Analysis Overview
SHA256
f79514920387e2058690e93d3a6da34653e46ce2aaab23fdf2dd01edefa3fc7f
Threat Level: No (potentially) malicious behavior was detected
The file 846eb07bc111b04b0ac222375fa547f0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 14:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 14:14
Reported
2024-05-30 14:17
Platform
win7-20240221-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06598ce9bb2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b9f60eadf2cd44c86f1028a03556758000000000200000000001066000000010000200000009b08ec0e307cf611beec8373e5d84b2221109c85310141a3701e93f33bca513c000000000e800000000200002000000021327680290c3fce29aecfa48bb9cff767d5a4450b5ae7cd2c0d901772318b5b90000000fa3660dc3206c33b6c2badc7ad7d89e1394ce08c431e7e0fb8c3b29fead3f480ace749c5884b212c8911276351bb684b4b598edbe566f14aabd3edc436c90764b5bb35292f1901620006a2d85b3abe5a0bf1a7531a130a3f6d0088174f7ba7a3e458a827d6330af37723391324561a1a5764a4de23f22df3aed69ccc483cd0308da58b76109892c459c0124cda9a03d440000000722705d6504b4582f438f35e86af751452359f6a5a7bf62790ae01e31b676c2b0cd9d1e08b0d895fcc16c2108ec172555d3b974a5af4934e9704d05934fc8717 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F860CED1-1E8E-11EF-9340-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b9f60eadf2cd44c86f1028a035567580000000002000000000010660000000100002000000092ba938ddf9a9df9a5fbbd328b5e0b3355661c0b4c14ac875cb569bfd6b4d751000000000e80000000020000200000000b51a3c05b3101bf751c3408f883f14ef2fca4ec2bc5c655e7c9184daa54d0af20000000cc9f7dcb6715d5810a940fe3984da38f2fd25ffd53bff9e628ad905835d0ed3540000000ecefd0dfd9d990b906adea16e49bcd261583bc203745fe8a68aa3307f4f8dc55a12a3e58a62ba39ecafba01d1ca6804d754aafc39746d23b78a3454f8a0b0dbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423240355" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1812 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 2300 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846eb07bc111b04b0ac222375fa547f0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tulsapestcontrolreviews.com | udp |
| US | 8.8.8.8:53 | www.familyownedpestcontrol.org | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 54.202.114.57:80 | www.familyownedpestcontrol.org | tcp |
| US | 54.202.114.57:80 | www.familyownedpestcontrol.org | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 8.8.8.8:53 | www.apui95.org | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| FR | 213.186.33.5:80 | www.apui95.org | tcp |
| FR | 213.186.33.5:80 | www.apui95.org | tcp |
| US | 8.8.8.8:53 | apui-lesvillageoises.org | udp |
| FR | 213.186.33.2:443 | apui-lesvillageoises.org | tcp |
| FR | 213.186.33.2:443 | apui-lesvillageoises.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1564.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1677.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b0760c92c8a014cd152456ebcd73bd4 |
| SHA1 | 3b09c5d131a15e23c5d20e82032b363b6f912283 |
| SHA256 | dd01978f02e651ebc494b7eb7f249f635a3f1f6d7b077132bd6f149c48c5d857 |
| SHA512 | 8cb16b85be4d2e4f79b60199b6b018ccf8df6490738140b91acfdca2c200d1bb7f1ba36bd5281bda133156740ab00589661e614625278fa7045baba34ec59451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7468e990195d72256be28eda8b42220c |
| SHA1 | a0d528f279ca7364f850114fbf07a774bca2159e |
| SHA256 | 93684ee6f2bb5c9e744b7dc4e31b2a2b4a188c058d71c1788aaa1a6b38f2d7c4 |
| SHA512 | c37a11b5aecbddcc29e109ffc57d2d8fc97d7657fabcea0d7549333b7018394dbf2eb33b3910fe8bfb3e8ed2706332f6ad1147873018f805e98ec4243a688778 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 485c633536677bf692642fee84414398 |
| SHA1 | 0a4c8f9ae011183a8dc0695d444abc33927c4dbc |
| SHA256 | 502984db8df653d3a516b55387b13706c7afa6811c79896148789c29792db790 |
| SHA512 | a17fb1b7995379bc81c3d6cc6bfc6ee16ffe695c0e5a77b0c396150554dab8709448ba1702acc16379d080226c63fc3411ecd5df4a62041aeaa462f00f6fd5a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1234c2120d04a80852e565f93668506b |
| SHA1 | 3e05d24de584890b400f847302a4efa9cc0e3b22 |
| SHA256 | a2212c3003d41075df65950b124d4d0518d930b4d8d427d0fceb4b216bb142c7 |
| SHA512 | b0378c101aa5512c1d7ba3c18e948f5cb7ba52634f5f2321a8fbf50dba9d570b8eb0df979ac26484c24440edc01c10650886575693ffc14fdc2795e64eca5678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 769f11ca22757c73ed5e861d61f0589f |
| SHA1 | c82ec28a756bea0b6a2447a32ef2e21f047b21d7 |
| SHA256 | 7c69d7e3d9422f8194276b64c27ea38d5d080c632092c2acb3c0aeab60641e10 |
| SHA512 | 48e0d8815b33be23d5a614d2ff10500cad081c90d9d7c138413659af41d20c6e60c6b41eb996a0d48d31bffab18f79c013868d8a5635907102b05d05b2bcd1dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcd86db6a51d8d2cd8e849ec1e29986e |
| SHA1 | f3087fa7e23f0167221b084df2110501ae061fa2 |
| SHA256 | 2b2a215d26e086cbb9da34158a0ed9f945d2ce836e66256cf176e4ceaca1ade9 |
| SHA512 | 9d0eb4c356537c333fd420821cd89cc21e429002bc6152b8f8d5bb2894fb62b302d3a2dedef69f13dcc1644bd2b99fa89b12a5c367bd2d71064aa36e5827ad98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f52a14b46025f846c5ad9cde31a28c50 |
| SHA1 | a8c86d176198bbd563e69fc2649aad47c6c20f13 |
| SHA256 | 4f007dd813c16dcb3aac1fad9b7eb749c4f886ff0e54e51074531938c9e5b181 |
| SHA512 | e3d4a6932630c38d05337f13acad1fda387c427fa875a9bf7ad2f9026aebfdb7e94b476168da5aae12fa18d76191b09f71ab53231bd3210be118bce8c27ed960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f6d2b0b278b946cdb6de4aeadbdc4df |
| SHA1 | 938bbd2615c726763970eec2605157813787fa71 |
| SHA256 | 6f0dee1054479b006e074ee0de07a36e6a778d3384ac58ca670e0e9e85fc911d |
| SHA512 | 055545556ee645348439226493fe2b4842cc45ae92f863680b6699234089cd75556fa293b14a8ae2ab59f53885ff68adfe18a086c81198abd3f7bf9d9f8fa769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d203a7bc3a3061c0913dfaa50868492 |
| SHA1 | e26a1c71a6d5922d06137b4c67041f21e57654b7 |
| SHA256 | 1ab2fe5534be836cfc6acffa71819b6513f4740c00b93edba40a75b092905d14 |
| SHA512 | 78643cef7d5f982ba20b594ec203e19ef76b904e73099ac9b9f7c8c9556ef350f684a6242c967fc8810130513f08c954229fbbc4ebb79ff6a10c1a649e51554d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 490d1d357d21f5d3c5b1a362be9c41ed |
| SHA1 | 289aaa8e585d39bcf10628a71f70121d0a00afca |
