Analysis Overview
SHA256
f05b2f7f2fed225690711159d8f6ebf0d883805730831a56551a1082ffdb5c70
Threat Level: No (potentially) malicious behavior was detected
The file a3533ccdf1224615b2047636aeb3cf42_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:19
Platform
win7-20240611-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403275" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80907c8b2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9ABF9381-2922-11EF-BA09-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000009bb074491733b410953fb8c7dfc8e74db879eeeba2fae0b3e265819bb9c3e99000000000e80000000020000200000008013a4d207b7dfa3c2191057d6b6325939a8719d460b349aa7c4dcde0a9ff0e42000000002ec39520a3fd0daf0c4083d8bb34bdba1d27306e21ab0c92418a25bd9c4ea674000000031137ee5ed6d6bbcbd3b8276cf8a273d067ab359dddc5421cf73321afcac55c15a50bb9860bc7699d25e3e6ce4afc4a536832454d9b4de613966c6f9312f836e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006cf337fe3c8157d765a2016cd858eefa106c2487e1663ed91793042f839a8dee000000000e8000000002000020000000e4719d25ffdac976517934b31d8feb788af9a9966fc5729f4a8a624b2e37ac1490000000722f662053d37b61cd21f66dc14ca8f5146f0b3510a8afc6755ea399983bc34b54ed6927fabfc1c923080181a9fba77b98278e8700d537a83da6e81255cf631c50c635438864715494a3cf56c8afa03c2eafd2401196a0f358d3d2b5c2f0c6cb1c5c7956625577d6a9f30bbe267fa83aa7a0228b56a77e575454bb040633a8ce7035437da0e0c76cf42f4e389a5e081e4000000020f2e70a8a5b40cd8562c1adb1c43678579b5cfa4e53bae5eefcdc6e8415bca1756a91c3cbfe5c58dd6f4d15316314cdd1d43627c9bbf8018a5633f7da892c72 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2024 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3533ccdf1224615b2047636aeb3cf42_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | s95.cnzz.com | udp |
| US | 8.8.8.8:53 | m.xnxss.com | udp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 38.11.214.18:80 | m.xnxss.com | tcp |
| US | 38.11.214.18:80 | m.xnxss.com | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.235:80 | ocsp.digicert.cn | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| US | 8.8.8.8:53 | www.brenz.pl | udp |
| US | 8.8.8.8:53 | www.brenz.pl | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1769.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar18F6.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d5fac60c7bd804547e60b57d7bd2bc |
| SHA1 | 3c54e7db3c56374571a053ec6fb105bc7b7488d1 |
| SHA256 | b1a8d34b125c869bb024d970bf8907e87ce9538149788446c7a949c81c5dccac |
| SHA512 | 67358494cf9496665bc2a569f6e369e8171ae3959b70fcb11df5175c28fea68197daab7a8d36d24df1179019de00fc95daf8d2c3a8db15bd7adad039dd3b5007 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e35abd73bfd1c96f130306e848fa89 |
| SHA1 | 0d40019cc118c94479c44ea461746824d02d7d04 |
| SHA256 | 3a74b01b9660efd9999cfae3638db747b0c30e4312af77ce42695fec6f33b73f |
| SHA512 | 25ca0993e1a88fc37967546ffdc1d034b6e0abfafcf542103b89dd0f1c370abd7e32f852b29f8fc2b07c7432d6ba74cdc2b0b74e4cdaceeb523cbc8fa6e09a8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 886220a341646da2768915ccf5ea9bc8 |
| SHA1 | fef4599b238a86bd2f9575cfc34585302b1ba2ca |
| SHA256 | 8c892f4c703e8c392b6b82760fb039a247ef1a194d41c53a381fc6c9448e021c |
| SHA512 | 6de4f323f6c840da356c14b703422618d5a59667d0b567f1e7f5de015134bc03bd4896a27897e35fa0c80111e62a51a34447bd2de9e16bb112f90678d1754df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2ca0f551ccfcc64887423a26b19942 |
| SHA1 | 48d5acb8c043344333f15ec77cfaaf80d427b941 |
| SHA256 | ad67d77f31ab0c8c7696728bb91ab81f5fdee786e5e8a533146a4ed118f1de82 |
| SHA512 | 1d71404417e62c1d10c9cdf357e1024b845a710b9e3b94c9503ad7976e10fd831304f4bd3def6545d4e79a34aae3a33ab7a99995a3d2a4b539de9e668ca2b39c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7e3a1ebaf3619bbbb5372d1460db4d5 |
| SHA1 | b6e8207189b0cc439fcd4677716ca8f5af3d4ded |
| SHA256 | d15bf53d88f3e3420cb38e81a9f9d4d992813172e866e71591341791d2748962 |
| SHA512 | 6bb31da091a18e5386d5b18bfb20073a6e498819eb35c0e175278e2a5b9dfe117c963a914c49facf19903c30ec6fb444ae4dad30843727a22d228814096f6de2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 348c97fef874e6778531156ec761163c |
| SHA1 | 7c03d3017dbc0106b6570c5698713467e7bddcb4 |
| SHA256 | 9cfb6d94d1d4d33aa40f36212e097db5e3e34dd22b9c1c20635b8755da2ff67f |
| SHA512 | 787e2c0eaf6b62fab760a5b4ce02c9fda436c18de63099b7f8fcb36b584ab0569e8ee27f3313646aa76e7f1396d0238d1d14dcde6d3066489037e192fa75da41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 925be80a221d69f3753301e6c56f3de6 |
| SHA1 | cdff0ecd599edfc9cfcb445912fb5ef7f1d6f543 |
| SHA256 | a34aceb6c75ddbdd08df5c79005f1784745dc84e0d9c687410af1740ab85a4cf |
| SHA512 | 38d8c584c3bbf1925ace75ffd4c7db311286dd266c0c63d84a05743bda4061db7b295032721a476875a37e489ef5348a4cab082fc789cf5a16aabeac388addda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59ca859e64f01636259410a30dfb9963 |
| SHA1 | a9830aedb95616e1bc519b064e8b87c7468097fa |
| SHA256 | 647cc64e965ffbfff1d936ca587c3637158a2c67c4033cb7b1a4d0bf14dffd00 |
| SHA512 | f14f59203d80cb6d9bc70f42765f7800ad31e0ce4de2130d79e88bd8fa50ea54cf840c1bead4356d81a4cbf6d1e09cea968b360058bce949050281da257a4c9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b97b7893b962b5b330bbe2cbbd02e0d |
| SHA1 | c1060f551ad21b98ec10b891935306543259403d |
| SHA256 | 34963127dcccb022b45efa5c0199ccfc353d4a6dc1adf9d314dad283c8f6e312 |
| SHA512 | 731d4334218021f4b576b078a2641fb16e6d821860c66069fcff145e3fb13b925f267d80db8b05674d4d9cd447b49d54d81e3e53523c138ae5b7cc7169221bda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60c59fc1e55f7224f6e7963011451d63 |
| SHA1 | da771ea664fb2094e83928f3ae4b98e6e0b7661f |
| SHA256 | 93f91dea55cc153c10231b4c41f73ce1f1f4e36e97d12c3a143ff4769360d2bb |
| SHA512 | f3a7468ceb2e59126ac77b7a534abb746aefe1c8c5788d868e2cc971a00db1f9a903b827c7f045d53ef4e1d824c1d55cb1010483789b7f9803bbacf81b31b75e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 780fdde4dc25244df897508573c03ed9 |
| SHA1 | 9b422cd74f6fc047e649361f464b03a85d50b597 |
| SHA256 | e03998f4d8fd3a736a7bb04d9f21e1da331df245b45cf26d2609fe74a16f524d |
| SHA512 | 68d524e1d6d69141db8429374bc70c6ef724a4e93f2a439cf0f7ffe0ea1ef050aad5def0817eba9af6335261c834b663c24ae75a3fce14fb7f0bc97445991af2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10592b5737b97169b986560ca88df61f |
| SHA1 | 89a7faac5ac0ecbd261e1bad575288b8c6c89398 |
| SHA256 | 970a2cc03ed317d07c0184e75e941d7e501f103b18fda5b4d03dc1a766d4847e |
| SHA512 | 1456cdec3b9a61ff533fd4f76aed46407a604d67b4aee22a5e38fba2a8599e5900bd2cf3ac256943b5a8e1bdd3e3e5f037f182c2fb154439b387276e4d61103a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12b70cfd589295e07937651ea9cdcc19 |
| SHA1 | b4da53f748a057c718d7b10fad52ccfd4368421e |
| SHA256 | fcf6c00965381d73b3cd804b81a809ded9d496733188eda35a27719717a8c354 |
| SHA512 | 30190afbfb80215d4350ffb9f381443553ca957f8cd31e4a70f15ac91bd4df6ceaba884ad1ec307a32255af9d9518af38f08d8c367c746c88dd8084bb8cf8ada |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfaab0e670df991afe3ee13a3c0cd51c |
| SHA1 | e5615ed19d471746b977983c4fe5f1968fc35308 |
| SHA256 | eb82f0253470f1a7ef982fc1dff68ee7f60ae1a16c1f91f57af97abcf8308e27 |
| SHA512 | 003385de0306f4ca696bc54354072f672c80ee88bc244546f62c9538aea59f9e3a307ac78e98acd00197daa50d63a647f47ae1b4d284bd0fe763f0f7239f6cae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f62346cf98974f9fa59da748767507ee |
| SHA1 | 4badb5c7bdbbe752a26de21be9b68f1ff44a6f67 |
| SHA256 | 8817cf0615b92e320f887ec7ddb3377c1be612db623934c5fc0fcd5fccee3612 |
| SHA512 | 38459db1d940fc00e3a8e2a2fb44167d36592651750f6e926060d46c37ea0f389d997cb999ab96d0df26657df5baf8dafcd3c366254d4bccd57ce3a4f8ff0197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 065c9a29c78bc0b0b5613484517dd3ca |
| SHA1 | a899720161c02c78ad762d72930da3a16f97e3d5 |
| SHA256 | d439bc67aa4c450d757b73b324b88fb5ad3b2395365f80dd4215f6ac0cbbee09 |
| SHA512 | a758ea6a78b4cad149d69c8a5c7a2f2b99dd68429d099207dbd76ecdac9d1d1324e461e95621df55a770d88eadb1da2daf943b18d3754e34243f19f6fab695f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d3adf4c7b029497d951ec40f88fd76e |
| SHA1 | f85c2bd197b7323c7162f715c5fc0cf884fc9979 |
| SHA256 | 33f25900e455f1dd311c720b88c0fd4d5449249860dbc9048fa34704097c55dc |
| SHA512 | 2886562ac77bc2c4ed11fd8bdf6527d5f806d5a32d7f01c185d8a6733965fedee406e010e13afe7f4189fa7aa929fcb99f69744af7fde7a345564fde7e7d37f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbc9f64093b7920409ee0e8c8e9ff71c |
| SHA1 | f2cd44c18188883a04204700e3fc8094d68cf7e2 |
| SHA256 | fd4f8cc0dad8368ad940ea0753344e54c0d92b54f6a6c0233ff7e63370e660b9 |
| SHA512 | 1242a0b976401b9622f95efd50752cb9ee5d16e549e0a7dc0db5234a02126cde43bcf3a85debb987eef19e594966cf0e09badf8b51b7974ba532d8ec99ec9c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b62b6d6ba7851eadd67bdc314a854a6e |
| SHA1 | 253560858f915fa61aa973ea48335cea08d0f3fb |
| SHA256 | 951742ae7e5d22c2e93b2a08720fa5fe9d5e10c37d17d45ab6df05d063207f6e |
| SHA512 | eb185bd8a76c17335ab42db3c6002683ab895e6a493ae43accc77856e67ce01adf2771b1e980a358ab7b15babe62d8b81f2254f1362a0013344e670d92e29ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 675c6c6f9d1a4bdb9b3e47c2c44f1fc7 |
| SHA1 | 63ef6925eec8cdb9a7ed6421b4e662e4a2efa9fb |
| SHA256 | e5784d165150a7bf3a3f24dfc17040310f7aa86f84c519fc7eb975cc913cb828 |
| SHA512 | 26eb9f3e70e95ee8d142c36e9e36d4cba27fe4de3844bc7dd3824119d11ff9a4506b79e2cf2960d37b43bc71665156d5ca8c7deab47a1692170a03adebdef8f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:19
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3533ccdf1224615b2047636aeb3cf42_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fd346f8,0x7ffe4fd34708,0x7ffe4fd34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6181566491924574298,8062125558537749311,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | m.xnxss.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | s95.cnzz.com | udp |
| US | 38.11.214.18:80 | m.xnxss.com | tcp |
| US | 38.11.214.18:80 | m.xnxss.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| HK | 43.159.234.172:80 | wpa.qq.com | tcp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.214.11.38.in-addr.arpa | udp |
| CN | 220.185.168.234:80 | s95.cnzz.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.234.159.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.brenz.pl | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4084_GLQSDDUKVCLWQNTG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70ad0175871b28c17646c8c0aa773d95 |
| SHA1 | 136b58609becb1b4f994b3efac6a09601a41b1f3 |
| SHA256 | 847941bdf9ba37f6d3c5bde02987cf58f4333c951639281e000d7dda12400566 |
| SHA512 | e2691938f1679606073fbd75b838bafec139066006ab2de706a99a1e52a55c45d0d69bb891a3c642ed8dc51680f97f403367cfbd25e08220dbe70320da071f48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0942f30faafc2d49af3670609c12e979 |
| SHA1 | 970be5b11dada9c2854ef51ebaaddfca94846333 |
| SHA256 | 531603eb40fd42d6b64dd40f871db2b2e3b49bd6e2a2276bed23d3f998b1caa9 |
| SHA512 | 33ac3e55e7ba6f99bbfb2aff07085759b560f23aab42208848817df92eb9ef0ff29e0d28f0789f60162371318e72016b6f71afe1505a0e7d83a44dc79fe2c301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b92abdf046a93066f6e4267c2131e8cc |
| SHA1 | 703b2117c78f737024668f0d8026a881359e2c0c |
| SHA256 | 42364e1f48080195bf13202af511951d1470ac90efdb06c612f7f71e6bdb2743 |
| SHA512 | 4a0bb6d59d3bf2ad15ea1f3170c3f2694cc0d86c3cde68883a5dae652c6da49e5f97220de8682107493903be42254808651c37329be61d6e989b680d3140afaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d75f025921face5953af70de94487c6d |
| SHA1 | 9f0a71ebc445c9a8e239d932722f1cf22f1b7833 |
| SHA256 | 37b03f8c9676270d4995c22c776efa5816af706131e4bf7ad41b0e6d524adf4c |
| SHA512 | 039bef1a76895af116e5aaba0fc7025f79c430dfcc88da676545b51ee975ca1f6d9212e78beb66579cf6cdde9dfde9d9cb8b49921bc2b4aa4b6b236314051f93 |