Analysis Overview
SHA256
a87cf7bafa201cbf4ab6fac575855b4e84e0e0e32977a61363b9ab888f949e91
Threat Level: Likely benign
The file c07366ec993ea8270c89b21b6a32cb2c_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win7-20240708-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47280861-62C5-11EF-9CA2-E28DDE128E91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000951069073ce09f1954c1a276efb839a2f0a1626674ed443264cf908160eca1bf000000000e8000000002000020000000e26186ce8f3a2f46c293ca4477317fa43f8504d9cabd13bf0e9e4695b6629f499000000069971ff4744985443e639ac6081af1e56b581b1a264f424694579201e74f7441a1faaa7540005540a05bd0602ea48b6a49a410d12a1c033413f7d7d77e280c9ca5c027451006158b13d0fc45710eaf8fa3043e0be0bc96260723a2a56b97702b2382abfd44092c2cf3e1cd66e6179d615c5a452a2ed890321b30b601437b73b9e41a2b0ba041fea0c9882d803744e4c240000000e4e42a6d51fc880b5ff292d7fa9c16b514012c858e0af54430c947a77906e700b91aef7f724dcc6cf95550c8a3c312c3e61a4796db695abb7da26337f94ce3fc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1053f038d2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000061147278ab35464111bf38e0aa2f0ecdb7286392d59021be1f7158e2f27a9992000000000e800000000200002000000025caea3c03a283ff7b3a18ac11652f06ebfae4c8daadb343a6b73c132462215020000000dc8b8a4de92ed6bd3dde7ab0ecaf77b5065b1f8f50171882498bec911182bb69400000008dfb0a1f7baffc9d623b817cdeb382197befe7bedb732656115bdbdc3e0d1bcbabe61bf558055f3653ce3c3679883f1e38cdf1dc6e52cd80186ffe235c701b59 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740358" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2308 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2308 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07366ec993ea8270c89b21b6a32cb2c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ogs5iz.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 163.177.17.97:80 | api.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8B80.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8C10.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31289b59b30598535b0431745c2c9a6c |
| SHA1 | 162a11f4112d2e6e791f758aa1a1de34d1f94482 |
| SHA256 | 7789618f10cc24201c8ff68793e688cac6ea03614b986a729489e3c9637cee9d |
| SHA512 | c3d8d4fad1aa8bcc2e4d14abe582b541990f21d18e8bec63a5d545017bc818de3b06e0ddf2d90c3962e29740aae4f50fbc1461b4d9076639e70b5dcff9ca1328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36a4f602ff52054c14ea5265c683dbb1 |
| SHA1 | 56ee9a3094d23de6d901f52f2e21187088acad80 |
| SHA256 | d6ea88d5dad424fd3407a74e6c78963831124f391bfa98183dfa505ac2f56c15 |
| SHA512 | e43ec285c687c81e9253a12e7f9b1ee69af4454400c612361ffd13cba3485729d75066656931277f50c9cf02957ad8a025be6d1c7412957902fb7eb006e9283c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee33e9c3a73c378ccfccf1cf0ebb9044 |
| SHA1 | 8965bcf586ec1386075256a96397ee01f0603ee6 |
| SHA256 | e8234ffd1844a25d597d03ee3ecc6fd7fa621e177298a1fdc41249e20f128cdd |
| SHA512 | 8b085170f75299c066b2072a3d4c95a6a5ecd4af6e63afd6c530c4594031404f36175493b07c92ed74bce2e63cf9e2fb8d656c70e619da18e97b5d2d4b10d1d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f7352af4295a8516f3f5f2d2c46a5d5 |
| SHA1 | 844ca160ae956909fd26159dcc50abdc8eb247c7 |
| SHA256 | 4b677cfdf08c2f73197ef925cda70fd429519c67d9312de485a57940a620b1b4 |
| SHA512 | b8c05f5300127da9942f5adb83b4436dd7752261245947096ffc18db830c8356b200a3532946b95bf61123f311b5ba1d94fe2d2a59dcc8a3ce3b650c6c47bffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b61cb39849fd93ddd91b934f0e965584 |
| SHA1 | 6307020bbeeb810c00011c43641d87f1c51d4e37 |
| SHA256 | daa6e175e667703ca96e16f3fdd6fda70154ff54450ef574a9c8e8ca0bed8e3a |