| SHA256 | 04abca104eaa498c71d326d90021ea18a8e1131864629c239be068788359ab0a |
| SHA512 | 890bf4967c1b2e666eb79057c4acb78f15f77eccc3f85fb999b9ac6f3952d5eb8eefe70f317653fedb1877049ca6b2d9d8b4a07c77232cb282e47cbf86eb1660 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb41beeef8c8c6cb5e4650885089c51b |
| SHA1 | 8f5f5df292e00df8f8d93d90c6f6208fc55afa7a |
| SHA256 | 2801f86719a4e9029ee01f49242b9d5eef2eaeffb5d12c63d5a7c8f7170f5c48 |
| SHA512 | 74399ed197671c3c8247d33aa0aa05e1ba9bbabd67cff945beb72c266162d6aa99d41d38570bcf3755c2e2edeb6f72af8fbc406f1375d48480cb17528ef214f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7323ebb5f66e9cf0ce774410eeddb7f9 |
| SHA1 | 9e27ec919536852603132f3032655138f5e31298 |
| SHA256 | 6199627ad24493cd5de12ca90d6857be79a5823558b83e98ed70a347fe1184ac |
| SHA512 | 65f9fcda4d6fc36cc8296a30b0b7613217373a11eaaf3144a1ae031daf37369db60742a74ad5ae9a828c27ae66a066fbf27ec24eaa893b536f7805eb3f8d0e6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3791999fede421365a4078080132b96d |
| SHA1 | 8af4eeb9a22c2cbccbb6a7d35d8e768b8114ecf7 |
| SHA256 | fead0f857f727ff4e1f1716ca92b3678e6b9900574a6912f9b3d4deac588f45d |
| SHA512 | 490d323faca8d773e22b6a069b96cbd8e8b2e86d66e8a5d969f172285babee8d88607c1449a063763d9498299af140b6394a715c4d4c47a98ea14d46a0364559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e46fdf210d8fdd6110de32125f7c36 |
| SHA1 | 4671a5810bbc093fd48f930e39ba67263c91d600 |
| SHA256 | 1c5b9683b9725d808475bb88b8d14ea7a0176e2fe443b8d7428a2435533029dc |
| SHA512 | f8763ccf2d2db0320b895485b76b8631de5544c3c303ac2b73d7f164c0f37e6c862c9028d956d0f4d1472f2ea7fabc2922e46b99968aa554e20d0f8b1994de03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac37f1077fef746c264acc5f1337de4f |
| SHA1 | 8146b5639dded4949785d666104afe9b2556186b |
| SHA256 | f6ce99716a46e518c9fee9d7b392707ba5b8fb4fae3997c34e68ead41c24bd85 |
| SHA512 | aa917fc2c25c2ef32d55cbbc25fae65363016761a93e17960cac436b7353acd56e93f02f5dae9a87eb308042c089bf0dfdee445c5fda7601fddf2a25e0719b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d928654a641836af1a38f06489e01f |
| SHA1 | e83aa86a23010fd640f836666b16abb7a0a0e5ab |
| SHA256 | 2b75630abe96645de1874412dfb285f8328f8e23b7efbdf2a174a3a5cf60416d |
| SHA512 | 85222325a608f95d3b94b00e1b85185db6126d7ee849342c1a379a233d7b658145edf43ec5bdd9a0bca80a8a7085920141698432fb697b63447c16809ce21deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6884de2186b48f5f4b360d0f10e5b3c |
| SHA1 | 97b7133c40c75a22ed7aa79c36df2904879d16c2 |
| SHA256 | 4aec9fb586df305a1e729097d91e6c78e88f59114795e7b17fa297625c48b2f1 |
| SHA512 | e40bed03ccdd11d41227183abe8b250b3bf460b0567e1841d4ae650dfd7db1d835b7804394215ccbc2c8f255feea2d721924b7c63b1c5ccebb47f9e5af318e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 191b2729f915e454c643136c2a6fbd2c |
| SHA1 | bcd60781327d7d131d1e9acb304336e5c6629339 |
| SHA256 | 787cea4f3152ec19ea4963671dd18e8ffb256ae9b21a343794a569e767d81032 |
| SHA512 | c9c837cc142845f42f9eaef2202ca15a3b9cf835e6654bcc115583e9b9f9cb85e1b3db016d8497642f6dc0e50fdb0c22e6824c3b885b700b57fa32a8cb8cb0b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 389032d98defe2f197f0d2dacae150de |
