Analysis Overview
SHA256
a3a35df0ab800ae4d041549ef6318896adb9f2e482fc523c6837f8de00c2e01f
Threat Level: No (potentially) malicious behavior was detected
The file 91f4fca0a1815e7f35ffa0e7d7105dad_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:33
Platform
win7-20240221-en
Max time kernel
136s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8324E9E1-21AD-11EF-BF06-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1279eb64a62b0458f924a18fe7f8b3d000000000200000000001066000000010000200000009e45058075b3b3d0eab0c3114190e63f989ab1d1c493cbeb21354a6c5479ac60000000000e800000000200002000000027f4d7f58250506a7a06d448b406b0762002e1a554e20a1ca0f35d54dae7e74a200000006d9e09f5e31fcd3aca52b0084450d5f38823b2b96e2c6e7507856982765fc5d2400000003888cb374fc8bf0276c29b83ba09abce0440c674b86072a12e06048598d3004020336c5779a0c280ecb5df3a7875267d32f47e7108f7bf9fa85702ec592dd9ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583328" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40557558bab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1279eb64a62b0458f924a18fe7f8b3d00000000020000000000106600000001000020000000b097ea2eaf9aeca95df5d07cd76dd51d785761bbf7ebbe42dfe51a3431493e05000000000e80000000020000200000000809eba3669695d27f46ecb8f401a3e312007f7b34b47a8b6e7fee7cf3dd8c85900000004f3e43e68c405e8451570ed4e4e6e66f311f2f10673d311b20a27de3effe01dff0b2b2ead46a4af5e20844f6a900d2acebfbde026ddf7833ac1d4f7ce4eb5847de85dacaa534d0eb87ffb18616a3714d6c5ee9bd27f92c106bfa4fe398a6b5a18e92f724924db89104f745e45036a2a5981c9623a30cda5a0d9bcb7abdd8f6539851b0c180dfa658a1515bccc579e57e40000000d642e9f695e98bda582a1d28b7a886b471f69ecf1dfd7db48df436e16595d1f9a9ed73929e860894fee4921357735c4ac81d86d5d50b70a4ab721e68a8c803f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1252 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4fca0a1815e7f35ffa0e7d7105dad_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab93F8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab9504.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar95F5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf8af7b3c1e75a203aee3237556eb160 |
| SHA1 | 0f153406b3bd4e6499156252de959f5a64c9a703 |
| SHA256 | 45ea682b666b525971540b0207883d4c4c844a7512645f7e19fc21ebc3d29370 |
| SHA512 | 126cb46d58ac5a2a160b555f413a13c8c0786c8b659fbc2b1513bf2f8c212c50b92dca090d6165a3c1e7de2b5dd109077684aba46aa28af7e46325f646247164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc3d4d962e0901fc0c4febd3e8f1b241 |
| SHA1 | 6cc4805e816d452cbf6a73a03662389d2915f96a |
| SHA256 | 833f3ef482b19a1a87a78a690b7a3c725a549003502ef204d24ba337a3756b7d |
| SHA512 | aada1111227d6ac84386a6679939f7a20e139c1e04f495cffd12e8e6722896cfe4b26d14234a4f5c9754ab9cda6213a3c7edc112cc0eaf6eb75d3f9b6a0219ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 336b1c11d82b70ca4539a40d718459df |
| SHA1 | 65dde0fbd3aaf80b27efb8b79cb4b38855be4b70 |
| SHA256 | 0f17cb9749fabd9a76984bb7017dc84f0d85b67265417bb00ba23520a2d33939 |
| SHA512 | f189718387eb548cc5afcc90b8e420d5a59ffbc76f8a4d8621cafe45957012db13a051426e39de967b2a3446bdf0365f7e39b1b0411c5a645fc6c2d15d441df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40b63bcbb17038a1739bad60d670954b |
| SHA1 | d7859105d600b17e4df0fca7bc4363f9c021b4ba |
| SHA256 | 79073aa47c03ba61db08961f1f3cf738eefbc985d0c386c5a6804471cb6184e1 |
| SHA512 | b32fb5e342245f917ce5889905d4c34af6263c7375d1fe92106537f98bedce4a74a4eeef8b53b2b44430134ca3a22dd337e1ca9481a84b1b9a027f122af30fa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0af4dc76d0c1995db9eb03b1353a61d |
| SHA1 | f86f40d4185423bb96bc8e1c9e72431f6ce95637 |
| SHA256 | 6c08e26fef8392a2c3e42960396c7f7844ea8d18c1c94b4cbb60dbb417cb2c5f |
| SHA512 | a422b5712ea214232dc9f37816cbff3c51b2ed915687e09788db6101b433a81b61f477ad22c671e6462cf8c4bae9145d14fa6e73c33da4d20d9152abbcaef0e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4150c533c5c933d955078533d53744d |
| SHA1 | 2e3f4e9be7a4a9c48bb11137a8c5bc537d6a238a |
| SHA256 | 856b1f8f611a6047659bac4912baf100c29f907a283a67d3895f6739f8fcad46 |
| SHA512 | 4974f5b23466173bc7ab4bf37ad5505c1648054943b73a54165d56e351998fd3640fd72795440249f2962b1cbededcbc8fc583ed376a7e28c55a40a2e69f1282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df19ee031ea8d73e9156f9878be94fe2 |
| SHA1 | 1b7dfad307fcc955e58901c259dd1a629fd97f51 |
| SHA256 | 6800cf84ec66a378061980c652975b45b98a36693adc75961d4d7af2fcd1a848 |
| SHA512 | 6414ec74a3f17a13d9c0de74ba88cd1d23a1c6c29d5681ed20da06e90b3e38791a8f451ada4b7f87884b85d61b7cffa0b52f51ca4737cc5117f8df3e5417440a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4c1db3fbfd1d76e3ef3ba3505ebaf91 |
| SHA1 | 44cba7169a7c47e64a7838503eb9c5c8cfa3a168 |
| SHA256 | f1efd87f39947fe7d674adda62ab38cf58fb123ab62a936d5fc65a4d094dc1c8 |
| SHA512 | 39714393dadc415ab5bf477b2b67ad40789551e88ce33a84dd840eb550d5d928c4b7f42dc010186639bffac409d149a5d45d1961d7a62f22d040a19375735e97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd92d39bbe94aa1fa80b89c7d6b1e7e2 |
| SHA1 | f76e5bf6089f8203c9f14e7c6f8c175d78dac10c |
| SHA256 | 3d5f72f0b0638063d907d60896a8c20a954be6a14372b3dd6485cfb3b925c49f |
| SHA512 | ffaa157919a9946f16d090ccf75495736fa625da31f517533485adf7a5e209df474bbb0f14960fe085a842d979e59eccebbd0a635c551bc8c07361eaff5b3021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dd1f4597bf3cefc7a56f56792b62bcb |
| SHA1 | e75350156cbd7afafa79b6007bd461a1b4481506 |
| SHA256 | 1011bfdaa275d4744a730b22670127a487f090acc63f9af5162a2c30fcc4c318 |
| SHA512 | 3868a59d40659acd75b7eeefb4a488b1999b3ab2d598de38bde3a88c60d7e3f8ec972a1e9b86b35bea0b2ff27673f2e368bb6d744929ee56445c5db46ca61e53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a0f1b00e5654730c0130ff182a77beb |
| SHA1 | 0a59194da662ffee75f0f91a1adb18dc2bc53ac1 |
