Analysis Overview
SHA256
b5d84ffe3cb7ee413743cf59582c14282b878a8990a34272cb09a66532e80750
Threat Level: No (potentially) malicious behavior was detected
The file a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:52
Platform
win7-20240611-en
Max time kernel
140s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c2fda26f8f47c6566ac6fc52710e95f88669bd9cd7a29e2cc72dbb7b4937acd9000000000e80000000020000200000009df38fd704d2ada391f8f5468ccbb30049e58324d5e98f02c7eabb5ff377764a200000000cb4c1785fd262867d619947fffeca8e34287814f37178cd877317b75bcdb7464000000019f02320848daf5c3eceaf70371949406c4d242515210ca5289b86bb382ea5380facee74f74b830225af69bb0d78b42d5ba0a0003e3a9d90694f7f16bb521355 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000009fab06c5aeebd70cf700eee1b380f4018df7cad336672cee233c83e18f5e37ce000000000e800000000200002000000025220e1ceb35a4e5bcebfcd5b090b69f490c6d41485538ca34e2a0a4815a3f31900000009a566f5874d39010c414fafc3e6c4ddaec263640f35f70ce251bba0fc3a85a061ca2fb8e219a855c7513354409bb252eefb0048b40452b8e3b9d1e2bb8155e9af7192e5588e390673b4d32b09a425c5179638c530fc8e2094e05558e6973a3a738aa2c920ed24548fdff5e353ad61af552b915234db0b01b22e0cfc26602f1580d3dc96af4f2d8e3e70555c6ef30418040000000028b356f54f4571867613036a77c75812590a92ac75299c0ddd7617dc5968387254616759364db4031abb9e6a63da71f0e4da4f9ba2ab0c87c4674aa40d6da15 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52E0DFE1-296A-11EF-AFF9-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602aff2877bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434078" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2300 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2300 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fpbagrag-sek5-1.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | rkgreany-sek5-1.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | snprobbx.pbz.r.de.a2ip.ru | udp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 172.67.132.184:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\xhGyXplzVmd[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aca6986641785485ec3ceb13db157db |
| SHA1 | 8a051be00f52cf535729485cfcb4680f1975c3e3 |
| SHA256 | 3ec1b52bec85ab4e55f4c1ca6243c8e411d9e896a59ea2783dba5860a13e35ca |
| SHA512 | 82fc9f0e6b39160f571c2aad9155bc6a8a1f0c21f91bd99e3e567ad47834f8e577643b2e286877f620e377e5179a5a56d3842b588820f0c541cf865c563125f4 |
C:\Users\Admin\AppData\Local\Temp\Cab365F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3660.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87ccdac5d50cf3623103a4dd4a35f2af |
| SHA1 | 3b66329afff1aabfb6a0cc2c49dd0af3e4cd338f |
| SHA256 | 3939a187280fa4bb4064f4aa9172e03eab7a0dadf177fe9e3598fe5bb4061d94 |
| SHA512 | 2558df072bff3d2b37ec6b7f6580336ede0eb0f11032d1f5ee2499bd9a215981b5e6c22264277287e902b321c412cf5b6078c1f14fac3c79f57149fa65a3c132 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ed3dd69fd0ab5402d4c207cb40a7a08 |
| SHA1 | 83e35dd08f01dd27e040e7e672f63021fa86d12b |
| SHA256 | b3257d61330dbac8091339d3555e6d75fc1fef470740b944183b4a2afeefd764 |
| SHA512 | d4efa2589ec45e7e5ed21720f8d23b7e6361441ae8ee5f8f781980c8ba53bbae79bef54fa7c4147b771cda30b4c214cb8388933b8e90f25c8720d94fb66e2e31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f095a00b78fc3a33d75f32ff0094dae |
| SHA1 | eb3b22b2acb68d97ea9fa717ee2aa88ae11b6d58 |
| SHA256 | 2f09afe33004528421ffb03efa01238da0eedd2e7b94297afaa948541dfd2828 |
| SHA512 | e7f2c5e72c1c55bf2992357e8ffcd00d427c7091044df478ed0e9e5923aebe901f2848f13d000e377834382ccbc0fbb788cbf1e6e4d6b316355697487f515ea7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecf24048a21e5c9cc5a4d087981f6cb9 |
| SHA1 | cbd779103f5a788fba589deb448e188623ad0f3e |
| SHA256 | c3f893957e83af0763029ae73f76351b09304166c864e8d5a1adaf0910a9e89d |
| SHA512 | 8361bb3cb92d15db16b155d318b75bcca72dc564caed084186b67de03c235c0311adce04f76937dcabd4815b9af06c4a376f4a4a00ce3bca90c3ec03035da23c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9cf8823584493e529ffeeaede4d4642 |
| SHA1 | 6e719f55a8ec447fbcc08d5f9650b6a311721374 |
| SHA256 | f305593527eed8253f8b24e348fdf17da71839f526cb1356ec29131bf2b662da |
| SHA512 | 86984eb67d6a443c838ebcdef3f81eb5fe0dd3fb826fe696123924665ffd2a529a6fdc63789c965557df00d6afa31dc0d3f99ce866377a8892df2665852f9f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea07a27337130210963ae56abf7cce38 |
| SHA1 | 0cd8c14d1c478a7a55244c2dbfb5ef8d3a283629 |
| SHA256 | 08926be7f29ea12a8121fac237a8145c8b428de27a279036ef86491f15874cf8 |
| SHA512 | 1fd9297c3491022ca6e15b8cb7a1c6240386edbf8deaba7a1a2e9e7e4f08a1a20977e76827068c0e8583461b6c35a0645973dd82cbbe415526b65fbe392c88bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 078243e0ff56ac977ee0b97b8988afb3 |
| SHA1 | 0a0757440a4be53bbb276c4a09785f414b80ea17 |
| SHA256 | 8ba91537566a2c2d12f87e3c9644a5e64f749a6b496ec62f882d5ac1a2a147fe |
| SHA512 | 35e43a81d507b499aa36f160e5bf763b8b8d5521a2da3640f91f036d932d08f3d4b2a99e7c10345577f158c0ded30bf359e12a6c53ab2823c91b8808e5ca4b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bd45369d8c1f29b5fd05d9afa9f11f6 |
| SHA1 | ff1c9ea89126f9a748cbc566af017190d2a150d4 |
| SHA256 | a5914363e5f47d7b81dc81c7ea3447be553e28ac955b5ec5c18012a2c51fc9e5 |
| SHA512 | d667d1a29de4e997d8f1464591fd935836594348a1ba250a57149fdc2924ef522715da32350a8cd81c6632b4d6860c8720200dbfed756449f54804c488c869cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41566b7c2ecb22110a39171db5577b4 |
| SHA1 | ecb06559399eca9ed52cad245f672493ce4bacda |
| SHA256 | 8c21c0be7fdfc3ee3bced6ac8d181c6319b48fbb016af092e05ab0e1c8a3940d |
| SHA512 | cb8bb2b2066d1e3f5ca69a358f865bf10343fbb38a950f7e5efbe346a870aa62f6e92b5a269a4e7d7258027fd5d40e268d550fc7b1372f15a12ef3e26301e90a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3f9929a64eb2434843828781e368d2b |
| SHA1 | 6e9b48fa08ce0fba6deeca0142b5377a62f26278 |
| SHA256 | 6d60429b3fc79e64e0385702db9cde4463b88a606d43bdf66e2c812f47c8587e |
| SHA512 | 659323f717ffc4f5cb8023c01ba74d7aa9d7784d85ddd9353a89a55131df7f34fbf99684af3976c098ed06b6472a48410898952f3d50d43cd63f1951d0ec92a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a68f13c62b8c3afd7577704deccd0421 |
| SHA1 | 384d90694394ce7e7b01c267e84cf1059ebe6947 |
| SHA256 | 2b038fc5234ee547b999b43242b3c5a96ea2a161c564dff9e6043f9b520498e3 |
| SHA512 | 955af30fb7bbf5390e5c27d956e6bdf603f4e71911b5243c5b50cc0a342d4f57a8730b87e92fc424e272292c86b05e25c8ba692162cf5383376ef36020eb33b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cfd600f12628daea30a39c4b0e33a37 |
| SHA1 | 375e3eee0f6142d3f93595441172556408636d87 |
| SHA256 | 401648e6f6c01307b1c03a3550bd1151c90cb15c14b0b96352a51427e35d1a17 |
| SHA512 | d922431aa84353b726815dacac284bd74686add39c58ff7b96d47eb70e6c1ac2e3a63ca70c23371d794f020a13089f2b8cd448f35b75a8c2e297986ff02141c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a81326070129923422f3ebe5d6d9e4 |
| SHA1 | 5b5dd84a66bf5a2063dbcf7e47f3b75f3d29cf56 |
| SHA256 | 9f5f5472917b7b2a0d765f0771242bf119715babdf0e07166c8db86109bdedbf |
| SHA512 | 76886dfdbb2cbb3347799257c2e9b2119c585b199c433907bef1d8766a8109eaaf60ea908e99b3a9f1adc23727990e31c09f4cbe49ef0947d1905e9a269418a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2f03f9d87258671cf7a28010b689d20 |
| SHA1 | d2536c576a785b846a60410864a745e0a8d541ec |
| SHA256 | e29d3a2643e2d77c1ae94d9983b4b224c3f884267b80c4a84a3690c1ecb097a8 |
| SHA512 | 143f48723371086936c938e6d1ef6628ab78ae7c45a87f40fb8f4281e6f0aa865220684646874e25d71a2f340f0a95c891217a030b83243fbd4e805b55a4930d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f5713ec28725a9080e301bc4db2e2b |
| SHA1 | 793255bf950b3c424f2222364a4eb8a3ddb131f5 |
| SHA256 | 38e1d38a01b6039c2a27e9f00bb7305628eb1b7d116a093263ff181f59318183 |
| SHA512 | cf05afdbd4dee7a23f7583ab1d932c67549931bf59816604badbcee05a1693b341f1f6f28df4311cb07694e215fad59fb1e5ea14ecdc6b41cba5ddca26330d24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 102832a94a6b6dbb9045e2ad57196aa1 |
| SHA1 | 190bf3d67eae0a4d3ba4a589efcb72fd4d79fc78 |
| SHA256 | 323b83686141963f1b6900a9b57828dfd8ad6d2d674db3122e38ed331bed17c1 |
| SHA512 | dfe753dea90bcb8146cd1024c8798cf26d30b907b545574d6e180c66e4346ec384059293c638febbae29b1a83c9978aef3010271e4451efd5f3fcbd3e409f80f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ecc2d37b11cb240acb2f9142f03d691 |
| SHA1 | f4357de6a9e3b55ad37fd80257951dd070665dff |
| SHA256 | 207a0c4a5974dfe86cceb9deb2700d8018b0e36c536ba227fd74c93358179258 |
| SHA512 | 3c1275ad1fc79ffe3e910bff42996d043143734586a638db149d1e311a400f6fb05e061b9979a04adf07bcf34b4869a44fcdb2cb9da18d666ae1d6f9af29b4fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c057cfa78bd26ecec90999b9975a74f1 |
| SHA1 | 97467d2c3e58c36d515db0832ccc2709cc09d876 |
| SHA256 | 2ec645296dc43caf353990826f2f0c37c482c01a47b691f7921a6678d638082e |
| SHA512 | 76bfce8d5076655666b637ad759aa905cd5ae89bc5c378690066e575f11e68b76eef1709bed6ea2ce752d7c42a1f4fd49dba2ac6523c85d461cebbd877beca7a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:52
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
129s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4376 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | de.a2ip.ru | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2492_PEJMMKIMZAHINPYS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a92852b1c52e63ad6900843fca109f2a |
| SHA1 | bbfd9b57e4c52e82760009d507087f520f39f730 |
| SHA256 | d3c330ef0a06ffa2a5c24f7bd50390f296caf6be2518363ee23d7406969a05b2 |
| SHA512 | 7278c8c187ca10d5a03d1387d10a3ca0677b42ad9a75573ef3e5befaf4f072ef872e1d31045d0646b5c8e6ff5222847746a7257dc45890421c4331b6b26bae12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 84597e48596840d551dbe880601c50e4 |
| SHA1 | 2860d4eda95491fe54977a0ecec5047c21f55dee |
| SHA256 | 167b267291f5695094ab8e9349675f250e761c95a27b3993bb3e8818597a08e9 |
| SHA512 | f55c60a908799cac40deff39bf291bef070416428f13e6e976ace12f384f2a6a94d96d41283d9eccf3cd73e76dd6fe1237e0a3f488d36e3bfb71d133ba64d5f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82f672640ed39f29e8c13ea9a0d4de39 |
| SHA1 | 919c628c0a785cd992a80fa0367a3634911bcf7a |
| SHA256 | 0f8b9ebd08d16a7d81c5a5824696fe2a80c18962af493546327d2137c2479674 |
| SHA512 | 3d09cb3d1783a559e1a8bfc04d0aa88f877e21bb2d585da0a6de9868955545c61d025c65d9503028db6037755460ac9a74ef0994d5a3b68cc324ca33dd40ff7b |