Analysis Overview
SHA256
0f23832601b19cd53929f4285af6643a0f4f7c6854589ba778395a0f8514d0f8
Threat Level: No (potentially) malicious behavior was detected
The file 91dda61b48f9103d6698574b36b348bc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win7-20240215-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 206bf7a3b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000515c773a76bdfd48a22454588e33cf21000000000200000000001066000000010000200000009f22e5c4a515329089555826162270df089aafa206881b0709e4fa4dffc3ccd8000000000e80000000020000200000002b5d9233bc7b4a42a1923cf0749baea1b8263be4f9fa8880f474533f9d9dd7e4200000005f5486a32e128c80e59a4ca4a2e2f6da14831ebd13520504679d3b29cdb2ee2140000000ffba497150e39fcb8147a6a9318269758fc7321e18411e2928706fc93db133c4f438927ebdb0c9da8ef95c1ebcb2874e4ea736927a02c748312993f17f4671f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B563A721-21A8-11EF-ADBF-FA30248A334C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000515c773a76bdfd48a22454588e33cf2100000000020000000000106600000001000020000000953f33d751d789cfe34ad5bcc7f124ed78d93e006608b4b8bfc8a658110ce29b000000000e80000000020000200000003980048a19ba9073b2545360fabf3077ffb59e99b7b7fcdfb67468819c0a5629900000006e0cec3090f8ea1a4a1230fb0d5980bb0ddde1e2fc4f8266cda8e9ff397ab70997bfda327439558d7eb6903514b177e9409ac896e81c44f70d7ba6a0f5d067734806485a429d92c13b7870d086c365d642eb59ce620dcedfe74be3e8b9484c8b92dd34b0d405d624d499f13498eb8df45880b6e185fa4f7e09593545da106d5cdca19923298f211cfceeb655c96130fb400000000c489d9bd5d61a7438a1abc573065cbbe10b26b79998e6f3f464765b8ccaffb4a2f386119a6e1c6d786a612a17faf0a8cc4dcc2ad956975ea9df5afbe40eaa2a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581263" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dda61b48f9103d6698574b36b348bc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.secret-squirrel.com | udp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | combach.com | udp |
| TW | 114.43.2.40:80 | tcp | |
| TW | 114.43.2.40:80 | tcp | |
| US | 8.8.8.8:53 | combach.com | udp |
| TW | 114.43.2.40:80 | tcp | |
| TW | 114.43.2.40:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCDCC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\CabCE9A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCEAF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1a1380410e46fbc2b266cb46d4e6fd |
| SHA1 | 1a6de9b144a481a4488263c7e048debfdbb0c94a |
| SHA256 | 7f061ad7f34acc0339233af5c05524ba153ddbe06e580b8246141234ba73ab16 |
| SHA512 | f87340456f39a4db0b46445f2bd331d247a18171e28ea714bb5aa1f7cbe5d6e7ba8508463e5686ecf3111ddc24be98242ace2c1cf371bd7da967a6e55ecd28c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7db9c95003c2e46864701a95cf71caa |
| SHA1 | ebc1ecfe64c982e73a56d91816912c71cefe75e0 |
| SHA256 | a39d8075769135ce64ae8cc3b57030ae896616f4599ac05998706ae0e8eac28d |
| SHA512 | c391ee2c15ee827469725ad09f5b6db51b67d19167ab4cfca18c91c77358fec001d8452d5ad05e324e269c3cec04afa48c29cb91c8575d95de949e1b45b10fa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68cd65b163b0f902dab10b80f120622f |
| SHA1 | 3f6cd6840d399ae84891a20da640a5014b8829a7 |
| SHA256 | a1bb4be3cda8668401a898c52965a5c00e7504cd7c5e949008cf026744ca220b |
| SHA512 | fdd56898ab2f05235431347a9d86a18c206e46606d2770d463d20e560573538bcf9666cafb5d5ce02e73e37065df5cc9f443d1877f520558e19bf7c0d0db8daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69bdf17003b2e49fc72c37267c9f660d |
| SHA1 | 019bf68942cb3fd134c72a59a818068315a4796f |
| SHA256 | 634a1f6231d33af5fb15362f1d7f4f5f569f4c0528606577de14556f7194ae1a |
| SHA512 | 0273a93f572e591db991522283ee014e4390d507d74a3bb1019d58ccf83c289012e7f8bf668bde156557e40abf456e7b3be67daa7ff388018b5199db3d5ca83f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c28823537af0735f4ff9175ba0715254 |
| SHA1 | edcdde41388b29e6ebe6b79fef14f0b8be34c76e |
| SHA256 | 8a4ef055aa32162bfdfb14c8d7f7f959da72755097cf88e6db4201bcc4362902 |
| SHA512 | b0ece0f1549470a56cf19f6d114faf9121fd1d9eeb66075507d724948d40d6fb4c1aa196c99ec1760b416f0be70aa8b1ce1ba95e9f50bd56f5d680792c40641a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a7d96d1b7b6a98ff112dcb7f4496d34 |
| SHA1 | 2335ae2dcdbc96582bc6823fd3e85396044a59c0 |
| SHA256 | c8ec51aa7458c2d41c3ddd7b0517d5ef87db1f09cba6be8a35244f19332daf83 |
| SHA512 | 831fa350f9057be0c94bdc56c18de0ba0be80eea24e8b84701b53a339c3e09609d59a5232f9242fe19cc7ca7d513150a1cded73b6ac4d6c8ec4f6bc5b485b3ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d08f323413fc3c433531bc0dcc02a56 |
| SHA1 | 67f0b3ac112470b716621db0842d400cc83f29f5 |
| SHA256 | 742bf4fe09bacdb1a286a085666ca305b9099b6b7d9f8139afe3a308bf74fc32 |
| SHA512 | 07d46dd099fab8ef7eb20fcac694ebcdbed97197799fc3abaf3de4784f9ec4eaa0653b88b42917632ed7ff0de190f4e6d942a71ee5aeb7993222f1d272b2ffa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2ec8e35e4ad9b3729c3d34b32fe1872 |
| SHA1 | a08ea0c438abfe8a5c017c7925c788c960d9fbee |
| SHA256 | 03904782803cee60dd4356828a73f183d261fc20f1165e6b8201a86d98bd6a7c |
| SHA512 | 4c278f65fd60232bfb52cb90e2423b1a121624f9519afe62f5b4baef584b5a418b0207d1e0458fb04bc2ccee2c08ea3df91a2705e822bcef6aed8d442f66281e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a705e8c8370f16adae44d271e2e48941 |
| SHA1 | 5513d9ed91fba21f444ca7467609bb8ca945edcc |
| SHA256 | 7b33aeef55f5e54390c34e5c0b0be8731985202e3401711ff24473dd6e257b64 |
| SHA512 | 6c76f59b1e8bf3c6973d6bb652ef29d3125677e5e4770558030f30d819e17fb0194876931319a3c48287afb346836a0e8f905362a63fe3f7877f530a47cb7a89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c39d131a7c60fce42dff93126390a5cc |
| SHA1 | ebc450c2b9a8b388f6a2a8609c571699b611158e |
| SHA256 | ee980d860daa744975926a5dfcfb4ac70a4822fc5f646560ee08259d5b7a443a |
| SHA512 | f8623ebca0bfb67b5849c6c2596975d8b3ffd563ed8aa41af79fbbc944c305b3918b22b62a33acc0bba022d7d53e3a640407bdb70351c0227eb783625f4c35b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e791c4b70243666b365b51927add7845 |
| SHA1 | 04dd007f446fd9dddeddd0ff8754adf29ea39f77 |
| SHA256 | 0485e7c0adc362a2643ae8afcb18d90029b6f4c9ba84c7284a107d2bfeca3ad3 |
| SHA512 | e45579a22019101981994775f9ed3a45cfc8a63c6e8d7e55c4c626fe5a60b15c7bc2d2b24180c278540c02bba7fe1c90c3b7099895868a2c8437a26703248721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c3035932611b4e30844346bf575134 |
| SHA1 | 3efdffaf40393cec4207dbc22e61a4a9168f4c2e |
| SHA256 | b95c475a3ecc0b8a91fbd596e50a8f7eac33b50566b28b435163992f66da47f2 |
| SHA512 | 5095549a3633f6cf49dd70629bf3cec7468024b01b89a1f86319529c30e911af78a28a86a16325409b484113f369cad161e142107b34d42e7cc174326fa4de64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f26ba1b7632997b07f04a4d640d0310 |
| SHA1 | 3e4ed1507a521cc0e132b3251e756b1161589101 |
| SHA256 | a89113ce74114e8551bf6f361bfef76415bf274744423a804809cd6778bb7e59 |
| SHA512 | a933e329772f75b47e65bc5dec37e300e72876e347b95a011cf0193e3f29c501960fff5c49fe6c7ca46e07af59140db4443b9ca4a0454079782dbbcf849c1e6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 822ffce4ca56c2e1e44290d0fa293f4f |
| SHA1 | a3578f899fed20c44340fa7da28ab1f2a9089217 |
| SHA256 | 6cbd893c2e006184a4f0cab31d57b0369ffaf340dad59d6ec123142ec2ae58f9 |
| SHA512 | 31371cbf656d93837ff53487c5b2a15c9d25895eb43c4a7800985f0103d68360183a78877e1afbaab2a71d57f4a4ca1a13f2ff27ed0d20eaeaf25c35378fae2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efc1ac462cbbae6233d73028b1c922e8 |
| SHA1 | b35029a1572459ef5348a068dbae7784d5a91e2d |
| SHA256 | 268c1ae2faea48edb7c598c86fb4bc51847debdbcc13c6db7042ac04cca46b04 |
| SHA512 | d733b0a1f2ce54f43ceb62f825f8d0dc765ed6760387e55e17982a73cef051789985fca9901e039296d1af71635dc6ae2188daf5eaa282f105d496c6902cdd75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e8b89766c36555df1a751a21ad5dc70 |