| SHA512 | b1c23293bce8bbc2b7eee42385baec5abb56902bc289f4d0f3724d42ea1152ee4401e16500e46f111664c4e5eb3fb4b9d32a45288a9e88d133e52169c852ae07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d5d15cb0b639300fc0a505bf9e4b9d6 |
| SHA1 | ce6f1b47dd557b664fcc998617d18735182316b8 |
| SHA256 | 687f89f2276d86a2c82ef9082e1a16ae893ca07258ba2e8d27cf9f60cb612119 |
| SHA512 | 4cbfc93c61c120a1daeb4a40651710b81d88ac6af3b20fe4e6a5d02ad0e41c47c1501fa666101236dc5de9402ef8dfc364870ae460061e68342dd07bd1b7766c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51f7a57d64e1fd011e5232ac65be2f35 |
| SHA1 | 2a37f2db1e2247cc1f3408258c86575dcb51bda6 |
| SHA256 | 3c3a9caeb2092a2d825187977d3c6bd5d641c4d6ade2165fce150d5c228a4119 |
| SHA512 | cbe355c33cf93aee579d2c2512839eb89daa4b0ff60388ccd404cf611e513121477e37c0bc1d0f52166bd34c49494821296e7257ac72659180fc7e419266e93f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2f4a3e7b9db901d9e6b24a8d394caa1 |
| SHA1 | 6884c87dadf49f6400edfb0212e8d7a6d08e3718 |
| SHA256 | 1b38136c9d251e907b88964485267ba80ab51f7d69cd87e584b2d8db7d99b877 |
| SHA512 | db178a0b4d6bc0ea2db0b13579366452b7311865140ca9a01376857d73abf9674f7545cf5cadea54c1fdf24e4363f1ccaf540cc86cc454f5c2ffb096c60fd174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25bfe5ea6d15d5cb5878e2fb578fcfea |
| SHA1 | bda1a933b34305d3a58d83a8f839e6dada4fb41b |
| SHA256 | 61c10ef7ca40455fe4bf9415c7495ecd02e10c5a1e85ec8793098edb28f11ce1 |
| SHA512 | f744fd0d4e2cf68891ac88f4fbb50df7fb92e27b0d9fba0f277d24933262a31fa6142e3c0ddd764001e50aff23038fb14b8c103abcf8e29d4379a930841831b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fd62990391c44f48b3132559d6ef1de |
| SHA1 | 1c791c98a6c005f1b9bbec518e5ac5db02b3c116 |
| SHA256 | 15c82199ff8f41e1a131d2af4fd03963c17d8fcf4941be8522b4262dda2179c3 |
| SHA512 | 242553d733e3cecc99524285dc69db3ca3021abe416c22085ae13581f52d8d5b3b756438036fb77d91b88b318311780f4af68eb7d87c9861392d4e01a5ac9294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7067703b544cd361efcd5f9444c33cf |
| SHA1 | 7cf5aa2016862d887e298cdd149d0312108f03c9 |
| SHA256 | bbcfcfdca2e886a094c6422fb00a40b24e3f9e5014a810e3e0ebac37c0381f23 |
| SHA512 | 84142831ce0efa8ecd353e5da80d238a46cd18e2517cbe680b9ff580f5c8d02b5057161cdb8e006a8a9aefadf6329b3d5b06b56c979fdaebf62efd7c378bea6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c45800b8d1ee320448bbf44106c2b985 |
| SHA1 | 95fddf7dd3e301c97d808c1d5c0be16042364ea7 |
| SHA256 | 16e40616b7748694b5ddf02efd91d3102427be66f04266ce0c5efc5aac991a24 |
| SHA512 | 33ffb2c045c2a3dfe1a3e4876180eee00ea4e1c41bb1f4d7ac80046898a206deaec0dac2117df56aead11ee353acc060c28043acc3e2c368ee0820a7d23c0854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 035ef8d49f568ea834ef102b0613f95f |
| SHA1 | b802886689e95c96f2c443cfba5ceff5f894d2b9 |
| SHA256 | fc03fc7418caa5e4a5fde0638694f8176dff15b6c946b4b965222cbee4fae7cd |
| SHA512 | 9c8ffd1930ce2ba9aa5d429ceb5cf38adabbe0cfd087934e4fb0ce707dc94ec85ae880a1e17818f5839b591572921a7f04e4fe7b118622e07fccac76ccc268a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d71b5637ae16292dea80e6812057efd5 |
| SHA1 | 192a82ebed1bd7f9ef40cddca9120f4f83d5f2cf |
| SHA256 | 2e86bb10139e6ee8a7c7deb59470f7f8a001c2fa3cc9a6a64982bc3830b2bbce |
| SHA512 | 1cdf2cffaa41c163afae1415f533613d637e4c429e5bc42e7b069c7b7c38e65e44f1bfb9d202de9db2f957b6a2be7cee52742ee0e8cc475529755c39ce2ec760 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4df9f74dfaf7195fee23957b9b9b197d |
| SHA1 | f566bfe44b5bc9221dcd68ee7e34ee655fbbe8ba |
| SHA256 | 2131968fe4098a529b1a8ec0ee9d89dca7f84fc5eebd5c57920c6a13317fabd3 |
| SHA512 | 82fd4b0f7ff115d7ce50c1df1c0a5a454c660cd32fd6fa641ba9f1c73a5389bcbe8e45165f2e5e95ade730b2d457cdc1479b5848c7788547135ddf46da1222c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39b3ae49b0893f9445aae40664a00a7f |
