Analysis Overview
SHA256
88db9ad45bc94d3b2804e92c575e3698d8db2bb658e196ecdf806821b33cc3e4
Threat Level: Shows suspicious behavior
The file 91de37c24115edd98a19be7e55405eac_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:57
Reported
2024-06-03 13:00
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D58DE011-21A8-11EF-A304-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d99000000000200000000001066000000010000200000004edc6153db2c3de38273493a5c62025c25b4928f95a9ba5b67062c488a6b3af1000000000e80000000020000200000002b61ee23ece8003aef95fab4b0d40fa7dab5914f496c8d7dba71940cf73f701b200000005576c10686644fa3627d024c996f6c691d82790e4a49b9300e39d418f4ca7d0d40000000a7ab0ac7c7ffc3d64b32bc21a9b289d031c2be8393cb784a88a8d64e38b4c44e55487dfa587404fd6f434976bb2e30e51e6a70913ce144e0d015e26d6c49106c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581317" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d99000000000200000000001066000000010000200000004297d6aa133b563bdcf089b5cf296ae228f7bd2f3db925c6ba8b9f117101d95a000000000e80000000020000200000001388bc84ae61ca4e0aea93f6f7e3e143f6f1fb0a6fe7f8ec6b50ff85831a138f900000003cb8a0d4055c514cac71da0e65c8d616d033925c816b043bcc813d09b69ace732cd04ca873df59fc27a779c35e8630be6410a12c5625ac9a3d5c27fa2c35a2ce5f8ce00d2c246691a6e41fa61db6e3d2bb621b1990cdcf79873ad7c20b19f7eb54c68a0c133853c938a9a801fa341f10ea43a7052454d8ccd71dcb1cf258e6bc88a2fb25791a9da7ce9ae2292592c17b40000000e33ae03067336b36c40ff66aa7195fa2cd1ec0c66d28f6742e0f6e48a390284e7284096781c0c729c6e8fb6c6bba797f8ff5c2e28f6c6fbb5b003616d51a58ba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03d31abb5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91de37c24115edd98a19be7e55405eac_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.theroadiesstore.in | udp |
| US | 8.8.8.8:53 | zlockerpqts67.xyz | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:80 | pastebin.com | tcp |
| US | 104.20.4.235:80 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 703435e7ebea8e5f80bd43682ef9c15e |
| SHA1 | d346f8834e052edccb6ce59ef80558b0937d76ac |
| SHA256 | 2751cc7dddee57ef5d8c021096a4e02f1283ae5830d3a4df00dc2f0738eac3bd |
| SHA512 | 2dcd596ef72f5aec3217807062b9100fd2b0cf95e2769c8f4ffd23a5ca571b32a1b12d0814436fe4509a13cf499db36ba82264d9b034653550c0195540a8eeb8 |
C:\Users\Admin\AppData\Local\Temp\Cab3278.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar327A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3345.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar335A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc0c4fc0353453bcf0cbb8b9231bcddf |
| SHA1 | 9147191c24cc30e79edd4f7a6e3bf6cb35ed0758 |
| SHA256 | 7a9271d0979a06c07bb469fda465da9822875b4377ce5870dad3ddfda7bc812d |
| SHA512 | 065f2bd6e838c31582349d4ccc6a9e9befb50bbe8a6988120c2c8f1ec74ee2ed31313c793973f7c51e9c454525177a0452d18e1764c8fbb32b5557ea06d67f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0d826f8a965a56fe0956f054d52f807 |
| SHA1 | e1a30a77251c88bca8d607f3b139231ffffd4bf7 |
| SHA256 | c454afe6c6ae59cde3b7d472873ec5d1b555e1758f4aeae055fe39ec05cd690d |
