Analysis Overview
Threat Level: Likely malicious
The file https://cdn.discordapp.com/attachments/1192190136759373884/1192738861114200114/Dark-Knight.exe?ex=65aa2ba0&is=6597b6a0&hm=5c5e8af1b6030872e7331735c35e9c961630dd135d115ab87e773be635d6996c& was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-06 19:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-06 19:28
Reported
2024-01-06 19:32
Platform
win10v2004-20231215-en
Max time kernel
171s
Max time network
183s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Dark-Knight.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 547162.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1192190136759373884/1192738861114200114/Dark-Knight.exe?ex=65aa2ba0&is=6597b6a0&hm=5c5e8af1b6030872e7331735c35e9c961630dd135d115ab87e773be635d6996c&
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd29a46f8,0x7ffcd29a4708,0x7ffcd29a4718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=4848 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1868,i,2218841489824047769,17809551509531500770,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a2f7733b66c54bc9b63c6bc15e58a4d8 /t 5040 /p 4536
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
C:\Users\Admin\Downloads\Dark-Knight.exe
"C:\Users\Admin\Downloads\Dark-Knight.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,9022914252101992520,14402980484435587123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6248 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | efc9c7501d0a6db520763baad1e05ce8 |
| SHA1 | 60b5e190124b54ff7234bb2e36071d9c8db8545f |
| SHA256 | 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a |
| SHA512 | bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d |
\??\pipe\LOCAL\crashpad_3044_YJKQKAAJQSAGFFBY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6782ef70d8bce643d60e1cf6232b6518 |
| SHA1 | 1ca91021e112561819f672219112453f61063d87 |
| SHA256 | d55c5faaebd8e9a56413a643f275293911ee58bc82d948a714c17c4040018c2e |
| SHA512 | b541294b28a386d23034e4e8e006a58e0502763cffb89e9b2def204e323573319eaa132ae0665403c44acf84ec33c17603b03ba873250581ccb9765d1747587d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1809b7a3db7b2d5203ed66073d32c770 |
| SHA1 | 33b152e0fa3865409a3c5ae0b2708c02ea013051 |
| SHA256 | db23af8fb1497f8925ccd1366725109d205b5ae289dc98a694dbe83ae6a85d5d |
| SHA512 | a8a88bf612cecb059892043b5f8c71faa2c909fca38356d736232c6974d2e49811b552686f669ff51e5bfb9158b6765e4c4af144dc183c4cb1522cde0a8ec060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c77ff64a6367a7a96bca96d74b1d0c6e |
| SHA1 | 0d114ce1448427638736cd56c5f821090a18e8e7 |
| SHA256 | f710d41fb2500e65b10eda94bf65e16897513306cb858371f8e02394d7f97be0 |
| SHA512 | 4c7e7bb07fc2568a0bda938ed93ce7e4bd094c84a3c6de664b4f74c9c79aaf9ff501e2e8ab1835507559470006f235b5a04399be9694b7d84c5e248a47a89ac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 121510c1483c9de9fdb590c20526ec0a |
| SHA1 | 96443a812fe4d3c522cfdbc9c95155e11939f4e2 |
| SHA256 | cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c |
| SHA512 | b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 03caedb43c74eda4e41e76d385bf6185 |
| SHA1 | 4d91bff79dea6192892c618ed9170b9ed0250c8d |
| SHA256 | 28d4988cdc13b48b5b4fdcdb5992b2dcd13793bd6a7741c48f065df47e25fa7c |
| SHA512 | 7820587a374e11e21050caf10d737ca5b86a7fa2030786fa2e8d3f210b76dee6b42f3d12f6f9012ad6e6b502e2b05d30b6764f3e700067375eb1c9c069f2a53b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69b6946bc62c1585cdfa6863692b6327 |
| SHA1 | 86fc9615f3bbd96a2f6c7775e125b478e43f87e0 |
| SHA256 | 71753cb1e4f9d990a300a3c42cb28aebc088e3ea3e0a6296ebe9423c3669725b |
| SHA512 | a68794fcbc444915678fa05e897eaf73a9e4a727e303d2e14dd752ccaaa39adab44c0a13b2fb7976316bfd66ae18122427aae3e3589961c12beace4ab7e1fe10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c95b9b0c4c3bf849c404b49f797b21d5 |
| SHA1 | 5062464a2cbbdcbb51eaeb1e5ec5bb0c32410fb1 |
| SHA256 | 5237ef1a397c1d1b1b14ecf1f0ccb1e6384bf57618c486b5be8c072245f1785a |
| SHA512 | 810b78dee869c9691495b6d65871674d6588feb7bf513038e735a5fda7c7212307c0b7fd01d3eb83fa126f27614b21aa9b2cb2d8496a9d9e8973422668bcbd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48fc1f8c35faa3dd81ea903a65410414 |
| SHA1 | a7b0275f1aa7dc7183e58d9d0b9d7fcf9a6e1c12 |
| SHA256 | 02bfb0d11a1fbe3f9cd0429a1f51f87de89699945914aa65d5dcced08697418c |
| SHA512 | 0c501365e6caa588e0119c9a8c50fe5a9fb842464d2f5bda9894ee6ba8907fa4a192e3309c69c0e295cc10f55c84077b95575cc7c923dc0e195d3b3f8021bd8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2fa069ed025a7c9a9ec9369d264eef16 |
| SHA1 | 1ffe498676aa524132ededeb600a10e9c170394a |
| SHA256 | dfd1533a3472adb42a1b36647f7a8462ef71b7e4fd47ee8578186f8f73c0715a |
| SHA512 | 819112a53d18979289adfee108ed86d712e269d15c4cde4a41b5d2fc0f3fbf63d3e37bf56361cde7df5709a0e91f62d30fe5003d941cce52f19862ea5a1909e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 67dd6510ada058a106ade2cbb292b118 |
| SHA1 | 54bd07d1c0a91ef593881d0e09a116d61aa73b4c |
| SHA256 | 3572189988f76bce4c33cd403f2ce6a186f1e35bf4a4f21dacfa8e3dede40c7d |
| SHA512 | ac58e5641ec68631c5e87a427ed3c9757db4eba8660f2162db5270803c37c380382d656db9399a8f65953061b20f52682ceaa82bfe2a055f2845b2998210b1cb |
C:\Users\Admin\Downloads\Unconfirmed 547162.crdownload
| MD5 | 73707fee9c838795eb9232136b32a6dd |
| SHA1 | 82d4d5c81460ff0c8b1b343a6a911b429aea03d1 |
| SHA256 | a430715aee14d7c1f0796a1073ae226565a3e2519bb93f49fddfd89ee5095733 |
| SHA512 | 40f3fdbafb30811382cb28332f48fb3c49bf3629775f9428de8668f8645e53cf813ba6d64e7dff37d2d0c49604e3de3ec3ad9690eeff002fa9832103c6011166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f894f717-a2a4-49d1-9f4e-ca241b604744.tmp
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8be2ad6000dc6e518e99be9588f9ce91 |
| SHA1 | 552a6cae3826d1fd0c065ce226095a1f59a5184c |
| SHA256 | 8599288be2fd3e8ba15780cfde97d88b0c82d66e0be8602591b03c1653ff0905 |
| SHA512 | 12600e9b42344b07d818b4cc5f76d53b232695d282b819dae0d6b0751a34acb069d50c90ef02d7013373533a941fd2f08a095c546fedfcef5d0d59dee38ef43d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b6834fe052fd411251528a4ee3a1647 |
| SHA1 | aabcb9da219c288b54a423c9abfe1b0bcf7c5cd8 |
| SHA256 | 01da5814724276d3ab0ef9708780f018817a19ec43368650243e200736842aa8 |
| SHA512 | 5c6a1717cad68d24cb646aa9125e13630a3bfa929d30926140e2763787b4999ae51f359f949e34d90b92bee609ea61cbe76d522156b4d4907a5eaf3fc8f4a7fb |
C:\Users\Admin\Downloads\Dark-Knight.exe
| MD5 | 96a4a110d7af4612b38f2e9669635d4c |
| SHA1 | 30742fa2fe0964e480baa2aaf116c3d1101ea944 |
| SHA256 | d8a77083eca8fda0c8286440c61d00a81a2542802c1caf5b1d303f8740adc509 |
| SHA512 | 8d6b17f2dcb9376ee19ae7704ab4e0f0c01434cbd9127d2e45b60a2416b835432d1095ec666b8643069b566835f74e2197427b3ff109c1e27c897ca93fae6174 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db40d97f90e1f3b9b7efc4d3e56183f5 |
| SHA1 | 0335acab3799a596976e0db2a6682701c2801b57 |
| SHA256 | 7c774cf2f3defd90c60ad44f25abda9d1dc58858772c5e55a9484f3b82a4d560 |
| SHA512 | b78de7c5a3d0029612303272fed6c27b48ea42bf16f8bedfa2bfe2d039ec5684d14bbe12bffdab5fba70a83075ce8429ba6a1b00510c26cbf9b0fc66ccba3898 |