Analysis Overview
SHA256
f2dc7884d669bf11314f00d374b23dc7924c8df35cc7cb61ec59dc3912ad0a1e
Threat Level: No (potentially) malicious behavior was detected
The file a4ff59394583400abec0ee3970190018_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:05
Reported
2024-06-13 10:08
Platform
win7-20240611-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a959794b8abc51040358ba38e8bfeacb3cb3ab2cab264a2f6f854d2ea9a341f8000000000e80000000020000200000000fb8884d2b4d38e6b6e0fb57993dfd9b12cbc99ca75ffd13e093b9e38c3ab7b720000000c4e9c31cff0d57035eb033a3955c71330614f5549fbdfbdf8cc31c46bd62bd3f400000007f5484cfbb72135bddc615522af976cdde6d123cd43b0ce1a955680181d3f1ff09671172c01a1b9edd3d47f923372ef966a03d099ff8edf515650019adcf612c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85FBEF31-296C-11EF-9BF5-F6C75F509EE4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435024" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dfd58c79bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e27ade2d250456a9bc5d24e71990671f255d1ac4babca45b5ebb03f264468198000000000e8000000002000020000000aaf5f1a9d704608182462548b2c5e46e87340162f68fd8dde4006c1c74a6e237900000004231e3bcd1afbb3169c5083751249956e81918760280da29aa7045692a73cd260187193b6e08cc9a5e020bd9922bf5f6f3f0960123853b947e51486a3ca3dd7eb3054979bfa32202e83ebd933e6ec82739361ac3be1cf9a9a190387c1def943865dea2ccf7ca782fb3321a8b7c26705c702f40da56113b773165a82ce318ae0b2b4da2f1f691ba202bc02933a9dadd1140000000ed5b7e90eecad8d6dcc7c6ed2f416531d3197b06c6e1efb746ad4c81fcdc54fbaa52754faf991519437dfa7f759a07ea6b2c728f47344011642afdc2252a94b2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff59394583400abec0ee3970190018_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | morenews4.net | udp |
| US | 8.8.8.8:53 | www.pics-money.ru | udp |
| US | 8.8.8.8:53 | gostats.ru | udp |
| US | 8.8.8.8:53 | eberalofe.pro | udp |
| US | 8.8.8.8:53 | ext.host-tracker.com | udp |
| NL | 185.159.81.134:28080 | tcp | |
| NL | 185.159.81.134:28080 | tcp | |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 188.114.96.2:443 | coinhive.com | tcp |
| US | 188.114.96.2:443 | coinhive.com | tcp |
| DE | 165.232.114.226:80 | eberalofe.pro | tcp |
| DE | 165.232.114.226:80 | eberalofe.pro | tcp |
| IE | 172.205.28.125:80 | ext.host-tracker.com | tcp |
| IE | 172.205.28.125:80 | ext.host-tracker.com | tcp |
| US | 104.236.14.237:80 | gostats.ru | tcp |
| US | 104.236.14.237:80 | gostats.ru | tcp |
| RU | 188.127.237.164:80 | www.pics-money.ru | tcp |
| RU | 188.127.237.164:80 | www.pics-money.ru | tcp |
| NL | 190.2.139.23:80 | morenews4.net | tcp |
| NL | 190.2.139.23:80 | morenews4.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:80 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:80 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| NL | 185.159.81.134:28080 | tcp | |
| NL | 185.159.81.134:28080 | tcp | |
| US | 8.8.8.8:53 | c4.gostats.ru | udp |
| US | 8.8.8.8:53 | hit27.hotlog.ru | udp |
| US | 8.8.8.8:53 | banalyze.net | udp |
| US | 104.236.14.237:80 | c4.gostats.ru | tcp |
| US | 104.236.14.237:80 | c4.gostats.ru | tcp |
| RU | 89.208.236.251:80 | hit27.hotlog.ru | tcp |
| RU | 89.208.236.251:80 | hit27.hotlog.ru | tcp |
| US | 103.224.212.214:80 | banalyze.net | tcp |
| US | 103.224.212.214:80 | banalyze.net | tcp |
| US | 8.8.8.8:53 | ww25.banalyze.net | udp |
| US | 199.59.243.226:80 | ww25.banalyze.net | tcp |
| US | 199.59.243.226:80 | ww25.banalyze.net | tcp |
| RU | 89.208.236.251:80 | hit27.hotlog.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6873.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6CFB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bba534efa290a3f23310edb0b88a025d |
| SHA1 | ca51b794f8658372fe41ef1b5545bfb7ec0008f0 |
| SHA256 | ad914915f1b3768799f12d5b39e599e16ea5dcf3c1f6e6e29efd1ea334443cd4 |
| SHA512 | e08adf1a0c661e4e77d6bc5148398c9f5f751d5b70cda56341d3546e6765a4c9f2d4c049ed1b4a9e84d1d4723d3cfe7a34ddd6b19a774a5cff7df08aeff38cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 612abd6da1632f02e882c2cf667ef538 |
| SHA1 | 9184c7612abc7720a656fbddfd7c6a0ba352b42f |
| SHA256 | 5ad04eb53204d5a166c05caed4029df30cb0331a6833ac1081cc9675de1c9459 |
| SHA512 | 3cc9f3c181135cc51dd775aa61bb4865125149d1f78f2e1b0634d5f16a3b58ae8170945211f30cbedf221ceb288a07c3277d62f0e9424b8936cd1fe4f8f8ca46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ff50784b9b7ca27ae8be25714d5492 |
| SHA1 | 98ceee44eaddfd0d3b45d287b389af18021463ce |
| SHA256 | 9b6648a355f2717ed3769dad3cb2b6ecce7b8c03d9b83604fed2ec74ea90093c |
| SHA512 | 374c7ac3f14ccc2e52ed5174a2912014ba219d4ff834ad6614bec6c90c18849f33cc33e0174e051f626bfc75eef05a0292806a812e055afe81c86a33f3d9a615 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4e03e862ab9e4deb924beb497de43b |
| SHA1 | 156865cc1f16573a713bf80f01cae9bb6013c54c |
| SHA256 | 6c8834303ef4b57210b76f38e9b5738031e7d209d579b3407ff7e7ae92fb3d1d |
| SHA512 | 86aea9bc8e0c10450225d31c2c51708ed270743fc927b9bb2c46ac1434f5461f147519a454f67e605b6926c6c89ff31d911465c34050e74aa9906caae2cde0c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23698adc234076f8f085987a2a236ad8 |
| SHA1 | f056890589f94cef320fe07bc4f7e29e1fd43526 |
| SHA256 | 8c3d547d06795fe1f04e859a441313f144b7ad73d51228cca07beca5644c2221 |
| SHA512 | ada79058d4e9f73663bfdc2362f0c2a2c5db25a7e78246c799a44c40b6d776e51fc532d4d5a03fc5eb6cbc3dd21410c048363f33fd6b0d74897876570b3cec09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfdae0e04c870afcd938648de330caf6 |
| SHA1 | 3262e7009cdc6450a557ab94cd0223424e0a9b65 |
| SHA256 | 0334bee76af0036136e7e7d36b0bf87e33d8a9397a6055926c1eadb4885d800d |
| SHA512 | 794ce6142c34dc95a9ee9a54283f2a31594cb40a67c65d3c6169ed23cbbd63fe2303bc72e64128d36939a31767a4ed285393c0d1c798d81dbb970f5c14567779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8dc402a617e5b9d268b55a146d14de6 |
| SHA1 | 9f979a6bb43b5325dc308419fe2947be09366cfa |
| SHA256 | a02a7a28c0bfccb8e90c96ba469884bfeadca04cb31494a11692d5f265e6042b |
| SHA512 | c8b588ba8fad906a1bb2c76b3a3545ddb4b75de93028c94bd28b4c89e9d3140ef7f444b87bb95f8adef94a4cea8e936ec611b7e22fe4a05d880947bee1edc7a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fedadb5c4be190f1aae00cd0cc52ef08 |
| SHA1 | 1af100e62948a3c4597349812612831a6381e036 |
| SHA256 | 61cd282fbb0a4d53e42e0d30284a510d3428c88d4222005df16351aa242dff34 |
| SHA512 | b6f7b827a3063a1620b1098611a8079cede278602d802f826a1526dddaee96c713fff01a272180fb0fb661b9ece057b29007be6b29fb083db64c3a91309ee807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1687ece8df6091750c56236354dfd0f1 |
| SHA1 | b8405180190a5349a6440985efbdb9cdc37ef275 |
| SHA256 | 8e9fe4d2c679d83e50d8079d55ab25b3128121ba15684465997bf876e9fba73f |
| SHA512 | 9f38bca43b173291235a5f7c0eb324fbbe70e0770f657bc559db59f986f03f3b5c959becadc485a0e59b5d985466e4c2677af1ef5b2d286a4574d255f28e67c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 261f0a6bcd2f6e4cda01bf54b3b04537 |
| SHA1 | d2cf42acc536ee75e047237442e82643ddf92b90 |
| SHA256 | 682404c5b4a4584512c89827eb8d53d3134a6eb83478479d873d800530b0602b |
| SHA512 | 60edd81992d5c2fb86d35b0249241d42831737a44d1893ba993020fad2a696f2a47ecde2a4ce6b708472738b6d6253294caa3dec7102f2cab59ec794628ed1fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c8fc7875ad4bea4b3cf8f70b16a5a38 |
| SHA1 | 365bc4e215dd312e2f8edc35a56653d6f86ae909 |
| SHA256 | 9849cdb3fb9fb54a099b0ba08ea0cdd3cb55a4f2500f026330703b3865b91a04 |
| SHA512 | a1bb0702ffa74ee470623412978287d81cc51253a46b4cb4dbf96867e7bdcf281e029bea296e99d99b181433f294c3ef0c4b05a987472f7004e0b38228093f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1df47a08f442e35c82b889737ebe1a03 |
| SHA1 | b2d41cbdf08568d9278587dd252c3d2a7e6414f9 |
| SHA256 | cb440728eb1b45837dccaa1743734c2f2397e408a1675ed213f764a88fe0b936 |
| SHA512 | c5ee041a63e21cf014909e3d37f6709a245a0cfca7171a3d69715e964a218213325145eaa309f1cb8e237ddd4a7c4d4b4ff8b63edf10d34bfdd10995f30bb24c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43573c9f214953643e3abbfa1327e2b0 |
| SHA1 | 4f495f96072e4429f8b7b673ed4c4298b10cbfa5 |
| SHA256 | 2b4c9b4989f3e57911ef6824efd24d1df00ead4f0e4978ff7bdf69d2b5de3b97 |
| SHA512 | 88a689abfa9796946a6074650b83c5d02bfe3115e3f84fca1e38c581872c308475d96dbb7f7877e26ccd27de96d96c2d1a702823da3a90dcab575f598296c1b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb266333f966f45c6bc79cc45c02da7d |
| SHA1 | b5da353e475cc5472ebb0acbf7a10f5ef829b8bc |
| SHA256 | 59d245d59714e4bc6dd6213bd881794bd843086db25e5b1c68e60cb6831c2fbc |
| SHA512 | b5c66b36038d13573122d4402c46787edcb7ef6b7d5e89ba97ec93d54bd2b5d3285962f9fd6f38daeee6549522bc83b8905e87eca74a92fee5ab595150603b84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b674d3aa7d10cc877185334b6b7eb434 |
| SHA1 | 9a84748c24a5c8875d755bca716e0892e33afdf7 |
| SHA256 | 6f9a0150d0f9327bd329d379d7f06079db04cd6183b33ad4e5cc4191a8cf6e31 |
| SHA512 | 9e5d7aa9f912a8e2dfb62cf0e896dcce4ba3d5af343ae7e836f2794e226761fca3b6fe33fb04e974081af7dce5267a5234937f9c08423ad4c248474428ee681a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70483bb01e89e850e9916968940bc7b2 |
| SHA1 | 2d65a34b5fd5b23b652983fc2440f258e2815f01 |
| SHA256 | eee4a4c6f56fcd5d515ac563ed9f6bfe040dc068a62e5c44f19bb3fa636ca80d |
| SHA512 | dc07103d84175d3df9870b4bcc6610b937de32d05ef0f2fbc77eb392e0cd543476635d9b93bff884d122f07d02ac1d0e79ed626946796043a87d40aa9665cf29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1475ba2a40b7df5f1cff0f52b4538968 |
| SHA1 | 91d7b7febd6440a25e96130214da021b1298b864 |
| SHA256 | 40e97fdd499c3be8b0c43812b83a206dc38721a1cd9193c75948d4aa3aec83b2 |
| SHA512 | 6724504af965b8c191d64e4197581611c33c687686e9a92bb057fd4747a3965aa55e687bbb7c453e4ff52f879f24bc5137e29681f4270a30190b1bc0b92ae840 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 255bb14f645882ef9fc9ee19a95f922b |
| SHA1 | fd31a2c6f2a0ee047f1b78aac77c126676f7dcad |
| SHA256 | ea0a3619516e2869070acc7e6d8b9579620f147cc889369c622c8e42cae812da |
| SHA512 | ebc8f8eebc5ae068b46610fc0018c0d5b896de20d0824af9b5a3b48069b2ebbf99e63f2c8979935bbe173553f7cf2aafd1ec00ec46f3d5442a5f085c39602764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17afc7633b41d0ae2c3ddbf54f3cb865 |
| SHA1 | 183472011d8f6c18a5ad88448370d6e711e6d4af |
| SHA256 | ad58204b0c9341ed78cdc45e10184a19285558b2286786e76afb5b93095b27de |
| SHA512 | 9cdaa3b7413006d101e7c6cc4d7fae240965fc976ddd28cd04e583b57c58bb4ee2e1378a2973e128e70129f377103340854e88d4dc3b32a375b7462f96f619a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c679772c2cafcc59a04975773261a96 |
| SHA1 | 9c08c81a262251cb507e71e04ad0e6abb0bc39c9 |
| SHA256 | bbcbe2a4e6eb1eccc5fad8e40a433698fd2a7a4a548a55503598507cfa831a21 |
| SHA512 | 2706b467351b2dac3e79b539cf18a414557bcb8bf855090dd72b49245912b32537454cdce807b80a161bccc25f66ebd07b078838d0568828cf2e8f8697991b76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dbb59fbe9ac52f4790fc54a4ac9a6c6 |
| SHA1 | f013c2803b712b91326574a5db7ec314c452e04e |
| SHA256 | fbd223dae0d0410f7a3a74c2fdcdb9a1de1b63dea8f0011a0d341be74bbaf88f |
| SHA512 | 799c2199045552c122897eceee5d3a406c30177fdbca98b8911dd17874460b38de49ab0bdc516611f2d084f63828e8c3d95149c271f019e377b3f1c9c8df3c2e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:05
Reported
2024-06-13 10:08
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff59394583400abec0ee3970190018_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9904646f8,0x7ff990464708,0x7ff990464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2459698667673176326,16838571579360572600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | morenews4.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 185.159.81.134:28080 | tcp | |
| US | 8.8.8.8:53 | eberalofe.pro | udp |
| US | 8.8.8.8:53 | gostats.ru | udp |
| US | 8.8.8.8:53 | www.pics-money.ru | udp |
| US | 8.8.8.8:53 | ext.host-tracker.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| NL | 185.159.81.134:28080 | tcp | |
| NL | 185.159.81.134:28080 | tcp | |
| US | 8.8.8.8:53 | banalyze.net | udp |
| US | 8.8.8.8:53 | hit27.hotlog.ru | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3040_BBURGVRTFAZUOCYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 976158582e63e59ee44122966e111fae |
| SHA1 | 873236a36e9838ad4225a917c5b4275f777f8881 |
| SHA256 | fed0298209850c92f3122dade73f26346fc6512645f39ce6890d53b49ef95d0f |
| SHA512 | c96d7fa5b1e94aadd76b9066f2120b4f4a5ff7c4af0c5a5ef5e1d8b9859a0a18f9f2dfc53a69ebec5b05b155fa6f965f25cd8cc38b6fd2793921cb40231b8ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 84b106952b247240c2df191c2f81bfbc |
| SHA1 | fe7bbae8047f145e82c3a54fb4c154d2b209eb54 |
| SHA256 | 9506ddc7d382ff2b42435c9865be040961c4f649c45872fd9eea5d79aec6b4d6 |
| SHA512 | ae6effcfc0607accd9063e94b0ecb91caed498bd00e342fb660d6cd9fa7bc1023396ee0572832623c44e936de5053d033a88e7704a93cb30fae6c116740d7e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de71463441320a1f093ba442258ceab2 |
| SHA1 | dde3abdfbe70401e166eccfcd9da955e6c6260be |
| SHA256 | dc4f2257acfebe033da3cc162aaec272876e3385b2d63d84e1c2d6278a75e68b |
| SHA512 | a1a149c72869bf5645af08ed65718ade358a3a77f0f3c075b390269e5ddf6144172ef9689bc307de034deebc8f245115cdf5dcc699594340767c5ec011d747f6 |