Analysis Overview
SHA256
54e9d0d79d63aa5e322dc0b82f7b2c8d1445794fd17c118ab4fb11453971b013
Threat Level: No (potentially) malicious behavior was detected
The file a4a4f29491bd927a948ba3d0395c6546_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win7-20240221-en
Max time kernel
138s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429381" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{628E0811-295F-11EF-A34E-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e10842a5b56a4843ab85d85a6a8930c200000000020000000000106600000001000020000000ae323aa66cd00eee36d49ce75fc6a9754d7e490eee67d2d6400f1625db4908ee000000000e8000000002000020000000290576ad633523341d37eab31d3eba3955e3a1052061c7df7ba2eee49c0c9cf59000000014a7e2f648acf7c5f69b47ecac0197e28a2a7f3d4ad9f6bd18393d1b867588f0967ea8bd8cb6fd20555e451f08b50d6effe69ed6f7e24a4d9dc65a06821a97b33d647cf960cfec5713bc747318c30ea675aee0cd9738262187c1b911462dfcae9123377e29167c7e027dd55ef2bafd16a0d941111001aa675f33b925204894bfa45faa5da43e9b78d4ea09d186fb0c6440000000964ef8dd0075f5841f4ea1c496f496396634b48e1279b7513020fab50bcb7bf4e270dffa6d8fc4b1f1bd3af53da6b1b91cd145c27e20f1d95c3795625a775e4d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e10842a5b56a4843ab85d85a6a8930c20000000002000000000010660000000100002000000093b9481dbd85f3e7c2c9c877ed958051c39d295c26b58239151553c9cff476d7000000000e8000000002000020000000a4fcc014d5340bb81e67e0f4d818205bc07849dc197150cc9e2fa93cb45995a12000000014d953a7a29b94000a151070b1b02b99e413159fff16de2a12bb89ee8de0599040000000132c552dc8b04d1df4a2ce8e16138db4d40a8210b8b4823ed143a9ca0727eb01312c9ecd5265c1a857759728d4696c22752344a458eeb9981b9e5451113b6237 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0789c376cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a4f29491bd927a948ba3d0395c6546_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.macrospazio.it | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 199.59.243.226:80 | www.macrospazio.it | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\wp-emoji-release.min[1].js
| MD5 | 4d638ce4dd9b9b12c52ae8318827515f |
| SHA1 | e1c26c6becd9b44711fb85b64ae66df54aba1891 |
| SHA256 | 78feb6ec409aa8ce11bbc8890f01f95c48363a872f87e7c518c872155530211c |
| SHA512 | 4bcde825eec97e1ec76a34bdf31930f5e2a938a2c265e88bbbbc1b80d9b45a43f010fdfa00c49b42d347d13b01e8e0bb9ea75faee624162890627c818fe7b545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7794d49f0f57ed02cd135c4dd8697bfe |
| SHA1 | 5e7de0a278eb984aa69e4d118a24813ced9979b1 |
| SHA256 | 963564d65064243b9cbfcd7fbc4dccd4baa8c3d658d09fac9bbc02fd6da32a69 |
| SHA512 | 6832e9db12968f45888368753e4874d7613c11018d0468cee3f98ac48e3b35dd8120ed9c07ceafa2569b46ddf22a813c0277892c8d2da125e9c87cbb8eb05529 |
C:\Users\Admin\AppData\Local\Temp\Tar478F.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab478E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar489E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 529a4e1af655da38c44176768ceeb412 |
| SHA1 | 59a0c193b768997d6f7cb7c4095d75ff2ea81e37 |
| SHA256 | 2d97ff747059c273b51477ce619ad25172447606d70f16adac28f75de84b0d8c |
| SHA512 | a4745b4f40a8648e35a9bc4d7dacdd1fcee24e05215cd8f26c5975818f1ef6b34742b2c11339e56e5df13fe253d1130790ebbe6318ae6d077409d83fa6d805aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76fb2f496efba2d7e1714ad86d60f434 |
| SHA1 | afef670b0843b61fbe235117c786f1c70b983f0c |
| SHA256 | b325a62839ae9029d45204cc86709a97c9515e63e839bf1bb9846e00059e0a84 |
| SHA512 | 84d8051d0417fd30650436209ac021433ffd6b6c562bff8d33e30bbee9b5e961e475122dea2b8efae5db69232ec79bfe9559d621937f7378713a554b5caaaa02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 680e7ac6bdbc47ba15fa36967d5722ab |
| SHA1 | 683a201d4f4cfb696e19301edc044b3311dbe4da |
| SHA256 | 0f178848f5854d255cf8c7b30032f0ee281c87cf22c29dbed5ee6be7761fb654 |
| SHA512 | ad295d279dc514e2c2adfc87c54fd5730c8a17430c5871c5c6a627e4cf6ee5adeadceebf66ffaccb9af2f59e18ed6571b2e52ac757b2480d5fed95385145f183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ce9a16454b55f1298317d857af8e157 |
| SHA1 | 55154e330af1dcb06f5e6aeb15a332aa64f0fec8 |
| SHA256 | 318029554774bdcf83d59aa7bb6c0c282113ce6bc48f4a1d17452e7cf1a783a4 |
| SHA512 | c8a9d7fd4df67c7e2d4ef9d756c7310115c93310c970299dcf50e744be3ef13e7c6344729b3a0e74212eb4f302a5f54ae406ba830ad514e2ec3d2f57f0d8cd49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecae77da9830d924beeee98ca503cb43 |
| SHA1 | f6443ea25d0d375fccb842c850cf2924ad5463a4 |
| SHA256 | c5ca69bdcc42937b3d168aacef46dad940379162ee55fdb8addd9a211d3491a0 |
| SHA512 | 81638da5903b42051704becbd798bb7fae68cca82d4292e2a8a25fd78b38497bac8e5654981651c63e30234aaef313ce2bfad84b379ba8815e009f1522d23609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e95e09485671c4e746368dd2877722a0 |
| SHA1 | a2cf57c60eaad1d1bf1725a3ed0cabd8ce780c2c |
| SHA256 | 251c0e87f90ad0f933eafc1e7e9fa390bf2ec99385bbd67eca4ceb78c3e66df1 |
| SHA512 | da6876a3bb9e8214f8066175da3ad84d16af3eed2d6b758f64f6656808a74295ff65a30bbb609911e14a9c79546a1ce4344cdfb0502312a7d595387f12f84ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5821338a7c6869186d38bba57fcc2fcd |
| SHA1 | 91bc06702c09bb7edddad1d0a2043e0930553b4e |
| SHA256 | b28ff72ea4002daeb9aab499ce42baa4aa3f12f46a2b21aab5f4e8fda3f55695 |
| SHA512 | b6644ca1939913d04b2e29a21b955b0a1c04fe55344efc5a8f5ab71edce6df7c7b0ffce340e85e4b1ba739c65b54a76a9c0b9a4fba9f7878f9d96683a724b0e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc503141ac241653edb4c496cee0d127 |
| SHA1 | 86f9d0149a40454a34233e77c87da3196e8f52e5 |
| SHA256 | 2a424ec718e86a92c586e514b835ef4c2ffd715759f3012aff13c94408fde0fe |
| SHA512 | 096968747d49e108006f9ecd32d8dd0e6638d335c06fd293b7a396d290c3461760255ff4aa2ebabf25b2530fac4db215238e03797368a506c994f582f35aede8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3766534e6b0401180b1d2133fe3963b1 |
| SHA1 | c76899194337dbb59fc0ad16085288fbba04f0bf |
| SHA256 | d2f7c625951e3b45bb0499c6b1e1599f48c7457ebb085a8fefa87b6c98d46435 |
| SHA512 | f297c4fe123ed347736f2b461ee23fd447c6074920421f5baf1b42e2cf8ec84a4ad9a5b313f75844a963bf0edfb19e24e544abac159a7de591dabb7f1787f131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71948e4ec88ed218e0a4bf14b2b075ee |
| SHA1 | 141f7c4c2f7a0e3d21205b5677cf8ff0054296d3 |
| SHA256 | 509210347ec48eaaf494731f97368cc47674aa9ccf87c77c7c25316ac98824ca |
| SHA512 | 1455733fbbfff97a5fb8db2123028f49c38d14ddf3f8d887e2dcd9e1a862608e22a493fe52ee81cbdf80bc6af27544901f3e4bc2f3eb7d89bde2be15352ebc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ee3c90b3f56934237a6b2154b297855 |
| SHA1 | e020e24d9635541a00c5dbe431af97cca01c8abc |
| SHA256 | 46ab96f0b5719670d9091e01d05f08c2d6c6fdd2b88900ed716445db159f7aef |
| SHA512 | cf3bd8173d87baf0066274f91103ffcae72b1691aa6855ca09185d14530a716d5aef7e0fb7278119514bf1dcbfbb1e69e57f640ee13802ebb71b0ce85bd08902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bdad94aa3cad336665a1f99711d79510 |
| SHA1 | 16a5de9c280b6c2cba9f9cbb993bad386949208f |
| SHA256 | 5987e33181886dbe5a0e0b19477ab88ecee71dc41de5366bae34da855f0efe64 |
| SHA512 | 3bc7c79c69b7b1f468d6f524e045ca86f408fbeeaebdd2fb4d635dae28e6334df3ebe41f4b72949bbe9ace5520409691a9cccce655e8a79c0f0aeca89ed3108c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5daf840a86fe9c0011462ec270f9792 |
| SHA1 | dabdbd0649b6e707620af155a272f19a2bafeea7 |
| SHA256 | 922f538519ffd352179b3c160dbd8e0fa9da71afaa8345c9cef3dd1beb5c9243 |
| SHA512 | b4633d41e5ef9b8b1dfb81c44106510f13bb9e7503469008bf976a80b87e3f6b17a36b5a413c2c2d0c402f186c77db11e38046224b7b0c9fdcf75cc426f40d0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e577af34931bceab06152610ed778c3 |
| SHA1 | 24937ce1bebcec912193421be2f0cf1e93fbf49f |
| SHA256 | c2f823b1b3b04447407db522bc3ce8b51764e06f3c9a1435ac55babf5d02f387 |
| SHA512 | c004dbe781282e73810d8ad1b322e6d67eee7ac6dec3d92fd40aa112ec4ca3e4dd40aed5c4c85dd0db6618b7af3f4faaa8ab1ddbdbbab620e2ee8b9dee6379e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63eda16e187ec4e2862169af433f2299 |
| SHA1 | a4dc7f40bc88bb0cac59b05970ed515fea452190 |
| SHA256 | 146ca8e32ad21c7232215ec615974c8971a8cf152ae75e3e4dd464fcff63ef7d |
| SHA512 | 5f99d6e31bf40a8e5fd52a2cb26e75bff23aa5a1c68cc1260c8b5232ffa0fe7f483d1800375a24e262fd412bd40fa778e82d35ce32c3b0e1abf223fb5008b101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d77d5cfd7857445f30fe5c797b94f1fb |
| SHA1 | dbd7393a98fcdbe4783e14fab5a1626982334e37 |
| SHA256 | 7454dc84e877d60226bc18f508448157b142bc79349a66884f06fb51086cfe65 |
| SHA512 | 8cfcd0231ce200bf62fbe6eca71ff885b7b091c7701d78f23a40941e37a3f5e4e01d0c4423314d1a5959526906e362fe367e42c31ecaa61165b40dc5a6afc066 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa390f35de547b5e2d5ada8c6ff965a |
| SHA1 | acc086dd7e4a343c00a1f37027c91c4eb123ff0e |
| SHA256 | 4905daa57cc35f3548d4c2bff51025710d680553e4dec061b1cad7ffba120f0d |
| SHA512 | fa681488a68c85acb531587a06c7a38e2319b9ae21d77d0ad6e3a2fea59200531db5de8a281c6264796df59858dd28a44d26a6a562851e0e86c83b3ce74f207e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e5eba59b457d9b0af79fa8b6886793 |
| SHA1 | 255d64720926aa24ced4754aba388b7faca4d34e |
| SHA256 | 4e83fdf367f886ee54ff6f4a6e04de2692aa75016a7743c58bc345303536e550 |
| SHA512 | bb125a76094a02c5c6ceb6c0c726ad5cf9fe94b58e44fe65cc91b0eed5fe9502c8d132504b72e5296b6c31dd3c184d026fffbfd32bb62d8c6c6399b4bb2155d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | cb49f7945c2a37a9bf34cc6659b8b3f9 |
| SHA1 | 432594fb017ed2d602e5d2af30f4978e730de88e |
| SHA256 | 5a5d5890722880fbb41f3b3c7f1416dc63a2307c584f5e9864f4e00bae4a6505 |
| SHA512 | 644b8b9995e2c7006baa1f012760ca89e5bf9cf890b656251dd8a02792c5a7e91c2517ead9709cf753e0c22de7c342afc49bb3e29200c101be8c92816c0f8383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 609877ce8c8474da7dc786305da86fe3 |
| SHA1 | 0d80150cc014954590dc23a8de88fea7b54dd0e4 |
| SHA256 | a06c3b510d9400aee12de6d904f5007f64d962ba750782ff84ccf5a583398757 |
| SHA512 | 53dbe0049cabaf660419b1c6381fd116f9346978c1302ca161a02ffbb203162e1c33b6cc9fc8c839a38d4eecf6ef4e0fd048c3105e07a19ca2869d0d0508a0d7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a4f29491bd927a948ba3d0395c6546_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8c646f8,0x7ffbf8c64708,0x7ffbf8c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10157203526323515268,13055336573723900862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.macrospazio.it | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.macrospazio.it | udp |
| US | 8.8.8.8:53 | www.macrospazio.it | udp |
| US | 52.111.227.11:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4912_FSMTLTGBRVTLUJYY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd54a6d86df21b7560d99389779f3bef |
| SHA1 | ab9b518e831e9bd4eeef8deafe000a7c8ee1024c |
| SHA256 | 7d6d5e21bbbcb455d3063b003a62b6a1680b8e4ec4d8d97614548ba47c387ee5 |
| SHA512 | 88e2b47bbf57e6e6b615f805855921381f84027b51e03a2f9bdd0cb4d58311840c837b7f78ef11e96c22faabd7326229b42569beec599e949fe04f97541627ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 456b84b11278142faa699264d131a248 |
| SHA1 | b15056adcb2665c627790d379e974ca7c87a89b5 |
| SHA256 | d174e4e8f22f2b8cc33db001111c6218eded9b0a4b0ca3c38145fc1037e49e30 |
| SHA512 | 1e10ab08cb94f0add9a28b23b02fc9177f6bf8662d9f56632ead37e0a603cbcd2b207e825728b917f02091eff93d3352b7bc40b8f59bf55a4207b92bac6b0faa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ce2bd91046898d1a60b18f3e976605a |
| SHA1 | eee290b636f66bd30c0b0eb6bad27589d72804ac |
| SHA256 | b5b649fd3d692fca52c5c9f6f94ce9f44f8cb63213e16e9d7e355331d3494426 |
| SHA512 | 72128612dd01de9e0e438a7d2eaeb113d71670a4640abfcc5eb8512e89e12ad82d95dd966d1871dc4d05bf0e9ff5d353e052e116b46f7dd3b5652ec671ec5b66 |