Analysis Overview
SHA256
156225d7eacbc543f105c1aa350e43eb1773ce4764b1e74a256a6be919b1b85e
Threat Level: Likely benign
The file c07381251edf094dfb92d3059c0c44da_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win7-20240708-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000007cc3bf6fc056e7b40f7e09550f3349d4ba8e05fd5b679572df62cbcc39e11910000000000e8000000002000020000000d04c0d922e510205855b66b4ddbe5ebbb162593795c9fb1c78d48db2b0b3ef9f20000000a4ebb68abdd79032b33a222e03de7b03c47af53913d764218af62c697cd194db40000000bbe2e1bb871b7d0e6688fd886431de3d7d853b5c51b2cbab3e04467175db97de352838f3f4a7a511f0bea7a936d00b9f752f1199db399c3036777f6ed3e911f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740371" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E4DFD21-62C5-11EF-A3B5-DAEE53C76889} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50581f24d2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000005c1e0ad62b05ffcfda880e5c42fb0ed9eea970bbf7e32a21f5c8e63cf045ed1f000000000e80000000020000200000000bfa50c7ed19a1c653c0095470cae7f7a03fa92eb624b9719bdee8e95fd3a5e190000000d99b9d99c2dd5561b74754009337dd5e58c726481b7b00aabf37293848b4fbd273399fade3cc455c690135e889c692bcb77d9fa6d21a409f01cdc286c719f4f14dec359ad5ba897d784c25d57e3449326daec8f6a6d9030ba6b39e1c80713e766078fd19023a2096b72dffa662127e300467947ac13cd6bd994d467fbd564002e2bb7524eff17cd24cde98e32a2d1a6340000000abe965ea02dbf2f6aa48fa3ccfc361db9c989bfd130cff149c1591ed1d0da1f2a98f349e82c042cb7548c0df1ac86a911208fbb7e13c3ef1b07585144ec46dc7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2756 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07381251edf094dfb92d3059c0c44da_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | jt094.51qqxx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4222.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4292.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b26f168c5a1afcb15979651bb2d1781b |
| SHA1 | 91a95d0366fe9ff0756dd6f980e8b3d8672d4455 |
| SHA256 | 859c15a0d18f941975d5e0e39c513003ba6e6502acfcbfcd3ba9c5455c37ad85 |
| SHA512 | 743dc1618e751607cc7280af3f56c68a6270cf912fcdc6cf78616ee2ff20533dfded1cc9f1d2b481955608764803a158aab30e840544786654c916aed65e5d75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace54c3bb24628fb41defeda665b2808 |
| SHA1 | 469015235987a0df495696126906ba8d8c69b96c |
| SHA256 | 3ef5477e0b0f5c4dd0db05640b26f3f155f93284c3a8921a3a5a90497ce388aa |
| SHA512 | 9d7e98562315dcb6d116cd75f96ad9b0da47665585dc57f8e3747212e4c5418bce6fba1a72b6564551ca46fec2c5af09cfc8e79892006e3fb2d3a362e719fd01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9be8beb723a629d85ed79084e67ea06d |
| SHA1 | 21ebf652edc9f354eda625a1f30651c0687a8b1d |
| SHA256 | a1bc9dc8ae484d8d1a1c06b3f4af9bc61a84a554093052c2ae4525fbdbc79caa |
| SHA512 | 06a33d6873f70fbc6ba718ebcec7c459f8e0e2eafe6545a03dd0f3945696e9938473b15e42a8912d477cab2fa8a2bf36ec7073671a960fcee2cf0d3728919197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fb5fc680a88322511ad146658d6316f |
| SHA1 | 977b92b94f31d4886deb45c47e3cd9ec0e310d5c |
| SHA256 | 411eec7c91d9a4e26ac75e0b275385021e15680861f7f5559d0993bcef1197df |
| SHA512 | 075a69dbc4196766e32577430298bf33892d0674f9108d84c171f329f2c72baf71a57a2bf9e23ea96208afc12469aaa125611b052512d6d7f59781621acd4222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 178bdcc191bf923575aab2830a5becca |
| SHA1 | ac72cfab5331ca9fc77de08b36dbe3bb869ce3d7 |
| SHA256 | 5c04a8fa7690b98db521b50b8d2cd60047460e43bcbd4ff7953a80d2e5fe947a |
| SHA512 | cd2ad81f3997c7f2004dc2fb7be77303bf09b5a4b257dec9b725e547453bf58c8e304058f1c2ea3bbda2d3af2a60f67be4bb8f03b7600cf323cd37df01c7b859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d9b97dbdded79b91bb06d7e605e0647 |
| SHA1 | 48a7c3d37360ce8d844d7979cc8024968abc4e53 |
| SHA256 | c523b04c97e5ad8d1fcb2530f2d436d55a5fb4cac29f7f24cd1f7bc11adc906a |
| SHA512 | 1314553f5ad2d08be13747ad8a6987b5a3bd78a1870a67e9ce107d156ba65e636f6e0ce9384aa2e0ed8005e7f844fb396791a4c00b28fb8aa695a0fb649aec9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b516bb837a0325383603040b2812f1e7 |
| SHA1 | cceac140a927350ce426e9a21fcc3f5e44a041e8 |
| SHA256 | 67d92e42466b8678541707550ab0b93d48901e5b2d1ea230c36fca6a4a831e2e |
| SHA512 | f77ff834113e2185d26ae41564fc54192648db4752b77f9766313d1ba4380877914b098a601f41d7139c842c93ac3172c8216f5aa27ee63ffdce6cf29509d04e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f76ebba6747736028aa90b98e86a799 |
| SHA1 | 1a4c5119346757d2e0e788b8eb2badd1382f2a6f |
| SHA256 | 17a42a6387ff9b7b53e7244b592616670acd9190c09c842a3227e0d49160555e |
| SHA512 | 02be346b3e357458485bbe4bf6fa58b24ce9aea9f3513edfbc609b88523a1daf94b7ed3c62aef72fb21e5ced5843adb1214c1174093837514de729587bda88e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8b39cd3c0349d01ea3fface18bd5b9d |
| SHA1 | 51b9f84bc3054cc02be9254e9befddcbe13c80cd |
| SHA256 | 3224aa0bf0d986f5d3b165441d18b4500cf497002e1771c2ab4a0e8e75c370ca |
| SHA512 | 468ce31cfcdad8b8fb44a818b9a0ffbd0abf4d5e4b7435cb84d52fb460f821debda1b31774fed2492697453613c0f249e0d4d7c8bf4eaef8ef3b82bc29fa1a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b57ee74b7a98970a510ef72786a9a06 |
| SHA1 | ae39509ee2e861158e713bc66ff8eeb50f5b054c |
| SHA256 | 2f954a6295cbaa22b85072dda1bf4aa9fdf2fed48b6748459656531c2fa483b8 |
| SHA512 | 27df5322703fc5be70c835a6d4b4ae0d26ea7271a04209d42202eee63da630a44fb40744658c40b2ced7d3322e36c20ba6b0e1e9f3fe4a450cdea72ab34301de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ca0aa19719cde08f3a9b418ed491b80 |
| SHA1 | 3511f7ffc3473f72c486f8a0b7d1acfd7c65493d |
| SHA256 | 129c7535c0ce66a4be7d047f9b98d887f2ace044a4720f3dc919021c37433cc0 |
| SHA512 | 2976684d95beb851fd3ae996acf979cce423fbfe73851e5ac71aedfd3ef9f3701a406f7248ee4de36bfc7650308035e7120e7595a8f9fead21395e1bb1d556e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebee973f298e2029845fdc8a6490724a |
| SHA1 | 7eedb8837be67e4909fa94f7021f98af609e6b90 |
| SHA256 | a755d5c5620adb2340fe219df750b41edc9db455978b65f2594b958b27818f18 |
| SHA512 | b35149546b75aeefd1bcb1b03bc97ab919c58bdf0ab8629f92ede8e297a67e39baef567235481703aa593576bd8e2197d65ae51cf6dea9e683572b3c2c1f9c3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c36935794f87c9ee5d5499df13d3779e |
| SHA1 | fbfb6b298aeca9582b1cc325244ccec37804ec41 |
| SHA256 | 7068719b47822cca777eb6df9162408006534ab5653da7250ab23799c6677a3f |
| SHA512 | fc8e4a3a98d6a12a7721a0dba5f2be96b9e87492a88c2b38c6de9ac0adc106b06dec5c9198d5ad68542692fd44c4a5364995ff08eaba7f3e05bde2cbd7edae53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19ed205337733c76e958d2dc74512fb5 |
| SHA1 | 663bea1cfb38bf7c4d87641ab60bd98b639ada52 |
| SHA256 | 0d6c28654c25c6eda5426d38a1fc7536e8ed5f150ca8f54193620f6ca62f475b |
| SHA512 | 0a6981bc9d0d2c255dee7e854128ede4ede0ef0c144d4540a64c546dc948307df69c59a81d5eb3c75dffaa77452bc2fa1fcf4c7ef4ce831f719cec446dac3f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f5f049f768fd764947ca712dcc6f9c9 |
| SHA1 | 28d4b6d00f55e4c92e394ea9f70afc6b766217a4 |
| SHA256 | f48e4a287656c1190b77311c68daa543beb2bd3ab5c946040d695140879fd0ff |
| SHA512 | 64bb9ba0868890777c46fcd1d5f735204919a6c54bd2a447e0d5511eb54d1e265b754af494cd3b11cfb1a4c07a6c8dc7f48c221d776b89cca34ee4f8d31c2a17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419235ff40373b4c2a4c45974141fa3e |
| SHA1 | 0d3eb72c19327d079c49699d41876869956d25a5 |
| SHA256 | fde0fe581644c3f36892ec4727e20078c79726e42e86013f42b623293fb8fb85 |
| SHA512 | 8b32480f242faf184531c6abae99a1609a858567b805970f7669ed55108a6d84e52bc982232d4d79317ff4476f87c77b89a821e2e2077294195b323d20d55346 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1da5635a7061e7b39bfb4a83476f4c |