| SHA1 | 428fab357e1d5c56690e0e94fe2c3d04d272fb83 |
| SHA256 | 348e355e75604af2f5a432366e27ea069f7868e51477ad9543d5e73c6452248e |
| SHA512 | 9ba9f18caf3436b2bd52475a8d870619f3d4282adfa3cff028b80b8358d82ee8d2705ff6516e84a270078c90f685750183dd9baefc51e0a36edce85421c26b21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c1dd46ddbaae42b2c44a414514f8ce |
| SHA1 | 0e9fe15f3447678e36a8bdc3f28e9e65123fdce7 |
| SHA256 | 835bd153363622b6a1760a34a41d694aec6f8cc9efac2438ed4205b91aa60319 |
| SHA512 | 8f62e4aeea296e68ff01ee3838d47f03aebb8bbbc30cd4febf59bc5ba534cb470216baffa339e8aeae59591499732a12db6f96f89406dbee5236e772075a51f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca9fb227c3bd07acfadce5dab5cdca74 |
| SHA1 | 2e32c7a81dbca64db958996282b7467c519ea58e |
| SHA256 | 073f48cee2f491c6b644bbbbe3606156a9440ef159ece3b307035218e8d785af |
| SHA512 | 8426c3ee1820763fc3a149cdde776fc21abab68cf52c2e53be3324aa6b6f8accdf6983a16049c4f847239f418f113c1a862786df84b0ea7341d303fe39fc071f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb0cdb11a94f52abdf48f4b4bfce995a |
| SHA1 | cae17f76e0332c23d381cd05a467af57d5a2ceb6 |
| SHA256 | 909b8fc66c04658c43ad7d5227e5b79cbaf3097ddb47311b3af6039af5a48dc2 |
| SHA512 | c3e74118cef10bff4978875e8a41d99cfcd96310690e37edb22361b45cff0cc16f1e19cdb0322701914c2af51cffbc40aa2c1327b33f2b3965fdcb7484fea14c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07366ec993ea8270c89b21b6a32cb2c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7efb46f8,0x7ffa7efb4708,0x7ffa7efb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1590689089018578271,4168992553881073061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ogs5iz.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 97.17.177.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.201.61.182.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| CN | 182.61.244.229:445 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 182.61.201.94:80 | api.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| CN | 180.101.212.103:445 | api.share.baidu.com | tcp |
| CN | 112.34.113.148:445 | api.share.baidu.com | tcp |
| CN | 182.61.201.94:445 | api.share.baidu.com | tcp |
| CN | 182.61.201.93:445 | api.share.baidu.com | tcp |
| CN | 39.156.68.163:445 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:445 | api.share.baidu.com | tcp |
| CN | 163.177.17.97:445 | api.share.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| CN | 182.61.201.94:139 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| US | 8.8.8.8:53 | 83.200.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_4796_ZYIAXIBFQZYLVRWZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd2eff9d34edc008dfd00a55a23bc9c6 |
| SHA1 | 7a4276ec90160ac5519572c182551fb907115503 |
| SHA256 | ada350dc6b604fdc72f002c3fe8903434788ddcd53a573680de79e932331bc32 |
| SHA512 | cd7ade18dc6c8003eeaf7a5ec52b3c2e0bf3061dbfebbf0e0cdd1720f0753e016484364b5e9b4bd2cc346a1db4413f9d5a76664fdb0eb734610d4963739e6a7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 883c2e473b38878d5dc606c936c586d3 |
| SHA1 | a29f98a9bea9b610903a865f8d8a46760465add5 |
| SHA256 | c9fac25569be81842ccb838f24da45402aebf3a54d30a8d40524c868c74f08ea |
| SHA512 | 91baa608ebe2656df05d178cc8375af1cd1a89791d3318b102029e9a92fd2d3b0747e2048776d4cf5e379356fd824a700ab8146fa030a7ee1f9016416f9c2b8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09344730e5ae0543305add957e1b9443 |
| SHA1 | a0f857c6d5ddfe0f34918a60258b4da2f06ddd1c |
| SHA256 | 764959f39852870512f01b237fb46a2a82cda78c34cf5e404b4ef9ddd888b7e4 |
| SHA512 | 6b5a431ec74ca75c8e2ca2ccc1845a247aa805b22c272ba664cf7283a6a006e1b8af55d39a0d6f04bafcfcb270f04e81c9a86bdbeb30c27bb1fa0366b21f9553 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |