Analysis Overview
SHA256
488b6d6b56769aec9b81a30e49b5cf1953737eb143f4282afa298bb9690857a3
Threat Level: No (potentially) malicious behavior was detected
The file a4eef2cd71df72b999fc6f96bc6dd997_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a8922477bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E72E701-296A-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434072" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b0551af013ef5c52bbeb0bb1c0dea62e7e40b65c5ec3d45a9eaf3321e653ecc9000000000e8000000002000020000000afd5b823d290d2e8039a88b1e22f0f170c7841ef7921febc067a5d5d975b7537200000000bfff94a4c9ccc7fd9d55e96e54acaa056f1c587acfe65b8595258be93f1c0694000000051d15e8cde7a609a880d583f6446fedec094ebeedc965063db52851dbbde70589dd0c200ee16681273e15494f6a2b31ed163e25350bdc4a47d38a4f8cb02defa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005cce17ae2af0d6f3d9fd68aa7e0195f1602815172083c242843710f0f6d46dd7000000000e8000000002000020000000a205e621bc1e0ae1f70800f2d4cb63db1a68c27056f6e117c2ecd9487618a976900000004d9ed2ba53501f2a321bdeada9b03af2d00123ff3ba88f4c644a8f8138245ce667e6a05ce6e7be2eb0f530e87a8e2e8f97b16d12b597d9d5a97550e780153e469fb54bf46c1f8661c0dd88b3e768ace425aa786fe5d074e33ab5593e1d1d17883867de6eb5d3817d582cadab2bf3152781e21d019ccb4412b9e463261f5e72669db3d9c80fd492058f52a5241b0cf0b840000000447c8002b97097cd433f1aab5d74aec98923ff74b2f28585fc127f4a611faaf65e74872cfcb9829f6a1a8c21369a6f55c1e991819739bdce949671527b521684 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2072 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eef2cd71df72b999fc6f96bc6dd997_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | clubsmaniak.ru | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 29c7ec8249cf1320edf9d76bae280d0b |
| SHA1 | 5176eb9a60cd2c49157911ae9920eb759b57837e |
| SHA256 | b988e237147ab5616142832a3be53a6fdab87698dfd1784a3191761f37c178a3 |
| SHA512 | 71d7c428e50e95f24e9968c3c9d0fd185c324d51779493e0ead5ed47d598ff21290f98319e0cb37a4f5647feef0266813d8f4010580d4ae21633fd8b8979ed10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db5bc4a4b1cf15757aecb1c92762a7c |
| SHA1 | 5aa5d9d7346a31c39fa330a4a39984bfdf0ad3d4 |
| SHA256 | aecfe97bbb16833ee4b6fbc899d5ab55290eebe7f4df68e2282b6728d48b7101 |
| SHA512 | 2e4c9979001b0036e89e6af28a61626d2a38d2b68539a0662c3a23bce61d3661011861b1e4db08aefaceb73691b1f5e28179c8dcab8609e4dc708e3743a24c28 |
C:\Users\Admin\AppData\Local\Temp\Cab7B39.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7B4C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b698740017f313cfec35b8078b64c13 |
| SHA1 | b0f3a480d4dca60d1c395254921351df8f31905c |
| SHA256 | d2f5902de137b94dc986eb3191acd1195688225f59112dc3b6f1431f6730c6c2 |
| SHA512 | f052d67fa9c687c886e9845c0228f61900b1c4a65dc113ae8c4c957e73f3e2260fbaad656ec5601fa8aa7478786f8089d9658845cb87b836c2cfb3884cc4ed3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 211a470a342820b8fb194ce88d8a97c5 |
| SHA1 | 19e1fd397c8e678ec53e8539223c861ea279ea61 |
| SHA256 | 553aa50ad7d166be38725f8d62a0387eee37b1cd2fb3805a05837ba8a3bb23c3 |
| SHA512 | d0fbb4c0b073098b12d8f969bea5238d41e582b30b98867152b963c19ddeb938c50a1b8e14e2e9bba3399d4175bbcc9a7a3b52b5086d0ce382aad4d380a1e612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94dc1417781cbd6a69b5d23ae96debd0 |
| SHA1 | 4f578884d6cc395ccf1e28150c78f953bd82bfd5 |
| SHA256 | d286e91ed1261c64aefe674645f2f880f9ce95ac19ee4c993c15304183edba45 |
| SHA512 | 037ce842351c61ff6708a5a72898a6989e98d621aa6d8ee5b25fe2384a93401cee2afadbc0467641c5b9465e5132759f395e823bec4269fe2725ac7654cd2dde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 125e9020e9492607b0d32f57b140dd30 |
| SHA1 | 96cd7f5e47f40afc6a4335614f514ce90ff779f7 |
| SHA256 | 6b0883d5be3baefbc51773ba06ee436d658f8f06de533528e946ac7b4f717834 |
| SHA512 | d5e624375e40c923f73604640ebe0a050b7e610b0da1df7702d7b1ef1385c3228f098c665b077f6d5e6937effab89c6746a8ce9312ad67176b71373a9d859075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20ec5c5d08d878d6a2a0cdc7abf1abc3 |
| SHA1 | 72108b898f9448f48f2a687a0924394534f844f9 |
| SHA256 | 6e8c6554553974bab22fd37efe82fa8cc489c2a0f7fa8dbeebbf2b6a507a63a6 |
| SHA512 | aa519848e8c67999abffe84c5380e875a52efba1121a0545735e192406e2f739b9073989e5ae37258f2f368850ec198068e388e98b2b488b5ea46c1a4fe4cef6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 054ffe52eebe6ffceaecbd4cb06a2ca9 |
| SHA1 | adec31d9416e9ba5c991dd385ff0c861e402f314 |
| SHA256 | 63e1ee5ee800369b8e00a3f3e2b6cbe9bb48528cdb1306420be176fa39fe1252 |
| SHA512 | d69178503cac962394f5d1900d64fc83c2a3f4c44f2ea7abd2a08d39e7d6e4b00effa4ed8deb6ce43663af7c449e1dbf6bf784a9b6088896ada9a996e850233f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a1e7795fb4fbdd5da158d354790fc66 |
| SHA1 | 18cda6fbd1d41a62e394c134df8aacf889185bf2 |
| SHA256 | 60127150156f0d26a78d516ed49195914a97ab2519b902430b34ba4a26dc8dbd |
| SHA512 | d86eb449b08bb6936788d3ab4f6c0e5935d9c42d26d773ef8812e63cefabaa6e84d15e589326ca42bb744f04ec644ed0d8c43c1f05cc58e5db774d07171bb5b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdc64a40075c2eea624b1ed5bd90d2ad |
| SHA1 | fb40c7be884710fa6f19e08d7e322b23d44fd7e7 |
| SHA256 | 79891c9a9e513aff05571e59dfcb6bdb6af3cfdcd260d67af46247bfc6afb76f |
| SHA512 | 49462f2a9921c91487ea662e97f06402d2b890d64028220b9e0d7b5277f9bbff27f3139f70a4743f9cb680dfde5379fdea5af57fa9bd25e906d850951fba28e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad90ff404c63af903a3526876f9c6203 |
| SHA1 | ffd0d82a9ced159aaea6aa2f62de02db48f8f169 |
| SHA256 | 0e7dfa7839b6b95c9455421ff1e2ae3845197646a9f69d29af512d2916a3ae1f |
| SHA512 | de6afb6e9422a2f010f121ed37f33d6adf034fb68c288117413ad16efa10bd1d045600101c2fd4d893eb5e3798086d6c3d68c1ba3f52b3167d3f9ecb40a844d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa7f3911cf18d7e3bed2d67ab490c688 |
| SHA1 | b6f6d0d7f0f0be8bf38cdd311cbcfacd10a84d70 |
| SHA256 | 7a42d5ca7b08da9caa496b4404a9a84a3ce5f1d1ba6cbcc1bc4d895e0de67912 |
| SHA512 | 22259451f357d14f34ee14e9d48a67f495a7db3f72caa4079044917b9f81d0c9c13299078ade9ea7227987b134b7ea1b16fcb4b0ee62456554518294987b7174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d127009966bd3590148817def88bc69 |
| SHA1 | 5e0c8720394252b047ca28758e3f6410c7f89b4c |
| SHA256 | 125bfd40de9bc8dad0d9d176a640f7d609714900cf6a9c4373bd05f4fe9d40a1 |
| SHA512 | b74e708fa695561cc9821d2e7d62a85ed93693d5f3a046a22abda64072889d58942d57b46f216f767f5b093535665fea726b9370c515c34425745cd8d408a321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3562cba73f5ac7caed831afbd1e7b9a9 |
| SHA1 | 7b4d371cc2bf47389d8d2f7f7c0e5a5dec825808 |
| SHA256 | 7eb3900fe9856664d6ca58c9375cc5c1723b67bdbfa34c80a3679bcf8248fc24 |
| SHA512 | 417148aaf6c717ecc9d62e3c00a701a41faa27a53578b13f15364ac241a556cc794b5841b8ecc881a9afb483c19072f06fa4623fbc8d36914ae8e3ca3b7ec9a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a8a3298512652077df9fd9c437dc7cb |
| SHA1 | 352c2fd818ee1938e5519e160dce3f5598867a26 |
| SHA256 | 6a03d32b1afaac1917487f59f6216785d6c44693f3a5f9aa65e0b94b2c99ecb3 |
| SHA512 | 7261422c683348df6937b7ba8fcc5c6dfcf5a30f3281cfada29e1a77cefd968e9c7f02491bd12bcee944cf04afd5fb554cf94e8da7f3db37ebefc3f0b6b5a5f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 324d8c9d2e0bf160b93ee2b27f474068 |
| SHA1 | cb9729836c95189857a1e5f3fc7d7428d297e77b |
| SHA256 | cd6c731f1c40c472283e6448d173adc5e3b6c27428f4860b49fb4665253853cf |
| SHA512 | 7a5f5a078eaa44fcd8346f43fcf6239a7c05c2965332cb8051eb9a9865516759f6c502bd9048bff8ade8da76b5a59ca3efd118bfaea63a7122bc71cf36eb3136 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 839f87a754cf9262272334d48d4cf52b |
| SHA1 | d87634e0cd86b481a5686e3755021ce425db0324 |
| SHA256 | a20cbcb4e2c52f8e0dcc94d0445eeaf69b7d4443a21cee8c5ce866640ff3cd60 |
| SHA512 | e7038fdbf347ec0059b1d01dd341120cbb5648ecced5a852dd136002e4cc0f9ccfa008131fdea45048c7d4f1eab2c178b2db3e585c317374aba96f0d1da0f180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36534b9a8337bd2e40a33737ab2a37cb |
| SHA1 | 615891d5c6d47d89d57c403a94816c0ab3440218 |
| SHA256 | 8f127b03e717d89c81646c18602de94248894fd830c32f183fc2cc974423bdf3 |
| SHA512 | 5df67df36c2153095d05fe72eff7a7af2921e11fca2a1f22bf97e998a19178970169c8ac04092802aca8702c0810cf6b0291815c279c3189aab861f9398b9b4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8aed6595280d4812a914f1bc33f33dc |
| SHA1 | 9eb4c18534943d17a6c56188014cdf90f31022ca |
| SHA256 | 6bab96f3fe342bec560fd98f6daa7beb8657e2e44d41faf3382b37e5652bf5dc |
| SHA512 | c7d13d68141f565f902661afd10170d33577cc6ff9152f6d1edc2b0ead2a55963b68343e6c26a693d848593e18fb2096a75230200e138a43938a0e9da45c8453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ccd3dd8ad24d3324c2e093cb94dda0e |
| SHA1 | be3e8b98bdbc32a1c52b9fd6d0e2a0d2def6ef82 |
| SHA256 | 42bf2a731214c7caa284087757a166551c097a3f4cc0cf78f1dee680ddf0228c |
| SHA512 | 4d756a886c9986736f70d87988f30c3e530594c10872f1ce689614f5a3feb678557bb171a09c1b31351de8f2ff6cf1f6045992ae8ee0f92ec1c0fb8c12a9cab6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eef2cd71df72b999fc6f96bc6dd997_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac76d46f8,0x7ffac76d4708,0x7ffac76d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10923735319028058493,12012400843361228155,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | clubsmaniak.ru | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.107.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_2012_WYNEUAUINGSGATGS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a2f7c236aae371fa8feef18b96c4d5c |
| SHA1 | 9843156407da1ae9e98e2f76dcef815d0116e0ab |
| SHA256 | 0843b42a1173516e476471ef91dd8205d637b1283b7dc57a78bd6de30a7d64e2 |
| SHA512 | 1a63a4c5a819d9b14186d5a511ed51b8b0533b723112b7eb7ea3842ced853c1bc8a58b3857fb7978f3ca24510961872ce775563269a232ddaf3faa8bf7443db6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7fc277b4e1ff553d794fb57a178f7ac2 |
| SHA1 | c03e932db23be010b2c3c5fd681f329417d3593b |
| SHA256 | 278cb61a211366351567c382e35e70eec791a158a45873667d9e24a1b876241c |
| SHA512 | e2a2e42ca5c272f2267ddb4c31aa297ff8c5aa792e2bc4353b7fcf149f690dd2c1d12f83c5b2d09aaecb3b40bd40129af60214e38fbc7cf8370e947676508d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f80ec11c893e75029d936c5d4794823 |
| SHA1 | f8b15ef856cf1a67515cd6e000ee98607fef62fb |
| SHA256 | 2e9cdf80f6a8fa5ec51829b1e9f0cd5a0685f43a50be5fde9f8673e29f8bfd2d |
| SHA512 | 3f7af229de12a9b858607b61130930c4808fe05565a9db0b3e4d9cbb87d5fd5044d35394dee011f99af3b38d16c37334ca9f724b7e958f99b26d1a49c1e951ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10800aad03c2517d3e19248cde8c1782 |
| SHA1 | 4abe948ee4533a5bc9b704bf18d6ac01d5f78c10 |
| SHA256 | 0ad648560256dcae4a520237abd7656b3323c821d718c00f20b89a6e65e96238 |
| SHA512 | 1d5c2fbc024122fa1c9f573ea263c2bcbb6e86fc33680d782fea16ed21abe080976b6a93e6ed00af54de0ece42872c3ab5267c81291f029dc80df8d755ee95d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a8d31e150b58961b975056a823553a9 |
| SHA1 | 26b609b5658fd8ab5681e6aa3b56f8644885dd5f |
| SHA256 | f72ca4b724939c98822e90d6abd9f29b60047bc585c81868eb50e128b34ae3d3 |
| SHA512 | f3f10027cc292d317e02ccca436acb5229b80516d28d19455a4db972fb8d199f72a9918e32d6a23a00d30bed56eebaf2b591e5ea40433cdf9cb662ad3beaee9b |