| SHA1 | f57655cfdfca02b06fa4b5635124f2aafa28b6ce |
| SHA256 | e50e8062c56ad2b177f7cf7338fdd26e6a3eb39e273d2296973247fd27f1041b |
| SHA512 | 046006041a14ad77c6ac0e83ee8709ffad99c252aa9a96d6a2b751375acb6e18ddd74ae9f975ea623a87e26470c47805261c41dd0f2beeb65fff62142e399c6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1577bafa05bf71ed20818cd121118c5 |
| SHA1 | 08ab7b229edcb8d4abe31ae0a1a6de45927ce46e |
| SHA256 | f19bfd3ce5a2276d5942de90ad8628b7fbd215783a90dfefc48208d06a7922b8 |
| SHA512 | b607d22c556d07014c904a0fc7fadd2ca10da978b5c3abf7f02808e3a40ebe1cf588fa0feddee464eb62e835f4ac3b9f9d0d04db626af9c32745eb669b0d3a7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 429c3376a1bed47308f5d271c2c17f63 |
| SHA1 | c247b5defb9cec61a3a6b9b0f8bf4c06675cdcc1 |
| SHA256 | da166003110fb371d6b10dacd696f071f0e9ff6a042f7b7a8376df0ac0f6a995 |
| SHA512 | 55e18774784b9fb1e605e7ea65893b22a5f9c601e0a4b060addabd225b0fa4ae9bfe7684864c53f8929b239bb2689913cd643df5bcd2e5a323731ae556bb7578 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8423bc17a5b317ea28d147031fcadc6 |
| SHA1 | 317432b2cd4e095aa0690b1f3fae512730377e00 |
| SHA256 | efe68ee17e4f6be658d01927d098fcaee994604b6233179208e45c5bf4eeea5d |
| SHA512 | 6996e248e704ced674c061391895163e12985edb73294bc66e762d8100faa0f6f9c1d23d4aabf3f7901f01d3e9c76a0a16982ac18850bd34a1aea10cc3bd7e0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abcfdd4635cb781886c9090c128f35de |
| SHA1 | 4956b2e369d74ba4721dbbdc72f55eb56b30035f |
| SHA256 | 54c366d48956c8e4818a79ff8bae86d2bbdcba20d4e6ee3a70812e5438c4bbaa |
| SHA512 | 837f05b6f93e1125cdb6deb8a200d4d90af37745256fd2ba061d9b5470b3e763d07334a96d61c248e5a1784719a4e787bee37711f4c5e63644db3ec12cfe6ccf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07381251edf094dfb92d3059c0c44da_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2ffd46f8,0x7ffd2ffd4708,0x7ffd2ffd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17144508178837913272,3345779292245764729,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jt094.51qqxx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 93.201.61.182.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 83.200.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.113.34.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 983cbc1f706a155d63496ebc4d66515e |
| SHA1 | 223d0071718b80cad9239e58c5e8e64df6e2a2fe |
| SHA256 | cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c |
| SHA512 | d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd |
\??\pipe\LOCAL\crashpad_628_TERKYCUOMJJNZGVY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 111c361619c017b5d09a13a56938bd54 |
| SHA1 | e02b363a8ceb95751623f25025a9299a2c931e07 |
| SHA256 | d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc |
| SHA512 | fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10fab62c8d22e0e2493640eb1118877c |
| SHA1 | fabb8385e523623854181f8299ecdad9b9c538e5 |
| SHA256 | c429df6b8a7cc2d75fb10c250ce34f11c2a9d251e036ecea0e564e6716b9af8e |
| SHA512 | 1b972cd8452a5dc838c35f2de1e8c676f2cf1f614d754e70bac69cebe1634ce9a200dced1d6e99b8872084e74d1f219d640a952e69b11dece9081d5d9decf422 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 633b6582d92b33b2b04bdaa1db879b56 |
| SHA1 | c2852c38b73adc9927e23f08da3b2b6f19bf213a |
| SHA256 | da138fde9b4c1c6591568cf76dd1097f1e3e534a66f25a5b5111201e3bd673c0 |
| SHA512 | 6fbce28b950a3335ae9861c1af5e56ae9baea413585530a3699ddfa2c3108055920055081b71b1058a67b39ac83dacd0b5076fa1040fea7e063979a149ddc8d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cdbbbfadb50b91ef6f5c304470799e87 |
| SHA1 | 102bc18bdef6dfd9d8293c74cc81e8b7b8272b2b |
| SHA256 | 53c7d55ccc1f2404460d605a956208e325e1b80b435c7b7e059246e30195a26c |
| SHA512 | 5fd70ee29d0e92ec4c9deaefaee7df22366062c810cc9fbe3edbbb6548aeea6b364af6f151de94bebd5c90f2bde7292c37e478a351bc831e6e1aca94ca51bb92 |