Analysis Overview
SHA256
75739b966bc7d8a238df987f26f2f4542051a3093243ce0b13c372aed4e3daed
Threat Level: Likely benign
The file a7134bdacf0e30049c81926d14c9bdc1_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:19
Reported
2024-06-13 23:21
Platform
win7-20240611-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0200c2ee8bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000140853a4269484fa2e2c9c720abeb48a64f17d0bc3fbb69755521080d25021fb000000000e8000000002000020000000e8133f429075b4e1de15b02e54547ed80e14bff5ac080711759918647fd4cbad90000000266f03cda539ab65d46ceee5775f78339c9c02ebfcccbbfc3e1bcd515030581508c66b730b0248b5243069e05ad80e3570c40bfa686e4e9dee3fd89368e9fbd2b485083edbaf9231fe36d43d95e98da603aebf0ccbd709b2e296808d666c1c42ac9c6b36404e9c831928b586ac890dd7e29d881428930189e986ca9cdbbfe43c2f701123ee30dc6db96e33c076816f0440000000b855cf3dccf598dd4a3f60627efc82159202c003bf5972f7b123933b815d7bc66198fd96eb65725c2b6140ec8193496fb03bf686de0bb2ef4bb45ff468b0c46c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424482620" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58A1EBB1-29DB-11EF-8E7F-CE8752B95906} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000681b675b0675c84db29eee1e20641bf3ce17e7e853366324ed62d42b2f8aab1000000000e800000000200002000000060f547fbac1378670ff3a8c0191d368c99731b98aaad26ba54af23fe839d0a53200000003cdcff532305808194473c68d5e7d624d41846643f9652f00f6b90f6559d7bf7400000002d6b019660a6f0604bb1a157ac9cd0c17d87738d618e91c2d0786541168999b44f7d3e1d7a3c5edd7065042a2fbd982481568d2fdc22f582f79867ad05ae9a07 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1912 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7134bdacf0e30049c81926d14c9bdc1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1528.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar153C.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2902fd264102616ecc36b9a7aca7cff3 |
| SHA1 | f87884ace284234ae1cb552f99db191ec7556f23 |
| SHA256 | c3a03b21685151eaa7cb49c11befa48660f3d304fb66df449c089ba26f01467e |
| SHA512 | e49f19d2ee702bae0c5c52e5fb87622b92b781c9d48227255ad2974989c588a19aec9869a3ae61d935fcc89f67b58359c9ca0ad81eacf71e6e1429105d36468c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | c3f4f6d2febf73b4003c8e0ff7615a28 |
| SHA1 | aac97f55c4d945fc533113d40ce48acaaa67f3f4 |
| SHA256 | 860e59c8d97884c5668bb6abab0c5f30c6cbe3928e0e84ac8628cc50f672e361 |
| SHA512 | 1988b72f5dd964d9335c65e17811845bfc9b98a2cd8866f5940e03a3a968f3906d39cb0c0700d0d4257a67ff597fe68bc3035c6ca97296ecf922392510db1597 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 18cd867be41b14103d15950012b0e1f6 |
| SHA1 | 578005280948fc8b06e68a1a89019fc708a27bd1 |
| SHA256 | c831c12ae384311c224918cfee032579c6d500e01514fa548db1fe915235716f |
| SHA512 | cf0e69620f19b3d210d0e7718683f0694f4ce74ae848559cac70e24cde92a521da3b60541b58bc784cf86464dcde7bc1fc89233670b49906142574badb9d144f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33f104203d477485ad37a73c927901e3 |
| SHA1 | 11938d66f32c69e4b1e8ff18c8611fe7d07fdecb |
| SHA256 | acece45c7e242e660b7455a4e9eb136f8b0f90ac482a2f83624f65c5ac5fb7a6 |
| SHA512 | 72133ddf914a641c6b172c136d5ddf697358e45f4c5fce37c1deb1ba94a6d3b4eb84203268257e6afa96657f5dba42bc64a58d6c735f203983e298f99f994e3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2873aed490b7c602294c1180354c7ed |
| SHA1 | a827aa47b67adf6f3eea4701a7e9800e4e5efa3d |
| SHA256 | ce26a842bd3ff07dc015af3b421b5206df196f55f2fa8ac0a57775ab83a09a3a |
| SHA512 | bc4e0208a97dc4f2d8e74036841b87e4ff5cf7caa23c93c6dcc44bce9efd5a1b04a192d7f6b8a82c0bb98f1b922be26522389935cc40315c0ab4b19c7bad885b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 324b14d33811e85d7a142ddb9a68782c |
| SHA1 | e19cfa1e2c6d52513395676536b3d500aa3aaec3 |
| SHA256 | 03f3d8efa5792b4f1b842ad971eb2c671fabe0632d0ac09fcb2c5be900a84896 |
| SHA512 | e8b29daf275d943b560476926dd1403d72d898527a16b241b13be39d49db870d3655c03f1ef0168294298c1a87480c28d03ea728eeef92ff99dae982b386e763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6836340233f7c9aebcb9b38cd02750f |
| SHA1 | cc44e10c468ea5cc748b83693399994e0566cf1d |
| SHA256 | de0456c528b4346c47b2ed162f219c0c2d8c22de45059f9af84dbe6032499a49 |
| SHA512 | 6218834e5c759165f56d6fc1206db9c9b2904586f79cc65a3389d80ee231e1f5bc4a362cd206c874afc0578cf7e6acb337e6bdb953d846b09abc1f0016d256d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eec65d73bf682d826050d153b840f588 |
| SHA1 | c0dda88d33735662fccc4f91808decd86d20b7a2 |
| SHA256 | 05b47369b4bf192b924974f9cd3473faf7c858d9416174e0dea1ddd7a7e71ccc |
| SHA512 | dd0decdead875204740879d9390d3bfa5c66e1583bf7cf4e1c49c118004da4ce9f00aa93dfdae0c2bd2b4e1b90f30d92d1dd99257bb6bc43f96537d819c9cfe8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9f96e0e19ed2b4aeb13779885d39b65 |
| SHA1 | f3bf9375f715589612843bec95b89e69046fcd82 |
| SHA256 | 492086dddd05bee8fb792be81269e16358e4f5a1093d9cd01da57095757a25a6 |
| SHA512 | 778d1929f372ccaf815b14e350eddb93f22301fe3c310d2aa63cfd425e0dbcb6f9d38a2a361ecaa89011897a12e8a3bc3ed4681f548d0a361fed321d72752b7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8743bf93f5b366d06a31a56bf691fd2 |
| SHA1 | 8f9e22c9652a19f6f6353ed21e19187ea845c354 |
| SHA256 | a0d60684807d175b0a5067363376fba3115daefe0bcafb544c34593d3713200a |
| SHA512 | 821f23cb6aa3ef6de3f9150a59cf4f9ded3e4abdb7e467fe40a0c1f297072b2ae124cb5fb34faea0e2f3690e1710a90321cfe504aef6413b0516291d3bb865eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c545f20da1bb09b5d5b99292b7996e14 |
| SHA1 | 4f8f2295720b8ae3a7241cd129d78a296686e4be |
| SHA256 | d32c4fcf85fb03ff9a93ab2913515458b5b7b0ce807e25cd356bc1817ce0e423 |
| SHA512 | 40616d76afb1bb35f6ebe37438f4fe9c733669c8958dd5e0e44b47dae10c3b3b378e350ba56ee9f91d95c9dd30e280a09c4adbc0d512ce137cd1f76d58b76beb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c1daa4497df965ebbab64c8835e9831 |
| SHA1 | 8f596ecf06c9589176f34ad889feb9512bc1bf6c |
| SHA256 | 8bfcf93bbaa35a722f52510456635e214b3b21d076436087affa461e9d015304 |
| SHA512 | 11bd713650683f3a75b0413b26313ab49772c3db5d1a7c36f86fe2e19bf475d27124cb1919dc5950eb759109b2f97d7517ff199a51b2101efb9ce6fed7938d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 927ceb8d1805eb846193952631770ba8 |
| SHA1 | f4e6027c2d92f8e47a7af3ec82c2eb3294155998 |
| SHA256 | 5bca9049bb974648624c7ba3a2807849aa3df55e946bc44a49e51758028e2131 |
| SHA512 | 63154ecea6a8f476d0d21e7e24bbe74b4869f05b79acc1bc59990529bcedc78485b3c1740afa085b482f90c5b5113d0b49e6f288da91e8d5efd8e36ddbd8ee78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8eba78adc1f1de638ab3247304e0b0 |
| SHA1 | 904af167acc003f0d2f8e063360ea12cb6f61fe4 |
| SHA256 | b7f64048770ddac250389c81cd5967971657ccb3cdc64516e4ac2cb8dca8b7f9 |
| SHA512 | 2c14dfe34388afdbe98ce8da2d17d164a0a54d29f5337d724c8c12e0a40f9e1c209f84f1619502bf8f736b076cebf8acf499a5d6698f7488729ab3a133780731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5acd84e8dbb987dc3425d2b1239e33 |
| SHA1 | 7a9be4b34dfc65ff50b9097514caf8ed63bf6532 |
| SHA256 | 7aebe0829bf7a90ae831770522bcdc3b7835c9c7ca53644235004ff04c318347 |
| SHA512 | 6a6f0fff8c75e22fe1f60a20a6efe0bc3ce1c79e616ecd5054925eeed5d645113c95c1fd97ca9ee9ffcccb63af68931ee171176999630ee7dbc2b7abce79be9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7455af35a87f2c203567383fad7c7c03 |
| SHA1 | bd2ec139b2f58921764c868b50dc5c4e1634bb63 |
| SHA256 | 16a8304779110744ba9a5350e6d318e2ef2b5921af543ddb0e974253e101573b |
| SHA512 | 0ee0f72954762cb1b2d94c5f6ed72fa486d2c4aff942027ba2e932ff0e8b879352836c9616d6318e24b9440ca8838ecbb67ee5c37ed24831409b6f5ee5a9d6a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 368507976b437e3a51d11d9ce5909afc |
| SHA1 | 28cf1fb02e212d3042a068066887923050d0d2cd |
| SHA256 | 7ecdb5e149915db3bb5839daf55308b696804460b656f724c21f00a094c34066 |
| SHA512 | 3a6c180453d83931a69cb661e3a96ab34784613b954d1f722592317a2d02df153967c17550c87f03eb276a6849ef04c07af60aef9a306a70f0f6f1c84df575ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bd3c770a0ade92a240a8c6996cf4125 |
| SHA1 | 810155ac4d2f1b955348830c080adcb1dd70da99 |
| SHA256 | 9c0b464dc5419eb09b8d070393361c5e103fca0169d310610ebac2e2609fab34 |
| SHA512 | abd511203b832aed5c5da8c72b315429c110f3066fe1d577d306cbf7357cf4a827db326382d8d6b25652aa40b0dc370aa693d8c1660f72789a9ab6cb4efadc99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70128fe35b0dac2632a3fd220c7d11da |
| SHA1 | 62d34618d48e77b5d003a2855cc714ca573e5dcf |
| SHA256 | 7b9b9cd587554c336237ba39a1b007699cfa481f31e8a9fd1b58feb8a079fb05 |
| SHA512 | 7826824089befff3d474c5e6a6c57456da7211a0fbc9ff94f1163f34a13e2acd3d8e745e0760a1387c2c32a65eb58531301f2f44c1d45033d1b63565e64b9310 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c3a72cfd50dd5a6f65e470c2daf0424 |
| SHA1 | 7d6ff979ef29f72e5c85b563d034c4cf399bdd57 |
| SHA256 | 6c38ad342cf964c52d76c6be973234f5c76b5f8aedf55ef2bf77b338dfc7286a |
| SHA512 | a7c1480393d7313d43fa5fe0daa4450eb749cc700d007fbc301e79bd1a12bd578bcc8691dc3e10797c5208233e75f5e2ca1f4f9c7cdadb4f650abe91154b19ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f5edb429bb1c56bec1da9eac337b1f |
| SHA1 | da6d0ab8b860dddb6a085bb7173f5890b33bf7d7 |
| SHA256 | 930af206cfe5d0118be78cf326b723bca36680354c63dd78eea2894c55cc6354 |
| SHA512 | 21a482a52e3a0cce5f280eeb0a7f93edb0180f85279ce2bbacee4c62ac7dcd14e91b040eece857059344a9caa0442b4fcece48e7c580f8300fbaae7b05e2503f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e6e5b03d0d81478392f980b89124903 |
| SHA1 | f9af0118a1ee0beba15d268707ce90d0fe37d9db |
| SHA256 | e1cfbe381f2e3bb36f6c3e7ef14a31e71ab9f45bd6eb03621c5bdba5213b1941 |
| SHA512 | 22ec6725e63bfa62e56d92ce735dcc8d47506db3ce8485df03a80685acd3d243d9447218cd1060663660521c062dc406efdd3e339cdf0725bfd953ccc5a71e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 455317837a1ea336bff4d7971e2424dc |
| SHA1 | dd356263d7a6f17ef050829ee316c98ea2061e3f |
| SHA256 | 87c7b8b7e8592e0e61c6c8f71073a683c028f1c6ec354fc0f9a79bd5260a0a1d |
| SHA512 | 0121c3384716556e83a46f25879ecad9fa905ff91c697f33d78c31a78546b4af9911f5b9bda80029e5bd73d722cdb46b14a92e4cb12d90b8d06caf197023b02b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:19
Reported
2024-06-13 23:21
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7134bdacf0e30049c81926d14c9bdc1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcac446f8,0x7ffdcac44708,0x7ffdcac44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16369945772743958541,3441806581721476809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:445 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| SE | 192.229.221.25:139 | www.paypalobjects.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4432_MWFLBBUYVILEIBXC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ab9d3772c79cb84372e949fd3456e2e |
| SHA1 | 55c68903286a4e077f1098c3f0ec438d7b96e5f4 |
| SHA256 | 0cfeef84a0f6b3933dc2b177e70144f7d901ff78d8c45121173e3fea844185ce |
| SHA512 | e18966ba739c05c320826be58b6d63297c67989fa8a14020b1b3e8209971c906ce014d63bb790864697379918f883ab394b4f7dafcb8197b7b5724109cc10f69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 7888c6276cc924fe3fcb577dfd5bf14e |
| SHA1 | 88b6a5d3de5857994cebfa494010706d5bc79e9c |
| SHA256 | 6b48449adbf6a455baa3f7eecf792ef6775c1450c4d48ed8efa9d9066bfb5afb |
| SHA512 | b2b9db9ed33af2a335eeab3e108f95ca272a2c0edb0d19bc8219bfae825efa733283ba8ca34c40ebcf250b426272ce43f541d3c1699e945565a82df9d97570df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e9ba1c70a5bd3436ef5e3260ecf5ee8 |
| SHA1 | 7f05344e75e43f12a500f097c2696618516d541b |
| SHA256 | a0501ed07e1bc2ddb508fc063c4fb94c03f35fe0b2a6af7e613725832464b0f9 |
| SHA512 | 8c82282706f4041da77df489350e127b018e25e306c6961debd65af45d11bff77588c303727b6751180f7f1e5f8ef9ef17a43c2b03026a7a8ae7653725bd634e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0ab6fc99978a092ae749bb7753b034f |
| SHA1 | d14995f4948abe7c156a72f36666b9d7875210f5 |
| SHA256 | bccd4af176f51da04ca6f411a698f20e54e91163d208f95a8a7e7694c936f3a1 |
| SHA512 | a599cb4a43159e8be223c390e71d2aeac48034b29262f698f419ed4c6e44d32f428d91c890f9dae2dd19a77112d2af8dfaf7898477a8c572efd88d33336c6b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 195e8508559acd9cdf23c297da87a9f6 |
| SHA1 | b0fefac71c8695e435e57d79b4b89178e392fca7 |
| SHA256 | 33f244b979442197298dd26d9596706f59492a1ca7d14a60e433152bc828c537 |
| SHA512 | 440c5a3400b24f6a4fc80d9974b915353a6580d8bdfe0f4ffac67d5b17a263143b00ec0b7ce639df6f9c323f2d30e715973a33cc7e567602ebb4399a7583efcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\85acbf4e-abbc-4b5c-88dc-7a84f29ade4c.tmp
| MD5 | 80a11ef9c8b334135a22b5dedb167aca |
| SHA1 | 40aa07dd775fc8f5033e9892297272c0e0a59cce |
| SHA256 | d2f59ddfc5e4803dc607ef7e7121993b5648bc3aaef78368ef0702cad348e616 |
| SHA512 | 58b65dc4e599680fbd802d151c878e9302552fedb56584840445b6d9b85b5e73bbee24d99a74533607bdf8aa6c949b1e0a0693be7426ddb6c62e74da7e5669d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b92e.TMP
| MD5 | 89c43b815cb421f862033f0fd5cbb0dd |
| SHA1 | 86d1a95b6866ea0e8734bf4ea05858be290f239a |
| SHA256 | e4775e01bde1620cbd958ad6d5d58f72a677dedd611fe9c387804a7eac84c165 |
| SHA512 | e6b4eb73ccee2edc4e375846e2855916122177814c07e15ed2d185077d7334093568faf02ed0a7b3aac52dd84f2ae573ebda25cc08a20961dc874f6de58304f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efd079652ad21c50d69ad30ccf61a40d |
| SHA1 | 000bc74057bb6ab42d2a160349e1597edb211bc2 |
| SHA256 | 045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f |
| SHA512 | 35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab |