Analysis Overview
SHA256
ce4f70baf58400e718c7b453bcabde4cfdfe0e1860242dabc6cecb10b867dfe6
Threat Level: No (potentially) malicious behavior was detected
The file 846a566534704de4788d227a36ca336e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 14:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 14:07
Reported
2024-05-30 14:10
Platform
win7-20240508-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F350C6D1-1E8D-11EF-8C93-DEECE6B0C1A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e6c4dd471a5114879438d6679d942736c5de219be89ae530a22bbb1a182c7645000000000e800000000200002000000005898b97514cccbb7f63ed02d34d4bf7e087b49603190ee6023a8b8bd4c07cab20000000f6daa987b66fe09a596aeae28a512d89c69ee4719bb04b74454488283591822e40000000510eede5cb28a44ee82efbd1555e1688e8e4b53a786d34b2e4d8f0398d424cf0e9469ca9fd75c1aacf420c201d653031d1aa75fef4aba6ee2518865a47a8534e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239916" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ff01c99ab2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000031eaa3575eaeebc2c5913787ba033016c85fe18099e514b587a35feec906bcb000000000e800000000200002000000049a1bc5207aeede9c84635bf0e7818676dce7d6ad092e61d7c627b5a8feb29089000000042b435d3088dbb14d2b4a952ec5fbc75256ecacc8ab32ab78c69c04bda25f3825d3f08681e16ad34475266196bf906b2c75ce27b4836dd314181172d511ebb4018efabf3b5f767e97d0a44135ad6373de3eeb0ace174c0a6e5a39af1413f46a8952737702705c6c143bef22d88e591f6700072a9dd548708269acffd6b2a5f2ed69e5d277b274d81d72769b97d283b17400000004e6480833139e580f86987a305817a9f81ba42d7196aad202fa190742b6f70a663947cc82e8a58f3ace6b327200428ef7b375d40bf93da4793c339446be5b526 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2980 wrote to memory of 1200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 1200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 1200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 1200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846a566534704de4788d227a36ca336e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.nraila.org | udp |
| US | 8.8.8.8:53 | www.opencongress.org | udp |
| US | 8.8.8.8:53 | tbn1.google.com | udp |
| US | 8.8.8.8:53 | phenomena.nationalgeographic.com | udp |
| US | 8.8.8.8:53 | usriflecal30m1.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | oldworldgardenfarms.files.wordpress.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.ammoland.com | udp |
| US | 8.8.8.8:53 | www.coltautos.com | udp |
| US | 8.8.8.8:53 | www.forgottenweapons.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.64.145.211:80 | www.nraila.org | tcp |
| US | 172.64.145.211:80 | www.nraila.org | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.68:80 | tbn1.google.com | tcp |
| GB | 216.58.204.68:80 | tbn1.google.com | tcp |
| US | 18.191.19.75:80 | www.opencongress.org | tcp |
| US | 18.191.19.75:80 | www.opencongress.org | tcp |
| US | 192.0.72.26:80 | oldworldgardenfarms.files.wordpress.com | tcp |
| US | 192.0.72.26:80 | oldworldgardenfarms.files.wordpress.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 172.66.40.103:80 | www.ammoland.com | tcp |
| US | 172.66.40.103:80 | www.ammoland.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 216.86.147.183:80 | usriflecal30m1.com | tcp |
| US | 216.86.147.183:80 | usriflecal30m1.com | tcp |
| US | 170.249.192.139:80 | www.forgottenweapons.com | tcp |
| US | 170.249.192.139:80 | www.forgottenweapons.com | tcp |
| US | 34.232.191.251:80 | phenomena.nationalgeographic.com | tcp |
| US | 34.232.191.251:80 | phenomena.nationalgeographic.com | tcp |
| US | 192.0.72.26:443 | oldworldgardenfarms.files.wordpress.com | tcp |
| US | 172.66.40.103:443 | www.ammoland.com | tcp |
| US | 67.199.93.90:80 | www.coltautos.com | tcp |
| US | 67.199.93.90:80 | www.coltautos.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | formspal.com | udp |
| US | 170.249.192.139:443 | www.forgottenweapons.com | tcp |
| US | 8.8.8.8:53 | www.nationalgeographic.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 209.59.181.51:443 | formspal.com | tcp |
| US | 209.59.181.51:443 | formspal.com | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| US | 172.64.145.211:443 | www.nraila.org | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| US | 172.64.145.211:443 | www.nraila.org | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| US | 172.64.145.211:443 | www.nraila.org | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| US | 172.64.145.211:443 | www.nraila.org | tcp |
| FR | 52.222.201.45:443 | www.nationalgeographic.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | oldworldgardenfarms.wordpress.com | udp |
| US | 192.0.78.12:443 | oldworldgardenfarms.wordpress.com | tcp |
| US | 192.0.78.12:443 | oldworldgardenfarms.wordpress.com | tcp |
| US | 8.8.8.8:53 | blacktailbooks.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab27BE.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4e78209ef9db9f51af51e39689356fe7 |
| SHA1 | fc06c038fbafaa159be30ce969fd4fb4f646164d |
| SHA256 | d4d76d7cff974e787abba09ced501adf0a9ff0d7aa69a749538f7fc7f0d53a9e |
| SHA512 | f51f9d44a525dd733ac105de782ff066a33ab11fb53e314a9ca0d191c4023a0a5d4857b84daa6a30b16ae11191535e34bf271322a66f7b1278591f412c90cabe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 66d1f71702c1ef556dedf6366558c482 |
| SHA1 | 1351a8d97e101fd17381d7d0dc232af4b08b86c0 |
| SHA256 | f001a03aa71c553fe7bb4e9fe8e42d495ae726c657d8542ff8f1a6041c1be8f4 |
| SHA512 | ba6909f4997d6ad9211a5d660c2c4ef2a0cf5560f49f0b21c353ee4e400ec06f625640a46ac1300944d53dd2c025f9c10467013a15857d9f7946c5206b7cc672 |
C:\Users\Admin\AppData\Local\Temp\Tar283E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f487836adae619d7b594b28a9aba8cb7 |
| SHA1 | 1b7f457d04c6de27df900a5011c0d3aa649aa46e |
| SHA256 | 7696be447496090c7772ab2d0c519c9f47fd6d2e09053763b46c78c46f42ccbf |
| SHA512 | 9b7eb71e8a6960b50f75fa47fe60d01e00878aedd45ae4ea01f19fb22bf1ae1ce74ca0527e0780de7785f206dd51d6e4cf6bcea50d0e97497061cc11a8cc6f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7555686c1ef5a6149db0f37941d13d74 |
| SHA1 | 8f64c3b3509fdd6a64a5c0bb7535e0495d42a24a |
| SHA256 | f3605b0a1c356073efa7792531e1e7ea0f55531cef7415672d19c8afca487eb1 |
| SHA512 | 87bb8700b08d4f39693ccfd2de7d407a402c501fd5e71b058f8883ca7602340764a6d4b12a60320634d40dddd5a65eaa917841070a02ee0d5dd37029a83ca839 |
C:\Users\Admin\AppData\Local\Temp\Tar2892.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | b6815d60021f29ee5b249aa0942fdf2e |
| SHA1 | 61cc985769984895cc7c350c7f25ae34494b0ca8 |
| SHA256 | 0e6ed281f8e6e4c1030baba6b31965e128de5f674f2e178a0e5ba6ab618b5db2 |
| SHA512 | 49ceb889128972eaeeadadaf5fbec9932f93751bfed9969a668d6d024f9bd476f8c079e8a4d797f1103ae849c28b0abaacc75510351a5a865f20bf3e245e9aab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ed24a4ed02b86a467401b127ebd90eb |
| SHA1 | b046012727fa7730def8375dabc8b1673f9aeb04 |
| SHA256 | bdd0aaea0f72492e006c021b864b78804e9105c4fb39bbfea9b3937c1865eaa6 |
| SHA512 | 281bb8ce99bfc92a92bf728b95d4dd786b1b88a8fe6296c33d014b8f5f48e709ae0c66edd9c63c418930b7a03fcba6052a103c2905a06a275593c5d94b1995a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 322af2ab28eb745c654813040fb9d9c2 |
| SHA1 | 4239f5f7e6a83555f7eb5d522df9aabeb234cfdf |
| SHA256 | 08f294574e3d00d40a1d6f6f42141e969b4756ea1f9801b9dd41695f0db75778 |
| SHA512 | 4b033c88504f29d9593be23524189d71f93bf2a805e68d17129eb4168dc2612cb31a9d5e45f1ebbcc5cd7c1930138816153eed543d8f1fab78ce237701a1f79b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | b47125e9fd35af23769d171e1b08f4b0 |
| SHA1 | 667608d19afdbd435a775b3a70b6809c44695a74 |
| SHA256 | 4cd3c5651785b64e4cc988c43372ee4a9ebe0e9f1fb7f0b5ffb2cd1b03cfeb7e |
| SHA512 | 58f629028398eae9165980010963c34adf661dcb6489fd3bdf98ea7aa6438c0088f9e6b7fa4ee4a775d7817f6646aa316561e4ec56ab62d5c9c094b05f7308cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 96a7eecd6746107e636724e2b131a3b0 |
| SHA1 | 67cdd099cebb7f8dd10b4734d7fb0eff434c4c30 |
| SHA256 | 420c93b4cac60df78ba4896f5f852482a1db8ef41a3744e80c6aace60c8a3bae |
| SHA512 | 1f381303a93d2317a3910bbacb55e610f91abdf0e60e9b07d18d25f31a4b9719d58db7384a5b76b1a2073d8eb2ee2ec87f9fa55eaff2a131ffd742dd43d9af51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38cde74d38cd72e8732f39675b4d2e88 |
| SHA1 | df066c64f1d3e6f7e6e289ec40500aa282766243 |
| SHA256 | 9bd9eedfdfe8b74c7328cf448d9fea5e5f988e50f8fdc033df99e197ddada2de |
| SHA512 | a42ed3534c18f6296141baef1346cf3b970a01df84553a198ae36116c60fca4f0d3be3abacdf2c193bcb6bfcd1f81b9156b527b4b74b5008c357a9474dabfe46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909995a008c3655d26f12b71adb94664 |
| SHA1 | db57ee420e608c987a323d552fc3105a9b6bf3e3 |
| SHA256 | 0d77dc3237f5b027955c31d78bc007570e04b755dcec0a755e1ad8f211a22cd9 |
| SHA512 | 1e4d6aff873298670e243b4767912e535238c4b9fe85a67288008a9ab247b8669f89579a0071d4f49163584f32b3120a15248c360f7906dc334d3f38bc097328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61f1b4e5e1eb6d6e4523579b2e80f337 |
| SHA1 | 6ca635a0c87f69608df97af8548e0348cab6c15f |
| SHA256 | ceecdffc748927d4a4762114367761716c9dabf70f2e43cbbf99fb0cc1d75667 |
| SHA512 | 481af1e564793a67c4ce9d9e6bdff50d5abd43a823d3fef22c9d2ce66fcae1e3b33fbd3205e5c48af1c5457d74e77cfccc61a62cf7aea1266e21bf2d21f146e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\plusone[1].js
| MD5 | fb86282646c76d835cd2e6c49b8625f7 |
| SHA1 | d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0 |
| SHA256 | 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109 |
| SHA512 | 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\platform[1].js
| MD5 | ca058c47f91fde91fe2689ab8e0b8a5c |
| SHA1 | f49a88830ab0aedec26386d901232aba544e57d5 |
| SHA256 | 376d19623973dd693148671943ac4e30194fc816761688e08ddfe9dc8553719a |
| SHA512 | 8bc32d1ea3217b651c9842f222612361c129ec5397f176d9724ea154012ffe774818d58292e6eea22deea5b466ae9667a878b5c1bbbf386070d74ed9764f2ab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 415bc5b1925bb73315b73ce27be16a55 |
| SHA1 | b907b71e593d87837593acfbd6ef2031e403028f |
| SHA256 | a2b325e40e41463239be7ca31655bf6189067310c2496905df65ef43326bb56c |
| SHA512 | 18b18974ed86f8489129895968797efbf2283e8f6906e78a959453d8885119baf521f68dabbabe4bc0c8de12d8283cb1ec7ecbb2d3d05ffe5c8857e4b4f69f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad483e8faa80a78c4f7753c23277d344 |
| SHA1 | 0f4f474436183661988d2c95b56d7f31a1db3173 |
| SHA256 | 5ad4e2576ad8757cc68c8f7c0807709099f438d89598bd128df85ee83ab6f237 |
| SHA512 | 1e607688077ad3127afa1ed234b344947528b615a658d035827bb171562d6fbc5fca422c3c0d06c8163d9967a8eddbd9f0f7a44ef52c098b13196c8a0dd3e0ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc0851833d38f8485f1b9431fa80b1be |
| SHA1 | e58879b2ce206b13da7b4c94f70bb01eaccd28b4 |
| SHA256 | bc603ed74f39c3e4d91e450de2019b43ef79991f9d589889ac76c8d6b061e9aa |
| SHA512 | da7512fdb0d2647dfbbf469f90ccd0d8d1511f3abf441beb1ab7c031a9fba1be3cfe66dcb1fa0334700208e633dbd45b728fdaa49c632d6441014b6bc12db333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 167abe6e1a79c6acf5c3e0a82ba91130 |
| SHA1 | c7bbea95f8c1be3ab3c0e1b2cd87de4ba8c68082 |
| SHA256 | 4a90f1ca22de59f6ce8f9948970553d4fe9243cdccc381d1cac8d546f2c9ca4e |
| SHA512 | 3b345d6df172be64aca5cd08d78bf9a9249bd834f33d3e20e359a3aebea26b932140e352e483acd04f8a08f760960f1177ea203c35d1b39d9501df3de7634a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c99896e28150f283ea0c60dced1800 |
| SHA1 | b4207fa83b41da6a532dc3cba1febeb14f54fc86 |
| SHA256 | fc54e881635589d1fea0651933b0640ca8212dc7b0d66c021ff7bc090434440d |
| SHA512 | ba5d2d47aec3d987e81b88bb536820e73008e67b140c858442f39d3bd017df445d122d97ad6a55b59d0703293b82fb758537eaca851a5801edd8ed368f5d3f53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2de2ed9c8c6fcdc55e7b2c8c9d579f4 |
| SHA1 | ecbdadde8a57c1a7e6920709abf3779f97f63603 |
| SHA256 | 041aaf8dd2dbf346aa2999f3dc67efe93a99d78084827808b7412cccfe36ab03 |
| SHA512 | 2d33ebedb6a9ce44d909f799caeaa7e92355827a5438cc3d3df0c345e801a4f01c155b29ee7dfc1d8f2d373a0e8d89f39b1c1a48b2d19f2ecd4904db957a7677 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce2654c849882a03024408b2d0453989 |
| SHA1 | e2c2f52e3d5bc4a22991249acdec2cf1b617e69b |
| SHA256 | a0c06eabf68528a65624b0b7be6bd60c6073e28272f424e5d719c3622281ca52 |
| SHA512 | 3043cfdd18b8df42eabc3677375f7765cc97875c98543ffce07e8cd71f544513a9b5d1e680efc6157034c1f756fcfd406020fc295cf85ee02ed2d20aea82ca8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00721c9bdff04a3019e65a7b35c2f195 |
| SHA1 | e33cfdf15ea77ca3aef5feb6e4ea14d325a8ae69 |
| SHA256 | 9c072e72ef0cd90d36db1fe8c215b02d9b23557415a453d3570b914db59ff421 |
| SHA512 | 7e379454079bdd7c8bb37b480014ff74a3160c72291ea8ef8597ac0963d1d77fde039e42aad3dccbc882ddf3813efce559bf8b0293065ccf975dc8e51b0fd3dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de162b25e8a8edd844f9261e1b6517d4 |
| SHA1 | db4ff773957ba019bdda4121b9f2cb9ccb7c1c9c |
| SHA256 | dc3e5550b64dbacc1038cbcf3f4b45f00118c3c52a91ff1261dc92cf96b1efac |
| SHA512 | a647df9b90539bfbfb27e5b40f52f34b6d51f48f9f2ba8c60dfa341c353f0240a63f79f2be6c9fd93652c81ac8fe4cf2f274e173997adae782b91837da1aee1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19422f49696f23f5fae2111510c6acb6 |
| SHA1 | 25cad84e0cd65c5539871dfdc49bb9a7aed739a4 |
| SHA256 | b5abbc3900ac9e0fbd91e6655c3073b09ec7469df0dbf35e2014a116c02b09d3 |
| SHA512 | 187914f7c68fc4b463f77d7900a29695558541282ad10e0b103bb3d1b6f724b0fac7ca6004136fac0ff5d1ce60c232c7de2e3736ee219c57ca4015e308388460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f5f141d3c14a28f3ca92a915c5d1217 |
| SHA1 | dbd0a8c29d561901fab552702e162c506f1c3395 |
| SHA256 | 55c080d9be4f73cddf561d6cb73244712cecf1ee288b4a1b604a356133003dd3 |
| SHA512 | e77bb17804d1fd5b3172fd5c231c18b63e8f8ffbc9c352acec7a68767140e7d9ec746d7c0adc6991f17803e00a7dd88e5981335c2a0c65b7cacfa1a4bf6b73c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0b4c7c0a32d2ff036d580a4f59bc76a |
| SHA1 | 5d550ca91a29990f79e497c68bc2812b7c5f1690 |
| SHA256 | b0631da6c4856cd76ed598997c92e6791cd27a501a726df8a120228f09cca759 |
| SHA512 | f63d90a6efd6df5301a492a7f9d5c5083235aca1a3ee03db53ba26f58881c474bcdd85d2916a0f0f4b589e6e0e9fa784216ed21a4c69576415b8bb60eeb60244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36090b9866ee2939a80ed06a62fcc6b0 |
| SHA1 | e46fdb8577619a87621b4736c45be90dcb108967 |
| SHA256 | 1f301ff6e5078e53f63f7e5d359a2f19e83676de55497e858423d60e7cd17b3d |
| SHA512 | 705b5945935604cc08a1119f853377f03f15c5892a34bf6d112d65d339b01bd73a131facf4774ca5aec71265a6a87dc7f59c1906b255ec8067e0bc4cd2053523 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329b4beae1d54e893f505fb4801c9006 |
| SHA1 | 39dde8b6b96fc577c63202296a0289c3de585be8 |
| SHA256 | 0b415ce6918e18a52b8a4630c5d2ae6f6e4973395ee2a59e53ffa3809582e4f3 |
| SHA512 | 21b3116b82c0a7decd3eacaa99597dcb166524b9befb712c69ca39c54a991ee7f1c75ebe2e7f93d0246f1aea344ea48b99f135918312448bfad9e85c12c43095 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f17dd24faf0f2261d96f7627f2815ca |
| SHA1 | 5ce6483d4873e868081c8fb2c0d88bbe4d6d26eb |
| SHA256 | 5dc667bfd644f13c192c5d99c5a627caf8ddd2722f29ad974dc20137b867955f |
| SHA512 | 62d0ad52de407d38678ac90ebb000eecdcafb81901b1e7f399e074d6c7ffe845f347c35a6af3f27ad608ecd6d57607f24e4ee589faf6f0d611efef02e2f25537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4e43a8af2e5289287ca20f316d4b46f |
| SHA1 | f988dc66f69ba77b6e16f1b087b291e0ce547afc |
| SHA256 | bfb5546b1be0c21fab4565997c46f95e400525d88d772de3f12bd3e729affbd9 |
| SHA512 | 88a0308d196926567b06f2fb58ced9b8349d633260b72866548b42d5c41e1aa019ceb27d493dd0f4b3b328a5fb5581edb97eb4b134293df57c90ab2e060a11b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae848f78bf1cbd776734131d5b183801 |
| SHA1 | 5172f964bd9faed0eaa8a50e240c929480f846b5 |
| SHA256 | 626bbd5059342572a83f0f10ffe499f2cb8e2e15350bcb09274067585df2e879 |
| SHA512 | 1a60235c299ad6a753171cbe3f55085c07e53b44570006abd8c290955e1a551b558ecdf880c38c0b7314a8979e59e2e41c699e7c947768cf29532fe321b8b315 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bde9264ce2e77401685e9321eb0c2eb4 |
| SHA1 | ab0748e335120d9cc7962859cff463d4c0f02d64 |
| SHA256 | 68f254dca6eb2219ab8aa5e9c5585dfd83020ef6f62e6fbcf743284b414b2432 |
| SHA512 | 44b5e9ceca67904232906618df3bad8282775b0ed5ea975c528d476bba1f0e549b73bbadcc5ecbac5ed55ccab1461aa30230d08b73575ba46407db39eb690ede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f7b38db697e835a7e7c7b6364c8f681 |
| SHA1 | 3569dd361507446fa09187879704c5274f0c6cb6 |
| SHA256 | a88bc93f508daca17668931fb88429b9ffe5469f44e1822c3df07f3dec69e24a |
| SHA512 | 8535ab3909870a570b6b50ce11d2ef26785db32218312bbb6ec466aadd4cbcfd676eab41699ce4deca59f037c2cbbd7322bddf2b23bbcec423562e5a7e532084 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 547634ad6d2ede885e047199883794dd |
| SHA1 | 772e707a25e83c61922be1002474ab46911098e4 |
| SHA256 | 07705ff6142c029f6837e2aa8a01d490a29b378a0daf7dfd5e82a80eb5b9167a |
| SHA512 | fa67d8bbcad53ce980d7642af8680cfa209027cdf2a6dec1edb58eb4d91481f8f31146ae30b7c753845d8b771ccaaba879132f1e5f6f77a311d0e4850e2f554a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 14:07
Reported
2024-05-30 14:10
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846a566534704de4788d227a36ca336e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec546f8,0x7ffc4ec54708,0x7ffc4ec54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9311556480556444077,5267688347498739254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.opencongress.org | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.nraila.org | udp |
| US | 8.8.8.8:53 | phenomena.nationalgeographic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | tbn1.google.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.64.145.211:80 | www.nraila.org | tcp |
| GB | 142.250.180.1:445 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 18.191.19.75:80 | www.opencongress.org | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.68:80 | tbn1.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 34.232.191.251:80 | phenomena.nationalgeographic.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | usriflecal30m1.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | oldworldgardenfarms.files.wordpress.com | udp |
| US | 8.8.8.8:53 | www.ammoland.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.coltautos.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | blacktailbooks.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 192.0.72.26:80 | oldworldgardenfarms.files.wordpress.com | tcp |
| US | 216.86.147.183:80 | usriflecal30m1.com | tcp |
| US | 172.66.40.103:80 | www.ammoland.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.nationalgeographic.com | udp |
| US | 8.8.8.8:53 | formspal.com | udp |
| US | 192.0.72.26:443 | oldworldgardenfarms.files.wordpress.com | tcp |
| US | 209.59.181.51:443 | formspal.com | tcp |
| FR | 52.222.201.89:443 | www.nationalgeographic.com | tcp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| US | 172.66.40.103:443 | www.ammoland.com | tcp |
| US | 67.199.93.90:80 | www.coltautos.com | tcp |
| US | 172.64.145.211:443 | www.nraila.org | tcp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| US | 8.8.8.8:53 | www.forgottenweapons.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 67.199.93.90:80 | www.coltautos.com | tcp |
| US | 66.96.149.32:80 | blacktailbooks.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.19.191.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.191.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.147.86.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.149.96.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.181.59.209.in-addr.arpa | udp |
| US | 170.249.192.139:80 | www.forgottenweapons.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 170.249.192.139:443 | www.forgottenweapons.com | tcp |
| US | 8.8.8.8:53 | oldworldgardenfarms.wordpress.com | udp |
| US | 192.0.78.12:443 | oldworldgardenfarms.wordpress.com | tcp |
| GB | 142.250.180.1:139 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 90.93.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.192.249.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.78.0.192.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 142.250.200.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | crotchetybookman.blogspot.com | udp |
| GB | 142.250.200.1:80 | crotchetybookman.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4484_WVZERSJMFZTVRAJD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a40561b2472d5963cfb676beb64d86b3 |
| SHA1 | 4e64136a0eb3f6e2485c8e71e44e1f5fc8635019 |
| SHA256 | 998a6aee304c6cec380435fec0b9700284a6ed0fd83e81a7bbad6e1f5acfcc4a |
| SHA512 | 877bd3f8ce42a717eda6e7e5f7a6d6579d20ed48247142abf578f3b01a6bd6704810eb0ab654e3c8497590ee0f90783e93408323a9305897ded5a383c5404bdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 6df8b2e6eb77357b2da6fe787c8416e9 |
| SHA1 | a6bee617ff367d0eb67fe73d39d7964d88b3cbf1 |
| SHA256 | 4c759e0fce9e914f98255c74d222e26a4a6e84262936a630900861df69830950 |
| SHA512 | f82ab0654ec1de4e4094dfc796b86cf02e551d30f2d767c2689fa893750c192de3d0a3024d997305b841850b08193e95ce9ed76b2738d6938796e80c797d7920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | db342c66113068d7f38883fa181f7b48 |
| SHA1 | 156ea9e7c32818c50b4c58eff8f1e763ad892c61 |
| SHA256 | 302ed97b3f44d964181d93ff041c73dd5c33a79658039ab89a990a941b4b9205 |
| SHA512 | 2e6383ab7bda5586b1563f4a386e1a26cada34c3453c23ab91db2a839abc4026914dd67b83adb61421c4c0858a4160947ee0f860c672c0a8c8271459aef382c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 431af822f385ab5ec755d1ffe2175cca |
| SHA1 | b62fa2b1874fadfc9ee9226d473d0d8a9fdbb466 |
| SHA256 | ddbac566e9f5e8ff11f0466c4b46c84e5630e6a3ed24be7638954c83511fb06d |
| SHA512 | 1fa7313593e2a3ee04da288c0b2400be0d0ceca60c043405e4a492f5ed3aa361fedd408cd9c6b021c403e97ee6ca17a2baee06f504a5ceff7f3e2f4fae5855cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ec7743478a71c789c5d00ba3b9863c2 |
| SHA1 | 92ebc05bc31b2eae28812a8af1e2fc4bf7807457 |
| SHA256 | f12a1360e20e83f800546603fd1242cc8c812eb4b5f22604b477f5eece8fa8be |
| SHA512 | d54753124fd22bae44f3662b660f03fb6afde90df1d0cdf0cee988f4f2f9e4feb015c091c5e63a6a73020bfd398dcf0466a7a17ea8ebc5dfab0249d2c71128bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97ad34ebadbc472d07503109ab8f1972 |
| SHA1 | 12672d7abc376480c91c2d55d7d7ee887c8e3dcb |
| SHA256 | ba04c614783ea92fd6dfda75c267a8b1e780bc5e9e843ee6f3ce0a4c39aca8ba |
| SHA512 | b59d92ce91bfba044d672017416b61418c97b0b10e252b76f54171d61ee57a808a978403c7addb45a5d89b0df284962eb296435f66f72ceec42d556873765e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 998d9f77a8fb916a69bf2d3e0c83041c |
| SHA1 | d493833162ab5a7d592b7a2deeb9515069d30e2b |
| SHA256 | 0c053af1d50d042f8b1bfa9ab59e4f49b23d4ca63bbd63c886911bc61827bc56 |
| SHA512 | b630686c9b25a2409819904b51b8ed5bca54954b3d7801e99b26fae0f04c80f88be2ffc373412a1fb0343e98cf6fe2273f11c1cf555ae8b131a13eee7375515b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cb8048e914107b58725417d9706dbf3f |
| SHA1 | 19ecb59fe4f784f332518da9a2649bf8c601f877 |
| SHA256 | ff997ad1a6ec4d206a97b8710eb7bbaa58dc7a7d7d72f0ce1402713591b762c0 |
| SHA512 | dc9a3a2cace5bfd9428fa7621cda8d2c242f98bc6323098e19e5b26defcb94ffd90580234f97a63db63f8b5c5f90ec998910bb27ceed022e18dd5a270c8b2968 |