Analysis Overview
SHA256
345067d64fa740fd00a105a140e9755ec1a1db8bddfcd8007ef6d7a2150bc58a
Threat Level: No (potentially) malicious behavior was detected
The file a50c71ce3cbd9b6d1754c42720b2a2f5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:19
Reported
2024-06-13 10:21
Platform
win7-20240611-en
Max time kernel
137s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701566407bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435820" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61A2E6F1-296E-11EF-A85D-46C1B5BE3FA8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006a4d20ff97790d374bc794179ded3a81731e02775a979554d1e3d343a5d115e2000000000e8000000002000020000000d2f6382b92907a75e131a227104bdc560138127bf8afca21d0b9b4bf3b1b899220000000141973d3abc5fd574359c17a765b4d88d69d97eec2bb22194634c57867c41c764000000059c9976d9efee674d1683d89dbe84c8c4a8b3f07fb3b4e35f98d1980bedc2b0eaf8bd282a77a8358ae3eb826ce40e8daf4153cc2561259e3525b68039e928132 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009f9ad05a2b7f67fd9a1ba093548413ceed916fcb235cd5dbfd9d94e76a48bea2000000000e80000000020000200000004271d413cc7b49b178f0f51dda49200fda40045dbcd8a5ec60d022fedabe161a90000000ff2036c861919c7bbdc1cd1deb69249afb0f265b33e903386610754e4b11b720f4feb8d6902ba862bca7100a3fe656d2ff6163505351632e6c750e96a79de8e733ac1c3812d426eca12cfd008b4f1153502f1a28ee6cd72566582991ef563759d8a7f43c6bd78211c8fb66e9eaf5c183b79cfb7c5500cdd9ba7bf23ff4b1dfcfd7feb780e72690923e24cdace07352704000000046c79a120e17b32848b78c3a68f5d1ced3503ca114969f9c44f95e09e6e1c3522b3594eb8c6ab05e82f80464e750c9e1469aa71eedbab8bdde5974be92035522 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1284 wrote to memory of 1508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1284 wrote to memory of 1508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1284 wrote to memory of 1508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1284 wrote to memory of 1508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50c71ce3cbd9b6d1754c42720b2a2f5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.qq.com | udp |
| US | 8.8.8.8:53 | edp208.cn | udp |
| US | 8.8.8.8:53 | p.qpic.cn | udp |
| US | 8.8.8.8:53 | s13.cnzz.com | udp |
| CN | 220.185.168.234:443 | s13.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s13.cnzz.com | tcp |
| HK | 43.154.254.32:80 | p.qpic.cn | tcp |
| HK | 43.154.254.32:80 | p.qpic.cn | tcp |
| BE | 92.123.51.8:80 | img1.qq.com | tcp |
| BE | 92.123.51.8:80 | img1.qq.com | tcp |
| CN | 220.185.168.234:443 | s13.cnzz.com | tcp |
| US | 8.8.8.8:53 | fengchaoyy.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD3C5.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\TarD488.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb6bb32d3511e4312c51dd902d000eb2 |
| SHA1 | db85dda7206cca0174563aa6aaa78909f8b460e1 |
| SHA256 | d0e96c74de54cfebeea2dd048d74d00088f272daad57eb46f844f9a298b38cba |
| SHA512 | 360574d0c9bdc867dc509b1a52b96db5a460f609548dd3db21918786d633b2a8397730ea2ecb382ee75e50ccecb8b3a50c9a9ad414c25a242dcda4d4bc7d12cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89012c77b68a93914048e6f13649ffa1 |
| SHA1 | caa66c05d06b0980c3ce843ab2794b7e938dce4b |
| SHA256 | ead28f3c29495dd341000b45a94448fcccd723b6e50a3644e5c97f31c092c488 |
| SHA512 | 6bb689d688c551f5fd7d0f8cf21fb586c596e7117e63ac0c094aefb9e4140b0dafe9659d2aeabe89d4db9d6b7bbdd52da99ed12a8fc0aa4c897695199a02a774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d42258d543fb4885b1a9d0b02e9917eb |
| SHA1 | 816100c492afad883d5d8583cc1da82915fac776 |
| SHA256 | dc42eb817772a25a114029d7ef29209f21a69b3488a1cb44f5c6cda3d3729b8e |
| SHA512 | 76e0c2b5702ac7d3c25f7a19540e5c4c53aee80664645bcce7f63a90914088b65633b2dba1df50cc089a644c84cf32fdef8dcb9e93e3851fdac4861fb2f90ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96c2db8ac0c1e40b07d04b83a738913b |
| SHA1 | 6a1c0be68f4ae7995095e8f751b605f85fd63188 |
| SHA256 | 025e14b25f697b6f1d43c8e542f64fb5be2be2d821963bbd52d25f37b5bc712b |
| SHA512 | 331d3591fc2a64234b0200b0088ab39151199e5c0f0bd55d9cb85b715e6f5ad36c005ce7e561dbdef398ff149b2c16900cde5116befd2ecc65614e2fcca0098e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec44e8a92fa426fab5a3da89692c6ec |
| SHA1 | 6cb5266ec219c1dabad4451f7d95b175ba68b025 |
| SHA256 | 14b5add59c334a4eb94365862a9e5b2d26cfe373d9b523c7313691ba31df66c2 |
| SHA512 | 803d8bdf1cae9f8862d54aea3cc6ff8d127c1173e32d425e92c9c15a142efbf490291479d4fbdec6f6bebe8edfa78c986285b278f8a1a3cab6dc4270b54881a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 636f92246d390f7e7c840fb061502b3b |
| SHA1 | 46949bb77da895211615fdee6e9ee69ca683e702 |
| SHA256 | 48ae62a42bb0a8335cf9894a8cbb7c1d65a39bffc88f1eef0daff4723e390dca |
| SHA512 | 4364e86b2c3fd02ab44e547f894b15b231c6d248cc736f3ac1453e7035bbf8c8cb2fc75ac6f8e7715f67d075a415c59692cc5b9a6daddf70a1e85aaefceb3452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a890f19eca6c77ca0c7df285ee587d5 |
| SHA1 | 79cde655762b24b6b4ed0ea6ec32c02c885b5189 |
| SHA256 | b73f777781ac68de25173bb2badc3fa14d3db77cffddfd54faa912ec2f91caa5 |
| SHA512 | 965b69e3d4b01ecd64f1f0ef35e610386294a5a87de5a43567cb4ed1eef511a694ad53c9382d5c1720044b98cb8031c47744460a064a38521673b90816eec161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86b7cfbc4259b9d5c093b84b87c9aa26 |
| SHA1 | b7274fe9a957b6f96b54c81cea0a96db2519d639 |
| SHA256 | 267cb722a661d8ed90c549816fcafddcfbd6ba76280f774bdd428ff605889c7e |
| SHA512 | 27c8afdbee24d5ba4e37974b48ff4acb7997f701940a2c5c247e3e0eafe98cf72c18facc1e2811655529c524279156b9d234d10bc1b1a0bede79eb018b55e2a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c4000814c970888465be366ca2462cf |
| SHA1 | 09c8dfddf5d8aad999864131d5cf5459f44b8714 |
| SHA256 | 5d1eeb8d17d01eaaa88b5736368e30206ea4f3821ab568c3742688391ddab2be |
| SHA512 | d5e3ab700bd847fdf183fd83d0d1a86b9e5358f4d852a650563fb5085b8ab2a5810d8ad58a960cef7b80ac44c38bd10ced964bb9ad14a0f21058c8688753a2f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e294e49ed1e12cd03fd83381c369531 |
| SHA1 | 098a649b91b6149f321a65feea58833b267510d4 |
| SHA256 | 86079b561e375d6b41caad021523007641c1485bd37a1ecab79c88479fb9e057 |
