Analysis Overview
SHA256
a6a4ad516a3d6a0765f754dc1cb2082d8516e6a8cc9ccf92bab3c22748e0e123
Threat Level: No (potentially) malicious behavior was detected
The file a5f38f19a1d6a4579a9323e91603961d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:12
Platform
win7-20240611-en
Max time kernel
119s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f031ba669bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90CA5241-298E-11EF-A3C1-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004e7bad176c1eda03540ecab2a952da7ead32b63b614a07f2274994b7a2ccf9a0000000000e8000000002000020000000a156d2fc6a06f43a2b1499b4fa10d3b8cbc7e976739358aa514a4b26de7618b890000000fc052c1cb9d182417a827e780214083259f1eb49411706224baacfcee66970d8aea7c5e4e05aff2f8e4f326cecaa731901a79e1795b2a95275892c5d80c83fef98b9b0a6ada798dbc7ff64e31e20f9576c4225a970fa77e18edf4e8309c7ae1fcb76540e4202058c9fee9f249ba32272e4ac52e35172d99e5c22269d63944b90095f6c2b60fbeebcc9e1a4aea25bd6b0400000000856f8b1214cd8518cb16819d4f55a33a8c6172b207506d138405b64aca9ee4578dcaf7b72d9262dcb78db2f57b61af6bcdebe9c7ef6011196e6c10b155b9eff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000079167a2622056408abdf95fafeadbab2e593f6a39e8370a3a7f0fc16aedcc24a000000000e80000000020000200000006f2ce2118cea2c6de7836b5d4e768ba1f8813df9732bda330897ea00fef59e2820000000c4902221973d9d0ca20fd010c2ab764089e72ba2b46548f0430e9753481b14ce40000000daacd715e9f0e850b7f8bfd902bb35e17f6e6226ffec0c6c360d60a3202c9bfc8a03e8a977fc6e1c82e26d2a3e45297a195a1e8df0a9afb231f14e8d40c5aeee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449645" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2104 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f38f19a1d6a4579a9323e91603961d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | suftoajachi.com | udp |
| US | 8.8.8.8:53 | propeller-tracking.com | udp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| NL | 139.45.197.154:443 | suftoajachi.com | tcp |
| NL | 139.45.197.154:443 | suftoajachi.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec53cd70e07e9fe8bf40a92af03ddb3a |
| SHA1 | 2afcc8273584c1cdfcd52e5b14e95138d69b62f4 |
| SHA256 | e5663587310c401ed57bebc43f22c5370453d23a621ced352eca5630b93d50be |
| SHA512 | e657625b9be23defc381c27f1609f063ea702ad85e0d3c09b0fbfed02dc1cfab075b41859e80434bef765e70590b6f2f49cd6f015806d6a8818ecc114a3a6b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9522.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab951F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 058b94a8941470076fb9a33fe0e4a487 |
| SHA1 | 962f2052134b631f6c172851c768b944fa9ab12d |
| SHA256 | ba51f46fe18ad9b833bbf60fa3134c93ba6567b7742bb5cdba498c2cc4f2bf10 |
| SHA512 | a9786dff95e7893418c19033398794f3941f3f954b9f50dac2dc71f091d77190a6284ce735828d9161f37a5f6b90355b2479337a5bdfdce99081a9897cde944c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b75e86b9b04e1a7b370406c19e3ed6f |
| SHA1 | 2d9ed06821c6f62c0262c86b79ea9f6305a7f932 |
| SHA256 | 281a79a5cba52afe896248a3329ddf8ff12e4d4d557c4c1406aebf5a34096c7e |
| SHA512 | 15f8dc3299ff3df2d63855d9072aa2ef1f4f04765a30b9b28d58922367db7518573461629e029366a0d24d7ccf2ebaf670b2ad7dc482bf2b64ac08a0cc48fb97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f782c7acb08b2a2a97b57d967fd48fa5 |
| SHA1 | 8bd69576c3913c60a263d7d48535f6a61e0bb2a2 |
| SHA256 | 7218fb8eb2dadf4f83c6699186bb04719743b102109746aecf8f94210004d858 |
| SHA512 | 00184a44e7bb2e22295fec72228afe4997fc9943a412a2e63976fa4a049188f80ec08dd3185f659e0b42482752483a5924a8ca6362451ec9493bfa39f0a9520d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc70c747a8c2f391ab58a6cb4ee14eb |
| SHA1 | 470842f14370ce215176a1f8336b92e3db03f8dc |
| SHA256 | cad796319fdb8d25dd0080472ae54cc249a34324802add97addb2abb742ff94e |
| SHA512 | 4c6e8280327e30c3a9823f1e940ce96a2ba1dded0eda9ff75e52a9b74770e26f3daf71494167acef22ec0933bc01cd75e1434d428cf35c065cb189e05934167b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77fba92698b736407d6f808e682f2e2 |
| SHA1 | b871aea2b2941015b85b12f008763b93f573142b |
| SHA256 | de627bc1cbca48f221ad3e270968e2485a777285d4fb2f8d9beff86e0761680c |
| SHA512 | f4208fa7f3bd70c22fc4e978404addcf58fe616ed9001f399b8a95b48801de91564ede6ed7674e8da1bc7f9a73619791cf3ffb2e80591d211df7b765656443f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de00413edc748e222a93d675cd298953 |
| SHA1 | e4cf5676577613e3011d8b564bac2fc68d8a83c5 |
| SHA256 | b8258788f87b894abbb35d44f7e033ac7ea3dda3b8cb2f1b092391ef044bb08f |
| SHA512 | 72faa9b25159bf61bc256470777e3b2a2012150504aed670bc1c6aedb0e7077d232239493ca2bf298bf2e46034b7cebacdf0fb2749c29f1fbdba0f4a4af64982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6414eb013fff4d47d59b7fcea6c1fa71 |
| SHA1 | 8e20aa18570f933ad9addac0b6f78b0df5e270f1 |
| SHA256 | 8e74b1406778509078d2dbb60c77586bb3d21e13a1e53633246d4a4f707487ed |
| SHA512 | 0d0e94d36b2d87dc1130abaa7954b0d6e8280330a3dad9ea564c9cb65b4c2b0efd4ad1a25af2f0d6dab071753fcd0400cd5db218fa7ac5a97e6adecf0c9418eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91256b26a622bf67ab136ce092778cb0 |
| SHA1 | ff550d6bb807a6b0d4e42c217ab672dd6383a6a5 |
| SHA256 | b1a43e174731bb3a08d9892fd77948b8fdfad1c25ca0d60d6324e55175c55264 |
| SHA512 | 9a2e5f4e4cb5207be0c2fb9ed16c36c6cb4454cd92cce1f5bf35c16a0d299ac2fa303acbc2af8f7c2f2347beda734c05f7d5dbda10cb0635d928f05bb4abec2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a400c7277043d3f663a879eab7aecbd |
| SHA1 | a46db98ea0f9072f59456d45581de821b6c99fa4 |
| SHA256 | a685ff1be6194f675ae42f4bb7eff1c6232a0b27e6fecad39df36c76ca097ba1 |
| SHA512 | 4ac79d2e71d9942e6e5563a3250bbb119ee383188ddd6bafa2d03be354d14c1541821a2008f3ce745559472651b23ce1d722f1de599898bdb37e3eb275532a6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bde6b5a141bd2b04f9ec95e3bf01c1f |
| SHA1 | 4f32215774bffba3876cb6559c906ced4b269ea6 |
| SHA256 | 990b7cad412c5802c5e3184327d67cbb64ab9cf951d6bdc0815cbed03fa77efe |
| SHA512 | b51d27c745e315d81598d5b8b2d8c74fa69ba65fbf16623ba17612588813803ec31d80d1560d76fddbf9b8cef86abd72fc452b5d1851a5f37caf5875ceb753fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba2d3fc82854384dc34dd966fcc75ec4 |
| SHA1 | adb6f35bb54d8bab33f60e46cfd623e5a2b008df |
| SHA256 | ff5f17033069b47fc4b4a7c36f713fa248c8c12ec6629a5a33d8ccc061eebab8 |
| SHA512 | 944a69eae26a31ea31607fbcf8d1754cf8949f12c84ef53b5c2554550a89c46e528085c9c602acb7b82a28cd65dc1e8d8ddcb196225f31610bcfdae9c13e0eff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1799f87e00b0cb75d813b7442d40cc57 |
| SHA1 | 5c4999fb5e72d1472d0d82eb74a365983231352e |
| SHA256 | b33502414c2e721344b7b6c35bcd59482eeb379fded4f74463690ff948089467 |
| SHA512 | 8c33da96a03be251ba2cda3e4525a149351e552c1f57be9efdfb85a4ac259a73db1e423ac8401a28672ba66cbca091843f2e97dcd15692c6882f361d5f89c272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36dda631b1e6d5df4ba4617bbcd95434 |
| SHA1 | 44db10fa94bfa09cd20eadf113d2c7fd7e0201e2 |
| SHA256 | b38340f7ad96bb163edd48e5c7f52a8a3f51eb6d40321dd2e9d61fe04fc6b514 |
| SHA512 | 3e1c5c4011afd4e2c76aaea20ebcfdb79d50359055ad64c84b2a02c1f00f41e37c26c2286cadf1046fbc1ff8e96c4e353ff0a33b5cc1828c0c5e22d9480b0ff3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0958b7f3932a9dfb8f9dbc966f07e9d0 |
| SHA1 | e1763970c35ab6eb85b70942a21095d5719d9f44 |
| SHA256 | 3b17beaff24ea6da4a14e8f9296416be203fac726e548267a2521f4cab8edd1b |
| SHA512 | 7d437286a0032a2987d8dede5d92a145efdf84b8857e1f0cffebfca5c9f777e51c8f1baf515626778e05f42224d1be9ff2d43f63d90e72281a99dcf9fc8ee822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e857a63d57b07c5115cd9d6c272daa |
| SHA1 | 4a10a74946f2f9825a1a02f7e1a14e727b8bad54 |
| SHA256 | a6404e9dcd8144a6b5380a1bdf999abaf41be4a335d1a8b068dbb352126137a8 |
| SHA512 | 85155b483732c6018c215baef7a430ac6a7c930cfe2acff6289e4d8f86be2b91aad6be5ebb5a77e6f713dfa003ea662121ac07176384905191f253568c14764f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4d48adc6816d543b74b40dbd60d1981 |
| SHA1 | 9c38e7476440cd8688987c47629ec38ecabfe2aa |
| SHA256 | 0a0177ad0fcbb7043821c3944596a9961eb6ac189cd1f5c1881e6f9b0f1c7814 |
| SHA512 | 6966da26746ee2d6f6a5f17efb48e398f9a56778e3436fcc3f01f192ef089d377e3ed5714bcbb6ce5e275ad88fafacf9d5700d2f2e54fa54de33efc094e71c21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5baf83d4261b8798904f452155b20df4 |
| SHA1 | ec556098395a805046e6386ca7ed197a211634cc |
| SHA256 | c04a7d5c2ae4c0b1c03b84d8c97b2a35a1fc6a026cc631f0a95f09c5487a2919 |
| SHA512 | 9bdf8d6786d0fe22c1b769f7d9d7662330ce2c4cae2136cab9b0d332b74e4ea93ebed9c3d6ac444b891e0132ad00a9206a22dbb6c99e395d9b71d66800e2c86e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd0ff48bff6c1c36f6f5fe506e2eff2b |
| SHA1 | c178de5a0947cfbb2b435c4c2a87dcb1eadb4572 |
| SHA256 | 81a87530023126de4d59fb5fe661b150935d7cb308980c68278d2e985ce3a2a8 |
| SHA512 | bcefe1d70c0ff5a70378e98d86d3be324e2ca7fe8eff2357216b3581379e713ad534c528989799dd3f7011cac8e068c5c05fa17cb983ad66cf6aab6de93f4064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844977256aa4ac5bb0005784fb411448 |
| SHA1 | 8cb1903f9dc7e60e2c40434f545da2a4a3f1d2f3 |
| SHA256 | b624c8e3b70e336584a63c5c7bffe401e1d068bfacfd9c2929bb53add227ba23 |
| SHA512 | 225a4f0e02128144293f2144ab329c47da18227c39905c5fc5d0d5ecf79a2ecd78600da3da838e27c445f541109498d635040af4fba7a78a7591769b15e05c43 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:12
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f38f19a1d6a4579a9323e91603961d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6470411550183999135,3807014780862003628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | suftoajachi.com | udp |
| US | 8.8.8.8:53 | propeller-tracking.com | udp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| NL | 139.45.197.151:443 | suftoajachi.com | tcp |
| NL | 139.45.197.151:443 | suftoajachi.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | jouteetu.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| NL | 139.45.197.251:443 | jouteetu.net | tcp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
\??\pipe\LOCAL\crashpad_640_JPDLGMGBCCRAVYZR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7002db051f1c27f4ba589fbcb87235ea |
| SHA1 | d08e866a2bf68ff9129ad020cb2fda28099355fb |
| SHA256 | e26f25e218cbb48408766e0a605351ca534dba56d9b0b0f8315fc70a8e6e3d40 |
| SHA512 | 9239a25438ae2cbd8890b35a4b7c870b4a16b71e6c9bbc3b55bf2b2695def5186b9a1e1ac3cb94c814bdaa75c431a786c897d8bc9c81dbe18b7fd167ddfbfcd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55f8ef84f376bf4d4d187efc650d4f96 |
| SHA1 | 660b9e62b34a9fed52e148133507dbbfe7b97ef9 |
| SHA256 | 72861f115d682ae78210dd2c1290a8759b25392f1f3a65647eafbc0f9052dcb3 |
| SHA512 | 336e7485d7403c2e9b790a09a733d6cc3ce9092da64e0e72faa558e6caf01deadeb7b8e2dceba6de66fb02a7aafe338b8d60a86a851b1fc0b94c98b183e20738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a45f52a0b0bdb0529d0eb098233719ff |
| SHA1 | eba8f3442eb0c8abbb02d0c501b8db2bbf6453fa |
| SHA256 | 66e1de3c5183e608b5c7cb21f5ddf5c74e255b4b2ef084bab83059d847e622c9 |
| SHA512 | cc9ce6c7c4931ecc54b95bba3aaa0a4dfb8aabf90d47710ee1c607e01ff08eba4ae5b3d2d59d4f8e132fca61a30c2c3a2a870b3226a36a5797ee270a531367ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2babc0ec2a53aa965b3781d5c65cf099 |
| SHA1 | f0e9ea94f030f204750529691d34620bec4f41a4 |
| SHA256 | 88f0ee4395c2b537fee9cfee8ce7c112efb441be2df7cc74a75bf330e208b2c4 |
| SHA512 | bc2177bdf0a95ccd1ed527dafc170cd26542a4b1676cdf17ec7b7666d46118abe1ffe748035b0a4aba92fa7e0e9ed53148fb8a178b6cd837c2f20314e782caee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1889e6b99dbb931e392bccd63c89f4a9 |
| SHA1 | 3a443bfeab6c65f48552325178a4f2c00a5103ab |
| SHA256 | d70e41013460f48008b78dd1a634207a425313740eacb7781214384ec1f144a9 |
| SHA512 | 90e0df71df0799a318c5896e663aa7844b2b72bc301f45652b4ab05f6fdfd861671b913b9f1e86e5d2c3e430fa2a2c2d860cf034021145b630c5075092616ac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5b269ee-83d6-43ec-8da8-995cdaeb877f.tmp
| MD5 | 69b8d6ec89a4671d6fbabb609ab96b4d |
| SHA1 | 437503239f85849c1e6518cfc0f37e15ad570f56 |
| SHA256 | e704653737e44a54400753fbc2b79ae9d7f0d531b4dc3edd429e9073b9cf3fcd |
| SHA512 | f12e487afcb42da96157a7c3e0b7db13286312baeb854f02218e50a850ea6f48f178562687f96d98f4a0db5bfde6da495fd4d949777b1a5a9f4b9b8f99c544f5 |