| SHA1 | 400b4b9af0efe3a008cc1cc4f749b24fc460bd36 |
| SHA256 | 131c577c102c6454a9969f7bb34bf8c6d3d1c0bbf55d0c8b43fc4e916eb3a307 |
| SHA512 | ca79d42356ba415220713942d32b2a15797c02385288fef2955cfcefd06e75f754c81194bfb7bc5a6b75145bc29d8c983c18c8a6a5b0cd9e822921801b1ef934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd1998f81ce56da311ef0b4d828f23d |
| SHA1 | 0b471a242f4d39bb5fdc48f22366f1d082a078e7 |
| SHA256 | 49aacb36822afdea73d681553e405be105d2af39da96d9ae3b52181e21c51811 |
| SHA512 | e44a96d15ae69f69e990067179ae6686b954cff1c66006b60ccffb9059c2803110b16878819d2da9129488f12ab185e6018055d6c3b1629b47dd9439036a9c40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd6a552b701af56936f9dbc4d4e1182 |
| SHA1 | fc726cf9e01087540f75bf90e75a6d12871c5f2a |
| SHA256 | d2eed0dde30434e41b6d3f049de9c6b3ea5702d543b686a14f365e9e6dd0e82f |
| SHA512 | 9940ed4bd80f42075c14349df0fb365cd10ef4b8298dbeb61593d0f0f19da5ef7891e06157c5b26bb37f8daa234d97512d0a7793931624f816919624645567c2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 14:14
Reported
2024-05-30 14:17
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846eb07bc111b04b0ac222375fa547f0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab50846f8,0x7ffab5084708,0x7ffab5084718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12913381616038555381,13237136720548241867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tulsapestcontrolreviews.com | udp |
| US | 8.8.8.8:53 | www.familyownedpestcontrol.org | udp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 15.197.142.173:80 | tulsapestcontrolreviews.com | tcp |
| US | 54.202.114.57:80 | www.familyownedpestcontrol.org | tcp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 54.202.114.57:80 | www.familyownedpestcontrol.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 173.142.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.114.202.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
\??\pipe\LOCAL\crashpad_3136_NURCMFMJVMJZABXI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b333d17a441f3ccec3b98bfb976302d8 |
| SHA1 | 45d323e7cc8c22e4853631577370b0e227cccc69 |
| SHA256 | 0ad52462f0288cc7df0740ec704157ea4210c3ceace9f17a5cf8bae7278cfcec |
| SHA512 | f26d2853836ff9ec182a52a000158605a999ec63e6f09b6816eb4d01922a68305ecfa71cd36fe2c819b363353896ea286a23747468e68f591d694192ea6a51ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4eae515daa32f4f91a8b3e46860d2f11 |
| SHA1 | ac7a8757225899c219cdafaf58435702ad3eafb6 |
| SHA256 | cb10c9cdd9d61a2e0150019798dfb558af889c9a905880ed9361d29ef0c645ea |
| SHA512 | c59bfda79831a1ff9d569346848453f5f902a93507d8affcaa88f22ebb7515986013faf10c64d9c0a7f95b8fa29023d35aa27647e28cc8ebca912bf2a1b688d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c3d20a5d4023a8862fc80da97c91385 |
| SHA1 | 2d00cc96b0af27828a1763e5a508df9b38d432ad |
| SHA256 | 86c95ccd5fc7d3ba779aa26188fa7361f2217be79f4b84a1cba7526697627d2d |
| SHA512 | fc295c154407e0c6905ae9f34b1144578876939d9563c7c20648c2940536475d04a4e1fb4a978fe55313d01245a020652c04576cf20414df3e644a86029fd189 |