Analysis Overview
SHA256
97100c34662872e3847581c9ff01518f3f4eaf18a27d6b927c31bc9f17c5c043
Threat Level: No (potentially) malicious behavior was detected
The file 91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:09
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001e92bc8e9e47ffa9bec20131ca0b7c79d11ff6db953887c142468c93ed981e85000000000e8000000002000020000000e0dad5ec1ea8c60cd00aa84117c25df22fce1b42fe78f085086f33f6a43a93d7900000009edfb69385601533e17fd76a0ff22947b2a40eb2f08ef65c3dd21493c0f788a871a1e3dfa107e26820b3ebbf8499633f13aa3622e31cfb70f58cd06a19dd57a09957e1588e42b69c82a3e9e049a9be63798c7ab6ab99370427ae16387bee18962ec5cd9aa93d91bec7b198345a866bd3a1e396699681a04ccf44466fd2b161c37f5d1e5add4bb2d1e41ed3b5e989889f400000006c8d0b7dfb12d549f131dcfb418b359be97e18b3803da9a925f3be1ceba944bbe6606bbc6ff84aadf402cbdd486c36625f0bd90aaecef3d15b35784c79c6b1b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000000e918f83ae6283031577496618e733c688ad45a7e245ae166fc615f6e26dd93e000000000e80000000020000200000004eeba67f4a6ca39608328eb3bbe2768471c4feef1f6bb183bbff0b37172e551c2000000036feb50613c9bbd54d0e3cf652882f1c128ed53f9eb21c12ca05aa86a10fca0f40000000d1f350c7ba6417310784235084857c372fd37237422290dd116527a2f4f8d16498f7f4392b7da72209e7ebf98022fc9d330ccf0f26bea88bd6986d0717bb061a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{340F8521-21AA-11EF-9DB4-7A4B76010719} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e9000cb7b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581904" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1224 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1224 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1224 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1224 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.clapperboardtv.london | udp |
| US | 8.8.8.8:53 | chaletlagardiole.fr | udp |
| US | 8.8.8.8:53 | careglobal.in | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5E97.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5F1B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 787c09a5c5fbf45eb6b4a0661218030a |
| SHA1 | 33a4b771432d4719b82f065ca653678a8fb473be |
| SHA256 | 16487eea85b2b68a441ada2f602390ded8727b0cc430573a5bc21aa320e5bbba |
| SHA512 | 1394b361341cdd5ff63e35f4ed678d1e6a9474309d5c56dec9b03a7db9a31f2dd1076c72cafa6b848b6d75296efc80d59339b7efc048f4b551d235d6472ed7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c056a045420c27af77b61f01817351e1 |
| SHA1 | 2be9d659404baee89acf9e287b2f85841ca00ec7 |
| SHA256 | 821c6b016565d09b2d339434b63e7669826bd59631a43e477acb20dc2dbb74c1 |
| SHA512 | 9ccbc0dd82375a8f839ca8d3313768d2d939667fb2956815a53ba12587a68f2aed4d2ee6768636cff4d3823d327da3595ae1d3c7940833d63af32ccbcf11d863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e028d64b02be61288b4cdd3ebd3e2022 |
| SHA1 | bf6b9f56ec48c3bf76c653fa767680037ca91a7e |
| SHA256 | 7522fe274af23b6c26cabced1119738901f2da93cf27e1ef1f4be07923db6c08 |
| SHA512 | 45bcade6fc14bae927b2d635dd49eb7216b756f24e87c8af5aa0ddecd9d4dde107336d3a9edcdbdd72552cd2f04105d0e4fa5250142e5dea9298711a8653fc73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a87832c5310de7c248aac5d22f87b589 |
| SHA1 | e31c4dbd8377961ca295f19d5bb71abf322178a0 |
| SHA256 | ffce7cb284366a5c51ac34b510c45a899555247053238215dbe4b185113d6316 |
| SHA512 | 3fa845e56e60537532a47a799ee1deedcae5b922092407d7bccdde749b01ebfac6ce3fb797d83d28063b6de0ea0d8420454072c52a0c9562c7b1abb13df787ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a19c44c662fc946c69554e1018200ece |
| SHA1 | 0bc61a4a79cff65b8f3c23b0cd277ec8fce0a787 |
| SHA256 | a4bc8b4e3bccc8cf6b9f66fa683746a2834c4143b9f48295e2b462c725b64c0b |
| SHA512 | 69e47ab70f1881df8bc7a1f7a0d6adc8bd95306ca24af20f02449e7415424a3080c8d6e35d0b6750d2625d75e9e9337d7ec42bd046e7a1f577a81931ec30561a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d555d1d1e95b00d80a6c0cf15bf916 |
| SHA1 | c897389ce14ad5aca6ef014b66b62b94f95b3684 |
| SHA256 | 384b669c425da645c0c7421616d9dc00b8a33387671bbb43fc844d171e33c2a5 |
| SHA512 | c71f5ae9b9800ecc5b151b3c711aec5a3b3893f3821ba50692b18540b535361f14e88866fe38225cf32cf6ed673995e68aa7dddcf1ab0ab5d7cb1fd9e2b49409 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f92bb9f4be412a19682fadc79d678a76 |
| SHA1 | 48e7764aa85ea4ffe353459d51ef503cd373209f |
| SHA256 | 10f783846fe6ac15bd74a2ca5d496bfc67acf671908441789a86e3f87cdc39ca |
| SHA512 | 38610d94f4782d2b8670661900a4fed30eb196ab3f3ff36278f7de3b297b07b3710b16ffb9dd253c8c8f90f296e09690b58fb5e62698ee39f7ec329f6370b77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2988728f595180ef632a9cada7ee2a8c |
| SHA1 | 97ca3de03f4b2e272c15920ac28d20b2670dbfc0 |
| SHA256 | 6dd2d266c75595c4bcd2a60ad8bcca89f4bc5acd1b342c507e59173ce5d4744d |
| SHA512 | 887d2e464517f1b6da62bdf35d5214a3eaef3a2255da20b74c30ae490fc7b8edcb17129c9b60e268efea0d5c172cf1e4d7b22827676bacb288cea4babfbd4c23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 616ad1f2f9c04f958f27919317be76e9 |
| SHA1 | b74d0d78c58d88e3ee21d4fd80a1710834bf4525 |
| SHA256 | 0ded6cbf2e8e21263f7ba979f6a6e69979680d66fbfa053a14a58cbbcca7b941 |
| SHA512 | 9c48c039e08d6a6542ef47ef05b33ae76a8c2ee088b5be170edbbb66d2898d530a77af63a1c9f287668acbde50abc082f2dca024c0e6aeba8c98c3919aeca763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f80bb6cc72d3e46c928adf49b1ba23e9 |
| SHA1 | 85dccf1f774b54ed5a6539913da895682e4f0883 |
| SHA256 | 041605538271bbdb16b92ae8a5aadd6ce922849a866966ea55ec86c305d83e45 |
| SHA512 | ca773606ad14fa957af209ad809218de3a7e8f0f78e438e35df8945583c01e114a86794462331c9e6e082d0b546fdc448f344be9a7a16d5e5b8431167efdbfb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5153923a0652e885418578b0a8d43650 |
| SHA1 | a4425911f2f55fbed7e68e6c6f87ff4809cbac50 |
| SHA256 | 9dd9c33b2d538224220feb40165da7bbcdaa6db21d4d275d0955318868c67ac8 |
| SHA512 | a2068335500878df3cf8ce7b3f133060038028daf3c1ea56a6d4d87e03ea0a2031942eac00021f29bc6e4b5d574d636ade65b732276e12634eb0510e1abbff84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c4def5eb0f5f4c9be2c8e1d02e38630 |
| SHA1 | 14f8851de69040a7408e8d20d9f108b0d08782b7 |
| SHA256 | 4b8893f84f6b10795b1467a30ce0e573637bacf60d6afb4d7562eaada73eff9a |
| SHA512 | 3d7a7a1fa5baec4d1b86c4d190ab014623d4424769045e56584a029eeac09286ddf8aab05eaea6d9e580727dc6bffdfcbca01c71565b4874b88a634320d8d870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 495d3ff6b5feec55dcc8f38370d2a46b |
| SHA1 | 2fc16954b0dfcfef7fd1a57e0c5d0550f161e4f8 |
| SHA256 | e1fa4dc95b20b978cf036f45f7a664f54c526aca91eb479720914b88b45c3d18 |
| SHA512 | 71161bb9a102074702bda13146efca891e422e12e085f3091c9caaf105e74128b54bbeeaee3abda8d093cf18d2877a43f0120e0381ac4e100286b8204acac006 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d656b6e47f788e692870861d6b222cbe |
| SHA1 | 1e8839b236ce752487117f8ac8dbeb711ab25754 |
| SHA256 | a3826cb8c381706bffcb1e82fe432e1f7b127e6f7612e5152dcbf5a1837e5d9f |
| SHA512 | 18b1d852832a3f542c996a64fe7f4b178b98048eb59819677e92261166a89016909c08662cc1219e305c522b3760fc2d1dc81714434a3d6f7e8063825fe402b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83f8df2b4205d51dda1acfc92ab17293 |
| SHA1 | 792914020c84e37d710bae9637ab106094dff963 |
| SHA256 | 43dabf1c51b9c2bc36bb3c6794c89b7f5deefcf91ede51a5576114ce9c29c784 |
| SHA512 | 28948c925ca8b9cc587b948b872b60484bc3dfd4eb9e567dd747ea2fea123e8f47afc06cff12eff6cc9ccbc00dfb21cebd6b0d50d001f2bc3b6b2fe9bbb45cae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49dcf02bec07f8da0e2c18c30764ca08 |
| SHA1 | 87ef3a806fcfab48479fe077ef05b67d609cb461 |
| SHA256 | afcd791762e20d360de5569e0bd0cfdff4ffa83c64f112061759bec448bb397e |
| SHA512 | 1825e057e429c060e7247d892505128f8a1366f1bb7810aff27f946369a6cc1891fc79103be145e3dd320a9fd8cd786370825a9802dde78d24e246802760f84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ccacc229a1dce7264300efb598a8cc |
| SHA1 | 9002dce49e68c1cf918df8904e845c856524583d |
| SHA256 | 66b58ee4f2110133bc557b9de9fed44bb59022746775145e9f0926ce8d306aa6 |
| SHA512 | f6abeb0187c04db97c272ecd3ac7600c4371fd0a182a4531a403425554825012670b0b0016a4591436d46d9ce709fb19d3c9dcec19ef51cda418bde93dce2904 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47acfb598aedf342a5fefd327abded90 |
| SHA1 | 34108a51149fae75625f445e3a7e63e357471efc |
| SHA256 | 9e5ac16fb3ead4b846915f19ba9764c53e29e524760c0939192d07d1388db140 |
| SHA512 | 1de93f788a6012f5c226d2e03807557be47e84b02ecbd90641ffde3663f393749ed08ee6953dda0e6db99361c5c09f89fbfa5c134ae23cac12afeb6118bf1996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 235d1b9ae86ba01fedce4520fe9772cd |
| SHA1 | 361416f7c2be4de44febb20f555d4d5333fc4a3a |
| SHA256 | 79c371cb49d733ff0fd154bdba50b4cd6d75f91d19ce6d0561403a72001f30bc |
| SHA512 | 5a904dddb33b9881a0aa31480784c7def9a43e56f0a4d3b0d4b85e6e564956f1bff6cae77ba7b922763c6d360716ba65b5a71c20ba8685fc738884f1cc636326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a46df7307be6a74ccc05fa9ba71c9ed7 |
| SHA1 | d913a2853cf7a14bd7ef456382bb97c4991b633c |
| SHA256 | 9d7475b0c48c2ccb0b0f7b67abbd7c6208ceea9b3c30914dbde81c9ebf4036fa |
| SHA512 | a81668c126eca9c34453ef9a8aae5d9ba7b2e1aedccd5ac7c6930149161ccf7eb7f516af586541903a49a87826b09768d6f8b724d5f1da13eb1f5a7e56831834 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9e2fe1842e412b29fbcf0690550ed47 |
| SHA1 | 82fb096075a317c3be9d908c0a988469bf422f8f |
| SHA256 | 07f0852f0ccf4fe5254b5ed29b2cdddd8cb55e5ba97b06c59e00023a0e0f5990 |
| SHA512 | 8fb9ded848ef7003477d95829082446cba335cd479c59dc64d6726c648d67aaf570a9874c49c9a91658a1eaebdd22f211796c2ffa687aa008c234430fa81152d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:09
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e444d0d2d990089833c4cfbdc7d857_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,4864168264453561312,14070671718356189188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.clapperboardtv.london | udp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:139 | netdna.bootstrapcdn.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 216.58.212.202:445 | maps.googleapis.com | tcp |
| GB | 216.58.212.234:445 | maps.googleapis.com | tcp |
| GB | 172.217.169.42:445 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:445 | maps.googleapis.com | tcp |
| GB | 142.250.180.10:445 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:445 | maps.googleapis.com | tcp |
| GB | 142.250.187.234:445 | maps.googleapis.com | tcp |
| GB | 142.250.178.10:445 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| GB | 172.217.16.234:445 | maps.googleapis.com | tcp |
| GB | 142.250.200.10:445 | maps.googleapis.com | tcp |
| GB | 216.58.201.106:445 | maps.googleapis.com | tcp |
| GB | 142.250.200.42:445 | maps.googleapis.com | tcp |
| GB | 216.58.204.74:445 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:139 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.clapperboardtv.london | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3204_KDBPBEDHAMNGTLTS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76b0022a543250909836faeb591a7109 |
| SHA1 | 89f0901b19fc081575ff98ceba26df7b27a5bc6b |
| SHA256 | 4b2a41d8136477d6e39886e5366e8e0a96c5075cb5c0aa1d908155cfc9e5ffe2 |
| SHA512 | 5ecd2081bc0b30e52e5b0f1a085df65cd92114ece308b035c294a545483c7b9087a2e2b72326b3c8575d20027a49eba0df25fde12dc829ad290855760d561915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dac6bfdb9144a300b45f4bcc1a201650 |
| SHA1 | e106d68b7336fa8667ebc4579b16ac0d4930db85 |
| SHA256 | d1050f0d7ac67461a7d8e929f9c6cb6bef316a05a0188e8c6d336da15350c734 |
| SHA512 | a9964ec824729c9f95ff62db40a806a34bf8de4219dd633ce0b22bb2ace59de3b1fa4fc582641fe8a5e06f385624c83728914b5c847848f36be72adbbd428aa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb590a6ecdf1ace901f2c9f9de18d717 |
| SHA1 | 3185798c67b667e1f9716a65a9647e2470b6ef3e |
| SHA256 | 1f8059217e928727406a8ea90530f5d353eebd74620dfff9170d85e8def650c0 |
| SHA512 | 8773aedffaddf59a88a12c6e19eb18c465ad133e056b2a020397d6d081aefeb8d0b1a708c614b11a75e90f42c427b1b0899be3824458702e4b2d7e1a3ef8bd02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ec1ab7d6e022a53f77854ab529f5b2c |
| SHA1 | d8727b6a9727aaa3b8bbf055a84c8aeb7440f304 |
| SHA256 | 7e25700252d6fabddb6eb6f01ef83f03bb2bdaa76f6c03b6a6e8f801910c80d4 |
| SHA512 | 1e094f4cf626ba64df7fb464c769827ce88f0d9a9d852ae4ba8bf494ea3668f18850c4efa02f1d7e5c5ec1f6a2eccf81e4829a8330c8d9bd6e011e2714621d5c |