| SHA1 | f51f98d1221ca0693234101899de87a2a3739419 |
| SHA256 | 3f87e5b46bee9afb5006ee9bf45381c9eadea214689cbf799f6d94d189252e51 |
| SHA512 | 0cbf67c666d297160a238f68fd33e21a8d2d4e4362a34db8b7b4c1f358564d5c16d8456fda87c77e8c919d63e03a1ed27cce21d7d4a2d34a984441610338b365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e04400d15692bd4940a22e1c38096d92 |
| SHA1 | bb813e97292153cdc701ff9b01d5b32547e7492b |
| SHA256 | 2889e3bd1ffac7ea886817fdf43a0a527ec69c7a0680e411e7c449d361542211 |
| SHA512 | d9efce3ef28c46bc941d83580fd534769a4b6f5654d4f3f3ecbaaa32b1409209c279e4c0bfa8049f930f64b3cdebaff58a5e56641857864b361b13560edde357 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f20e2596ba099ef7271a20e1ec2f56ce |
| SHA1 | 888627a2610387088a734e91cae19528e1ac57bd |
| SHA256 | ec34b8daff1b34eb9f1d8fd66dc2683b365fa6ebb3cf5ac895994a1dec319542 |
| SHA512 | 1d6476eaf53b3f5ad0530e5f3e6f4ad25b0a6c6f55b0b5383c64f742913f129ad91eba2b282b56b29e25e0191af9d18a229532273d866842044ba523ef6dae5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36c6836aac5c463e9bfd6906b2e66062 |
| SHA1 | b486ee2612d6f0dc1f1eddf641efb1eaaa16889e |
| SHA256 | 1dbc623a945531ec7148650ee7bffe41364f26a5bb0a9eafff813709a4d1ff3d |
| SHA512 | d1f75d1df2c6ffa5dec26fa68937cbbb1c7af19923c7303715ac948461d4ccc6c0cd84a7ddad2518007e7caa49359f80fdc741e7ba1b4686ca85bcc21f3cf575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8397c092228275cecafdcac042cad3bb |
| SHA1 | 5ec7ae952c5206a916db593c22f0866df13201ca |
| SHA256 | 39f3045ea7b4cd52f92a5ed4c7e9c6eb811f131bd1ee73d16db9b838217b4738 |
| SHA512 | 5195eaa69d30de4fdc4fa763ad979b530369ddd8b010d0bc6c584ee3fd6666d4b92b763f9979436b54ee03e3e6dd5ca842f705f873491d50bea0e1d9ac738851 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd04255942576d5fdac120c94aab489d |
| SHA1 | 0fad4951dd5206c348b0dbcd15dff1d3e6fca5cb |
| SHA256 | 5650bd9cf9941aab993e8f1fb4ed11d619016b0687cd6c5ecd0e67292f92b003 |
| SHA512 | d94117c3a85cc7a5c06993d6e627944220402f5f49ef68ac8c0b9c8497839d34b85d2479bfa72c20645f433338f1e2b5c81a6e1f510519e51f153acf1438e95e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dda61b48f9103d6698574b36b348bc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956ee46f8,0x7ff956ee4708,0x7ff956ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13790987936301194992,9936336113304190572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.secret-squirrel.com | udp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.132.18.72.in-addr.arpa | udp |
| US | 72.18.132.134:80 | www.secret-squirrel.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | combach.com | udp |
| TW | 114.43.2.40:80 | tcp | |
| TW | 114.43.2.40:80 | tcp | |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3088_GJUSNDWBAZLJOSTM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1883d43e674e4bc0ce1acad4d5db467e |
| SHA1 | 0bd69900ac24046f58e74fe31c5eac38ff181d3f |
| SHA256 | bcb2356600d802d01e2dae83afce1f66135e69d8337469915d5c48bc8b4357e4 |
| SHA512 | 9574edd35c4714fd90f0b38be77ab44e05d7eb86c2f0b275ae495b3d14bd44f0bbee30bd09fc2fe8e84c3a54374ebf296055e1a07227f5f6877a720a351a99ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4a1c34ecf1be362f4322571b6f830bbb |
| SHA1 | ab6de2ece1f366f2b9f960589fa72bc27c55e230 |
| SHA256 | b196ec68ee34dba451a2716089db40ea544da18663abd87e8956f17fe7fdd3e4 |
| SHA512 | a03512449893ff74a619e6f08732167859b3fcbbba54c10a17c69a06da09eeb8e745f71ea607c1dc5cb10efbd2ed366c022f50a7caa25d6a6a29cbc387de165a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7899a65b4dd0123e9a5d43de53786ab |
| SHA1 | 399e1a8920487f4e04dc737e79cf16f3cf651e29 |
| SHA256 | 8d74bcb16314bd645499c35ab53507b50cb44640e9b783410f459284bc938bf1 |
| SHA512 | 7195c712f0029314ea8f1decc82a5052dda044133168d99f877150a4bd076d25382da0c10b9e9e60d0fc208335a4cb78d5e41b65b9bdfe60bf0dea69cedd259e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |