7892d01340fcf216fa19ef9cd4eeb56901eb530ce711b93eca00571dbb79421ab3a |