| SHA512 | db56cb7b175d4757375617c31204bd3a77b14d8bbba3213723cc899fdd7cc043a715e6d86f82b79d4f2e64fa85ff11c9f169b2a45fb87ca07c3db9a9757b2478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6895d7ca51156f5235d091ca009b35f |
| SHA1 | f82ddd33cc4f59fb7a5e5ee89b67313759eb3ee0 |
| SHA256 | 076387a72307e64c981acffebd15409bbee3998beba18b6c89ca5feeb8b9c0d8 |
| SHA512 | 224abe884bf573c77a1e9c31bb414d7fac1f954830df66846994347a461d9330badbe64b9a0a4749c842a497300415b09c0a7ae052fdf1a0ef29fa37f514a701 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf9b0e82b171ba6a72d4e4dd4ad3545a |
| SHA1 | d1f9e5cd5466e0fdf8037c91ac8ca669f741b5ec |
| SHA256 | 2f8d1a10579575a64c82a10badf6ddfa43932f25af0ee41c2b8a144df6ab1251 |
| SHA512 | 56d86df6d2d2f6a046c8b343b27f2ac4b8707603718985b803b3c5eb53f6b679eb92be21bf8405b3c8852a53deb4f357af21959a8b2167e3078a1ce334c87c99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da9294192760d85187347aefb3a47cb6 |
| SHA1 | 8fffc474381c07c3e1a424155efdec5cab1b7dfe |
| SHA256 | 6f627f483121305cda54c22219a4a3b78b5ed36b736fc5ca2bc13d8553d9440e |
| SHA512 | 7cc2d5f6777bbc2ae24bbecf5834b6b0a88eca09ab90eeb2852a804f5796299c04dce4cc9b73c82f1095055c6a7d9ab1e511d5c97718cbebad517354e7a5eecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae9b313ab0149819d271bec1bdcac72d |
| SHA1 | 6315562cb360957f59f9ff54e97f074e335c52e6 |
| SHA256 | e4fa39e9943b6c620412115cd3cf486ffde0e5f6f98c94bb349d3dc6575a9569 |
| SHA512 | b91dcaa6fb44df8d3a8507e1f6ae2374569a94d76c3564f8c597dbea8706b4d222fd464ae17c647975b92fbe99c44071f410f2ee9f84e894d7d938e86ebe9896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9284f316f20143dcffdfe4acb0e6c841 |
| SHA1 | f7cb6d0f6c5e0db203d32dff9d39f5400f13914c |
| SHA256 | 2a5fa65ca2e6512370a0de158a811533b7a7b3665af3d722e55df11ae9898684 |
| SHA512 | 73d185c53e7e853051300d0ea71e1bbf8b827ad05e98246fddd706612239c6bda65191da94c3e1938413fc6a913d372b15d8319cfef9aed1385fe673c0a8a12d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77646b2a67056e00f96c4d096117c87c |
| SHA1 | b2ed7ab6d12eb9c20280af3fa694c5ea2bfaa379 |
| SHA256 | 89f75702bf5bc7af8aece12cbe49d79c60b57ce2d2c1e936fb1ab8be62dcbcf4 |
| SHA512 | c08520d1da01a54652dcbec83ef150989dd541ce1e9d3011261aaadf66e3ffd500033c6732e2f45ba3aae71945984fbea0078672d88a74dd5a9e102574ee86e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 677dc37368dd419e80f7444834c1be12 |
| SHA1 | 52d19e245fecf8f642c904b39e9b7c6323671dec |
| SHA256 | a77cf555304d801d700d1791dd830780bef0a6abfd498dc7a6bc4ac14d9a033a |
| SHA512 | db7b890e2293e7e6f82af6a352574525b43460157920e0ddfb2fb6e49340293ad2b3e40fb4f6a79c89736945edf58f6aa19099031d1e058ded685618f6450aa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 462207c382d44df1119fbcee0591eae0 |
| SHA1 | 71b98fb2362a937f8385262db4396f9fca5f91ba |
| SHA256 | d7c4a2a10830fbb644d0de2146c1fba262aab7c663cecff8fe41938c81bd73ea |
| SHA512 | c31052ee4800ac2f4d2cbc7c45be9cb8b34332ad2842092caf3c96be9d4d2c0f09c8e293fe0c623971fa9229e972f872e3390306b6f6f9ae356c2b7fe21d0b53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab340d5000081148ca3376324b1c1112 |
| SHA1 | 58124019240c95c53676bb78de40e50e4d2b8329 |
| SHA256 | 44980e745dc1629e31dd021c24785751e67fc068af830527093975820dfacb0b |
| SHA512 | 2d4c795515f9ac91b04cc8e4dca1d43ac29ffaeb9bb96167c926f552faa46595c39d0d949a858e1efcd620a8b6a099467bf880220dc7fe5069b499063bc3dfbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ec376f45260a5a546115e5ef5b9604ec |
| SHA1 | 0f973f2af7e5b5f5edb6387a89644251805465b7 |
| SHA256 | 312fc405ebf1212074f1ab995da17c67a3617734121d461de3f2a3c6b45152b7 |
| SHA512 | 3b9831a41025e1489a43ed22e629ea8e1e72deac699ebcaa95862e9136bd5a6f2c26cd978cbf574c835f3bf1fa1b221f45bbbb1e517521a2a11d3dbb57fe3e7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97420221aa19c7ccdda6311ffd5678a2 |
| SHA1 | ead9ca4a2d493506a056223c5a77f1d3f33f4bc5 |
| SHA256 | 7e88178244ee814c1cf4b648c2c5b038a0183f8ae68e9b6cb3cbc462a1395637 |
| SHA512 | c13046fbdcde379efee0c60ca7498b6b297a5ed136bd74acddcb66d51cfd1e6ffa1e1bd6079f5d4f1ffcd8250761a6c7259a458f3809cb9b5a62fb2df3f808e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c2586bea26d8fac51fa120fb4fcf07 |
| SHA1 | 07e58af1ad5dae9e059471a1b45edf34a3c03bad |
| SHA256 | ebf97de44b1045d6dd1fce8e57058f5c5545c8ed63f86a5ac14c40dc24856e47 |
| SHA512 | b84109cfe1e8d12c35a6670f548413d1a8bac58d5539125e5eb3c7711bf31fd6a623a3cdfeedd0816584825b76a5266b88e0e437aa45701c7b0f9873be65d9e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8192de3afb86e04a40f8dfedd317df58 |
| SHA1 | 09d1026ca080d433532b47ae54761a7ced581f64 |
| SHA256 | 62c2761f1f6698ef4fc640771c9abe00c46abd420d8dc748271b6b656dc16638 |
| SHA512 | 049eb98fa20686dc46ea8be0abc453f93a9907305d0abbece8efe2c196e07e55e0d7dfdd4c50c64309f2e9b80813ca85a027c69ab6b87a61d535c5e677899940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c332c8d0e07434749d6b18bb49635824 |
| SHA1 | b269dffed66f9ea4aa64ad2f75a8403f88a5d9b9 |
| SHA256 | 97c4ab41e44ddcc8369c5abf298c013b8f3a3211a65815c96943b285f966aeec |
| SHA512 | d3c0e4a4f178b28236887f12479e349914bf56571ebd3eb16c0aa94768abd66c6a1efc05e7403efdb012d36e3c4bf6de82900d5d71e996a8e0c7e2834c80cbf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e0fde7add2cea82e9d09818e60173f88 |
| SHA1 | c4d29aac229dc5635d76f956de00e94b8fa6b1f2 |
| SHA256 | 3d8ded006cc9fc6a4a374c658d5798042e46e3b12228b4022ac93b58879bae05 |
| SHA512 | 92bcd42a2570be67b031efdc0b74925b7d655cc1c80bdaa2b06d712e698395cbec2716fb8e87afbe70fe88e48178021da9b040848c8f68ba2905ff7fecbc7fde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5d80c636e458af77b0f5139d92a76d5 |
| SHA1 | 5249d770598ed9f25d32381cbd9f3f71a7276978 |
| SHA256 | 29289b593656373006baf39fe1ddebf609e1801c0e4d2f578a0826ac98b7d450 |
| SHA512 | f3d3af3e3ad1195bdba18a41d4017abf644cf93e9a694009d3bf5b526dcac0f013a7d709f1645765912ed2a08b6fb409f66513fb6e3b3df54e3471a91426a48e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73a8d50cb322c6f8efe064f43c086061 |
| SHA1 | b798fd8b6bd4d11dfc5a3051d979ad42e10899c5 |
| SHA256 | bd3affc104f5bd9e7b51bce4fff944161cf122497955ce3d1e8b7410ee7f6249 |
| SHA512 | 88d377ff1cf8c3ba706311e97e15d61616b5a0a4c09525112c0d4fe20eae3cc51cd8236f47ba63802d5ae23efef5c252aa09c7d51b4c6f08e7fcc7da5c273c41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51313d8a743e95a988e5fe88cb1f219e |
| SHA1 | aca27a15b0f9c5001bbd763542f54c9be8423a50 |
| SHA256 | 21170ff1527badbabcbd7a7d011f23f0baf10adec54b651dcebe4b81e340d00e |
| SHA512 | 798db6cb102e65a4f1f25f00ced944b8a046928adfc9705255aa40e3919325b991915a0a7991d950226632e28878d23e1748fa78ea39e1260eb83532e68895cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbd2853d6e05e19828a4d612327c5f60 |
| SHA1 | a0c1c31e4f283b0f2b51d359f17de0b23919e77a |
| SHA256 | a19aabcae36bc06979182b932c046afcc793e7271e1b680b1eaa4d17fbcb775b |
| SHA512 | 6833043e1cf79b19036cfabc57bb77c1f8e8236d12c97b941372f6fea69ab0f83c03248626c0e294955aae7f8aa62e6066f90d869467f09724e4fb259b8336c7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:57
Reported
2024-06-03 13:00
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91de37c24115edd98a19be7e55405eac_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12933664190285603499,16866288405717481215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0055d7b.netsolhost.com | udp |
| US | 8.8.8.8:53 | www.theroadiesstore.in | udp |
| US | 8.8.8.8:53 | zlockerpqts67.xyz | udp |
| US | 206.188.193.49:445 | 0055d7b.netsolhost.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0055d7b.netsolhost.com | udp |
| US | 206.188.193.49:139 | 0055d7b.netsolhost.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:80 | pastebin.com | tcp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | www.theroadiesstore.in | udp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3080_HZRLEEEURZZMGHBA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c97c15f2ca870a9dc572b8f49071b6e |
| SHA1 | ca78516ab07ac16738dc9673071f992455818912 |
| SHA256 | 38f7b2cd529208023c107799dc8924e68202a784f73d9b2b9a07f059a927cc91 |
| SHA512 | b09360292c7e251188e706404c14684dc2092fdc7b50ae0e55039237733878758790cc0aab726a8293f407934ab1fa386418baed939bc35234c42ed2acc3249d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ceb5183a-40b6-4388-a133-e17139bfac3b.tmp
| MD5 | 29a0f0512e9041c8097054510be3dbea |
| SHA1 | d1f2fde406eeb541ec8f08f7d38ff2ea2dea2f3b |
| SHA256 | ff722cebd815fe7b6de4cea84e564c5685e79fed734e100a24f358c6e3b46d0d |
| SHA512 | ed210ee8d00e207879861932b67127932a19b5dc5f5f4c5cb39fa5185576539d997c83164891ba4b8c062e8318faca214242052ada9246f17f202344b9568cb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6dee52b3097c77b6162c49f4ce37370 |
| SHA1 | ae31afdda50d32bd612adb34629c8838c515b5db |
| SHA256 | ed827ae924fec0ef31e2f561dcd595b691b6fe8439d2726ced35c10d5c60683a |
| SHA512 | 58ee22b4f3be6338d60b3c02311e9ddbdd884836102864dc9845ca81649f636f06947e7f309af0d314f9889100ca4680821b40090693316cccdf943ec3183fbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a012ae982a544b37538674f9ab1dc190 |
| SHA1 | f450e7832e18cf558f120ce0d8023e71cfc3ddaa |
| SHA256 | 56c7823a7f1c1197c6f39fe6898bbb162fbef00bb9344fbc4a63e00f27f69c95 |
| SHA512 | 424438b745e6d8ce75596a9277d09d848fdac25a7aa2af4f0b78e1f468e8ef88ea0bbd6926fbf67d121f35edf0238ba31b9ffd32f1c456ad6381a22c39e6e2c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 781f712234169a3d5217d656b97944d8 |
| SHA1 | d5a92c7938ee15cba8e6533ec411891af74458f1 |
| SHA256 | 654d03bdf36ae7dde6005259a0e4a916ef40a33d8f0b90c2b7127fdff88a9338 |
| SHA512 | 5b8169ac078a32bfbb58b2c444717832cf094d244cee9a93cffc9e068612554d515bd5cd2f919f3e447c6fea6df12e8d5aa5e385684aa2a7cbaf1c6eae042e2d |