| SHA512 | 6094e8d1d2ca6570199f3188acb9d216b6bdca93720c5983dc35993325f7df55a0b344b20ddc1227e58f64b81860a3e9a79bcdc62be673882cfc5ff6c1a1515c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b5fcf929ea455e3b7745fa6a9e3d704 |
| SHA1 | 07a1a277da18926c095b5fc28a3ea4b835931aa4 |
| SHA256 | 3fcea7e56bfe374ec4b8ee3688a19a182385d11d13759b914a7c1e0e7d4b23de |
| SHA512 | 767b4a07eadb7713c4ad33612d877fa8119a0b602bfe9e6416c8e5da2c2c4e4fbab495fbce5a8600ad3230d9615c7b3a872958e54acd4986ee6648302b1f75d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d18fda23992ab660a844bf9f5c157fb |
| SHA1 | e4877163abf347314c3d10b9af0eb15906465d13 |
| SHA256 | 68de282e2d86b7997571f498778045366296aa87950ac79c7fee59730e7d1312 |
| SHA512 | fad6767b889bc93b50c0406f0ddd5c3a296be1edd106b3c8caa652fef32a463b0634725d95a410d16562fe230226b37580d32d4f4eaf7cdbdea455e5b4f778f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2732d4aec8edcd0b0749921132eb2812 |
| SHA1 | 0c4d90308331a66823b46316cff695ffeaffa184 |
| SHA256 | 7da84e01fa047c212b429f64ecf29fbdffbe36b0f24b612024d50211ab06cd63 |
| SHA512 | 712e53e1bb8ab387207f353b2732c99caf709006605d1d95698262368f40f764b52fc26a395c5804422aeb49efdc1349be7f587ef9453e1544ecd6f7426c3da9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70d1656ea06edb3fecc6f767ec6e36a0 |
| SHA1 | c23192cb330390c8c8b84cea93f5a49417b36b8b |
| SHA256 | a488768fb21fb25a8e135aada8acfb5b3691ece7158b54bd336bb6a555d14446 |
| SHA512 | 7cdfe1120b2284f4d2ee30030d962440c1b85bcc3effd1b854edd21aecd8bc17ca53062cef830d04172d47d988cc1db0ed25bbc44cf0748d0bf2425fd9a38a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c52d71a80ef4040376f430dcb16814e |
| SHA1 | 073dbf744ad4d6f17f80a9b01d7b0359c4d31b35 |
| SHA256 | fef0a499392f6085b34ae722f016f042d479b87ec8d0684a2827b573120b6958 |
| SHA512 | d2caeb2ec6238a1044ee947b808e7699654aea7bf5c53c052ae11047fea2c0926e534f2fef424e7a1d65a29edb5408d2d3f06a67f5cd2593666eaf488f559f1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dd5e9d85a5433ce32ce016aee806bd8 |
| SHA1 | eaccfd99fc58e2ea770f27e54189327ce1b2996b |
| SHA256 | 67ab47256374085eb1f19b45f5919a9f706394f8e0377a5ee72997a2356c4bc9 |
| SHA512 | 3fe419b184fea5b2ef831c99a527fbe71379b4c7d765047b8b07f90b2b721b3dd7e88f0a6efa8ee3a84f49e9d7a848d6089f2ad39addd693fe938672850d67e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913db130bf840aad6731d11ad4838488 |
| SHA1 | d83d13fcbee90c93e9b007c68bc87865ec64e5d5 |
| SHA256 | 2e1ce02b5c0e0f99d7679a859add7412a0735baa7424d6f9067a451775908a58 |
| SHA512 | 2daa0accf5add8811d23f1eadb9ff30704888aaafbf2da8b91def91612be474970bf0041c39f389523bba6b485df203d423c4ef272719b141ad8914a3f034992 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27a7c06a62f26450436a122ab679f4a3 |
| SHA1 | 6822b1bd9af5bc55571f8bb36ecdaca5f3e8f8e5 |
| SHA256 | 7a42899c0676f4e036eba5b8e45646a59e26a75dd8e43be1cc056faba8efd3e1 |
| SHA512 | b162110716079fd755a048559339c0a802aafdc01d5c7680e62a2b10a3772a79f776bcffaf828b418e3fb4e41e72515e8ae5568d778108db272f01ee2018602f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16a965884c7e8f09db409bb282907c92 |
