Analysis Overview
SHA256
69545b7367a508ad15c7e194070af971afabccb52f77db82633067d7298d2d41
Threat Level: No (potentially) malicious behavior was detected
The file a49d1ff85cb797fd8d72ce322451c834_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:26
Platform
win7-20240611-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428922" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000004ba00e65c23b1c9c570fec868300c8843426167830fa8b5c19df6ca3346fa26000000000e8000000002000020000000223d77ca8e76269b4fe264103fef9ac873d16b28a27b2a892e8698adea1c1d382000000076d7040644f791eaaacb3bf20eb840d857b5191a2dbffebff8e30baa653549ce40000000bc7098ab9a1ee68e671542e4be156178232fe5a36f300bae2b654096b92eb973dbfd738e3c5d42b7f0ca1947c386a91961aaa6c514ff99fb550f68011c220c6d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000041614cb92e88352e867ecc148603f7d472df163917189f39c8c3055a2864aec6000000000e80000000020000200000004d57aac6013fbf3bfc6a0fac44a12fa196253c5c299b3a9298a0d2cd3ef9cd9d90000000333853e89be68990b99711809df4f7620af13473ff3bad31b2399cc9c5fbfd022dd17a626299a95e969b242e9d5430b9a3c75898a7e38407e0f576fc95b2fd9375f831ddf1c77e254197bb620d2ab3ac5703356b9a5dd484df05def2ef55887f443ee408e79ee2b1dbc0ecb9a1ecfbdab6defb2dcd75f82ff14ca751ce566dbb6c2ecd78c97177d9b69a5e8b55ea4dcd40000000261d8b17ea4038a6da1053dc98659ca5abefd461edfbaded13add6b61369fdf39927a892b0bc44a330a59cc265e41e6e2a54c63fc791973d60237c001c245c94 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{517167D1-295E-11EF-8156-CE03E2754020} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b8bf266bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2244 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49d1ff85cb797fd8d72ce322451c834_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | caltexpolymers.com | udp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 8.8.8.8:53 | mfthosting.net | udp |
| US | 162.241.123.12:80 | mfthosting.net | tcp |
| US | 162.241.123.12:80 | mfthosting.net | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 185.230.63.171:80 | caltexpolymers.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB398.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB487.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dac5c9936ea74c094a26983035e687c |
| SHA1 | 5ed1577b370f338557a9a09ebb363a89f029cfe3 |
| SHA256 | 706a48462bd8a3672a09a13d3e413f2c6f785421c682dd6f648a2cef5c2a1ced |
| SHA512 | 5a354b35f25cbf025f5a3a842de694b0eb8a5bae6f3bdfdfe8cf1efcd45bbde4cb37e4782c3f4b22b50a78866296b174d6cfc943decc48da4ce6b6b996c15398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cc8f6a02cf05948eb7d8970b337b44f |
| SHA1 | daafadd80f349c5e91f4af4be2d2470cfae5fde2 |
| SHA256 | 60e5052786ab424d8246175a7ccb9516036833d6f93f44c724b5cbf8ff030106 |
| SHA512 | 7b83fa60a781e861e0baa227c0b45f3144e5ba680d33e53c570608cf00cb84998f75f877c47f2fe489a01b42fcc6a00d6500dd3689f827a259d4ec9a0e89372b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dba9a9bf74cbbc36dc0937ddbf6de04 |
| SHA1 | 09b37729bc587b4b987d7d86570597def32d693e |
| SHA256 | 1ed7f5313ea00e4dd64e1ea36800ba988f1247760f933ae787c8abf39c8600b3 |
| SHA512 | f0995ec515b6d8b164e52d3630453cc81e075cd04ee6f7726cdcaed726c76a89311932505affeb2833c0da22bd1183cad990be69fc1e703b38021aa36a05f697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cef0b555154b2b338869db197ee734d |
| SHA1 | abb2e790b942e6d0d3e37558aaf4f44b0957711e |
| SHA256 | 3b6bae07f7fc47ed2f8e3321b4fcb18e6d21818a14cc8e25f6927ce6e59baa36 |
| SHA512 | 27df06339c955d9b64fc1114019f2ab66d07373cd7de96049c2db35bda6dbec5d22a59f3db60ca990929327c85297a1ea7e78cb60f0381d9557120aba42b612c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5358092883aeec6c41b0f6c7868993f |
| SHA1 | bc452800cfcca50e1965480bceb587e099a66abf |
| SHA256 | 4ae99ca4aeaa3afab9dd58350dd45b118f7c410c467b486a179ade7851758e9d |
| SHA512 | b29d2065143f35d16f901946f990cfe90b90fa644d7e05630fd1097f4770829ebf513bf8c29a8fa373830b401fe64c4f47525079d211b35219fae256060e4635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 712330bb91c7c2b607789109a9d0c645 |
| SHA1 | 94bc8dca4f1a5e014ab750657bcb262a0a1d189b |
| SHA256 | 257c8e9fe2cbe45910ec6a5a9ad60c87184f11d3e625d53546f15e5b2c0052b1 |
| SHA512 | de2b1abcc6f65fb5da6321205f94ee98f1bbc86a55efa3c07c32db0a2c648029965ec9c5fb06a99d362e1e05187a520dbf80d4b4339697301f317476c5bf993d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6acd1ce4af139e74fc3b9baf9b8b9132 |
| SHA1 | a75ef3dd3d87e6064fadb4edac625363b2f5cb79 |
| SHA256 | 861f9f21c4984e1c4a9fbc175deacc2a75f65432310823de897555416a8e1bbc |
| SHA512 | e8d81e5023d22fb9301f71074111f9d85c2e9ab6740a0e370cc52b04a2eb9938c6fd4b54f95ad2f38d1f49732d9993dbf7cf00d4045eee4d0c3abccac9e36dfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fe94d34ead8648a4b6dd4e235b379fb |
| SHA1 | 2de18d0d550b3a53fdbf3cc27ecd79e37eb0cb57 |
| SHA256 | 29ec9e4d8feabb195748c2597bb77e747f064c84f10380f54424b5600c90a246 |
| SHA512 | 8dde5d4fc1354e980a5b0516063ffe7c006d7bfce4268dfd76d6c1369ecdca237ff57f167f1639cfc6020acd01f2030951d30bb70dcc9ad3f9166e335682a732 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ff6ecba2f8c8f006495078d66adf06 |
| SHA1 | ab07d7b19d970062d23b31a499b35a8db6f5407a |
| SHA256 | d295876ef43a78ccad56e5c07f8645fe4406ac004d5eefe379d29d77129167de |
| SHA512 | 68f7562f1b47634a5c037825a5b73126dadde75989fbce4d5a391ab95e4cd2c825c8d0af30652fe3cf53b24b2cf063c65b887733255e0c94ef57930e88584c21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a6ca6f6fe971845e50052f825424c56 |
| SHA1 | ae480497838f647e14aa5967a98987946e64e040 |
| SHA256 | 1b186e77aab6c091ec2ab844002a38347881160dd60d16426d9bb01a7f0db5bd |
| SHA512 | 922df85b7bf37f7f3fec2ef8e41aef2f99fe813b658d005aabbf92c666e79efc69f856ca845e883132a7bd21e00bf360cbd29d2cd57359b8b428c88f170f1b6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c60c38e59c6ea03b116ecf871c8ba36 |
| SHA1 | 4fadaafb48840a1c1784e7cf1e8ed64f694416f8 |
| SHA256 | 1a4577797f726581384e59bd231bb7f56dd834972494bc58072f5ad5c3cb9380 |
| SHA512 | dc24a8317345c1cfc2097705b0e80903a63c0b36748d800b23325196523e4b1e7d234dcb8ab31f03104529f9cae19b26faf88b3213b5b64c6295e21b8d38f0b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5851ce317ad1490562c7b97228a81b25 |
