Analysis Overview
SHA256
3904f886982c3ee68404656d195044ebf071f1a53f999e1b0c74e77b51c4f424
Threat Level: No (potentially) malicious behavior was detected
The file a476d42207c3b9b86e7b28b75880e31c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win7-20231129-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003daf5ebde87b04f8100b98fcb08c1f600000000020000000000106600000001000020000000e8037f9aa778a2e657faad5c7829ab744f66cebb801e6737b8488866421ce8e0000000000e8000000002000020000000986a10dc0071df0f4d90a147aeeed4f94cff63cf2e7e2a57e0d8628a47763981200000005ff02da51a04747d858ee3338fd4aee66cab56f7a5319fe5251f7e1140b12dd640000000b0f4129b3f313b4521bed9548b8990e2fb3b4f9997e177828300d237237dfd67c4b298b590007724330002df6e5e7e21568a3fc0d78980b27b959d8c24c4049c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0af89e064bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003daf5ebde87b04f8100b98fcb08c1f600000000020000000000106600000001000020000000d0866ece8aea5322e1f9405b4ba22399bb2171d1180eef820f298e3d6a884244000000000e80000000020000200000005205cfe8731b69c4c83d54e381bee86af0ad2014b7b758fe9f22202acbc9ae7490000000919dd8687ca0a66a8b2304212a12897004a01f8d43cf9988da778f965aa9b853dc5e33268c38074eb6327b7111b19ed8b7f4684f1ecc5b53112791fcc3de3e059038ba970c9b245448ab4aaab8250b30ab82b03e30a923de261d8cc628c115c2d8fb6f2d15e83c836e6d01a70dcd2bfc3f3196840555be74f5a19b609c8d85278b8315c0dab02fd2b08877b0d121c9e1400000004b5cf4b985f5df134cf863bcf8fbaccfe836c036d6c44841569aef4bd2ae085c7045443aef297a7730448b3d023092796eeb002b7dc668e73262e5702ade2a11 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426225" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A094801-2958-11EF-8951-5E4183A8FC47} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 912 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 912 wrote to memory of 2208 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a476d42207c3b9b86e7b28b75880e31c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | oi61.tinypic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| BE | 2.17.107.105:80 | www.bing.com | tcp |
| BE | 2.17.107.105:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\Local\Temp\Cab114F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1164.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 814010d2ea45ab7c924096f0461f3e11 |
| SHA1 | ade2c196306d829d4547c28a41f2146bae902d76 |
| SHA256 | 63784d92822486c2fe8b772846eb812bcc47c8c05fdf6b45443eff0cdae642e1 |
| SHA512 | c43c6655380c27f31fac0b19cc52b49551de5286ac940f3c8de8d83935a9305550d52e629b2ee162f845175e2e5ded795fba0765d0f852c56a92adf8f9cabcf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b3076986e717775a7ae86d9993c54e93 |
| SHA1 | 189a7c06cf65cf1fc9b6e763b48f48fdfa1159b7 |
| SHA256 | 6031d5cb21be20935433ae6526b96bcc30af4d1de838868e449683a2a6bbce8d |
| SHA512 | c96e892ae2126afd66567f438de36ac4f902804a0b4b7d78db3f1fddbe0c4ac94f19718388973a8a3a65b9968e266ace0ec1f23c7fb1207f80034d8eac4fd051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5fbad4cf9ace7a3aa2b7130fdd2b0198 |
| SHA1 | e5d33fcbb2fbb093665f62a301bbcb61410eb84c |
| SHA256 | 2f79595f50ca0e1f8c335d5b569ba62789d26daa81eac90be30c81b9e14ed1c5 |
| SHA512 | 5fa28e53e2d3b6c3e5d4a72ce8bd966696dc39edc38ef5b16771c476bccd94ae0987cdba97a679c071448ebb2c6db20d67c3a63b5a9cad7ca7a256f8d5156626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 27072939dd9b7753569382f564fb8f19 |
| SHA1 | 2ec38978d09e7f8b84b32987bbfac11155d44b17 |
| SHA256 | d37e7ad80622f79a54297c626444e34433183f49bd82ccd9df46b48b59143f96 |
| SHA512 | f14015151ce0564b06113966d621af42f13299e74b13c612b14f5d8bd6fd8beea92720ece8e658a793c731ae7f83ea5f3795337375e07fde174794ed1823d398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f8ad287c6de8e34634932c9490234e6a |
| SHA1 | 96c75dc02a9f466140d23e44b5af418a5c69299a |
| SHA256 | 0a62b2009bba79d1c1d5025a8f728b26a42c31beef3ca5561e3d57977d3328a8 |
| SHA512 | 667245c5d528c8c79d55f4ef8bfdba2938d7cc4690ddb850c39221fb16de01d63febff5ecaf3037653205a93fdd6be3eb6386a51b919c73ec67e3be79381f71e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f52330afe2e69eb1c8159fd0c45a942a |
| SHA1 | 57316dab4254061df2c8cf6cb37ce0befd915b90 |
| SHA256 | 7127bb886b91a51a13c6f40e0a8732126634b50fe19fa544ce5506c00be816e3 |
| SHA512 | 2c76ca4d16c496e32df8ecd2478a3796f7a70ab53888416f3fa461678f4e92056a30532e2701ae365dfea47536258e26b386c5aeb6f2c3b5c296448d66ac5d12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 5afa066523e6abf4a987d2ffa272f09e |
| SHA1 | b136da56937ca629deb182cd112a1eebad660758 |
| SHA256 | 2b226dcd8dcb3b882d103854cadbb391cbe9129baf9d7cd224a9efc269770c0d |
| SHA512 | cfc21190a8adc95dae1224a5c9a224480d58c07b64878f143233a161e3b0d832f4a7b154e8037f764b3aa0cc7a4cea8147182c9e64f025b6454eace1b5023590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 0e0160d7ff8112626a571b9263a1a899 |
| SHA1 | 5724c28aa38c6394ea4196a03e3500793723de0e |
| SHA256 | 5ecc0a986ae99bfd54df00f612848dbdfef2bc0baff3c81e2d83e20c49dbb122 |
| SHA512 | 31cbcf6a9d61e1b7d75ffed7fbced4b24890d1e9a57507e0978293d22cfac4eb7671e084c98636b2fd95774f8e14c59de6e62deaaca5cf131610857aa2466f2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 40fb48fff78b199599895ccfbe1ccbcb |
| SHA1 | 57d38c479c9eaadd53ae67e68e409b546a37342b |
| SHA256 | e76ca1be0b7cfd19e2790a50cbafc1ede1d71fa1284816a00ea808eca973aebf |
| SHA512 | 21e8e4aae6fa4d7a533e558a9ba71bc9273cb8c4bcf3b233cf6290af67eb0e57e56e66139f101d080deae8134dfb8615a2f41d4fcf6a1ab224780055ebd8d943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 971f66b058de3ef5097510997a2b8e5f |
| SHA1 | 4513ad2b3080d5b8fe2216e46dbaf08e61ceca01 |
| SHA256 | 32ac9322ad31464b35c934a369fe1c6041521233eab6672fa6dea697afe7d423 |
| SHA512 | dad78452265db5a5ce9be15747fd66cc4188d4ba5d17ea1a4355ac704edb6fade0ceab47809f290fb1a1fb0574fd61aaf181571c2e24cef33a3a84587f9a0673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 61001942419ae34ea393139ef603f6db |
| SHA1 | f991f1d3d6dd114395f9167a10e9a920833a13e0 |
| SHA256 | e884e3516fda4f3a1eef059967f13cbf42247b49167ba8bc6b61b781f622d6f4 |
| SHA512 | 9c6010a1db4da46d110feed763013b4487b8e43787ab71b0bc93736c470041498246fcb359850a7087bf97ef510a9812bc93a6af7913dab8ab5157533e0aa64e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb5731d2b93376690824e507f1b39ff7 |
| SHA1 | b29f486734e4f0cc8c90c68c727d794eddca4be0 |
| SHA256 | 4a058c132b80e7b3bb31b9687e1bc709611ba8d5e749abad2a09472f372cce4d |
| SHA512 | 156ef0c392f749d8e2c76745657e39391d79dcc8d3d002fd5b1636c00d0e4aca525d8eb4a51483c5901b922341787d4ceda49eca9088ad6cf4c998ff8ced9c90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39be15e6e45f8b47a8068a94db3fb996 |
| SHA1 | 690ecd2a1c840d8b61754b59727708ced4838a0d |
| SHA256 | d5e7fe625aa0d100e3004025f3c2444b9e1dd188138bdb8db29b3ea11752b5a4 |
| SHA512 | 33057dd420105c1a10a685043ab92cee500ab9523587549cc4b0bc7de6bb9f3a4f17da52687292fceccb5f0a86b85e0950961dafca927f26798707986b8c0260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4aff730af98aa7aaf87d18eff56a20d |
| SHA1 | d9470b85949831ee6730ab31e8f8bc706f5c0ab9 |
| SHA256 | 8ce90003723957b96329f58b715921abc0a655814f0f5e4609e0326d24cef5af |
| SHA512 | c6d65ce14683966028da5531a548a91b49911d99c3be8e24c51455143b2a5e0b67610d4ae45f6b8eccdb9df140464c7a6bc95852316a5aa51ef8336d3b33d450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da4fbd163f1a738a6b484e74b0efe746 |
| SHA1 | 993058c3936ec315e1706fce1aa552655eae38a1 |
| SHA256 | c091f2be41affe390b5a1f3acad5edcf619a925df5ecdf360546924872382de8 |
| SHA512 | f569c2de5b2b585f8a8aa2950153fabfe61920937dfb2b3eb9ab6156287f40b6280afee1cadb1c9d5e837af4cd8484a7bb7f0b01dddc1c4085be063dd106b030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb4f48e80327d8a6d933b30b3db35b69 |
| SHA1 | fddcb90daa972b9bae9d8e40bdb582b5b9e645bc |
| SHA256 | 121f62c12cd7715c66b4ed2d2f890fc9a4ae9a1c065cfb939728fba13990bebb |
| SHA512 | af18ea1bc08abb9d8c2813d07cd03786af9674c28925e1dba21d92e6fca5648d98027614c31afd6639d858122083832851b9bbe0c3f1bab7f9cd3622fb4e0f50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 883d594cfed3f2c5e52daf7a47d1a95f |
| SHA1 | e15228fa1bd1e2d5ed3e913caab24bc422b77192 |
| SHA256 | 257ea0348af17061b8f749d84def9a8a4a7db3de569912b99f7c5cca2537a274 |
| SHA512 | fda827264d878b7847595cdcf2fb1a318d09ee172717ae93be220f0855bc6872835463d7cf0b4a17797f87c4fc4f3c934888c878c059b5806b75aef4dfa4b5f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 8e49cad96d9fdef944cd4c606abbca57 |
| SHA1 | a88e495ff0e29d18714e01708f62c3db8f7a38cb |
| SHA256 | 8bf293bc3fd6ba1ba1946bbfce39e50e25bee60ff847d0d389b1edbe1489a245 |
| SHA512 | 2fe863487fae3beaece0101ef5541661d80817a536f1a63efadf08b2bfacbd823b89c3f83323a756b78436c3227b529f2198ef9b33595700e07f43345d2a3cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d7ac05c992ac81bd2351416bdcdf6b |
| SHA1 | feeefacc448b3c7a75755469d13a45040a25c6d3 |
| SHA256 | 3694c7835797d2a2566d0835bb2db6e7464f89a94fbe217d222f9d46f54f7f4c |
| SHA512 | 991168dd6b8967ca99837b442f71d29376f50f2e7e8e884cc6fe6af443eb07db3b0bd8bffe3b74dea80b403ed051b17a0a50d24a982b374588c48befcf969940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c314c05125f76e7d1d8967ac3e8e989e |
| SHA1 | d0ad8a9c9e4f033b65241d432448c5ddab3e0f21 |
| SHA256 | 478c846812778881cda8253151d37a9d408f0bf217927315890b4de0c00ad10b |
| SHA512 | 624f778b618ca44bd54af900ad8baf098f431761dd7012c8f890951f4bff509f2b6d128327738176a4a86953640f574c72cb03fb9d49d4bdd19c42d76eaf29de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46bce4e41eed3a000b314d86741e23f9 |
| SHA1 | 8e81c00631e3726b3fc955c2791c30f381ec4955 |
| SHA256 | f314f735c14fba4c1a3981f4fdb3c75fa7550c2e5bf72d4a1c752da4424151ae |
| SHA512 | 7c7d9ec23803c5cb8c1d5d75579b6c29a5f134733183061948e6c6c811743beb90f65d4867ef07dd0da930980cfd06ff121de279fa41be78047808b70759087e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e286327ad3fbb9cee409a5a526ef171d |
| SHA1 | 72543a4cbad6f1456401794e1154019ca428fbf8 |
| SHA256 | 08e0f318371b21236b051e0ec0184ae6b6b988d055dc30abaf683cc896f49c94 |
| SHA512 | 7bca13cc94332b705ee7e3b657bcf6b9cb6ebbf9a197fc8bf9c780df430b4b1454c154b9133723e0164f6505250b905f5da999aae86339509b087551b471c301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 248c9b621320819df801a4b8ec3d65eb |
| SHA1 | fc961f7874d9830a8a5f6164bf91c8472f55b54c |
| SHA256 | 777b91f29a53b4e2252beb649eac68ff8f8399daad03f9eb768d201a56643131 |
| SHA512 | ae46769f0c43e15ef6d8841c0c09f1fa7292f307fb7792bf9265a2f0b7ddb7c27502185ecb74b4435d17238cc164add7c7291c46b52bc17333313867e06a574f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db0daac1d809157505dcb5ab7c0741f0 |
| SHA1 | 554fddf42ac4075b5a609aab7e057b0ed39ec9ee |
| SHA256 | e905fe039dcc5662ef7e088f70c74fec1423cd0fc4c26d75a3f5c928b96919d2 |
| SHA512 | 752771a8eedb14f0ad6f5481271a48310ff026789d208410c13d4d1c81561292db7db2c5c2ad5cf19c54287e75732c37b157a19e06be3e6673c43dfccd933e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec3c387463ebc57974d978a15d990d7c |
| SHA1 | afa2af0fee27ea4c5e231a2466848720d378e472 |
| SHA256 | 198f56ce0eab5a71007801a0fe7c3dfc78bbe270099406885fa368e18d991f8d |
| SHA512 | 6c41bc505c27c1e3e66858e205e291a322ab9b48587947f953705d21cc1e669ba12aac73a585906115818e61070c79160894499b5b8d242e4009feeb55da2979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ff73cefa3308857622e2e8a3a6beea3 |
| SHA1 | 64a35f7de41bfd17f4a2a4b0a4c5bef650ca9cc7 |
| SHA256 | 1bfe831669221fa744dcc2adaee442a866d973c45c47c230933858f34cb71b42 |
| SHA512 | d5ae25155998aa7683851010f23b5f5cabb126a5405b67b579c9eb220ca171b885b6ed3618141943014dfa795818cb3fdf4fbe181a2bd3781431a148fd6b4c10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7faaf52db39bee7384ed482aea8ef194 |
| SHA1 | b7c4b5ec4efc7d77015175e5baa63b265d82f4ce |
| SHA256 | 8679e1f89a73b664558b04949a1a074ba49b9379ecb84061badbae8264f06338 |
| SHA512 | 5daeb6d4e56652330132f0faa74375bbc56d8197537128c98d528284c8f3969b7bc731d21e4eed5b2e5c4abda7694b8cd3c367f3b1c314546a16fe16ce5f31dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f48103fbddd43e18af06be320e06c79c |
| SHA1 | 24fec0c7fffc5f64a00157121bedd69d6971221f |
| SHA256 | 105010e09e037188de5e9a218cf9e553896aa0abcd3302ba06e2ab19b1fe6000 |
| SHA512 | c3dbbe4a9918707b584eea3b5bea1b27a46cac0fa037df1ff3418c7af249c0c46df6ba4724aa9fe8d63a6d9b4bc85068d7ff41d612c63a777f39229a2e6e3d7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e8332df55097e55542a9c724c04b3e2 |
| SHA1 | f194010471b9c90a5a1fac4882bf2820fc09edaf |
| SHA256 | 1457ba02016e4ba7e44f01569e40c4f3933b36057a02510f74fd9fbc065ec5ad |
| SHA512 | 47a88214f43d19afdeb3cac3e1b7350e1f82c66f0b4c8d28043cb5dda20024d611814fb59ca6161d0c2b84bf6b9bc6a10dcb9f109d954801756b023e648dd8a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 542390a40da932e3ff5686b56470dab3 |
| SHA1 | 8d72aa05a62530348a656f589b4be3f7e3dc454a |
| SHA256 | 13226ecdbe60284e3bd8619745bd1fe9541e3edae87c3c6261634f3a6f568083 |
| SHA512 | 36f4ac24c28c3eace68748bd1a156a2357fc43ce22515bd3df731bd5cd28a381cf1265840edf9c28a223d19fa6eb2021ce266f8ffb6cd89b265aae9a66d26dab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92daa87fcd8d1610c2755f5d5c95f361 |
| SHA1 | 10ba5b5186a27c8d3d4489c0d34463d9d3aade3c |
| SHA256 | 4b21a4afe4d6f6add60a988f36439b44037c74f882551ab9ad5c3fedd20931f2 |
| SHA512 | 3f0bf229228c3e30077401fe607ee41ed4e75aad5a1d35721d89ac03d76b471391966e373dfd6135b86dc363df386e9c3a57b2ffb40501166a1b2cc9e3424667 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:39
Reported
2024-06-13 07:41
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a476d42207c3b9b86e7b28b75880e31c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcac9d46f8,0x7ffcac9d4708,0x7ffcac9d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8929066417774952572,15226990508358277415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:445 | resources.blogblog.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 142.250.178.9:139 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | oi61.tinypic.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.196:445 | www.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 142.250.200.42:445 | youtube.googleapis.com | tcp |
| GB | 216.58.201.106:445 | youtube.googleapis.com | tcp |
| GB | 216.58.204.74:445 | youtube.googleapis.com | tcp |
| GB | 216.58.213.10:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.202:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.234:445 | youtube.googleapis.com | tcp |
| GB | 172.217.169.74:445 | youtube.googleapis.com | tcp |
| GB | 172.217.169.42:445 | youtube.googleapis.com | tcp |
| GB | 142.250.179.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.202:445 | youtube.googleapis.com | tcp |
| GB | 142.250.180.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.178.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.200.10:445 | youtube.googleapis.com | tcp |
| GB | 172.217.16.234:445 | youtube.googleapis.com | tcp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 142.250.178.10:139 | youtube.googleapis.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.200.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| GB | 216.58.204.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | brazzerslove.blogspot.com.es | udp |
| GB | 142.250.200.1:80 | brazzerslove.blogspot.com.es | tcp |
| US | 8.8.8.8:53 | brazzerslove.blogspot.com | udp |
| GB | 142.250.200.1:80 | brazzerslove.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_3984_BUXAZMDYPSANNXEC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 386a9a5980605b06b0761956180aa81b |
| SHA1 | 8fda9f7a99e25c91a86015295ab423473938a368 |
| SHA256 | bf572319b3f94811772c7c113ec160d6eeaf4fd89ce850aadee5c957cd2bb93f |
| SHA512 | dc599278b5122b09b74cab0b77e8e5a4f440541f683b68fe575f992176ca381280fa4b470dcc42b524421b94d98fc5960f470f50f2ab1cef680d3aa5839a5dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 32cedbc9dccafce591ebb4cac6f53786 |
| SHA1 | f618574346a8587de6f0c4a0bf2457151dc5b5bb |
| SHA256 | f61b10378288c8d0fd896145d11778452f147194610294a2a0f9cdaaceb53d27 |
| SHA512 | 350d464bac4ab40319cacb7526ceeb41cb40defcc7ae0963fe2f29cae8e394377da8131086a0057ef3b63dac55fa65f75df53fe096e9430b1378428cbd9bdfbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 070be656c8485e2fe80305457f3e4c05 |
| SHA1 | d9cfac074afe177cfb47bb39639f833b67197b5a |
| SHA256 | e268ca79d69e9222daf99a1a4e8168563b71e10fd2211e6f271c59b1e4d7c201 |
| SHA512 | 32cf74b5cfd4f051654d44fd0065219377bc1a792fd86977bb4185e2222902eaf74b0e5fcb084f9ed9f6d891056a0f699482d27989e64ea9c7699b0b738e1f8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de2cab4185b4252445114a87aafa61a9 |
| SHA1 | e75c305928a267f1656c8e09032904acbadc43c7 |
| SHA256 | 1cdd5f91f2f1c37d15d1e86087da590b91478dd9b00e29d2ac732be2c2d5154a |
| SHA512 | 447ad03cc282dc994056576293c5ee143ea6382b4fd2d18b07753e357da933fc80f38af1f177420adde50d87abba9f14e24a53e9865385a3009cdfb28844ff98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ddf1483ab4bde8ad1362fb2c8dc9a64 |
| SHA1 | 2d77e2813a0bb54070d0a0aa4fcc22d3f61c46b1 |
| SHA256 | 4e565fd5fa2f5e0efedd15023bc3b3b72ff0ae5d708abe99233268a534c119e5 |
| SHA512 | f0c91332a739b212dc1b7df49aceeb0d9bd36225bc7cdecad4f8145bbdc0616519f59198b30ed15ec85097f15fb9bcae50d444cfc0051e5fb5f9e1d4c5bcbf29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 62ba4a28646fc335d783dcba25595349 |
| SHA1 | d0f6aa858e886414b1d2503d022004c03982f654 |
| SHA256 | 8834a0b7667caa3bfa9322a8e9bea99e47da3e4f3b115eb5e72fa3c45f2dcfda |
| SHA512 | 53ebdf0f2933fb21e91de07e9678f462ec265ec61f13e6296ce85ac5530a741c41a1ca0928065bf183c8a8352f23116c306891ead400fecd211a021f6b54ccea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ddcccda19a2592b8d8f65dbc02977f7c |
| SHA1 | 3be94a24a0cbd71833b777e81c293627cc74a565 |
| SHA256 | d2c855f292bb2c6b382d36352904f585e538758abd7362d09bcef49895edf6df |
| SHA512 | 8902f05f8b82ff0129488e0535321fd82bdc78258591938943291aa7c78649333e85dda47986c89eedf6274bcbac1924a65301a2ab33c907e71dd525adcf9866 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57ba35d11ee1b1eaae2df8f6aa52e280 |
| SHA1 | e47453ee7760c9485a655d960d1b93be4e42cd20 |
| SHA256 | 338b81474fbbb70e7862c58c35dc536692d754c2eeaaaeeaf7d91297b6c51abf |
| SHA512 | 042d3aa17e926922259378ff98c98e1bfff431868922c9601192f90a0e77a40cb964034bca71ec4791013e4e2d93f97f610e7e779539e72b3b72844aae158db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4c819431b2a6cb94c42dd888351a301a |
| SHA1 | 42f7b8b1bc38621b28f7ed6590b7514a010cf34a |
| SHA256 | ac55cd08a858f90725c404379333d7834d9a39476549d055752cb3f8ed1464d3 |
| SHA512 | 1b2e6a4942f6bd37e0e939ee1dd34b927c201b386e4d26d2511d77568619a45982bacd9b10b3bacebb69bfb95b63183558609ce6a7d362b7853755561cc1a270 |