| SHA1 | 8c064de34ed6f9d7079f64491677f4aef71fcfa1 |
| SHA256 | 75dbd48715d80b4dca948b1020a25266aeab25b7443ec59722b200e0a4d3161a |
| SHA512 | e270fde0bb1740830bc248b063b4643187bb698b39964d08967c7cd60bd7d89b4173a9f5c79b1e69271c10802280c7e3077384a0fd63bc881964720d8505ba05 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:19
Reported
2024-06-13 10:21
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50c71ce3cbd9b6d1754c42720b2a2f5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe966546f8,0x7ffe96654708,0x7ffe96654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14469373904777880278,6090731916563535198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5796 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img1.qq.com | udp |
| US | 8.8.8.8:53 | edp208.cn | udp |
| US | 8.8.8.8:53 | p.qpic.cn | udp |
| US | 8.8.8.8:53 | s13.cnzz.com | udp |
| CN | 220.185.168.234:443 | s13.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s13.cnzz.com | tcp |
| HK | 43.129.255.47:80 | p.qpic.cn | tcp |
| HK | 43.129.255.47:80 | p.qpic.cn | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| BE | 92.123.51.8:80 | img1.qq.com | tcp |
| BE | 92.123.51.8:80 | img1.qq.com | tcp |
| US | 8.8.8.8:53 | 47.255.129.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.51.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fengchaoyy.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | fengchaoyy.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fengchaoyy.com | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fengchaoyy.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_3532_KAQJUWUCWXGYRFWU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c4147a1db9b0a9debd679bc89a571b1 |
| SHA1 | 5d74c606ca1174dbc3f0a6e318522fd4789856e5 |
| SHA256 | f004b028e26c7d472cfb7d2d604240e72ad41f4dfbc7b82a9de2bc8a862adb45 |
| SHA512 | 891b388968fc772f9ac6cbd8e8e10ba0bb00335ea9dbe7a453266015229a9c65c82be90601fad29e7282c3ab66b64995a98efeafb92d93b138fc31e9f49eda06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 601199790af9ccccab04ff4885caae02 |
| SHA1 | 1c438161f0c0162d49522ad34482a7b0917e1bcb |
| SHA256 | 65b9c21031658fe9d09c0ee5a0509c9081146270b25ef43904e6ab62f1ccafcc |
| SHA512 | 95e7d2fe207d0a2aaf95fd049ab0167c693788d013a5f84ed36dd602df62c3ec55260fe90557345c645cf0c41bae3b29aa85eb6981181df7c68bd017f551d557 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5966cd9342b8fe15141bad0f88e0c29 |
| SHA1 | ace2101b0c64663f05e187f4cfd399e5627dbef4 |
| SHA256 | 20c985a9a5660632a7001d86053aa51255b0d84b023e95f8ff32c1760be01304 |
| SHA512 | b006c67eadebc0fa551c360da6bd66cc81e3e1812d58b709661b3d74ad14934a446e9c7f1d4329def5aa647e38d9f0169268cc6a5c689205cd08ace923d42851 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 954422f6976745d87b368f2de5c70016 |
| SHA1 | 848649894e64c3fac77469fc6aa386a36ecfb05a |
| SHA256 | 8c0bd71f37f26d1d89269da68e267e0c1d5336c2966e0d6ab7e4ef37a9c35d2a |
| SHA512 | c05d13239ba1dc270c4901f25b27e55ab278ad6fe1857f866bc1f9c73080ed1ef8f99d895b76e6de44ec1382a9da6acb28eb1cec2bfd981c04c973c7cceef5f1 |