Analysis Overview
SHA256
cdeea783958ace66ef9df1816a53d4610aabb62170f9c3c6b6ca84d0aa9a21f0
Threat Level: No (potentially) malicious behavior was detected
The file a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:09
Platform
win7-20240221-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a6db0db6bbd6547b9037461df7bea5b000000000200000000001066000000010000200000004b67b16f028b623d6d0f52a458d442e13ad035443086b041f60e3d7461b15703000000000e8000000002000020000000942ec9b470a4f94a876dbfead3e7e5e01e5c8a7bead31bf5d2b6e795ef9edfa720000000c00518dad020faa6b7f78701ae49e83e0b0240f5b92bf8a2a3472f55a541469b4000000065a8028bacc87fe350191b17ac83ba8c95b0dafc4c79712ad1dc61fd48fadde535a82f3c8aed39ee662537512f41694ef821666feb278f60a2e7793aa7085680 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395479" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10396" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73EF87E1-2910-11EF-9CE2-EAAAC4CFEF2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10396" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10396" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1932 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | realityshowgurus.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.danlier.com | udp |
| US | 8.8.8.8:53 | cloudflare.solutions | udp |
| GB | 199.232.56.157:80 | platform.twitter.com | tcp |
| ES | 52.84.66.113:80 | w.sharethis.com | tcp |
| ES | 52.84.66.113:80 | w.sharethis.com | tcp |
| GB | 199.232.56.157:80 | platform.twitter.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 35.184.88.231:80 | www.danlier.com | tcp |
| US | 35.184.88.231:80 | www.danlier.com | tcp |
| US | 8.8.8.8:53 | caroltapp.bravehost.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| ES | 52.84.66.113:443 | w.sharethis.com | tcp |
| CA | 69.90.110.250:80 | caroltapp.bravehost.com | tcp |
| CA | 69.90.110.250:80 | caroltapp.bravehost.com | tcp |
| ES | 52.84.66.113:443 | w.sharethis.com | tcp |
| ES | 52.84.66.113:443 | w.sharethis.com | tcp |
| ES | 52.84.66.113:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | widgets.digg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 104.24.20.71:80 | widgets.digg.com | tcp |
| US | 104.24.20.71:80 | widgets.digg.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| US | 104.24.20.71:443 | widgets.digg.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2321.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\widgets[1].js
| MD5 | 824beb891744db98ccbd3a456e59e0f7 |
| SHA1 | 57082a005d743ec4a7f928a928bd7bd561078c7c |
| SHA256 | 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1 |
| SHA512 | 6c19e304af16ae43504a44eb60c542526d0d8f635e4f57ab557e93999ad608be99c25354898ef4826defe63f8ba72e4d09c5eac445efbde4587534ca202958e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8a1be6162eebadae0dc593ccd4cf9e5 |
| SHA1 | 407f7dda6199bca105190a98f196d92db52cf628 |
| SHA256 | ba312ed7bb59ef169fb378851aa49684ab205b9ef7c7e102cffc92439ac369fe |
| SHA512 | 3aadd48c4ca88dd47ed7995834586ca7159cbe87f073886df5ed0b2ac71bb19bdcd5a6edd645a9cb97ec6976040538c7bebd90950ead9fa31b4b434dc676ca77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | 9de46a634966540a91ac120e70cbf524 |
| SHA1 | d7b8ebad181aa3265d6260de8569de46cb7ac58f |
| SHA256 | 185c34fdcfae9837de8d916600bf27b1c258fa441db69d680c79363a6a45420f |
| SHA512 | 8a9b07845bc96b72f6369ad45e6e6469c18cb64c37daf45c8118495b4ed74d27a4283d0a0abd39c2dc78980bd188a86ed54fd73a5b06f427d9881028449a4ddc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | 5bdbdce3bc4545b30c6bfb5f205363b4 |
| SHA1 | 8cee1fa4d30eac9b4573c8a71dce5074122c2916 |
| SHA256 | e4b54c7013c5a9735926731fd7c42315ebcbd693f7b07c143c074c3c93d2d4a7 |
| SHA512 | 969d0ca428657774928427a4f8c957be160c3cf570c2aacfd3de2b57d3867a587201acc328313ddcb817b3ccde21411292e8481d9287bc6eb805a065690e5e41 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | f60902e0b572807784956c42a970b440 |
| SHA1 | bd96b25d25ddf4ac5283fd05f3d4720b28b975f0 |
| SHA256 | a0c827123d6564bb8aaa584d2d0552792d1759429d842098fbe46c6e8c7ceac5 |
| SHA512 | ee01efe0841eff445c3a9d84b5899d08799727e08659cec49aa3411dfc3d75a12bc48f88619fadd16d26894b78847b340ac19282209ab05761e0260f3bac303d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | b6c854486f94208b8f72fb3e2678e71d |
| SHA1 | 698fe3f78eb71d9d5dfa3e70bb5f1e167751f6f4 |
| SHA256 | bc7ac897602aabb28cdebec3a657d6c90b0dc5ee039ffd26225790f84960bebb |
| SHA512 | f04817d85d2e856aac6e91049db5c6d9d643037ab001ff63078ad7f86dcbda7d0043a588ff95cdd23da047841e160b7a57270bba3be82e8992fd34ab98d6c852 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | f72e8c865257f4d5954d6d77bccaa033 |
| SHA1 | 4cff95768b14294bd1325c26695bd64cde2aee98 |
| SHA256 | e0637adbbc479d52dc2614fe3edd17432567053bfb66cda13fd43da00ec346cc |
| SHA512 | 864c1652f23aecbe68ba1e0307fb3a6fad231da77f737749ea2c2c9673868d3ae74d50eeae5b1bb73ecbe128e5c4644e62535c84e63ec6ecdeca2f2414645f38 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml
| MD5 | de248ce90fc9679d290b52b3a5333bc3 |
| SHA1 | 4366080ee346e0f97183fd707a71417ef5e2e15c |
| SHA256 | 1fb42412912212915f5c77146781609d28ce1e3b900d1965949b7005d611b929 |
| SHA512 | e554b470755c9d18552a25a00fe82960c2ba685ff5a8dcfa496aac32af38f662755813b374f08edcd5d02c70a06488c7fdc10ac64047d0bfa123c287bb73b974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e086c84fd4ba34fe80c1c40b069507a |
| SHA1 | b3931330ec796e6e070a24bfec75f3d7f2cb416b |
| SHA256 | 7292a8735a390f4f39bbd1e1627b1bb4ee20ecd2e8539886fa2a49b2a03c4d81 |
| SHA512 | 97ecece77433f569de7257fb01d223976613d66c44abf2bd7601a4c0bc5e12c22237d52cecbcb6e279d461cd7e6ac3eeee6eab10aa2dc458712c736324d66c80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f298d27a925c95fb0a20248bd262b149 |
| SHA1 | 835057fc25a0d039f5778055fcaa9ce29a927da0 |
| SHA256 | 35f21907dc6986e5e123d546c2336a32dabcb7ecf0edcb9a594e4dd18c8abacf |
| SHA512 | a341a38cc714fa542f565d90e535385e91a61f0cbf211d6ee2eb1d7ead029a11a6ed1fbd1f52d66f3b719a7317a70850e62e76df63660c4b268fff091e6d6719 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c22d72c455302afc0d8d64c038679b78 |
| SHA1 | ee9733c3427ab801bedac0c670664455d3a09bfd |
| SHA256 | ddcda31c6e7cb63c47312c968cac58ccfbb43c5704f916f2d9132a5858c0b073 |
| SHA512 | 14e54d91bbcc8aab6835c29fd58894b2aa0dc1f0a875195f12b601b4b8c90af838e3d2a1525cc6c5de85650e4df6bddcdbe5c640f48c505d9b979206f6b90b65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3d821dc53cd07fd80a10d3fe7531f6f |
| SHA1 | 15e22408734f89b620bca48692c3f79f1c86b15e |
| SHA256 | 0a676488a74726d969138b86ee26e7cbc5a0a1fa6ff85a09e40b23a7cbdfdf03 |
| SHA512 | 284af8f58153ae44a9a9f8c565820dd9e69d5243eb6bab81bd6867c0e5e53199e51d754b132002f7e93894c9f9d89bfdc3d5b67a0cf2e4da5f5f06da63fc24b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1ce58bce5fe2b2dfaeec106bb4e2c9 |
| SHA1 | 97b11d6466ac36b62e54555a3ebc3d530c968383 |
| SHA256 | a46c4b0b035f0f4abbdc68d3999e6d258ad93d9853c43ff775123408ef4972dd |
| SHA512 | a6e7d7be1da24892e65880103219104b0e4692955b568466d90814de78ebfe2edd751bfecd9531d120a92ad5bddf90c5f2057d36c1e6b8c5f95a4db6a9bdf48f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa62dacbe6ab413e9cea386822685fae |
| SHA1 | bf78f06ddfa68956414ae490db9a57eb23661377 |
| SHA256 | 0e63e952425656738621c47a39809d59798682c00de229ae74f2cb238817b068 |
| SHA512 | 23dc70e03da344b87589046c2c40a72e8bc3b36a303d8dd4c354d858dbf4abc235f33caac7fbf8ed43dfc46c4898063530b1c2f301d34527828115fe4a4da3d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc52b993fcecaea2233c41bb2c9fc319 |
| SHA1 | 3edffe78b13be93bda35c234c5610e5e2227e7c6 |
| SHA256 | fcc489dc8554f44c224646f473deed1d79407979d03a11ccbd47b9418d94f556 |
| SHA512 | 8ac51b383064c6ad2533219fc4e84e3b425e49d1b76ddf8ef2acff2a39271d84c3b2e1098b36812114b812068ee12fd3d0c5a16e8a53557783f0c589adfab1dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63300df3c8d0f3cd01671629854d8835 |
| SHA1 | 43dc48e6c7363a604af34f48be2a9edaa691e97c |
| SHA256 | 4d79cf175248f227b3fea4bfb0986fe933363b3ea0fb4423c662f18141a7b9e5 |
| SHA512 | 012c964d6867fa827918da2dd029e1fc089b098dee30f0399c98dacccbf3f5d4066af14b2b31e82457f3b560e73e3d25828d8ecb44be4901c159401e79b82d93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 785b82b6bc8698f91f110c2e319a6edf |
| SHA1 | 2b6b312eadafbf30121fb33e19f4c96546e276b1 |
| SHA256 | 78fd253fde01ff6f7ab9d6cab75aadbe56d1855f220d59182926199bedbc50b5 |
| SHA512 | d70b1896b79289b5e842c6adf2bb2684e2c0f0c2ddf89d69299b7bf32888e834bd02debf47a5d32fcc6657c84e6a908997bc4ce1d94c4a351b430c876c243a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7092a9e69bed411fa3b2f69bdfaed763 |
| SHA1 | ff2efb342cad6f3105276bf2f3d7af937f9fb7e3 |
| SHA256 | 3e9ecad156ebf812c076159a4051e2610767c814ff5829e4f9a96bf219d05908 |
| SHA512 | 94a47f72f00926b32a2985236881189a998726f525d841260b99a115db0e4112169f75449b55e48fdc1e1949a7332057f7392bf3273df8298246e9d1d468ffff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5139d41257d0b6ae2d40c6700154efb8 |
| SHA1 | d9937b5f8bc63832841bc867ec6c5267caf630b5 |
| SHA256 | 5bbbc399ddbb32b3f0b2ac81b6d4e913d8db06931fab31840df166d2620b8f7b |
| SHA512 | 155df20d4b8f54aa264da8d06b601a750247a8e66db5adc012ae65dc02f7c00b2377bad141d270db6085b8d7f2317a3cc0d453c548ce5a633f1021c446a0e049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16a6930bd7cd0624f04b29b840bd0172 |
| SHA1 | af2e15d31f98e3965c4a7d279d95a08de0f673da |
| SHA256 | bb8a8cc508ff67d2fb7723f2a20474132e0fa9143f19a39c1d71443d3ac5759c |
| SHA512 | def3d9a3256ff17abe5da70af839038fd5c6d1269b49d70c97ac87d9698c54850a308c98421fbbda1c8203c276c793e2013beba5518a4c8c8806fcd27d3d0d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e41435c4c8d24be14b018d025eb1d112 |
| SHA1 | f25240da732c3ddd1cd46baebdcc2c8e835959f9 |
| SHA256 | 773ee26575e96a474469263ec2b6b7f90ba67b247376e620548d766fbeefda57 |
| SHA512 | e64dd68f4cb72aa0cc7cc5accf07a22ab33e09532e079c892ecc0860b102aef04acf5218595c5c90fe5b44ee4ed6bcbce8af0e40b4b229a940f37606a6154697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e19970cdd73cde141653337ff1f8f451 |
| SHA1 | 807765bba58bcff279293c67e95959be90b59c39 |
| SHA256 | 2378d5d156d4c66eaab88ba93856f1766d0070ab21987f7bd764b9fb61b5fd5c |
| SHA512 | 2d4f23cbc5f5469ae7eedb9d9a752acabb2fd933d1c7b891999f968acb009435b9dc041974e2857eb7a66c64e0d31cc53b44b21b73c1e2caa73b5d03ac92d3d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff902741d805f35100beb2ed12c4618d |
| SHA1 | d88361ba5c3fc14e438d12c2692a2a75adb400af |
| SHA256 | b7f66efeb9fdecf9d487c6e00c592d52a582b2d395440532213a2a64e6b342e6 |
| SHA512 | dd83ec5b4485bbdca22ae5cae20f73273f4e71e397c723aa9783a47c8be7ab970a59d7f8dca10f9ebe6d995d56d8f1b0df91454a9b2f6174158bd9e802951ef9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1f595e750c27f62899cdeecec39d0bb |
| SHA1 | a69f43af9a194d8bca393529d61ddc1daa6321a5 |
| SHA256 | 4a34500eaaec227f5fab0869d4e1ff7b63f4c54a50aea365cc86b9999504a6ae |
| SHA512 | 9fdfb37a40557cc8d393d3034e8723ec68082607f86aa341d4e253786ce2d317fc368a14afb2c1ff243cf08b0d71e931a67ca1f14f18a0b6da441b73f7785b01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db08e0819629795b764c14bfd9496340 |
| SHA1 | e8eda6f38cb88445900e4255350bca6fe2a491e3 |
| SHA256 | 1459b32dd641696743bd7dd8be505f431019017e17945dd3c3c56acd91e99919 |
| SHA512 | 90b0ae4eb88c6fcbe0e89057dca93d53cc735b8739b56e51fd174f9952d6790205b8c2682403c3866a3180b61499d1d81962b93a48e0ff312d3dd5ccb3b061c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ca2d2295d80db846da665826c830045b |
| SHA1 | 73edc9938db916c9312b922757fb56edfd703fc8 |
| SHA256 | 4368d1ed7402261be73b7743b8ebb1bde6cdc38bedd23c18a59270ddad757c59 |
| SHA512 | 9fda596ca11fa2463996c1bde2d19a243e111f00b5c53143eb3ed513a9fe6e1a808a32d5ccbc0c01e99c4294f21ca7fe2217a84efebdcb83e42b0ddd7cf8a797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f204ba18140f277de8e0870383303fe2 |
| SHA1 | 9d0cf6b1e97bc5dca4002b8b4ce8e98cea49813f |
| SHA256 | 568da09c4fb21c54e5c4d29046ca81414ce3fca0c1c44062c4137ef81492b7b3 |
| SHA512 | 8cd56001c25397d0afd312d6e7759a584163adaf9c509d5eabbbf5bc3b77ad2f974e5b54ef166048f447f3abcee3ea0c588f2b6ff26f8d3665795e6c0c6c397e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27adea2e2c97257279345e497e9fa392 |
| SHA1 | 4e8628f9ea0ed34b4a2585dc61ae1a6a83f1c373 |
| SHA256 | ee8e810e38a68f655a3d0b9b161e46db3e40a3c8cccf4c5b02c728728b63271e |
| SHA512 | ef5eb1da783bf35f1416b682ac6f780db32fe060cb94bc3610fb6890b6b4f6202ec17f43a22a7b183f8141eeab0c79c1d41e978479329a28dc220042cfad2429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3862b5b389bb102a7a18ed2c712924e3 |
| SHA1 | 34c098c47155153ebe535a21ccdf479b60f646cb |
| SHA256 | 57b2670b882fbfea0bba4220cbe480981a32e12f249444330e8c0cf6a82bcea5 |
| SHA512 | dedceba63d52ea9d44983ce05216cec4901149908cf7fd84f8aadca1b6759a82ccce6aaf2caf410cc58ca47d81e59042e1e328b924d0b2d440b854a14ac66f05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5f910c3e82bed1a34bb4c0d943f8f62 |
| SHA1 | 2f63f20baf07fcbf5ff8cda1385eacfb6f1d0209 |
| SHA256 | 28e19f69430e6fa2af1f12dc8ae844db4b2c732850633f1663a1b493680666e5 |
| SHA512 | 2d04b31269a549a17d92bf7d88cb533c4e714835bfcc24eb4dc49bf0e3cf6af405507fc20493b5502d1057f05652ae56ab116e089abddffa5769db305a9d9379 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:09
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | realityshowgurus.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| ES | 52.84.66.41:80 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | caroltapp.bravehost.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| ES | 52.84.66.41:443 | w.sharethis.com | tcp |
| CA | 69.90.110.250:80 | caroltapp.bravehost.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.66.84.52.in-addr.arpa | udp |
| CA | 69.90.110.250:80 | caroltapp.bravehost.com | tcp |
| US | 8.8.8.8:53 | cloudflare.solutions | udp |
| US | 8.8.8.8:53 | www.danlier.com | udp |
| US | 8.8.8.8:53 | widgets.digg.com | udp |
| US | 104.24.20.71:80 | widgets.digg.com | tcp |
| US | 35.184.88.231:80 | www.danlier.com | tcp |
| US | 35.184.88.231:80 | www.danlier.com | tcp |
| US | 104.24.20.71:443 | widgets.digg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| NL | 192.229.233.25:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| IE | 63.33.219.166:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| ES | 18.154.48.44:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 250.110.90.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.66.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.20.24.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.88.184.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.219.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | 44.48.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 137.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_184_PLNTWMIXJGPPUSZE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b65d4a54cb585cdfa2854614f3305a0e |
| SHA1 | 2d9c8010b58ab117c8e0be3269cd8c394b48a23a |
| SHA256 | 7d232bc3898a33084aa63d660a59e74e74858608c4f03fb7705ec8a8f086d62c |
| SHA512 | 804981d89f6a728becb43949d78ee03ba08ea1fb8d11e431d364c10083db4d6b75ff6546926d87923e37ac33915da350d9711ade3d6cd5520acdfdc98351ab54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b7cd25410b849bc0c1a8bc7b2c6aeac |
| SHA1 | 7321a13136331be3467825499d1125ef2b3b7252 |
| SHA256 | e3e9ce8c6c4633ca8859d95fd3bea2cb89450a7d775e5c646c30f704e3657c8a |
| SHA512 | da5cda31fbe0cc16e03c5eebc87e9ac846f92870dfcd75d7295dd8f2371efb9f895f2c14f1715977917b83d4e46fc4c63129e0a49acfcd5cc4f474155e18610f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13ba1edf4eaa4e75fcf79d426939d3e8 |
| SHA1 | 8461682bb5521e3460af21e88b51e5cffc966fc8 |
| SHA256 | 0ba6e086c887222df536876196bb5700544782c3c859e6ba6166db4cb0a2a16a |
| SHA512 | fb956d0302947410b61062c99f7afea941cb935b64c84396591e1c66da0a77190b2e5ba1e2147b537a90e0514681d4df03b5e2e11fc44341839b874009ab95ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9d5ef97a0f49bfe38a76ec35ea01a57 |
| SHA1 | 689938dc4f049f32c38c914840e3b93ee17cccef |
| SHA256 | f0199301af62c4abeee37759b310026c537bdd8531ac0145ecfe94e576e2ac19 |
| SHA512 | 2203b1ef33f4e379d17f410b404cd48c27f23b19c62656ec51696ec8e9c30e2240b1e069897e66ca2946f962a626bd3fe86b084441cee6dceda4188e1ccfc525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a25e6f19f9bf00bab36c8ece9a642b2 |
| SHA1 | 981f306ce3b1db570131280b9c76a36a82820a92 |
| SHA256 | 7c4014ac73dbd2737274078d68419a03489b5dbea8b33dba18e6d4fb1102ddec |
| SHA512 | c1ff9df5416cdfa8565c145f27796cbd7d52fead673f40d74f4ea3b7a4876e15b951cb582515a77764d8e59f675a76f3033812beedcb9c6b8af16d0d854123df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c0c1cb639ebf428b42488e3666502b5f |
| SHA1 | d1024ea97dab1e7f5852055508ad95a16386372b |
| SHA256 | 0b9324c7baabd4cf8c03b9c77bfe24101fc2028f2330cd9dfb36ead2d996171d |
| SHA512 | cf0d31e11e482c08a0291bb75ac6d86a4a9e607ea3367405367522da29f91a89aee5da1cc10a20f385d15d06d76c7616698b217ea48ae1acb5a3943c5503b84d |