Analysis Overview
SHA256
d879986d34bf4bbe3acc5d484f61bbb68e37910de428debd17607b2bee250d13
Threat Level: Likely benign
The file c07a95d8e6f746525c4725700450d93e_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:52
Reported
2024-08-25 09:54
Platform
win7-20240708-en
Max time kernel
121s
Max time network
149s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741395" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e0efb4d4f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0A95CB1-62C7-11EF-BD41-DEC97E11E4FF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000008b62d8d5c28c8255855c9d2d57ae0f47c198bc07bfed2a2febbe82d6f6de45ec000000000e8000000002000020000000517a1c1a3989e6d8037fc22dda5a60b7410ac4238e9b8523101e241d4a08ef4920000000796700ba45d9129a3bd5c97960adf3bf151ee5ceab6ae0a10473131f39796d9240000000697701f86081f764f5daa6ff26a432b69dfcc28360b680ac7c9ae76c077b1c671a000a352447d124995843caca3c0e4f9737727194e3752d4494de25c239437b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000b46dd2017ecad221fbe3ef2bb411d69307faa29ece23aa0994b0a3ff75b9271b000000000e8000000002000020000000c99c676ff3c0d8f0c46e572ee9830c0bdc5c30e7f3d2e166029505981228950d90000000892d979f1937e281904dfd8acb5907bdd642c3eb5009cc3289958c9655ecad44cdb0d21adf2d008fedb0d3b6df0518a8be9c53777f77d3c1e3e545508bf30fb1da88e03439aceae527ff00e0cfc25f77f6cd0e6ff3031bf2f3a7ff7ed975430706b7dfe880cc80aeb292333316d6f844a7066205f23e9d3c9cb97b954c771144769ac13b3325832864ed369121e8ea68400000007b85f0030a25174e44c494863676aa5340e5a2d2d02f5ccf981227a1cb8fd3a8bff990666b7bf78ad7e158f14a2e447881a7bf149116886657d2ba22cce5a5fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2332 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a95d8e6f746525c4725700450d93e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.communiekaart.net | udp |
| US | 8.8.8.8:53 | hostads.cn | udp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4C3D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4CED.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3bef6126a5fa874a9b23493d81906d4 |
| SHA1 | 16ae7d7b2cd9d520a8fe0e7c464463d30ff8c8c7 |
| SHA256 | aeb8c158f8a619ec45f7f82aa552620ff46a7e2639587d8a15f1d3dd284b2476 |
| SHA512 | ebd8dffceca992ac2952faf12e0dee5768636d3e5ca24df0c0986b361b89f377f9bc7b024acf1ee0b06fa8a1cac11ede313f22d2b96d8fdd4d5ed09af6b34de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca5048a5f939b4aa065f521bd6cb4a00 |
| SHA1 | 29ef406a60d600840a5ec09613f1fa0699ed6826 |
| SHA256 | 81e5584b6beff1228e0a003be1560cbc5c869ce55d6128f832d57f5541c4bd06 |
| SHA512 | 47ca35baec6eaf8d9202a45085fd52acde7890db070bdede350765092c3e1291bdfb20aae1dc5d769d1187b1f6aa6dca1ebd61c2e86169a6c20e056f656f5fa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99c18df8acf9b35928e983169bc03748 |
| SHA1 | 270e2cd2725f9b4404323fd9c63ecc5243c772a9 |
| SHA256 | beb7880e08fd9c05345b0a9f6ebd866a06dfc67c7e5c52c702314ce595bd9c26 |
| SHA512 | 2777b19eb4ad8ba8898fc88224cb57b68ba79247e926c4d5966c05d467d420a555064fe28615ab75432c8acbcff6e06e84192d3be7ba391246da66dbde44d5b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9689542a0841c63735a62e4912bd8a4 |
| SHA1 | 368c548b6c9354af55af9db1934687f0669ec22b |
| SHA256 | eb384475dde3e7273a7f2939be2a2ecc4b8b3a7fd9c79969f08a8fc87a33fc65 |
| SHA512 | 429c2b2c5465788924ba053a41c9749e18a19c58ba41ccb5f4cd116bbadf0eb21512459bb5e15eef5b9f72d0640718a6c2b004bb1b03fe675d1d139cbfdd7c61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d4e7bd9f2e10d48cc0cd72e892761c |
| SHA1 | a00eb51f1af47db903178d49fb7b6c8e3df05558 |
| SHA256 | b6041aeacce65fd91d3930a80b7ac2d4c3c746a8bf182f8c27259054585a9cf0 |
| SHA512 | 62ce9f659776235c0f4c3e073ad6d2feb13dc94d44951450e639ea4266b57f0ebb4091bfc84361337d9ce1e44d7a72ea9fce2a39231aa62448ef6e08894ad8d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 483152ebc69b6c80485e596e2b06dc42 |
| SHA1 | 1e87a590bb66c5d564f3bed79c7dcd58391773a0 |
| SHA256 | 6b98047c1a8915565a053e632e1656854108bfbd50d5b749560115ab52fbaed7 |
| SHA512 | ff1f5075af8cb10329e18302904a4bc449bc67e681f65ed1722d4da3330c7fa9577276b83e50aa0ee7988165baf50c19a45bf3bb59046e859adc0da64ce48b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f128e9da023b1c7be4ee8ba0f75e25a |
| SHA1 | ac2d518489f69386014f7f8e5a1e869e61d7b038 |
| SHA256 | c64259b555cdd733b8cc8fcebb26d997969441e6803c882e49d534ab3eacd63d |
| SHA512 | fdd1158269ede567937a7fa0d3b8399386e909a2771c85457a3022a587ca9db9a355a2716fda1fdda014148cc6dcafaeb0823548d7ac95e061b2cfc045647afc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4b0ca8f22bf7c2763899aa287777086 |
| SHA1 | c5df9bba12a95c856a51af9a6cab210b7d87e780 |
| SHA256 | ee34ef6e29ab0cd4e40bd734acfeef52b957e21c0f9d76599ee10c4da6a630af |
| SHA512 | 8aa453d880c4c69fac2dd83374a102a4845e0bc6dbaa2de1b675e34f5814d9087540ec258cc1be2253f3d7b80bb425b213df14b9c1087e253b6009dcf3ce8b83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d82c78e911b6226e4f4c9788fca406e |
| SHA1 | bfbe641b73a959ba443549ebec341dcb05088016 |
| SHA256 | c084657c21fdff5284e99d4f412ad254c9fddccc2ccc4bb29e5b1abaab75c858 |
| SHA512 | 8a46c9def5c4e9efc9d8080ca5aadecba4b2806f0459928201c67cf94a99f010a3efa711063bddecac25cd759e1b89b318f733908cc3723895f31fa8b7d176a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab3732f8cd608279b7862c8ae47e827 |
| SHA1 | ccfe9b7756385920e8c3cf04b5e9f5d356285005 |
| SHA256 | 6b1a6a7b439b003783dc4789c742b9eb3a67e02ba81222914d0ac85ac5d84c96 |
| SHA512 | 2fc2d6906527fd50a6f07ecaab7b92bc925b8ed4c97311e258cfe23d122bf1a6d8cc1ad06a13892a09f7ce9fad7bb419c24e44704b1d30c991cd2ca46fd4609b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f3d38a4bb299300987136df2c71be0 |
| SHA1 | 9bb872c9d56453c35d3297e5a8524944dd2bef67 |
| SHA256 | 44634ff9da00b7d8865b21c72b97133962395302a9cda730b1e5763c3b7ec429 |
| SHA512 | 886f343a86ad5d0b7768007122af456343f656a9cac5ce33f621fcca626c5bd0dd462ec185944c241ad9c7f150620ae11979437283b9156c239a6046d07d8929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf1a8dccfc2ea293dbc7569aad885df9 |
| SHA1 | 45e9677179312a609210e3449f0312995af73429 |
| SHA256 | b19716e6171b310eca94d0f22868a355b40feb625fe17c4b3bada300e425cdca |
| SHA512 | f880aef1e510fb0b4a26a366441dc90762c989e92295dc5919a8d24355a431b63bba3473af7c1685931db4d58ce85e80d15f432935f19abc36f05f8500a5f592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a174b842521845e9dbe903f3173a0ad |
| SHA1 | 5c2c32129f8d9099a501c443bf7d2b269391f503 |
| SHA256 | b62150bcbd8117eeebc9717a32177ef4baf1d807ca86560b25434d4db35a2b91 |
| SHA512 | 6369557bcf624c3d889cfc2e7d4d609ccfe6af481d724e1f649450a9f82a7655742f5d35cdc0c43ec1e1f3e30bf8a5943671540260fc9c7cd0c5c730041df33d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74748de91b344f3c16994f4e262c321e |
| SHA1 | c8efaf28b1693901f5eaf6f4b9140661d85d1d0b |
| SHA256 | 4d1ead1672458c2c55d17bae418f2abbe66ad88e255d3d37ed9d271b0041c565 |
| SHA512 | 124526f53063be0638f9bb427b6f2e6d32a13abdd196c52219cbec7db8ec07ec8c8c324f107b26d1e94b9b960f972aa77ccfe4a6b3743e1841fd94e521abf1ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d75619d24786508e881a91df38ffe587 |
| SHA1 | bc9041e03927323bccfadb51b4ca7b8640ee4ca1 |
| SHA256 | 199ca2861e75e6c74360fdeb2d113b16e5e485d9be3766d618a5f3405035edc5 |
| SHA512 | 04f0f9e4a16ce534ef7b16e2e7743c1199ed10a64c3cfe42caa8504f1bde1fdef27123a1c99bcb3336ab200d37186f22a9287d28e5a0dbee38752da8cc3e1504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b122530d62161a8f72e4c3d33c99a62e |
| SHA1 | 5171811d503262e20f4ca7eda93092d76df9dc57 |
| SHA256 | f65a8cf5728265e615b14164511128d76ae69f6eadcf1794d5fbffa4c4a54a76 |
| SHA512 | d09a14f309aec1bc7a6d4ed2b4a63c6985667d073167713083ccad58a8c7e76cdbb9e4599b0d405b58e0e26d293faa5e380c9cae68db042305c570068836abd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad13526be4c203d380281d3feae0a7c4 |
| SHA1 | eb77e5e5ae73111f46ffadb2d7ebc06405a1a556 |
| SHA256 | c119686a71a7850947f76b08b3d5101074aaebfe1e6d0b306120ccb850f85b31 |
| SHA512 | 3a161e5ed328b717a4ee5f578b2f7c342a6e4e94588e5ef9b7a562f6bc12eb03c9b31c019a596ca27f1b14da6454e7f25dad3df1e52fe07cc70514c4ed994bc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90920260627ad985ff736003154a48a1 |
| SHA1 | 0981829ac8505fa670d97227cb17272d01e8f30e |
| SHA256 | 80786728432228b1362e6a613f9c9294eceeabee7300f9b79bfebc9932e62518 |
| SHA512 | df9596c0a9cbe69d8cb46c068384b7267ce6d0696d1588c64dd968b5bfc6468da20889280cc82b3925e0bb51ef6b37b2d03afbd5309730d4946b7cf02c3c8620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f0905b0e9d0ef6e3c6934de9a2703f7 |
| SHA1 | adfccc8e55e74e361135ac4151b8157324c633ba |
| SHA256 | 00ff83c97de9547f6c7b6871e5022775cb5794e76ad22e304a5f6db6472feed2 |
| SHA512 | 9b89104f2c1298d40ae995c96dd98563a66610213ace49dc4efa17e837b0071a84314cba6a8bfd8eaff9d47a311fc3ede73aab0b3ba29047ef0071057f1a24e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:52
Reported
2024-08-25 09:54
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07a95d8e6f746525c4725700450d93e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28a346f8,0x7ffc28a34708,0x7ffc28a34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13748120837886027408,18007168098319773134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.communiekaart.net | udp |
| US | 8.8.8.8:53 | hostads.cn | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| HK | 101.33.116.226:80 | hostads.cn | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.116.33.101.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.communiekaart.net | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_4860_IFAMJNAGWOHTSPXE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c7ec1b69d3f644245e85c3d961185a0 |
| SHA1 | 9e374ac76db7db2ca2449735487440be6e45ec45 |
| SHA256 | 6f357c551308540ca9c0f7ee73b68b9622590ff28d5c6b13fbf640bec91ec30d |
| SHA512 | 89e4c5a678fa41369c1b75a0ddb7ec7a2e1b9eacec398fcf0f10170d065618286845047637175fbd8bf6d6e9e198db7d7ec9d6da748ed877505ee5acb45d5480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a7ddb849e1a41e269ca675041edca17 |
| SHA1 | 889c89d208597bbc9bbe2214242062bf326a662c |
| SHA256 | f4c1da71cc2d2e8e812ef6f0400d3636ef8f493175369d3ed2d13744db7bebe9 |
| SHA512 | 439cacf1d44ee2bf526f13f4609b60bc5bbcac397f9f47026645f0804df09d3c9c638c32c191a218f85f821da690c659eb9a7aa7ffb365288954ae57ef1c74cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ff87f4b9a9d0923a860c77fd9592376 |
| SHA1 | 5f58ad857c122ce7dea4f44ee6df9273cbf97db4 |
| SHA256 | afa0f5d406de36496450bca8e68a296e7c65423a0d3eab38a45feb0f445ba452 |
| SHA512 | 597e47a87414b2349acd04c5eab1fa07d1a85d741913f77674c8aec67ed8096c61b4a25346d0415a88f3a13d0070650a5a5998276b74ec0c6344a3892dc9ef5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2acf5f4f368d0e70cffdf3f9ab806260 |
| SHA1 | 2e286d8af9852faa4d9d4336f7f66a8117380dac |
| SHA256 | 8b9a2981fdf429e5a2f4ea40c579780752fac9d1aa532cbcd2c3f6824cdffade |
| SHA512 | 6a16b90dc7490c305994ab7a7a7c229b4c392cb7f5a583982a7c249bf2d50eda7124ce86c92e01e3cc4b88030aa86716019dfad760b6d2b9c9f46cfb092e738e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 84c1169987606fe9f7d860cb3cc65389 |
| SHA1 | c40c231772d5f55bf9bbf3583685d87f2b22aa30 |
| SHA256 | 697bbe77649b755fc701e68d4baec77f093522c8caacb9bf08ef8b2e657fc9d7 |
| SHA512 | 84ebfd2b086e7668e780c8b9fa6fcba0b422094bfdc9d369fe0bdbdf54542a7380f777f00c3320eaf08a741735b79488c37659993f4ab8cb73e0b7ee0fe89b4d |