Analysis Overview
SHA256
c51889072d4eb01f0c7e3924ff65d75f3251b91880b6bb6a74db77d4f320d49d
Threat Level: No (potentially) malicious behavior was detected
The file a5f64c7215893330ea66c142038f1bbe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:13
Reported
2024-06-13 14:15
Platform
win7-20240611-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0627fed9bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15B0C071-298F-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000022d340568a072389220d7218813cc22f9bbd7e9d743d92290dcab5c66775d891000000000e800000000200002000000054c0b7342b53022fb62d9c8a7bb5453ea1d7662efe0df8c8e9b7288be23ce95e90000000178b9531b25f58e9e99958f11fb12d288d88f822b4a07dfc3cdca9d93fbf1958637e9a0c0027336f99218c4966c376da877810624ef5de03c95f2ee58d47d117cfa475503d238ef01221f08a39401a34b1a899adac731e81bbe1edd7aaa40da3a7befa92cca5798dc6d90329b85e5c9dafc940fdf6c779d7e2cca2bbabcadc40de51782192dcbd848483581491469dfe40000000114242014512f55fcd63a88810f32c79cf8eadcefa26afa57a1f9059a75ddc9758b0c6e8710cc806ca698a09f54481dbfea1aa57f24dfde488324f9cfeffa938 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f1bdf6412b370eacc856cd54436afb5d3b3b28bf36c83d12d121501ed475548f000000000e8000000002000020000000b8dd44f1ca959d4b1acbb50895cf80f5770f24ec8877a9878a9daece1e7846ae200000006ab8fb92033563332fd3beef351454755a8906c2345e76429c5290f32d9231d0400000002651ebf73cfa2064fd239d74b96379f6922c7ae9c0a2783734e37c150fa49c7c656e0129a18e3058d6a4acbc1cd32ac4678aa7b25ba65cd4e867adef3909bbd5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449869" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f64c7215893330ea66c142038f1bbe_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f1fbf657ced9fe49cd0cabf49fe366 |
| SHA1 | 3b20d6af19656607bd6f175c508bd0467794f13b |
| SHA256 | 4f13dae4f8a6b0605a979b7838fb9f97985379e71265bc3519cd39fb98890c7e |
| SHA512 | 235267087bfe6a107576f28621c0a5dfa3d3169e6ddbd3392038a8bcde51652a7face9b3384ba1fce4b8141c6a761b84c33463fc68bb7130df1738d83a1413fd |
C:\Users\Admin\AppData\Local\Temp\Tar8154.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab8132.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27452b9cda422e3f9708bfef5d5e0513 |
| SHA1 | 10679341add5c83db18d347b3fc582975c3d25e5 |
| SHA256 | 3d3c183e8d9c3f0f31c8f46f7fa3cc3d28db5bf1978a42e1f8a7e417a319174f |
| SHA512 | 44cadae4ba04ee70838701a5ffad35e64b8b5336a9549cb68f342264e67c3a6d2159b79a665ef745338e181edd038f7d038a6161e7d314c62ce16b0a56c7fda7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0987a0b83685a8f775844f100a25c8b9 |
| SHA1 | 347242c375120852db85e44352a7c7bf146db999 |
| SHA256 | ae7c8885d9d8177d4f96c96276578a790613890249154484ebb91fe0060bb7ff |
| SHA512 | ad422e02b3c68a087db129dd94375cc3f6d8e06619ba6aaeab5139485374533dad662bef7978273fc0ed14b644322e97cfba1012df0488c9d1fbef09f6d89317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c652fc0840fc6b7f96d5d4dd6037bd4b |
| SHA1 | 0f182e723ac92bb93a1e48eb19f6dd8f9bb0345f |
| SHA256 | 0680908f6da7728cb5b8829414d8476384ab11bcb21ee28a63d1d68beb5926c5 |
| SHA512 | 317998ccec42cfbc6956ccfacfce1d59c5e0d03d6def7f7ec2981438eb11a559db934bb03e5d8055ade1bace80a12319d119d5fe0fade507b71a81166bffd273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7e59160cbad6f25553e26d26f25ca8c |
| SHA1 | db453068913bbfd8f7ec343dd4c3edb3b124b355 |
| SHA256 | 6fbb36d828f326bd8837c95d8fac6e476e3326b8a882faf0069aac7ddc1d087b |
| SHA512 | cf1e3b0671c2ea23eeb18e0e58d74abfe818fb3527243ae656326a32a90718d5b50304f0295d4429b1a30d119d99ea84ffd8100f9c6eb064dc69a06783c0bcf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0d6d3387ebc787a304bc58dc5f3ade7 |
| SHA1 | d5b87923a0c22a75a552bb84116bb25b882baf29 |
| SHA256 | 70bb2e86eb5ed8ebc6ced8d5779e2146523152eab0c31162f54b92c57e97bae9 |
| SHA512 | 18cd7d496d79467395246a3167644aca941013882e60117aa26668738de310b253a7df627f4086790c6be19e89e2c701d77b60640bb7a43e78cd6e04e24e9ccc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59dc48dd77f1ee99510f328f26713be0 |
| SHA1 | 2b7fa18c8c3485a784fe5834d37d5ac743933284 |
| SHA256 | b8eda77676582da11185204c65c609324fc81f18781c5a88a82cc0c036db207f |
| SHA512 | fe48247829f4d6249c0a32f0b9c343833d923517a5350801301770ad1cdb319292bf6a5eec2919a6ac61532f5f3c2b37a1e3d3effa5d7b4c426e7e5524d4b993 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd85c0a00e0c3dec010085f17b98bbd2 |
| SHA1 | 2a9e31c541ed2fc8aebfc5ea3dae57e6435c671c |
| SHA256 | 543dc67d4e26f3461e21034447fda82a8677a619ec5b84139936702042840317 |
| SHA512 | 5f566805f5a8391f4d5d0ce7c0b39028eddb829e469838e7b1c9b156038f18465140aaa12f73649f27120cc96a2085d2529304b59ec1de61371a13344915b0db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54718e2c6d003618bd5a86385853f753 |
| SHA1 | 87359cdcb653084aebe9675862c4d28092c90a37 |
| SHA256 | 86a50fc735a736d9489ca81e9a9ac6ba2b968bf8cae2035ad0b64510c4806bc8 |
| SHA512 | 30a0ae926f8eecef3c814e5d91deb67e4140db29a9778656116ccd2727ecac9c1894f03f47f68bd67d84a0ace82628915f7f36291e2a17412c9e3e68a700fce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 865cfd520ad9341493be6e7b22bc01c6 |
| SHA1 | 1090cd75ea313f92e672d2990b8aa59b50577ef1 |
| SHA256 | 46e87e89324250998cee34cebbd2accfb74abcab245df6cab589e9a65256bfd7 |
| SHA512 | 7ff8fb467641bb571bd6e8b7d89e7491a3cd752f0976231f81cfea0160389d72a5925343684604f68f796b20d0b857ba6a5d5ca17e23d2e62f61f478ed4dde74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ac63515e3e18bbe7703553a3c83a8c7 |
| SHA1 | ce44f0446524ef3548c40f5fb956038f92ac4852 |
| SHA256 | 6b4774eb30c5e22bdbcfbab1dc3f6672ab5c7e296c5a141a91d6a2de50a2f971 |
| SHA512 | 01b1a38577995a190a5b30de2060a05f0214cf826b456f97f451ce75996317a93c44c7de91cc6286101c069050da1fa561716647e2341ec60323068f668a2d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398a44cb00b94af3161805266b79783a |
| SHA1 | cee643b3aa05dc942307aeb798b34b50915856f6 |
| SHA256 | 72034c11817aa306e53d6faa967679da3cdcd2202ce602cc1c8776aa036e1302 |
| SHA512 | eda1e7b4a1a8785eff6d93448f174330a170c022c0282739959916e1a26ae296d5e0604c2e8ad8f2a691a91d90ba5151e73b6d279b87045509315fb1c20fa18d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08f4afc6051fad8a3a06c1af3c4346fc |
| SHA1 | a734bbdb1c5d4d23a0befcfe9b4d44683442e614 |
| SHA256 | e4108878567b01040c2bf27254758ee42ef430bf029311334d53dec0b5eba44a |
| SHA512 | 7dc04db06272fb42d45e2a70d594eb9311149d0f53b7454ce886909b6f53e65705e28484a903a9cda940d01a393b47b96c17efefa27289e8541651dc28fb790d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba2b98ee1b369184acd9369e59ad0ba9 |
| SHA1 | ff34ac1e734a01a1f00b3f7ccfe5171afa484fd4 |
| SHA256 | 6d656b8038add9672a46f3275e58568ffddb43a70eb29101f0a082ea4e02808e |