| SHA1 | a82cd8f1b2255477e1a210aeef23bcb8a00f74d0 |
| SHA256 | 053962feb435b3f30961d9e78c8077698e5d56efe66691db11778498bee389e8 |
| SHA512 | bca2043578484b042a634945c69e592db13521fad8021c6ac3bb255cc6f931a0998c1ad969bc2931d710adb23bc3a8448793ec6ccd9bea078915cc3f496701b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b3e3f63aebdc7b0722c3c1e47dc103 |
| SHA1 | 8aa8425bcc8a53bd80a774cd08370f2288bb68ed |
| SHA256 | 4da70d2e2156697cc5fc4f6b6e5f55c4760ec4d3959fc2a1be25c86e6552a79a |
| SHA512 | 30ee4ec93763e40ae6cef941b57c5ac0912af8b39880729e1b8338d97f6ef7c994dee37e7ef6869da4e17bb35498379b654816f8e37a3d9bc661db2b1360b08e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a29b3b287d9c0f4e1e898790aba3c6d0 |
| SHA1 | f4d04c8463b3bb578c3487eb03fff5a75a54aff2 |
| SHA256 | 47af8ca37904d33ffc92b528ff76e4a37247bb403722d69e25b178a39ba6ae6e |
| SHA512 | 2b499edce5207d08e0b6502fa026992cb6455d9b666f2fdd24a6e2121c39831cf98ffb078ecd88efee7dc5fa6448f62e03f76168bf093e68844b7a834ff2fdb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef5bfd440d589caa9d6858cac292c2a5 |
| SHA1 | 7e215a528094b7346226204603a486d5b9686143 |
| SHA256 | 08a47476bdb6fc80bacae075c97947e33b2406fb8ef1a488655abf25771b943a |
| SHA512 | 9dcb0b70afe4992009a9ed5bb1b227ba46faef3baeeec0235f4510fb4df43744016727d4e493246f996af4433802a2c84f22ce98807f13c4efa9880012341996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc17db1c4243595c1524eaa81225300b |
| SHA1 | 4135ff3c955eff680129ea8abb4735d3a7221b4c |
| SHA256 | 73b86e120a6997ad52fc235133f478e051165da3b892a0a0cdff1bf5ebe4078c |
| SHA512 | 7c25ba8717f95d4e02c4b9f18cd241dd788e9b441352add0ab9bebdb7da9ba8c15940bfba17766d836e96369f3dea25df41c04f67791f534594813e01ae4536d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02f47e1acc0be8bddc4b29d6c07d71de |
| SHA1 | 1658b9408debe0b88ad29326a26c4d17e714d94a |
| SHA256 | 745ac745d0f3f4a5377419ad46e85697f931507f62cb4477a61e096bb7fe264a |
| SHA512 | 6590a672bc0d6c2feb5ff1e30059b90682716a12300d86f2505e64a5dd520a88a074c63ea8b055e932ae41e844206c007e9f2d9a2c1d0048f058ef0b6e899fe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79bffc8274e0ee400d2cb4cfb23fd2e9 |
| SHA1 | 88ebfcb0c24941bceb98f118ed845e42bcc5432d |
| SHA256 | 06ff411106c51fe5b69381dc34216414851f5bd9bf4eecb760fe668661c69806 |
| SHA512 | eb69d7de2ab998cad76d36d3c7bc2eccc30b407bb8e39e28f0e7d040febf8aa75c116325a6eb30de26d06a34835c045e5ae034a055846c78a49259123a8a4e80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dda0ef974c6f5b2cf48b9449ba1b06b |
| SHA1 | 036e8a342b904fa249813f089bb0afc641cac143 |
| SHA256 | ba9b1c6b59008a17743141d28ede8cb51965af30d13171936f51797fc405b75b |
| SHA512 | f73356fd1d5cbfe1f075b549cc687f3702617ea6351d53ae4938745f06dccaae629ccd16361ca67c2bdd04dde42b2cdcd624e7fa6ae0f8bec42273015a278ed8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cafe1a3419a5e23cfcda1ce6545b3ce4 |
| SHA1 | 1bb278919aa969b448234c24a6b7b08d9902bad2 |
| SHA256 | c02124e397b62156b5f6815f2188f1d027168593c2ae67f48ee8dfc5e8310991 |
| SHA512 | acc88d1b3a50af7729590f3c49731cae1088c43ae20a5de59345941d03f5870db377a3a5fbe10f9c43f2c266a3addafda06938b1e3f8d4dacd0215a1ba015575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cde7f778b7724facb0c995c2fbe2f2d |
| SHA1 | 2533f54cd996fed37a0635e759291138ee898491 |
| SHA256 | 9697bd69415c590ff40e1e2e82af4ed6f26ba3b9736d1c2d52fd85418a37dba1 |
| SHA512 | 4cf2de82b7ce74585e4eae021085eee0c47c1a97fbb7884e67c428fe93069cb32de08b769f009d1503c3fbea53e60160b947ab1f4d7578bcf7484ef93b453148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6ae80abd5d11c2b070766adc01bf20a |
| SHA1 | b152b6873c4096383545487e42fffef8a43f05f4 |
| SHA256 | 0b29014af5e39b757e4440f54740340dbcfb5d97ca002bf29c15859ff6380bc8 |
| SHA512 | 651ec65169d9333d7d8fafee152d100a07f6d6cc5e4b0220a8914bc0f8a02d4fac3cbc70de77b4b05da8e858393205ba0b4a3ea5b9fd3cbc85a96599ab1ecf1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f5a594bb244ba92a292fb51f75aeda2 |
| SHA1 | 2b90d60322adae939fe120e0845b1b4ec396531e |
| SHA256 | 40f8ea9350252f0bf13ca7b887bec66a7225dc93277539c4bf155cc32a4d9d0a |
| SHA512 | 65eceec567491ca7f4d3e785604208def80fb8defd3d578044f36c7ea6ac2f580b38325dcffc216057d6c2bf5a8117f9fd6074e2b5f6fb8c61fb997001ed6ab0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:26
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49d1ff85cb797fd8d72ce322451c834_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc87d46f8,0x7ffcc87d4708,0x7ffcc87d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7628798830328106206,4430998834771030648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | caltexpolymers.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.63.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
| US | 104.16.224.240:445 | static.getclicky.com | tcp |
| US | 104.16.225.240:445 | static.getclicky.com | tcp |
| US | 104.16.224.240:139 | static.getclicky.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.230.63.186:80 | caltexpolymers.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_940_GZOHNRROHQWOMYKR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 912e23de9ccf0c1fad76e5ee37850a92 |
| SHA1 | a1496016855b5cdaf96a00b37b865f1f44e398ac |
| SHA256 | 41481f51220b494569b725773507bdad0f57a6dd7dc72f6825d888e149dded87 |
| SHA512 | 146d939e7f8bfc4bd871da51389d5a9dabf29f9c6c48c5674dea18e4d414f88277443af448ffc97d4b929dc8ce5817394319a42d49ebb50a5b316148a3258694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 501ab43e8da97d429d0d70d2f1056c8b |
| SHA1 | fa8f4cbae6fd1a719b48d2a626c36f484ad8f0ce |
| SHA256 | 603464ac1094ec07acfef7b9faeb877f29d35d723c877ab7a77c9f0008efb765 |
| SHA512 | 0d86e2404efdbe3ccce81313b70531bc07a4b24630545fb36c36ff7160eb66f6bd9165769d8f52bc9317c84a63dceec03e98fed780c15e834593f41b343ee933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa15bd3fa166677b22ea0ebf8b95afdc |
| SHA1 | 6a8429ec0ff2c138c27c96eefb445a0285fe01d0 |
| SHA256 | fc1a49feea90fe5e75164d3e8fd41e1ceca4b1fb7315a08970a813929a8936db |
| SHA512 | ab2dbf7585f36ee0bdf06a4d0dbbc2bb5fdf5a882a572b6a1ec0aadf6a7a96b64fe8c8a9dca1b752e87bfb10d1ed081845b736f82bae66023b261c4f0f78c90a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |