Analysis Overview
SHA256
703da3511c3f10cd758931aaf64cabdbfa4361d65cf514181464ef0fd4bfcd26
Threat Level: No (potentially) malicious behavior was detected
The file a6a96764b97231909faf58adcdadfdbd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:34
Platform
win7-20231129-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007cbf5222ee72dd4baa7ea9712f2e3cd400000000020000000000106600000001000020000000d89d52fda16a8e3edc4125ff33dc2c1c0c964999cc3457b3453de2b67db205b1000000000e80000000020000200000002647641e879ddf6af09852b9b9d7153cb7a4f4b678ca1826f85e5fed9cb48d9620000000581d4d293e7657fe23a457c282f756b3819ea5e6b23ea6fd3e143f331fc6126440000000aea228e6a078178345fb11685e8b39a58e38980504f127579863a44ba2cd0e2c2afeaf1c6535acd1109edbbe68ec20bcc294905107917177b8734245ecf089b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007cbf5222ee72dd4baa7ea9712f2e3cd400000000020000000000106600000001000020000000e6b55a79a945a030dd1c06bc658c1741b1277fd6ae45a1a08136fad59ddb0644000000000e80000000020000200000005e2cac55eba8a14e104b4bb158109b0785946b918f136450bfc9c941966151a39000000098ba1087d589088a4659b73f2c43dd6073c1aad5718577f3d83fc0c915c0fdaedfe44acbf7d119503fb94ce7cc8cc2c376386d1c3a5cb2da64a3c073b3fd0f95d0a3e75a6777c0e548f1056144649f5691c2c84352b041e895b7e85bffc9e9f6f9e0766a9981ac0170c75368b296f624698d3ca7a70f616e1c215eaaf5af92ae46ca52b7df69d8fe61fbf722e246aac140000000cf0a98e83d2390299c9f3d48d4220a39948c04de4d7604d4d7b01f4f3f365314a16756987d0951d7a4a4142f2174bf428edb4719ef5437f2ddebd237f8d5c743 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6861E501-29CC-11EF-8D15-FA7CD17678B7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4093e442d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476205" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1972 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1972 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1972 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1972 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a96764b97231909faf58adcdadfdbd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 89interior.com.tw | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| US | 8.8.8.8:53 | plinos.com | udp |
| PL | 46.242.246.122:80 | plinos.com | tcp |
| PL | 46.242.246.122:80 | plinos.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.72:80 | www.bing.com | tcp |
| NL | 23.62.61.72:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5AC3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbfdf8e3677598c7c5cb74f36934b8f |
| SHA1 | e8febacf6752988977fdb49482dc0e6516169d2e |
| SHA256 | 03a807547abe201b8582c28717a81637503ede03c4bb7d5a3d215a00c370697c |
| SHA512 | 1b25805986289e1bbbac4477914611d90c4ddbdd68db7eeb9eb371876ea6435774e04c5f052fe7cdb72d8ee6acc032ef704bbc3cfa6982d78de1e7d2c641f5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a7e1eb1bb85c15b708347c85b14d2f2 |
| SHA1 | 568f4b0b6fd8df7ac730f035d16b2ada1b5d93e3 |
| SHA256 | 67ec38861f37ae6d5502fda724cdab5a2ce393b6b3dee9ef554d9d46d9e27e96 |
| SHA512 | bd98714d5d5039983f9de71d65afc841c91e3ca037a5fd696b6fa9dd4c6ee0fb9f2fc9ee49a53bcb07ef89f141a9266ac524263bf0c1ee14efa64d6bbf870b4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ad0864650fed9bc3866c4d0d04d8ed8a |
| SHA1 | 9bd24957f26b65e2a77e01dfc728e08e26f3b314 |
| SHA256 | 9a4ee865d36896149cf594c14d888e32c1530c8140b990b30cc6f1d2458ae9fc |
| SHA512 | 2e6ea45a883a859a26685545c02cee19fa608e9a8a460fa9855d081413011f1bfba7d7b697809f4074632def2f80b0ab730429dd79a9c49ace3f89b2d75e8d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99aa2d0c597148a8515ebf3ef43b1ed7 |
| SHA1 | 6c377abce88927314ed2d7924e93297a16f0f685 |
| SHA256 | 5eefc4014ede6463dbfa1cbf34fbeaad595f8a1bb51116937d8fbcdfa6bfe7b0 |
| SHA512 | d82726c689b389d3113623bd7198fab5c0a9c3f28c87cad34839c5d508382ebb096e1b539dd7dda6cc6bb8781dc650951e15a6044943af30c93ca5e8fad8d308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 292534e24ef3a5b28d6b72a0d0b06cbd |
| SHA1 | d4b5a735a81c9a643832d00c024778847c7d3ecf |
| SHA256 | fabc6f29e41ed03161e2fae942701e57807435b42408fa2733c0ec8c381078a9 |
| SHA512 | 4324041c6bc2ab01b40d63585d866d5cfa9d276d34847386505c712d5f5b8cbff2c2e5e7ffccc2c44d134574b1c02265ae6b22a10967f1bd6bf8d4583e095dc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc761940f6de69b2a0585d5197988b0 |
| SHA1 | f1ef4793eb3315fc630261e0c20de975a311770b |
| SHA256 | 4daa8da96750d2cbb6b01cc4b367e52fcaedce98b5835ca4028c42abf968e214 |
| SHA512 | 130fd2d5b2129698ed271865663b97daeadc7c87f13b251bf9e2df328bba5bdb9172f9f7625a7e0954d9ba515375f0288b01573f854eea1a6d349e140774380d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f39d642072b28dfa26a7f136e9f177 |
| SHA1 | 883fe47a83f2b328f43c733fe7936fed0e5c0e7f |
| SHA256 | e128d84a09764c56ea81f2125af4bed47804edf3967a1434779828b3fbe0a841 |
| SHA512 | d8babbd08805b293d6e49274f4f1a40e3a73b9a6cf0b68e99889282168374e01161c69ca62bf85e1e46b0839846016d8c18f41544b0e6e036405a81cae03d726 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a3e52718218c579c463439bfac4fd7da |
| SHA1 | 59bac2ff58ad8f9a86df06c149d50dbed8a20156 |
| SHA256 | 5ad0fb987d569e107819ab19c6f30ae5302cb5c81fa0a7184cfc443c9557de30 |
| SHA512 | 3045df2da1eba50969d35ad35c705cb84ecc0d64bb12060035634d490e5590384236ff4ebe20a6dde1bed2f250777a193e13152cf8cd19dccb2c3f59ae90197d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14abfa47cd4803dc75aac9bb722333b8 |
| SHA1 | b29a18488baab4cadfa34a79ef429b2309f700e1 |
| SHA256 | 678c8a0e91519e9147beff308650eb63b0b8341cdc62d1135f64a11fe13d533b |
| SHA512 | 6aec9a4d0740f4969b60cc3f0999939e2f12bf1548c0b2ef037b2c3052f0b185b496e14e3307d62ba35f8354ba18b7d08a2540f1475ba460154340c51910a854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e910686e2b31839ba1da576ba6b92d68 |
| SHA1 | f46e3cbb32b2bdf652352776075a145d6605bb07 |
| SHA256 | 1372fccb81ebd4e4988f2772aebcebdee368716f0efd7178c5a98468b1232cd0 |
| SHA512 | d527e5f108dc46cc94929c7976521c50d09fb4ae12f46b8157eb1c377b29499e0b30d98dabdb8a11e53f0065ba0b37519a93dbbc9e0a29a52a2cd6aee9237448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bbf87468781a40bebeadd96e0be5926 |
| SHA1 | 05925b706ac818d05fee91995262cabee6f9e43f |
| SHA256 | 81dd1158a4165c023f518d7b7b5960f9b3009ff8483bc9413203e12c69634ee3 |
| SHA512 | 90c8ca598b7ee73f1536697b368573e739ef7713014bf632e93910c91af90fa4896f97f2418cd1f299ed93d61e00c1b1587f56875b7e00948d21eb0dbc1a71be |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a0e1042027c89526b418afe4b2bda3f |
| SHA1 | 75183a5ec34006d02c080bff5a0c0a404c8b9de5 |
| SHA256 | ba37b9c33403e7cfebdf20e31bdce2a364a7b752ca737e1a0064dc64e5cf93d4 |
| SHA512 | 1f14f769dee141bb4a15439aaab5a3b3c5fa9507d791ce6e08b2ea32c727fbde1cb64d4642387cba9785940593e2fb6bdacdcecb5b7623b6c8930ab324d15a54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e61dcbf2d6d378bdba8a0c5e3985c44 |
| SHA1 | 124fb981a4a853d01289e3cc89e1300c312a09f0 |
| SHA256 | 70982e9694c488eedc25a3fa2c9eea4678de4eba5772150a51478aa2612e2344 |
| SHA512 | fdbee06100ec3ad12603db4956d0276554f6197e7f464bf9df85d14e96635326cafe46d38eaca5537a8760b2420d69ea48663862df05cbb7766a6bcc9937dcf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c865d1ab0822be6f81dc9dd0534a67aa |
| SHA1 | 0cd01952a312fef42670b97e7a66910787d96389 |
| SHA256 | c0a7659942d982d2e12fa441dd999276ba761b9df682e49f4c04b71324ba9236 |
| SHA512 | 76514014dee91bdcf368df377262de5ca25bae5a987a34e5a4fe29012da8b5f79120602c26af18853562a056d889ebd41231c53bae8dfe6f3f0925ffe8d5d8b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e34b44cc09aa10ac2f6fe1b032a5bf69 |
| SHA1 | 1407385687edec833ba25f3d9517c5aa2734518c |
| SHA256 | 64f2446034c0f648e0949a1f9bc0018a607d05d377df74254022339a809d100e |
| SHA512 | 8e067ca3230f2a38f242c668d550ddbb63e05c8046138ddcdac337362caeb128615347610f3afc2c2ccfa30f922f77b042248e4d29c6fcac8228f6aa6cfd688e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f44cf208ddb834d4cb4c13ade0c245 |
| SHA1 | 6703ff5ab290f92f2b2d2ade99e73d984362a5d7 |
| SHA256 | 5718dcd1b070dc27352ca9afeb8606d8d33b0e5d9f18ebc6e15ebe2a4caf7d7b |
| SHA512 | d99ea6cac1f50ed8ccc7dea146fc17d672f6fa8f8edce63c3fcd7c82671c593a8f58da59d36028c7fb511f67af9a276bb1799a9564d5bc477a62aa3cef8a73df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd6ca5979afc114c6386c95a3eabded |
| SHA1 | e8a52d50b49cba1ab78915b584acd28928981634 |
| SHA256 | e03c3eb69314cc8de922a81d87b0e00b67b2025f25dbcb9dc98cefb22c82020b |
| SHA512 | e5bc9c4daabd4a5ff4bc85ad9f154913d37a8d8584311303b8ed2faeadaf5cbec334d136d41dde78b008ce29ca1a9e53af7a218f9d4f96c86c35a90d974bb83b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15358d0567be53a93eb6d51a7a5b7a6b |
| SHA1 | 8a611eaa95ed9be5f468a127dbef8bf88547d055 |
| SHA256 | 3ecd276e9ffbb2d7d43216381a36ce7f22d0f7e7836704801487ddd964c59253 |
| SHA512 | 3d4ef6a117ec09afc8656d4102fa97e6196b55c2b8151cb3bbb74b0b92e56ce6a46c60b4fdeb2d1310b7dc1504ecddc0c182efbfd666f84cf15373e776ae7815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4211fc79376e0ce7500c980d45809a12 |
| SHA1 | 4477d9755b01ab3d77bdf7bca266e411b82eeb50 |
| SHA256 | 963c2a2fa6f04b1615d2471ed88f0910a19f2c3d6884441140017c8c49abbc2c |
| SHA512 | d7521ec25c5c8c82a026598d493738ec13cb78ebd48e773813e3d3832532cc208b928ed230054cd88a011820a2d9e7f8999fa471fc66cdfa8c2c1d2766fe4273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad6251f7e2f462a185f83b6873ae428 |
| SHA1 | ae95551fc941c284acc47d0d5e90884fdde0fb9e |
| SHA256 | 8a2eeaab48386b7ee6008a608c366b5059ff2731b6033db06e4e5b46dbcb7b52 |
| SHA512 | f0a8843ba8d4288faeb9690fa4387d8c54937226c7b56695bf8a984ad013d96e101bdd6b8d1df5732f6599f93b8a8738f6415dce41a584c7365a5b16bed51fda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc7d15f0213064c0085525ba6711623a |
| SHA1 | eef9c804ab6aa92343b611038600f1968b997d68 |
| SHA256 | a17193d540937e3d86cf75a1bdf3897ccfcd5642735ab2491be8b0bbac18e6a3 |
| SHA512 | 6ea7b53749de323e0dc7d63f4bb48f3bae546e65f5a046f1fead84241c017ade8a10b0877941285e239a993e88c619fbb0396c09413467fe59b93f48379978f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:34
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a96764b97231909faf58adcdadfdbd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb60b546f8,0x7ffb60b54708,0x7ffb60b54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3258777888180151579,14769032138678194727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 89interior.com.tw | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| US | 8.8.8.8:53 | 22.106.138.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| US | 8.8.8.8:53 | plinos.com | udp |
| PL | 46.242.246.122:80 | plinos.com | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| TW | 103.138.106.22:80 | 89interior.com.tw | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 122.246.242.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_3548_EELIESZUGIQNNRJP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 591ac1848574b1331c6f6839051686b5 |
| SHA1 | ba109105284fac3412fd28af3f7f6d404c72e5e9 |
| SHA256 | 39f1fb70be54778ff1f4153c13c5de38c4dc120b4a96a2f7f6f33e9855fc7a31 |
| SHA512 | e86c8e675c37f76e80c2208680b3dd48bb1608c3dbc1765f3bfed559d5cf3491f95721c3a9fdfbaedf1dedd771642ad1e2598d056e5a84f5f3447321e9982af2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1bb13b1700c462f03cba5be6b5393c46 |
| SHA1 | 7d09e4c90b7290d747867187556712dde97f8a5e |
| SHA256 | 84ed2395e8c382cc13804e59d5af065853b44976ceabb51d32a0e3513389fecd |
| SHA512 | e5c3d8b9f61a2e543cd81fa533411fd86b4bdc2443eb1ebb849e9a6bdc472deebdaf24e7221ed3f9abaea491323c0aef4128a6767855891b012f3370575046f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c465eeb25f4a1b2a81e3aebe343a73c5 |
| SHA1 | 75070ec45e60d20a71ee3e82dd46ff312418e550 |
| SHA256 | ba10941d2458884ed6018b7335f48994f8921bf514e7fc303c2fdcc3b1f9e5d2 |
| SHA512 | a6abb882ba16100881d34c37a8a0a41068744774f57718aed5ec3c77de84fc5f045b3070374afdb60837c53d797837beac0ffc838872738da6a862a55f4cd846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |