c2399cd599082939f590583415081104d8834711a125da25190481896b20ccb0

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 02:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a9f29a7f6ed113a9a8a7d5e0c75de6a_JaffaCakes118.html
Size

4KB
MD5

2a9f29a7f6ed113a9a8a7d5e0c75de6a
SHA1

93aca29317506fe953a3cfa80bbc194948a13c9a
SHA256

c2399cd599082939f590583415081104d8834711a125da25190481896b20ccb0
SHA512

fc07b126143590ca266aeea0e16f3b7ce04b485890caefbe32b8e0f29e687521e0f2e21c3c807cd15fa3e74c18b86f184efde9422c379cf70637430e309a7878
SSDEEP

96:S4CQbs6kCLWXwf3laNgXdNJJI/b1Gm8EADd5ki1+:S4Ci3kCawf3laNgXdNJ+D1Gm8EADd5kb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
1996	msedge.exe
1996	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 3840	1996	msedge.exe	82
PID 1996 wrote to memory of 3840	1996	msedge.exe	82
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 3828	1996	msedge.exe	83
PID 1996 wrote to memory of 1080	1996	msedge.exe	84
PID 1996 wrote to memory of 1080	1996	msedge.exe	84
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85
PID 1996 wrote to memory of 1388	1996	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2a9f29a7f6ed113a9a8a7d5e0c75de6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff939d346f8,0x7ff939d34708,0x7ff939d34718
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7168294893433711636,11677009822869471393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

DNS

bbs.xcdx169.net

msedge.exe

Remote address:

8.8.8.8:53

Request

bbs.xcdx169.net

IN A

Response

bbs.xcdx169.net

IN A

104.21.46.158

bbs.xcdx169.net

IN A

172.67.140.109
GET

http://bbs.xcdx169.net/include/log.js?kfiss

msedge.exe

Remote address:

104.21.46.158:80

Request

GET /include/log.js?kfiss HTTP/1.1
Host: bbs.xcdx169.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Mon, 08 Jul 2024 07:22:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4mGcZhP%2BwmxKizYz1Wkh9U6KznoYa4vTQzktJiaJuKKniuqrAu9yDpkKsfuIDf6kqER068HduDZPxj4sBXrD5dbpzjmcBEwE%2F7cCZZ7Pv8H4J6wqbtKRloWiPCUp7nV8OnQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89fe533dd91663fe-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

158.46.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.46.21.104.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

24.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.140.123.92.in-addr.arpa

IN PTR

Response

24.140.123.92.in-addr.arpa

IN PTR

a92-123-140-24deploystaticakamaitechnologiescom
DNS

33.140.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.140.123.92.in-addr.arpa

IN PTR

Response

33.140.123.92.in-addr.arpa

IN PTR

a92-123-140-33deploystaticakamaitechnologiescom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

104.21.46.158:80

http://bbs.xcdx169.net/include/log.js?kfiss

http

msedge.exe

733 B
1.0kB
7
7

HTTP Request

GET http://bbs.xcdx169.net/include/log.js?kfiss

HTTP Response

404

8.8.8.8:53

bbs.xcdx169.net

dns

msedge.exe

61 B
93 B
1
1

DNS Request

bbs.xcdx169.net

DNS Response

104.21.46.158

172.67.140.109
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

158.46.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

158.46.21.104.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
224.0.0.251:5353

527 B
8
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

24.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

24.140.123.92.in-addr.arpa
8.8.8.8:53

33.140.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

33.140.123.92.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
534733eb544cfba36bf533492a1ac8f1

SHA1
eb709f4639383bdf082d537aba1cef52a599978d

SHA256
2c2511c35cbb6703a688e464e60f7bfa9da02a6bb16e6bd83a3f9978aadad867

SHA512
f5e753073c7be435099962fff21a66ccab0a7eebf6cae98274f38628cf32f2cf7fc6f6afc480a06812d5afcc2af6494d4010c2628595dc9014d392b90cac237d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30ff9bcac0c976587a24d6140a6fb939

SHA1
66135433aafde585324a2edf07f9e5fefb4c0ad9

SHA256
3461758f6e15ab1548ecdff33a83b13eda2b975824cf62140a32021e3a81f69f

SHA512
7db2964ff212c51cd4095e6585413c35ee489dae3b4634dfdada6adfab9dfba08e43a730a4920eae5bda6bc7caf0a9a0713d5437a36939450be508373fd6d838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8fd8b63cc6316be82d756bfbdfc9e5ab

SHA1
5a93991d30474f2ba52cd6d559725143f6f6196f

SHA256
2ead253a8a555cbcaa4cd77b1bc99232f7caeaf86bc1fca6610c12ac2b1cdb24

SHA512
855949104137f0c37cf33cb97debf0aae574b2401027004bd8fc8a839a9fcb9b11df1f7d5c9283d577df6052878b524783262e873dc87dee7ca558628e1f0a47

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.