| SHA512 | 12b60e17fb4fc656b9da6a943588caffcea2e29b339497616007cf3f90a25a96bbac0a5a2a82ce47f38bd84994bf154a0b272b869625156d66c250594798ace7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fc49584c5b3c47dce20ca1368d9f027 |
| SHA1 | 3c73b7cb1a5a16ae5e7339224be1e2e417b5cde9 |
| SHA256 | d07c619faf6a8dff2009ea9b64bccb0f06675ee308cf0372a02102f80d2a07f6 |
| SHA512 | 4b54aa93126a45460762c2e868cd5cd00f6fa72ce55fc61625c61e7524d8bd6afaa2c579cd2b422fa87170074f6ae3ecaaa3ed917f9cbebdaefbecbcac147320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 203d0c7dd992c11012e275b41ff61327 |
| SHA1 | bd2a60a3fb7be2e36ec54b0ad69c8f97cd2e9a38 |
| SHA256 | edde906b11a9967d3a1f2c6b9bf476fc50d43573219c105d5372c6ee6b88bc1b |
| SHA512 | f840ec6c8134d6d195176b0d18d7c798651877679398e9cf9e54c94322fd57e5bc57850bc3f6f289d2e9df57d998f4b39f8279dec47275980de1bbe3b250bcd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 856f6e97e6b4d7b182e5c8b87675f8e0 |
| SHA1 | eec553b1210b944374d03818cc825cd0456b5dc6 |
| SHA256 | b4529e08b288f52759ff0427214c9ec5f8a046a5ccdb7071f89b6c9c0072dbf3 |
| SHA512 | 6e558ee4a48ecdeec5106daee7e9cee60edad70cf2565c8b2e2783542076d7dfeae1aaed21635e189c91e8e2c2404f7e52db0e24f59f7dbf31609c6dfb9d396b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1444ad5cf9acc8b2909a7f457d92da3 |
| SHA1 | 4c36104124cbb78cdd713bb0ffabfd301c9aab32 |
| SHA256 | d502ef46b8c0f950f97f6663b9622751acf618c1c5c8667c8cffed156997e807 |
| SHA512 | 23b57e487a5428563fb368735249a6b8d8ba7566580aea07427518b982f73b3c6ca884f8fdb7225eadff0b6822f6ca98ad52468b4de8bab10a0b88116946ff13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34b584437f18d63aabd371f299cd3cf1 |
| SHA1 | df499460e66fee07d1f21f81aa09c3bb041e4d64 |
| SHA256 | 6972984123baae1c50bf39a1c3df81cf7709e7fce4800513ffb857c410966bb1 |
| SHA512 | ff7b90b86bc65ba0316c35efe35c7f0d278e194c7c243cef46a46f3d5eb94ef596eff51c2ef77479fbb1c84f8b7b6cc7e567427b6ce9b6ad15e235af054868ac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:13
Reported
2024-06-13 14:15
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f64c7215893330ea66c142038f1bbe_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8703598807668533521,706560953744129485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3144_WKFNRJMCPOYTFSNI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eae7f19d868c22c9b95ef550bd9c94a5 |
| SHA1 | e3a2f94d8c84cc1cbc603f86d7d225b34a9e7b74 |
| SHA256 | fa666a165ef99848f9107c66b079b05d5909d1dec3d3472479dc4dd4717b554b |
| SHA512 | 6f56e6dc0e3188314ec5f8948d1b17e41b990c1bca5a282ffe189c8fc3704e0557dcdfd0b754390249710c6942c845c3fd3a2807fb544ee3efd7f6b8c3fcec4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e06c6f2cb7a86630119c988b840d897 |
| SHA1 | ceb82041af526e773ca558a884445daa572745d7 |
| SHA256 | 06e96c66b8dd7dd93e562c8094b501e2b5f9ac48c880fd1aa89b129e2d592c3c |
| SHA512 | ea0b4b8773936b02d71aa3e8c0d1dc5e9dde0f7bbf57864855c33b03b88d603e764b2102d7968895ca7a9f70134eec0b6792cc8216cc90b478a0b1718f8fb8c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb82e1dfc4863c6d933e6dbe72f5ccc6 |
| SHA1 | 706739565e01b515587cd3f27a53ac4985f15547 |
| SHA256 | 7405a2d9b4ed2728de6790e32e43e73e712699670f66ed469225aa83ceb4b2d5 |
| SHA512 | 299365368d6cb5a69bb021eee3f99c5e843ee196e95c1d37ceb21263607df7e14924d38cf1457a282bc0e6d246b2bc9971c02c6da07cc80e765fda30c0c29a91 |