Analysis Overview
SHA256
0f9e146f16fcc282425b9b43a42ffd0bf405af2b1fda6f02d7630bd7ab3b319e
Threat Level: Likely benign
The file kirryt.jpg was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 04:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 04:21
Reported
2024-06-02 04:52
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1699s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617757512845866" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\kirryt.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc6dea9758,0x7ffc6dea9768,0x7ffc6dea9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff629117688,0x7ff629117698,0x7ff6291176a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5208 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5116_XHIPOPCJWDUIFZYK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 457af188fc9da4709aee4f1af0f2dc86 |
| SHA1 | bf5fd1dff952cc657e93561871bdf91dd3e3dc7b |
| SHA256 | 26888c464e6f04d324bf30b833a84f909d253425e977f3bc925cab25a5d9c93c |
| SHA512 | 816fea97960b13fda9442d7461d1328817ba170f1df2536109a3de9ba8f6e05ed31bddee0f067ce6306beffa9df8edc799956abe49690b9202679600401b4c84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 69474ccb442c88bee2d91afc21d2cdec |
| SHA1 | 79bc907c5cc3d48715d7c011d042e46b86c7ce27 |
| SHA256 | 8f09909a1d0fa1596181842ffe9bb9287053f2beb7265a6e4b7f4581217dd4d3 |
| SHA512 | 8a05b316deb370874ab1d0dca7a2aebbf0239ba905c49bcc135e9fdd6e13c1f86edaaf15fd04da60f75ea6e4b94631d732a7ccf7582cedbfa5c302748da406e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99568e92ab191b314af4529022352816 |
| SHA1 | e76ef6a3703afe227c1d8a0fd772354220e1ece7 |
| SHA256 | bd363e2e2d76d0f512eaf0807951a7f52697132069cb68be9a9d2fd97bf07a68 |
| SHA512 | 717eaa316730e846497347a51a8ccd7734e54cb9a6a2e27a5c38ad83ea5419ddb14570d2ed6d8d3085cd2c48aa96ccfe6f48deb31d64c3a16c6cd8726c7bd514 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4ffc9c27265c86d763612be51f900a05 |
| SHA1 | 721505c94e74d136dfdf040887054d0240c52711 |
| SHA256 | 1110d7780c83bfaaa7dd4b8cc2587ffb5daa29793fafaf447f0a3cb89b7e2b9a |
| SHA512 | cb826f2d2d5adcaf4041c8754639f3892f289f869e381296fc9e1b151d04cc46c319a5914cd9e6b142721cbb91fd1c223ba10a04c0e9df90b2204dfa649ff18f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b1a1169ebfffb4e7bfcf4c3f829ecef3 |
| SHA1 | 7fc20274f1816e5101b06ae02f21cdb7d51cfa53 |
| SHA256 | 151aa0edb354a366296de29fe17e341357b91f0470d9160b47dea8e1e0e32031 |
| SHA512 | b66882fca195ca50d44e5c87a92edb93776e4389bb0657821e85d0d0c033921ff1e13d54f136ab7e2b6c1558c1876738f38ce8164457baf19d218f8fe64789c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cba2ff762e44866289892a1739679c39 |
| SHA1 | d508e08c662fb35a084d60aadb88de181e6ef16b |
| SHA256 | 7e6a5918ab733d66f1a52a508e300d3fed9217349d4e314c000433f995675273 |
| SHA512 | 4b6b9ff5fb7d9fcdb9db43479f3216a573f4857252c675d6d096b0a48c11428ae9f4723c51e2a22d37e7c87c2a84ad80354f703e05bffef3fa442129cda92476 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 1fc15b901524b92722f9ff863f892a2b |
| SHA1 | cfd0a92d2c92614684524739630a35750c0103ec |
| SHA256 | da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4 |
| SHA512 | 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1f7a8d467393693d2bd3fd6c9f16e4c |
| SHA1 | 50b7f14fba15cf9a9f238835f00cdaacec3ae009 |
| SHA256 | 38f3c3413b482eed4b3222aedaea7571ab2d3b8ece1cbbcc7ae6182861029000 |
| SHA512 | 05c1a25eefe92446ec8767fda0f0d17146bb0ebcd033e842c8bccbb40c870a34e2ab3e10517ba35d7adb5c4b5f20f112ab984e6e4ed55bd9e2cbaa3526c93bb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dee0e9fdb6123cd9b13dd6c871be686c |
| SHA1 | 5be038bd713f057476ede3855f93faf140301e70 |
| SHA256 | 98ebe11407f09f438d962132d36a75442103213c475f5e714d59287fc95dea82 |
| SHA512 | 8c999a7f76a5e4f851fb9e325b76123dc72d4ac572703bf7d97c850aa5b51cffa8a9f47198de489ac221fafd60398fb88e98c0b8feb915f5de422b2e48754815 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc245dbbae0c8e470753be6c7bc6f00d |
| SHA1 | 8aa9e9bc64d0cbf3e8bd2fbd5b9593c203ea1391 |
| SHA256 | ba192f68a51fe18b374954af91922dbe99b9cacc4899d4e0a65ab8b4a87b0c4e |
| SHA512 | a298a71629ca286806486f0b49b341fbe0d3ee13d51b94b94cc0df2853115a52a7c00648d1c6509bb382d448c8feabde9caafe1e587b54e6694c92aa0159d54e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08ee0b0c114e0941_0
| MD5 | a6bd72609cf5c30f713088b29b4817eb |
| SHA1 | e665e669d38b09c928149bef42ef6673cbfd5ed2 |
| SHA256 | 3b4508b092e7a271d371d620384c720e5cdc7d5326fa54c97458e7965e8c44cb |
| SHA512 | 8e7d4681d8ed0072f175d1075d5c832374f021c449ca5e1411dee464513119cc5eb7e391cba676720fc2288baae46f75cfb0df66f50230e886192fef44b02304 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb8d215b33972983_0
| MD5 | 1079bc7e4f850898c28c1db40e7b2418 |
| SHA1 | 85b847fbed4e15c721cdaffc9b34b1398dcea8b7 |
| SHA256 | 259240cad5413c1feaafb938158e5cb56fbb3f5a6e647496f9297fd6e55cbfdf |
| SHA512 | e222247c86559cb6ece64f5f29cf7b65fe936d9d8e7c22cd6d778d6bf1d90f53b86d4a7ecf23803d6e5dc29cdf8b63dae3ff150dff7d843e32c8254bd4723df2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fc7fdf6f55d5ed6d9286d32700f01e00 |
| SHA1 | 342afaa929e32717c3d009c3048945570bddaaed |
| SHA256 | 7b1a3c90462e7a3993543268247360c5754becdbd97d255c6e2165ad4f4663a2 |
| SHA512 | 861bb3d29dcb11865de4664f7dde909281ab2ea320ed97b876e40d23726493eab191c5f5c8cbdd83e5522d21e4eaa791462e335a107aa08746ee105bcc10213f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ced33c998af01eda1d428c332275e3b3 |
| SHA1 | 25f50d77ec5eaf7fe8a50d0a7e50fccc75c8d7a7 |
| SHA256 | 36e5cb9eab3e6526a222b86c25bd2255d9f55706464e1a66ee80d59235349718 |
| SHA512 | c592d133714ab8a1fa1308801ba7d1ae994a46b8f9b4bf926abfb755d3840af033aeb54a9ca4dfbae5335dfcce58cbcca86dad98ce35a1343cdee3effae6a0cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2fcf9f665ba109f1bce4569dd0745aa1 |
| SHA1 | a41896003d07f563ccffa8fba82828b9e8a9a8ab |
| SHA256 | 263a26cadd7a49432b6ff08f2e3c4555d61500251745ea8be40a215da1913d38 |
| SHA512 | 9d9a7edd65655962ffa1062729fd3d2addd1e94b0303da82eb8ada338fdc595783b341e5c75f334586be976f01c5421dee8971ed5ce503a2537b03a152c1ba55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7000934688e0f44cb76f8c17abb7a2a6 |
| SHA1 | 4205082c7533a4b272674d6410bbad751cda2634 |
| SHA256 | 7806df17113de52925c533931c586bd5507d294e777aa7eeb960d90eb50c3250 |
| SHA512 | 6ac078df5695141fbe85532a93c29287ce1c5960bdcef1bbe6dafe0679e33986c82f833902d168ca6317ede8f3980108fb6414874bceb4cb60c6780abbf75fd5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 04:21
Reported
2024-06-02 04:52
Platform
win10v2004-20240426-en
Max time kernel
1782s
Max time network
1787s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{A600F43D-E2EE-43DC-822C-5EC8921142B5} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\kirryt.jpg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\EnableOptimize.svg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff0fd446f8,0x7fff0fd44708,0x7fff0fd44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13012261257163303455,14971032621531677068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.194:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.google.com | udp |
| GB | 142.250.187.238:443 | account.google.com | tcp |
| GB | 142.250.187.238:443 | account.google.com | tcp |
| US | 8.8.8.8:53 | myaccount.google.com | udp |
| NL | 142.250.27.84:443 | myaccount.google.com | tcp |
| NL | 142.250.27.84:443 | myaccount.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2092_RENCZVEBFDPAFDMO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f13c7e84f7364f72b4446c7e37e62503 |
| SHA1 | f17f763c0c57b44c41fb386c04355831a455e138 |
| SHA256 | 4a9cfd6f62525f91e08e22f62c12448c4001ae7ecb9b967c86a0534f88ca1f5d |
| SHA512 | d679177f618345918ddb704a90aeb861b7f5bb5a50b6ead679452699b2205c99e7c7b544ddfe1412c3ef507c08e2a419d3cc776cb952d0081d48278ecdfb8db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 380c623eb431d2d054bd7adff95064f7 |
| SHA1 | 24996dd0209066deb4aa0905c6166c19eba8a517 |
| SHA256 | 425cd8a23e6c3f3d5bc26f13d809cb9fdcd5d115e8193e2720f7e561e39284e3 |
| SHA512 | bf62164d61723c5a9d679922b1a60e3b85cd63aafe9f033e129bdfc37e701bc9d9d1a56a8b58d1d49fe9e627959f72be04eb4b8cb898ac315345b2ced9872abf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abf3457a851ee5dcd0e44cca25bfdb11 |
| SHA1 | 745439a0a50cdac0b3ba3a38fccc9cace880f925 |
| SHA256 | 56a95234c067f5ac5275a98390b62f014a0be68d8f7e11f999caa68f511bfb93 |
| SHA512 | f44d69ece88152d88704f40fe4aefec1168961b96997d78de091c6d9976377aa3b26604f0a99356e9d629eefb33ff9d95a463e1186b3d8795b7824fc56be9610 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5a7ec235d0cc3a9fc106b7e88bd7976 |
| SHA1 | 2a8170e24b22f9f7cadce1f58725f5936ab23131 |
| SHA256 | a86b962236d41ba08dea03f3eaa91418d24c705eb82810c7b1833a3941573e6c |
| SHA512 | 34cca6553b84a1d092e3e031a374760e8133f465fb30b5a87ed99746ccc9ab76ae5cbb8ef779e58140fdb27b9500fe9ebe6348c18080511808e8449366b23510 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593406.TMP
| MD5 | 702c71a2e0afbfd3771347f5a9ff13b4 |
| SHA1 | 2bfed2669ca75ce85f83814421eceafa2e9fe6af |
| SHA256 | dbedaa7498a534464248564d3ef2af7145d5a704a350bc8a871f308d3da55e27 |
| SHA512 | 6d3da1e7d1f33d9c2c96701f0cf63dd83d525db48c176a62ce8fc252e61ced6b1b7f28e52e43242ff938c6ce9d58618712e927df643a6996bdef2ecd64344caf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2d265dad1622f0ce53e549863a9dfbf |
| SHA1 | c718032a9a1a48f8829ba64d2c1dca0b4663e51e |
| SHA256 | 0639a11ad01aa16c96887e0eb3bf4836e7f8d055aaea57db97e132afb53d7083 |
| SHA512 | 1d42ce3d5c9246868034491726dbfdb4f5b4e25c4dd307461f27b49211b8117d2b1886b7be8146337bf23089da2c4e733bc7ccfe70b5df070d8dfdbd85e2e9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b70c0a46bf87a7d9661cdc10b41ee13 |
| SHA1 | 75cfc81c205638036bb1583ba9613c55207ef729 |
| SHA256 | e456f61542ff8d23f4740a342fb95942abebe54e2b6f4e07bc752a9c4441f5d6 |
| SHA512 | 6744e1f43c6f8c8c28e8e727fa0cc54be81e2c552fcd864ce7191c11e56cbbd06a54fed0ce51c3ca6d684e9b9a761de0a88444263d72b137ca8cd77ad22eb65d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 862f93c64900fc9da393690a1c0ee949 |
| SHA1 | 6688d383d925e60ff40d218f3bfa752f9ab51f54 |
| SHA256 | c4b0310f900a4a4d0e011f7913a3ff92a1282c422c3a0e31db729c8592461ab3 |
| SHA512 | 0eb69db86d0d997bb3d703d8bef71f6236ac54d32ef2baafc07c96e3fc8c50431072db8dc087aee74c3bad87a93c59ba5b50a65b402c0f243d489a12d6f3f820 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a96eed90310d5a4cb1709238bcecb5d3 |
| SHA1 | 8ace76f8c16f5feb2eebef298702026b18565164 |
| SHA256 | 3602e0c2950e37f23755f1fbfaab66c77ef13760e33ac044e6ac0727ca77d5c5 |
| SHA512 | f9f0125f60889f1c10da5acddf493975ab491b3364510e56ee1dbd53098c30491d7c1a52f55a4a7eafe49e520c171a11a62cf031a21a3ad2b407a069dbc5f7ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd9b0087e3e04bf6d04adf4c4baba161 |
| SHA1 | 899220c4c484b40db1e10fec6024da8e9d2688e5 |
| SHA256 | 12af7a18f039869d98b4129fce4f4b20e387b19f7106906c8d41cb821e0d151d |
| SHA512 | 78f1078ce1152e67cb4f0fa552b1aad205ec5a48caed3b24baf4d1538d08fce1fab64af8439034cad77c870a63e92f7809d3ffa6d129baf7e69855e4a12f8259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f0cd60f8f10373fec23e98232858c73a |
| SHA1 | 83e9452411073920993f2d629e5b8b7ade765228 |
| SHA256 | 01f3e5e690b20c482d51d4f5f1cb0b33c1b0c26dcbb9f7fe677a7ff8e06e7322 |
| SHA512 | 4f1abbb421e5968607d5fac16aff392cc8863fd2a7c4615e4cffda9d0f813f49cf944fd504d17eeba46c07b4465efdb84fae331bdeda644a6c1cd77ff83e3f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac8fce8bc5dc26134980da33590d2a43 |
| SHA1 | 9b239a00ec1b7c5dcfaef381d0610032aa0a93d8 |
| SHA256 | f3c2e02938af9b8fabcb5644774fd1014f6e693278c9f842803cc766a5baa328 |
| SHA512 | f4fb87542611e1d5cc628ff8717d42753950575af83b573fb5c451c5e4efc55dba609a93d79f8b4ac57df9e1a64e3c81a6a6593a7f810ffd85cd0d5b3efd1128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 51747cc622d19887f21f92c1f964cd64 |
| SHA1 | f0d48c0018d04433e3accf3c0cb7bbd739612633 |
| SHA256 | 6584af8df44086062050bc5446fba97d008c44f0bba51fb16c6d60b851d7691f |
| SHA512 | 7b4c623cedb4ac9079c05c13eb9cf8d01629222f62dedf32653a439b0cc4bad7b47fa5d6fb91c5908096a86e0d3148987858e0d828d357d9785f452781e33136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f7eebfc89d675133773e1c2985223568 |
| SHA1 | 0643a9fab1eca001880913cceb4d03bc0c57e0be |
| SHA256 | 5bf6beb9d1585beb0c2590a8cb64e46e5fe10c2779837b1283d2ba83c5b986a4 |
| SHA512 | 1230b2386d0331f85079a7c17a834f53ccd8f0b6a0f7b84b4948bb13b8614dd282111d6ef86425765928711e11ef078858d8dc673776afbd53dcaaf8a47f97de |