Analysis Overview
SHA256
924319824e4dc9749865f888984b02e33f43facfd7b760b5b3fd72b44539fdaa
Threat Level: No (potentially) malicious behavior was detected
The file 8c7b6583515767fcb5710b72b224f091_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:37
Reported
2024-06-02 01:39
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c069067a8db4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A389A3C1-2080-11EF-AB84-52AF0AAB4D51} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454101" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c4c070a7a67fa27005845e816537959d935141e0dbf569300744163797adfd24000000000e800000000200002000000040386730bcfc6d306a70dc33bc5cb68ff00cf34cea2bef7431bc291b3edfc8a620000000fcd22ed2030bd652d8087f8bbff5ee0854fbc724085a1a55eacc7d095166bdb140000000bb2d6431d8dea3a0da4dec345df10e9bc49553c46d5c4d369a9353eb536aa4b40178be330bbf3998c4230a81a8937a4d394bf7dd0b231d8d69e3ecc14d864af5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e5773527f0a000ceca36329433e4dad0797e645ca999b4f84d857dd0d86be7f7000000000e80000000020000200000000ee20673e90dfbfa540bcc2e5a7f208edcf1ba740476b67d31a2bee4217c27a490000000544ec72f194cfafbd6870440107b56ddcbed03879c0f540197d7f83747c3ac412a05aab7131ab82b8d39a744bdb13bb5822f4434791899735fdb731cdc92bdf467b34d21b8668eb4fcfbe85ffeb19de714707e58f8e3df8264b7ccf5f8546fdaf91872d48cce860dfdf97f7aaaaf4df887ada88ca3dc4b7c6ba0d197f9940d567bd4e93f63503ea5be280db264e6d85f40000000a1dd541bdec52aa2b67ebb5ca657cb47690d78f0390c18bd4006658df154d8287add29399df523704e3be120e7f99a061a73e1b4aad67433ba9937f64544940c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1712 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9
| MD5 | e66b74827565715c3b1a85e776b880c7 |
| SHA1 | 10ee8535a4f84540bf9a49fb514b6e739922f39f |
| SHA256 | 7fb5c257a60f994c82252518f2c6a61764978d4935a57f71a7c6920fbfd44813 |
| SHA512 | 3617b5316fcbd5077e903c97595adef64b2dd021d40ea9e47eab51913caae62099c68bd3a161731786ccf8ea708619f9d31920e1f77cd54422903825b160030c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9
| MD5 | 5951f53315a62d4363c6ac0b74c9677c |
| SHA1 | 6f1c3aaf40573bf1b03a1745a06e03ef220260e7 |
| SHA256 | 1ba41d81dac5267b2b15348aa2f1b64456226b8780a36084f8b756bb9cc5828e |
| SHA512 | 4564a10d054f5751af91e75206779fc12739fb910e6a601e6f1075aef197072fe796e2d54f47dd538f4c725885ae558e1ef643f570990b4523258e5213a1f9b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16855bd59458a3e13b13b901881a6dfc |
| SHA1 | 97673899f75477454dfda9f2557353a523b71b99 |
| SHA256 | c40148241898aa2843812f51109423dd506255c8b03151940cb565565f5d7401 |
| SHA512 | a66477b5871ba3b29df0a6a014edf644e2d7ea9662c2055023402dbcc3f50d1392721c2d18586c16d562d78ebab59cacc0667413830cd57051ec4dcaea3f9beb |
C:\Users\Admin\AppData\Local\Temp\Tar4A0E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab4A0D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab4A7D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4A92.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6f72d05f36d3bfe8857c286eecc2af4 |
| SHA1 | 712c6d9069571da3f2c67de61b7e27c4f65b47eb |
| SHA256 | 49185f3097514610c578ff44bcfc8ca2a7d8a619827f86b09ae3111fa4165380 |
| SHA512 | ab696b71254518106757f02ff7478b92185271f7bfbb1d646bcda5e6b8b9d3ce866fb0a89ced7a9a6df47104c1f5cd94edf04d71c76940a624b55572431bcb7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4018dd24528bb065c98cfd016bd32442 |
| SHA1 | 6bce149d0ecca625d9dc215dfd9b0c6062996974 |
| SHA256 | 43fcc6ff06b19132b68b03e870eb7d81d525fc4c93fc5a29d8a327e3eacc1bf7 |
| SHA512 | 9e2134f8a89bc6e6595d7de55884087267e36979d969ccc89324ff7882bd9d4f6473091947292763c61eef20012c1cf1f21e59a0b897b133a5b3e8a8cdd733a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65ad69d6d49b6813ac55aa725238f805 |
| SHA1 | b92da8bf43bb88b48ccea9038a4032959521c827 |
| SHA256 | b2ff8dc12160f386302bf6ac71e3fdddaf4e87397dac7183b2c56c3560ed7485 |
| SHA512 | ae80920b258b1199300198444819b445244ac680e3b0ba6ecb66a2b821e38d242d4184ca5d9411520fb8a9b9872c436cb11e11cb886d9a519718d3eb54d1f254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1450dde94ad1a53561e13251effa2ed3 |
| SHA1 | 5e55cc9c2dbc4b624a0fc64f2e85e5f9bcea602c |
| SHA256 | 2555ec4b834adc30277ad695512da89cc4165d09ddca4e0a53bdcbe7cebe7d8d |
| SHA512 | fcdfbc7303b1d1b690a8dcbaba4a93d366b65f77b692954d2b42033dbc0fa6b5a65d5b32d85c8b873a34697ceed5c93a9aeb31e3cb38c20fb2b0754c8bd77c43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5758084987eb307c200cc5c06990ed7 |
| SHA1 | 163782293d3df8e5ef96b098b7ca5d6bba98e3b5 |
| SHA256 | 46eecc4554bb940316933c2d37fcd37f07c248e1cd33c7005b59d792ca55d765 |
| SHA512 | 8bf1b1a84dbe2e923a61b3530b96077c309fad6b26ef9316b5714d6ca83dd0ecf8b968d6133119125d42b7398ebd9b73ab0bd6f4ab8360504751c104a911ef6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e0deb56e436ec6d631c60afd922d907 |
| SHA1 | dda78641f1bf6e6fab8bb63fdda1398092a1f57b |
| SHA256 | 274ec1970ed532a7b08f2fdc02e121f76a3bbc21bd936dee8498d39eb70929f7 |
| SHA512 | d356dd6a4ad8a6fbf33b074a99be7603002253251e33123984b436c15745d6225fadfaeed0d0f7a4b2deb40a87741e985ed6e1a118bfccc133e91e04402b3a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e72932f0c866a793316ebb17df73ded |
| SHA1 | 6e6a57b587934f0a2c8b0ebbc17969f55cbe8b00 |
| SHA256 | 7b1a9550b8ba19c882f3126d5af3deb1943b858a4ee5ade5c1f1cf1f21dba8ba |
| SHA512 | 4e712945ef2dc38daa9116036779d82adf31bd9beaa7fb5e95eabb2facfb0b2b7ec0a106ff7e576267293b31d818e685792542829961f4829006a50bdd87cb09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1cc81ea1d30afe49e58186639303a63 |
| SHA1 | f94ace7b3c9bcdbb62fab3433735f32181117602 |
| SHA256 | cbdd584cf2a7091da4354e2effdf133a616b0a12539ffaadc46d7a37257cdd8b |
| SHA512 | 439b222250cdcb38e6d44c1897a3e1b0b949b7e68f2320e000539f6cdf81b9ca7bcffe140f4a9a9f9dcba0d6d343dbd36c39b6154ec1611983a93c6d933740ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38c72021e16792e9ffb4a73a3cd3475d |
| SHA1 | ced24b250ce062019a0181054a4fa5e93b803462 |
| SHA256 | 4ff64b193c4ab64142e531a4218ce157290c6e22fb0ac84b1db109d14a2b26fe |
| SHA512 | 88635661b5e4dacd3ab455b773ebef654fd419bdfa42de4c2f8613a70d18714e242eae0835a60d7659b6f3576f51f519e056024f21c0b62cb68880b502423df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b423a6b31c74e15a5e50a0d545904958 |
| SHA1 | d6202b15559d9e4e164400b123f9544ad567726b |
| SHA256 | f784179bb7b920bae02298432ba08679d55280be2511165ff55f74d08f04c501 |
| SHA512 | af597293f7c86d13d02caabd2513415e285b33bd803d55654212e5821cbb2406e0de0030d9f817c80888840ec54a2c40a65e23d4218daa740e5ad3c3d831609d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb17237606c109cff1cd03d07fae0986 |
| SHA1 | c9191655889ebe0caf889e9811dd9cf036bdc76b |
| SHA256 | d70ed78b6dedb412bc97922014fc7a464aa0f76528bc70404874dccaaee3750b |
| SHA512 | 94de01e693c38130ed7b3268393e0d177a958e8e918c4a3947054aa3dca76a99e3f5c40f0568192d1defe4ca6f3d0855e68935e0ebd40c6fad75c4a8c5f5201a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7699a31da1a2feffef1a6affc09ccf8 |
| SHA1 | 69f175f8abf6f0e1f3df704c6f9209b528f9cdf6 |
| SHA256 | 686d5df152f1e62d542dc607bd8a717e46f2f0b541952c36d72913f77dec8f0f |
| SHA512 | dadff4bb04296609660086e47b8e7f0f5e80cb0be3fc84e0efb6d3205bc283e71c01084f1fec22f836e8a629f423fdde4beb56e94ae7670c2b61f1d56fd2869c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5bd815d53f0d12d20946e5a1d251309 |
| SHA1 | 3fca3a4a9724e9f91e22af1068c0f621b0c469fd |
| SHA256 | 298b9df9babd108bf7cf2d0efe93e4047dd58acf16e845fac9f4a15ea74a3055 |
| SHA512 | 361e29990eb3383fe1a30e91f5e6b400fe1bf5d43097b728c9bda35f0dd80fdee2510451919ae13173541b4011b2af48d99587ed3370a3151146f6323af82476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a876f1bddc948217cf02417bf5aa54ac |
| SHA1 | c63412b10bead538e56f9e2360ec8c8f2ed3faea |
| SHA256 | 3f74442407683aea9aa7d7cafd427bbecd1825965a61270924679d80bc1799c1 |
| SHA512 | 02575af9b4d0f144e77b9197fe9392707ff690864aed2dcc873288df49f4fcad92f6493f3468476113e31eb51991839d30bffbc515c69eff299f8fab786f92de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89faa182fc20c65c54ac1c10ca07a3ad |
| SHA1 | 933a8204354b489021e3b3911328724aee8f99a5 |
| SHA256 | 9a7f80697a3212c8e521b367c65cf592a4fc046be3e2c1136aa84e46d230907e |
| SHA512 | 38edb3bc10f7260f326e54f34d18b013198ee81b83ef006a63e8a423c92e28d4b170691cb0ab94ebd626a1536b74381695642f40cbb412e3195ebd1842b8482f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c886d4b8a664c54b51fb917f5fbcdf4d |
| SHA1 | f59718f1905ee4b15f5bf70d3126c2e1be4909ef |
| SHA256 | c18ec9deb8501aa391aedd4128fac6b5148b41a3c7c2907797c72c113eea10b1 |
| SHA512 | 21ce0d986fcdb0553141cdf76abe6647bf08f9a1094e81241295c75194d6aba442abe206308811094317093a876cf4b3a64e66dd84941d0059a1fed890fd4d9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e14d3cd434160d0a41dc1696bdd84487 |
| SHA1 | fa1e81a5c3d238fce9f95909f4235ddb3a96d022 |
| SHA256 | ffd0db4b48efedd8f7a2d7771e912a9190d10287cc5e4c9019840c80a9dc21cc |
| SHA512 | 479b2325d8d9d7ec2fa632bf9cb2d42ab73c1e0e7f1f2b1d8a5b33fc1684732357eb9357796b2286234577d21c35eb438c8e6e74554afa4ccf85657c79ff1886 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 227856400503dc5f9d3801b3a993f06f |
| SHA1 | 388d0aa9f2f91bf3e2623c61c8dca996d00a2585 |
| SHA256 | d9f175f28ab7e1567298af8d0093eac4dfa04e008c5570f0f611e7978b4f8d67 |
| SHA512 | ab7f56898eb9e2ca574dcaa4fdcd066026ae1c032c01d914e211ffae63c5f93b7b2a694ff25e8d0299e2d69331369c79a5e26a9dd401c18af270c46cf8b2a3ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e6809e6e5eda1331a5a59fc8810b115 |
| SHA1 | 875cd77dc2a13fd045bd21122d60f1197f4ea6f1 |
| SHA256 | 436fc20dbfd2085177cea16820762acc8d5a0de8d228d4235bf7a2fdb2337df4 |
| SHA512 | 99675c8fdcf1faaa5dda4e793c53e122fdbf1449e686c9a5b39db545dee690c94e0a50857a2695582308882280990abe620a9a6a0c2819d245403fa147893825 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:37
Reported
2024-06-02 01:39
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b6583515767fcb5710b72b224f091_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5392265780263519299,10427459498194901865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.234:445 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:139 | ajax.googleapis.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| NL | 142.250.102.82:445 | cuerosb.googlecode.com | tcp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| NL | 142.250.102.82:139 | cuerosb.googlecode.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:445 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:139 | img1.blogblog.com | tcp |
| GB | 142.250.179.234:445 | ajax.googleapis.com | tcp |
| GB | 142.250.179.234:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | infonetmu.googlecode.com | udp |
| NL | 142.250.102.82:445 | infonetmu.googlecode.com | tcp |
| US | 8.8.8.8:53 | infonetmu.googlecode.com | udp |
| NL | 142.250.102.82:139 | infonetmu.googlecode.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:139 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.234:445 | ajax.googleapis.com | tcp |
| GB | 142.250.179.234:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_600_PBWVJUYKKLUZWQNP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79099088a25efa1f0e358b2af4adb41b |
| SHA1 | a939a7127befb0a448e4f62ba541008df6f5abb2 |
| SHA256 | 2e1a44514e3da62d6e0b414b84b74ec2ea99067f208ca39491c64a1c36f04f41 |
| SHA512 | 1d458f4f667c2982131c62043d0867c160ed6d7fc608edc91b3f7c2aa6eda46d65050d35f25e18a911ec7141d02249bd068496959ffead0aa27c20a457f07093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5cbe16c5abadbd60802e7c7c5fc955a2 |
| SHA1 | b4a01dc0edbe69a48a5b2965ba8f78d0853fdf2e |
| SHA256 | 95205baf74038d4796ead438af06daf02b9df4837307022110687a57a88d229c |
| SHA512 | 38ac2a330630dd9f47f7de483e8d3292b70f2b089d358127ceda84fd7ef5b8b63a8054a2b543c79eac225882514986333212ae7e409a369e5432e5ba485184bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09dd4af1115fe5d2f71fa2a0ce51724b |
| SHA1 | f997517d0af0b921a169483f0ab98179e98d716b |
| SHA256 | f0efab7376b045c8b5912c4a4721b37a8fed0b2b0adc903ce3d26d2de9793b53 |
| SHA512 | 180adca7d0e0dfa63fbb0e229eab675b3bab917d2888c5a3613a4df743a2f0b0fc6b6867b2af459302d636de1b8ad69db92a6d5fa5891c0e533c1993380c086b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5576d5cfc2c8ee1ce19d9dab21a06dba |
| SHA1 | 8d5bc576b2263c91116528222ebb33b733712e25 |
| SHA256 | 8c6a5a815999df791e5425e27df6bf36989f13de30b118d270d961e337bf83de |
| SHA512 | 3de289a4ed05574e809d3ecc9d2c920cb3bf09c25139d9e00e48f3e94abc946a89738ae7e7899dda891757637a3a8a952fe1dfbc0772f153af2db38c81a0a261 |