| SHA256 | a173b6ef3aaa20fd3efa1d2eb7c059e7b1bfd514f3ae4d76c43d17151e16cc4f |
| SHA512 | 823ebd61c34795f06ed4dabbe0d66269de3758c7973e4d3b7b7c2b024c83f4960557bf2e8db1fc2a2cd8122c967060e94b2b17fdc86e7abd476170f63c4b18c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88d5cabb96b7fef2f8e2c0f0022ad5d0 |
| SHA1 | 282f90eb1ca7678c00d5884bba2f7b636e2c922f |
| SHA256 | a0079bf338a834124bc6a11f9debc04ef27f62aa08265f60db308a44735da9bf |
| SHA512 | 60458e797dfff840cf5a633c8ec52e5553911917cb774ab3eaeb1119c0b516a63b245226bd15c62668a2be2a164a48feed37c84f1d9726c3d9afa0fa7f4e86eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf181e2b16f152f4d54ae1a726b9f26f |
| SHA1 | 32e7ea51e01627c0bb7d4699f4c8756478ae2b76 |
| SHA256 | c5443ba66965efe35427f87f3979eb84c7fdfe5a9a6921be414b41cf748cbbaf |
| SHA512 | b78c80ca49e535e03ee80b2f0996dd7e39cc11d85bf64eafaf95f1fa24b7cc0996dd2da8b208c39d94ccb97475752ee2744c263707483880acabf09bb8dce9b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b46d8dd56f8f7dfcb1c79a1b075c18cc |
| SHA1 | ff265d51dfc7e157c4f71e82ddcd66802ceec232 |
| SHA256 | 277e8a8c3d3dc508b8bfcc2b69aeb601087ab8fbb25ba8db4195ff4998714f0c |
| SHA512 | fca1debf881951f1627cb4fce671cd9ade18510e5dcdf4f667882a1e686ac184ae8e75a5c35f0236a3ee8ff8b25b9c97c10321adc7fa748b11103a72e0e74e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb5c7473b513925bd700965accde37fc |
| SHA1 | 5bec194916da93f754ca7687833f732f2ba37d9f |
| SHA256 | b1cdb84cb6366d9845ef8e5035f451b71753cce2a56ab1c2a80f960b8e4de5d5 |
| SHA512 | 5d7cd0fffd97b1bb8622d124bece74ffd16dd6b02c3f290f79777e315dceb3feea724e29af279d4daafdf9bd168d6600b202e7236d098d50c326e89cc4419483 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f82b30da7ac570ce3dc773b6867f6f0d |
| SHA1 | 634fb9d9caaff88c0f013df803bb8cf2b419e7be |
| SHA256 | 8d5a079026ec3bda4af2244ec97096456ba1be354975e26fd16e803b0d98e813 |
| SHA512 | 9d5c32fcc16253c8e22011072b6b37f1a6c0ee1f17c672d4345ad4bbb185ac2fcfd8fb7430097d2a286c2ac93cfdb96d9ccf878a0967c12a6ff1a0bce2641d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b25ced9dcdd69caadebab4f0ac8579f0 |
| SHA1 | 537cbec21a35503e4d7dc551d5c1f822cbc6e1e5 |
| SHA256 | f4da7affda302f76cec4431d2a86d229cf49541a8745cb6b89b7b2eae3be1a66 |
| SHA512 | b1e1e9e9223864b4ca0910f8ff8d953cf2aa490589aba74464342af3216d897f9aa514efbebd6824b8f60dd3f2443b83e5d61152d52cdf784996e11c2bf4b3c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d0a4b15081cb385af29e40e392ece92 |
| SHA1 | d70fd6b9e6a428bdddc27cee84d8d92bfdb39e33 |
| SHA256 | 8dbf07b7d7ee8a4cbbc66d6c481379c63f6c0d7bb4dc390b2798799e765fb784 |
| SHA512 | 1ce5d9bf081bbe19d42bed5abc760cd6a1c1b4319bc9eb5b551591728e3b273b72fa19aff41906be8be4d6813fa6501c5ba9532a96c3159d6dc48f8b89e0ed06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ec952447f00cabf387a21ced3871abf |
| SHA1 | 0d708ea0e7ed0aa2fa7d780e42dccfb51fd92d35 |
| SHA256 | f2f5d3f604c40d70837100fd2d13e6622a503d119c7ff49135425c82c9c1b341 |
| SHA512 | edae8d6275dff745201a723f17fea8df1a70d6dbac749d732734018695119ddc86d3416541ca8dd6b2ffb77c84b59e8e2c9f0bda2d461adadc5da627e6fb4966 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e73b0bff1a5d6dc9580ec494b740ec |
| SHA1 | 4657a8b2acd99f32279bd27cbc5bad60bf9405b4 |
| SHA256 | 308f5a2e8818bcea431ff6e9b60d65d66e364bfd9bcf0fd10064f02cab12a5cc |
| SHA512 | f9cb13da5233e765bb93eb684d8349b511f27f017df9ba075881722a62650025db6417b2c614eba6b3f9aa2c87ea14ead4bf3ad83582b848569b125d3e0c8938 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fab18e9209ac472182155e2a63d889b1 |
| SHA1 | d1848f54850f404029b5d9e586955ecbdc95be80 |
| SHA256 | e8475160c5838bc27b78c96dc25375461212c3596f4d97065d42581222515e55 |
| SHA512 | 820121a626e8bd29b4321d9ce11527f07a2fe5c671c9ad62a3fb670543e317c5ad06ade9da0fcac34e326d88a509ce08e4ae56c8fdc788860beb621f366549fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adf7313d4c674e4ad6b3b5e97f44b1c2 |
| SHA1 | 15625d71f4ce26994036f95fd32d07bc789d8365 |
| SHA256 | 01727b1a633d2937bce98ae5db726d33c95607c1a6782c74f1edbbe0c7465a71 |
| SHA512 | adb3fafec900b4fcf17b9e35e84473aca55501c57df8c7ae012f5b892b7826a4b250ec94378ea86f43d8e540ed7b7cef3ef9f22ade2f6ed82017c4fb1f224620 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:33
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4fca0a1815e7f35ffa0e7d7105dad_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2320198545189454579,7656590874060318364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4596_DVHQIJMXZLLBXRXS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff1462ad5049f1aedd57d1ce00b34606 |
| SHA1 | 4a15addd4bc6504be8f5fdf3f3d3beed71e3f133 |
| SHA256 | 91cfe0cf7d6384d511bd2061b85b878b3e591c12c618bc7053f2bb1c0b405e40 |
| SHA512 | 755b2126254422988fafca0f3bafa4446bbf264f3b6fec7857fb51d6d3980773560102de3f3c52da70f7c313b0a4763fdd90cb73afbcd58c79750cd5ea8658a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec93c23580e8f561bf9c6eac1b1554fe |
| SHA1 | 485570a76bcf36ee5f26395885b782cea4439626 |
| SHA256 | c0577c597f8432aeb3c95ac174e8c6d0716c7eb2fb65860883144affc573125a |
| SHA512 | c38f0ffffc31a9cb9884cde5fa70a3d261c57376241d1f3bd5c8f81a2e8272b9d74d298e11787989655bb54a904f6d4dd5f248624e443b042badd598f30c4235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5eb95bf1056ff9c9715ed52fe760a015 |
| SHA1 | 696e1063715b216612b823717108e173e0ddc386 |
| SHA256 | be6cec697b21ec8f61406ae68590cf6ce6a76a381df9a97af059fca81335bbe5 |
| SHA512 | 93c594e8287c6d5c615729fb892a9dbedf0ab12fde6c5bc6292abeb32c4574e46c1496242595d40e8709c6081e814cea9aeb1d283819a3acf31b67ad5d13001b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63e94862b42530f86676ad4d8dad984d |
| SHA1 | 3fd2230f79711e641c7d8bc1fc8f6d671319aec8 |
| SHA256 | 02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25 |
| SHA512 | 8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff |