Analysis Overview
SHA256
e8d19e6b9b7b3beb3aa2e01c7ef9cfbd9d369940b1e1a7d4eb8243885363b341
Threat Level: Known bad
The file 2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia was found to be: Known bad.
Malicious Activity Summary
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-09 16:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-09 16:44
Reported
2024-04-09 16:46
Platform
win7-20240221-en
Max time kernel
143s
Max time network
142s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000003bccd5e2c8c7c1a6c207bf1999df32b7a766d0b411ccbadab7860fcef129660e000000000e8000000002000020000000d0e3b34b8f33e98554abd7ee2613f52832b394bb0dac311cf7962b779f3b952120000000ffa57053692f4d05fa8a402b00a89c723836dd5f42c22e73e252dc00bd06560c40000000f93a012e3f2ff284db665d735ccb9b02c8b1dde614ff21192dc6cabad919f92d068c1ce5fc9fa62a43297e1575a84280e0a4f9989ed3a7403e06f4805d008668 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AE32A61-F690-11EE-B2DC-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006dab3d7cef9fb67c4da1d68e133dc7d8051dccaeb7d3bcc1794d66b913d922df000000000e80000000020000200000003492267dfdb29b2465dd5644b15f6e50ad5610d059ebdb98d3d43c5f2dddd4409000000000bae882dedf46d423aeb222d5b9fdc4121a356828dbe11420d50cfe19fc48b4d56c3e26422cbebe2ef9ffa67df8ad35dacb2f64d53df2a85ee81f2426fbf007b61242ad7c7902bc4eb2c8b4657b3dfc2e6c42feb84c5bf5162a6105362412e2d7dc5ed9f5383ce5908c9ce7d772197e43792ed9b6444630dacb89f7045d9c90400bb83bc0ed89cb079ca296bfed5d22400000001c7e9ec0f4381f0d96c137a198047d8ff1a6f9ee999a58a1d014650d14b78b1167f410953ccb1ea4eee8441951e1ecb58407ddf99da3ccf17b09eaed44f22817 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418842931" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 806fc0419d8ada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\ProgID\ = "IAS.PostEapRestrictions.1" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\VersionIndependentProgID\ = "IAS.PostEapRestrictions" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD} | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InprocServer32\ = "%SystemRoot%\\SysWow64\\iasnap.dll" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InprocServer32\ThreadingModel = "Free" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\ProgID | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.remosoftware.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.remosoftware.com | udp |
| US | 162.159.136.54:80 | www.remosoftware.com | tcp |
| US | 162.159.136.54:80 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 162.159.136.54:443 | www.remosoftware.com | tcp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| US | 104.16.224.240:443 | static.getclicky.com | tcp |
| US | 104.16.224.240:443 | static.getclicky.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| DE | 18.154.63.95:443 | widget.trustpilot.com | tcp |
| DE | 18.154.63.95:443 | widget.trustpilot.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | in.getclicky.com | udp |
| US | 104.16.224.240:443 | in.getclicky.com | tcp |
| US | 104.16.224.240:443 | in.getclicky.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2892-0-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-1-0x0000000000400000-0x0000000000665000-memory.dmp
memory/2892-2-0x0000000002310000-0x0000000002575000-memory.dmp
memory/1688-3-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-4-0x00000000024D0000-0x00000000026DD000-memory.dmp
memory/1688-10-0x00000000024D0000-0x00000000026DD000-memory.dmp
memory/1688-15-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-17-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-16-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-18-0x0000000003080000-0x0000000003098000-memory.dmp
memory/1688-19-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-21-0x0000000000400000-0x0000000000665000-memory.dmp
memory/1688-22-0x00000000024D0000-0x00000000026DD000-memory.dmp
memory/1688-29-0x00000000024D0000-0x00000000026DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabBA3D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarBA6E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f862c22d3f41439cd54690bbe09a4e4f |
| SHA1 | 9045456324373684c7791bea908d0cd852a99209 |
| SHA256 | b16cdd6599f9be3d15930cc2be19ac45a949b49cd081e74d361bf8ef2981dc15 |
| SHA512 | d20e393fca344b8dc175e14647da03aebbfebd33137e3d95a7e0621eb1c53a1685c350a96479c6416954a0a768828d09c35235c54352cb36afbb767f0ffb69ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarBC96.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc61d6e004321c5c551b2cd9b8ac7259 |
| SHA1 | c9b6302d6cc7fbb473cd4b64b7e389583e6c948e |
| SHA256 | a349a2716e435980ea476aeed8954a262bd76bf2cbde6e1480d5c2173920591a |
| SHA512 | 0af1a8b3eebac7ef0dde981d51b307eea47e286ec270853f42afd79ee2250237b18d0b9d1a2abc9d674abb4629dda69ae00fdd4d282077a8be6def459171e43d |
memory/1688-251-0x0000000000400000-0x0000000000665000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\favicon[2].ico
| MD5 | dfe21e06a09e6ac47c98ee923c16dfad |
| SHA1 | 5b209080dcc5409e65c27ff495167dad219b2126 |
| SHA256 | ae891b9e7eaa46e58b037ecbdec259996a7e93372c69cc9a954a2fdb576b60fa |
| SHA512 | e96643c9adf4b4c797d31384bc39262f6063443d72a557f8e26c8f502a40406d1ef7b4fd36592359fbd7b7c5c0555e04da41c92f6cc45468aabc107563a9aed6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
| MD5 | 250835ae105e6e3a6d8d787472636f48 |
| SHA1 | 601ababd00b9b83db5a453ccfc475b4e4438c460 |
| SHA256 | ff1f6f86ba8839e0128baec018d5a31d15bb1a76f5c950dad0ba416d5162b81e |
| SHA512 | a0c878999a5b0286a8624ed17fd493588412caea16245e5b31c81db9c24879ab5e097665da9cdd078f8c69a55a8bc5e4836d8d3455f2b9ce082e1af721c85cd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a74f0743929a8be66fc77363c28ad54 |
| SHA1 | 42f4f52c618028b6ebfda7e6d4a380ed1c44df87 |
| SHA256 | 86f210bdccbfbc2af0ccc94fe765458c4e9fe9e473c3e4677927a2e199a4ec1e |
| SHA512 | ef718b74a9736d1bf39f68038f966af5e6bf3ae63edc5b7e483e5b20ffcfacc48c6f3758a17edebda491668cfe44785d67b5690d8b060f2221d2b7c121f8e834 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc36e4f9e152749fc1a01f8798e8f6d |
| SHA1 | e588717960246ff98fbd5f9341d7db69ce82d5d4 |
| SHA256 | 454263f8b2e47034d6d1fcb9bc42c7c1184df34994d5d3f8e2dea228340870a5 |
| SHA512 | a136013971db707e99d4303df73c0929ba9f86bfb85357e9221cf67c4a63ea517ca062f7bd5b3d28da697e0a7e9b9bb77af04939b419de2532c2b42bb47a95b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54ac52b00dc9af29bc5fe4d23dd723ac |
| SHA1 | b2e0d82edc1b6d6ba1f683a441ddf2fd7d9468a5 |
| SHA256 | 79d44b853b7331203d561ec1b0ff1625c2f1f6d1e18803bea532ba62fec980ce |
| SHA512 | 2fa43b1d1b64abe67b842a023b6042111b4b936d6ce5392c5287de4570e529f5998bd5375821366441b4168111b001fa55636373540b56bff907aeda23683385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | dd5f3e41153f6cfa1ff4b1a8e2dc9ba9 |
| SHA1 | c1999dba530e407de5035ed59629a10b4c98ed53 |
| SHA256 | d1cb50441cbf594131d861c17b983dbde661452b13306b9fd8002c9f6e74128c |
| SHA512 | 65fe7b943229945d72e802d3c9b9d4e29d03db1daffae2b689ca3a5ade04a7789d5a7aee2331f6b0296504e6fa63e56d68a71601203fcdee9c7180669c96e30e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f4b6b95410ab1ddbb6d0014943ceac3 |
| SHA1 | e421910a9fd955722a40636ac62b9a0b029df27e |
| SHA256 | 3b0a7203cb3c7a5aa7e74a8de3cbf6b9c2d58d55c6571f532490518a08373bad |
| SHA512 | a7fd3a71213f56efdc445de26e22eb9a73327c730c90b695a6fb58a6389e6693096b0f0b01e3b2bf6b633ee27e57bd8ac99d4b9b4d9b206428e49a376e511d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77b4a13d7de91b348897089bd9af64a0 |
| SHA1 | 7bd594e9c11ed7679ffb324ac23d064121e6056b |
| SHA256 | 19c2a46796b7e536cd1105028071f8ddb58e508f1b0b258f8b5acc927c3487f9 |
| SHA512 | 24b603d880334eea5759daa19cdb375f4da2beda2b423670d938f9d1e6d42ae305994d097305e2caf50ea6cc16f42d9a3d2690a5ad1d77fc84ba62f3548cd951 |
memory/2892-583-0x0000000000400000-0x0000000000665000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec309e4baf6882ce6b8f558f7de40190 |
| SHA1 | ef88c839dcfaca9695618e349ac34165f5628d26 |
| SHA256 | 83900851784f99c48c0ca76c291ac2102ec62663b50b1c8e4c7c278016b57460 |
| SHA512 | c367d820e3364c5106e3a2ca0b0f53bf400a3dc97be5304e9325bf33d020a7f410ff87779350a070fe545d39b908fc8b5f0f6b81c5badf688dbd9f6622989604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6ae6583cc2b73476e821ed084646245 |
| SHA1 | 2c8b24dc4dec42491b2d463be6dbc12e09c53191 |
| SHA256 | e2123165d51562419aaa165d5cb947be9cc72f4999e324aa4d5c6caaf75d9c48 |
| SHA512 | 481024afdbfe07de2133d031fbb3636e51296778df80c5754cd99cc875a4d99c569d40c97bcca93eb22767a3f5cf602b1ac00c7b735b801f0816cd6881a91b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8376429f43822dd05a8d20d70e70825 |
| SHA1 | 3dfd9731ae0e1176894ce94f0155cb218d3f7311 |
| SHA256 | 73a5890ba9eb342aaffac0e4c60674fe6661200c970a58237a619456718f9e37 |
| SHA512 | be6c7252f0c704abbe65384b39895d63cf2e45d22be205c42a8f2ee379dd7700a1ffc0054cb9395531d7e48a70c8e6ca5670a576de61b81df43991b5600f73b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7111abb4d3d4c744af40338d2f6e614 |
| SHA1 | 310f3f83baa84f6e84323c4a2a1128588e422a64 |
| SHA256 | afd6790fb03d14969f25ea5cc6a84d13901dbe528133631f43b514a0d2e5d04b |
| SHA512 | f99b2f0cbb07f33a01d9136abe0783cab8202464e4e9d5114750bd8f4393e9aca657c16e0c82b7d55bdc852aa49e8b694c4c3daa5cf5fbd0253eb07c358c7120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb9bd46d37b2fd99e793406402dc348 |
| SHA1 | c187f63c2aca4b7f4e7073f0f16771fb24aca55a |
| SHA256 | 77ad1a4bbc15bcb91911b9b1e36f8ff6f2902c4795c43e34ea47d26038be1539 |
| SHA512 | 23b26868d26808cbabd9607f8b8d84afafe8b882b6f64c539a293b496e6b4f17132bc50585ea860e06457ec89e5aa5b3053c15172e218d5224114a4e9e789c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fe7a755a1867b3fef7ead4451e188b1 |
| SHA1 | bc3cb98796edfda021d0453f423cc84f2ffc6780 |
| SHA256 | 2c1763e2b63eaa8d9538916b0ce890e1df16b4db6a5a2adc6c1ebb16431ea07a |
| SHA512 | bb5790c3c6fe8844e03688a40dfd2e775e4fdcab159e3d6a29fb34f0e0c8c8b8e22822304cf31614e5f889720ceba2d4975e7f919ced90590da00dc478c2a4c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e32d2e852db1521b4e733168836560 |
| SHA1 | 6ee07c814938de3b764c45dc255b7e5c24fe787b |
| SHA256 | be7cd4fee4d38a24bd0952aa8f6460f6a91ebdcf11f0655b8df76dcec6ed74de |
| SHA512 | a034b83e2a8f8bc3498a720e264502b5aa3fb0e1ca7ee560e7c03858f3d837b31f0a0a1ad9094e0c900a8014e28aefe44632a5f86b4e63c65c801f303d43dacb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b022cd177ed6b2cbd492719de72a703 |
| SHA1 | 981c24e3a0506906232b3de7dc9eb9f3e77bcf76 |
| SHA256 | f26608812406d5b595dafe108991b27cb75c745e459d6b67720b614fa164e2ce |
| SHA512 | 7c9b2803023ffc9ecf821a3736a88c51bdb8a805712ba892b815d9e0dc27d58fe11e9f78ce085d5c5635748dac994114022098a63c8bbd7308cfa9af34f91671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e42f2d9c234ac12fabb518d43a90687c |
| SHA1 | c3de09ff43a298cbb81988854655844caadefd78 |
| SHA256 | 1ad7aade3732d844202da3de557548e87ba67360ace7b45e5ed6e1a326181a20 |
| SHA512 | 6b558ac1224a63cfeb88b8e59ad3256b55fe5c58cd7de26e49187333c9cb614923ed176cd037f1bcf9e71e22f9d9716ec253db22fc20fffb19baedbd3413ba39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df58792b284f42947773d631e98f6c4d |
| SHA1 | 828de5d01c27a81a1af25bd298cec2e13435833b |
| SHA256 | e4faf7cc5246e1e084ae1ef19953f39076daec93db11833b0206c84138fe8dd3 |
| SHA512 | 4dd4148a97d66c63f534b6f068ae2e03268e386d2fb1827365b1046626faf403f26ecbd9394f84da45b5128795ce4339b533e727181d0b5f9c53222fe7ac2430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a8dceb05b4a9a12a9a077d18abd619c |
| SHA1 | 2b6c95de8ad0a304444f1b49b541e42624befe3c |
| SHA256 | 40e13439fbdf2410de3aba747d415af99aac122ef79361a498b1445a3854c2aa |
| SHA512 | 18d83fe6076ec460f92020532afc5b5236fd095793b80d50ca487928fce17cc611b4ce83acf6343d46cdd7833898735c809998e91ada4c9f74d24a1fb29f487f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bde1ac337cff94d030d1a1b10066285 |
| SHA1 | c0885de5d32424478327cf101625f969adeaa8d4 |
| SHA256 | 60318784ca922261f8311e6ec0f0d09cf4d020f6195d26951d0c49252ac971a4 |
| SHA512 | 64e282f92cd2987db50adc48bfcbdcdf1af59f80d2ce31f03416789c9b90c4fe88c51144a7dfce2c9bca421fcf110ce58d916a656ccfdc33816e5b6e110ba86c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe5402bcae2c0c71822853eff78ab38 |
| SHA1 | 5b7e930752d4fb514f3094c12702d52b2ab1da22 |
| SHA256 | be8dfa5847d008b5e1ef9d5c8368bde62973804456ce9e15c672bab8a7433a24 |
| SHA512 | 10f05aefa68e77bee2a2409c8443a6b154a1c64f5c5365fca8f002051b99cf399f31813400db3dffa863d80ecb47b4643176d046c6984dd181d7f5dfcaf7b0d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9bdf0f158d62d65210a6de264f24435d |
| SHA1 | beb17942c793fc5495822f28c7f3dc15224f73c9 |
| SHA256 | 82c243363ebbb5bd3c16b8f8ab2d66bb81396ce1079781b384d81298ac183382 |
| SHA512 | 7ddf1280996c9a0b363bfb5d0a15117a09a0c1cefd389b20a864caf94cb414217452f6cf5200ee57a30eacc02b3144754a52098222e9a28596c23e2fcdb12e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19f30e7a0b86bf192daf7d505c81736d |
| SHA1 | 849e1d56efd30b8befeab87cb7d61a2ce539e8d3 |
| SHA256 | b960386cda2323faf534adaebc642b8594c1a892368878dc316e1de8ef10a2d7 |
| SHA512 | f482989d6b6d440087002c22e2f600252ba8e68e65c4bf6775e556ac7b8d4a095c40030a67a7bb81b25944dd76be47d7fe4e1c977109b90eb7a0e8b426259aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d60e4e64843cf6c78e25ed48b8a581f |
| SHA1 | f7121743b7e1744addb94973b1c130117646cda0 |
| SHA256 | 7f0496ed8563e921f77507e41232e36969e07945779ce87e36ca8ddc53286404 |
| SHA512 | b161ba11d95fbee9a28ed953b5fc88a34c1abf9d67d4369efbbf80d3af344728ab44253eb17e79858229556368ee3a7de2e7792f481f083be20e4affb5c1f097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9c879db057c6a6aa2d8c8e02b6c1ee |
| SHA1 | 8ec5e9c373e55286075ab62b01fc728f9d8caa36 |
| SHA256 | 85b995c701d789dc36cb918d09eee2413ac7e4ebfd3543794213669e80b45667 |
| SHA512 | c706e80d7ff3d6dbbe6ca7b58c90bbd0305f748896df789c6c006220788d5dee378a491dabe926ef4a384ba1808f723b0ccdf12790efd397bd37375af674cffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc1b3d496dc7d56c304102806dfef52e |
| SHA1 | 844dd2963b7c40fb89dd2000212c1b799949d67d |
| SHA256 | f48a4ebc5dc3db22aa356afc30af7df505943c903de34a1f8d1c03f973291a79 |
| SHA512 | 6b8b49a200d6c5aadb1404d2faf017a1681c33edc156e02707d59d3cde8d1ffbddf4672dc4a66ba48ac0d04c0a5256bb82b4c9ac0f876f79fe2c2428b48b64f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 354b0efba06a1a3d5e619a64bd3d8ad2 |
| SHA1 | 10bf4f41c7a1595fc448487103e6b6d2d3869e88 |
| SHA256 | c240df6c8883b3b7821b87ea781986b93344a9e644480cdce5086d5371e265ab |
| SHA512 | 58dc4487abaf456c86215f9f90f12056f72199e9b1f6cd925841c0af9e8f490afca6a2fb04b83cb9b842ded2c1d91215353321739a343bebeab9a03e045ef406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 641d3337986a77b80179544009e82272 |
| SHA1 | 88c8f81f925431c8d2257e9b69fdd0f31d763321 |
| SHA256 | 380188516f086dd30bb5bbfb3d1812ab8cf534b58ba66cfdbafd2f95817abf88 |
| SHA512 | ad214077c50e2f9377eb66da4235135ae61620b03d248d8d7c4ad7c479de4d81a66834b8146e2882ec928e24044cbaba78798b39e4d52aefe960599e962518e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5edcf0a5450406a041af76f27e137d2 |
| SHA1 | e15382d58af794d7022b380eace2f3444695ee36 |
| SHA256 | ab6ddd1f0b121c28629e6e58fd167b5de8b2f8f473ab678edfcb9b982c4afa7c |
| SHA512 | 3b52a4a8c28bac9e295bf0515fbf49442e420f70424f05640d546de28b9471df0202f4ac79907fd6c6560493c0e3fb36b3fd248911c780a32f2802ac09b9eeee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 372c3aefabf6ddd7006d94df16eed038 |
| SHA1 | 3c2b37ade96bf392d79f69101023dbd118bb974c |
| SHA256 | 3100ddf418cc085e1510aca16ad156b7ca5db6ac13af4662c6daf9ac8f9d5581 |
| SHA512 | 451c75f48433bbb9d1d5bff67df0c32c8d2e7293b80d932ab9987bab9d6620230c2eddbc57573524a503ca32b04da32204cde6d7ad2d0d0231a66b317ac1346e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b771a00edcb59effab8e6a0f3e0294f |
| SHA1 | cf45b29931230d50800a0d546ae7dc25b35e195b |
| SHA256 | 3b5247a171669ee719b40f702e779002e26ac4a842e1160696eacb6bd1460559 |
| SHA512 | 940ab224002d587b6f08a3915b47d40bdd6a1247937879671793e2a3d4642c7052fdae9abe25091f5b1fccd9fa9eb00085124b823dc11f1eac04c14ef0922150 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79d296f82f7b1af5f7b59d06eaf58efc |
| SHA1 | e675580aad7507f8839357dac3464398d06e5b2c |
| SHA256 | b411dced5a2cdc5b46ace1d75705efc99318f088af1f6034a4a33440a7533282 |
| SHA512 | 8dd5508c5979a3b929bcbdd2f2c2fb45a5dfae21effd0cf969d7a5a79bb1b98c0a3491a251b2242fc67a9247b204ccd3c300fc1b475316e4550da5e5de611f7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ff7091adaff809e77f6406ee70ab7c2 |
| SHA1 | 08baf1242dea2877be2173c52b644c4d0031d17c |
| SHA256 | 8e366070638d45438d60998aeac2afd249f29d4124480d39f577c96e0161be15 |
| SHA512 | dcfb11984d540759c1f258dd1b682160f42fc78a4c5f5ca18ff8dbfa71e39aedea3f0067567a5466ee6f9eacf21ac123859082dfff0bf4032251fb1a8e1f77fc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-09 16:44
Reported
2024-04-09 16:46
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InProcServer32\ = "%SystemRoot%\\SysWow64\\IME\\IMETC\\IMTCCFG.DLL" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InProcServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD} | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\ = "TCImeComponentMgr" | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35F44EFD-3F20-2CCD-9F0A-B8B79813C5DD}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_ea4ef1d593e5f674c502d4ec6b24a08a_mafia.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.remosoftware.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffeb9a846f8,0x7ffeb9a84708,0x7ffeb9a84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17276435565286220634,14137038687989624862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.remosoftware.com | udp |
| US | 162.159.137.54:80 | www.remosoftware.com | tcp |
| US | 162.159.137.54:80 | www.remosoftware.com | tcp |
| US | 162.159.137.54:443 | www.remosoftware.com | tcp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| US | 104.16.224.240:443 | static.getclicky.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| DE | 18.154.63.101:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 54.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.224.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | in.getclicky.com | udp |
| US | 8.8.8.8:53 | 101.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.4.157.108.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
memory/756-0-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-3-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-4-0x0000000002B30000-0x0000000002D3D000-memory.dmp
memory/3224-11-0x0000000002B30000-0x0000000002D3D000-memory.dmp
memory/3224-16-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-17-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-18-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-19-0x0000000003420000-0x0000000003438000-memory.dmp
memory/3224-20-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-22-0x0000000000400000-0x0000000000665000-memory.dmp
memory/3224-23-0x0000000002B30000-0x0000000002D3D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\settings.ini
| MD5 | fea4b6b21786868e731d384d534087a8 |
| SHA1 | 09d3fbdec000fd3eb09d3d319ec71ede673ee5d9 |
| SHA256 | 3324d954390a227d579b5bacfb3fc0411de743d654c5262c6d19e237bfa93e82 |
| SHA512 | 54b59f21b0bea2a1374f6f3c2f67a5e72644ba95a6c009ba0903d8ab6178bab382e6383ee8aa147b70c1be1ea8624f129e1e7a06ac6e97eebf259d345344f1e4 |
memory/3224-30-0x0000000002B30000-0x0000000002D3D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 279e783b0129b64a8529800a88fbf1ee |
| SHA1 | 204c62ec8cef8467e5729cad52adae293178744f |
| SHA256 | 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932 |
| SHA512 | 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b |
\??\pipe\LOCAL\crashpad_3548_NZFNJHRWVEXFPNYM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cbec32729772aa6c576e97df4fef48f5 |
| SHA1 | 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba |
| SHA256 | d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e |
| SHA512 | 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a10e969246c2aa4703f90d94d5245b1b |
| SHA1 | e619e89c665eaf386a3325d475efecc3d424585a |
| SHA256 | 79f6db089e97d8a36ec316abf09bd8b27113dcbd5746f6ade6e9915d3411e8e3 |
| SHA512 | ecf76b78429be2e72e8cf2ac44b35aac57cebe4e9d3d7f47f7f164e2f619bad449a8bfd1cfc2f6ab79c38b95daff415ab7be8917a93f528fe6f896bf77648a05 |
memory/3224-96-0x0000000000400000-0x0000000000665000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c305e221da3cecd658037818de35fb4e |
| SHA1 | 945619fc4b52648cf170a63f61ef230688f88573 |
| SHA256 | 33b5add7fcbf7f56096951d66b36cc821caaed9a3056b83b7d80df61584344df |
| SHA512 | 58074810633cdb41ad93d576e72af2e874478dcd912ead9b556ef73bce5b1e301228a15f0dff15b241f6ba21fec8da3f3234218c0c2904065501303d71ffea5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 778a517c18fc0fa17f7e834bb3771f84 |
| SHA1 | ca09978d10495eb326d007c58feb28acad90b60e |
| SHA256 | 0ee1c7ec175c746b9b71ea2589c1597adf1356a901e34b30513853f79a9c408b |
| SHA512 | df188e46637e1f6ccc472a1d6d5f026f766eb4584183941e1795ebf1058adba92036aeb871367413e014db0222b9a4f0372d145fb346c4beda72a82fb4a4bb6e |
memory/756-127-0x0000000000400000-0x0000000000665000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f706933a422b82d75e7777f108072784 |
| SHA1 | 9cce28e250c6dd422f63e72e920e7ea1e8cf28f5 |
| SHA256 | 32495e9172178e27c3854e9c403f7ca0aa62b935f6b68c51d4729321ea8ea59f |
| SHA512 | a45d8206547b8782e7185f4bab93ecf3a07026c99b009c1439d40c5f6c6ca2695707f5f4cc1218e6bf73d84e500863ae8b119817f66881e3ce0d53ea5c99ef4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8310e9d36feca824f00ba7d760e57af3 |
| SHA1 | a3dd3af18138a366c5834097780b4247eb6708f7 |
| SHA256 | e5ef0efb48af4d37059ac24c47ef93c9ee50e6351a8e5ecd7a2cdd75120d2d87 |
| SHA512 | 2e68e9638785c17ab8c4ae7851fb0d45d95e345d25544b1537cdecdc0f9ca1f29509f584860cc2268ab01913fa9319c362a69e78644b890c475d4bb09580d5a3 |