Malware Analysis Report

2025-01-17 23:19

Sample ID 240603-p9xl7agg26
Target sample
SHA256 41b8c59e506929c067d769782a59b4f1bfbe15a86e1153101f02ee9d66baaa57
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

41b8c59e506929c067d769782a59b4f1bfbe15a86e1153101f02ee9d66baaa57

Threat Level: No (potentially) malicious behavior was detected

The file sample was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:02

Reported

2024-06-03 13:03

Platform

win7-20240221-en

Max time kernel

32s

Max time network

31s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{839D0C81-21A9-11EF-8AAC-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5fcbaf1faa73840a17ebbcd7d24f8d20000000002000000000010660000000100002000000082bc90544c3144ea9b8f79a712312420bbff4fff21c2b728d2594fc81b316ea3000000000e800000000200002000000037338322c8faaa2f5380a060305c1236ce3395f1841922ce18f03b23ed0ed55890000000a2bfdf733a1cfbd7028870083bfc7eb77ac07ba0da6b5c60513d103bcbcef6c5653e2f23a1ded827f6a33b4f7406e7b398f7f61815da950c7fcecad98229e688ba33e4ad2d0697abc543ad9116e268cc8752c31c0ff169b34e89cb5b66e6847eaad9381fbc6f5bc3ead210e46fe54abeabd6d054f3989e2a9a20d8711fd686e5ee8db3cf36f4f9721f8938bee2deeca040000000ee4e56b5666e412b6d7cbba6d4d7a291125080279ab921995c996c08f6e8449cc8d0187ef78764c0817e6679f274839d38efe7efddf3e3bf67d84271ee460ae1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208fef4ab6b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5fcbaf1faa73840a17ebbcd7d24f8d200000000020000000000106600000001000020000000437271bcd1806355b1b2c91147cba5ca334a30a3d078cba30e0c16fb4c3ea1c2000000000e8000000002000020000000a74bb7fa790780892730344bb2e770c3cc0b6c6192bd11bb47643db2d1a88d43200000005e487ece3825c6594e4631a291135c0ca29e8cc61f70a379efc6f89909b68f8340000000f4702d46de3dab06cfd6c08002ede742dc3627b84c17bda95622ac5de8f4e802a2488995baaa70bec5c1ecfda11091c1f0a9c37d67f263edd588c7ca774b1afe C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\msdt.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\msdt.exe

-modal 393504 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF40B8.tmp -ep NetworkDiagnosticsWeb

C:\Windows\SysWOW64\sdiagnhost.exe

C:\Windows\SysWOW64\sdiagnhost.exe -Embedding

C:\Windows\SysWOW64\sdiagnhost.exe

C:\Windows\SysWOW64\sdiagnhost.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
NL 23.62.61.138:80 www.bing.com tcp
NL 23.62.61.138:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.192:80 th.bing.com tcp
NL 23.62.61.192:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.192:443 th.bing.com tcp
NL 23.62.61.192:443 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
NL 23.62.61.138:80 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 a4.bing.com udp
IE 40.126.31.73:443 login.microsoftonline.com tcp
IE 40.126.31.73:443 login.microsoftonline.com tcp
NL 23.62.61.56:80 a4.bing.com tcp
NL 23.62.61.56:80 a4.bing.com tcp
NL 23.62.61.138:443 th.bing.com tcp
NL 23.62.61.192:443 th.bing.com tcp
NL 23.62.61.138:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 23.62.61.192:443 th.bing.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2EB0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2FA2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f16d56017ee293a48aae00b299c62d6
SHA1 760755ad5589677029d0ec5d52cf8a225761e1a1
SHA256 4d944616c3eed1b14a42cb340a33f70369ad4de98714e97e049608de85f5de22
SHA512 6aefeac653a08f8ea0afcde42d60433d3b20b845621daa3ff10800e9b9b0b72cbdc95b7789e35ad1f2f4f34420f915d1d1edffb4f3ffe3b3e4d3097e4e30a8a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6409f4b5e6af02685aa9fd5ba2d48cc0
SHA1 10adaa434cc589c92cd1e8105b9fd8f3d74278cd
SHA256 fb95dbef20a3e7b060b94e977d126af30d85387a7247176b11d4a46ef7264145
SHA512 8b0b08b93a228b120f20120dc0ffbdc425f58a2d26f5e8416a8920fb6da502a1912957a8cd8910dde06963d3af037e7fd76aa203379548d7336aaf4549983453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 967380fcc25a28ec7fd03e353b0d6eae
SHA1 f7d95f15e5ae71d49e8cd3a5938ee1293d1d823d
SHA256 eadea62397cdf8d3aed286167214002d73f4285d4ca43e9e7703c76885aa6fce
SHA512 862c98e19b359bc621bd6fae1cd5f5bb0e29099db041041ed237b1dd9a0023e0845543d7d39d717ea7453ecab153f65c3223230e602a5d0ca8d3f7327b91823a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e68bd5eddadedb6d417de5d262a287cc
SHA1 ea13b9c4722abee14e9a43c68fd2da927cd4ae22
SHA256 eb87453abcf24eaea1dd6e907f2e4f8e42285bbb9321029515285582a4a1b08c
SHA512 249b9b0c038632412f0ab810f2b6e67adf2f44e366bc69fc19f060b30930b3a8bc8242875b0c24b1488c9bb2be3da715a59b9307449e452c366a5d59ec058399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a045c51409bd12a6232f206d2d0d9f
SHA1 b5c8b8588f8f5e9584e82eba8ae7497d7144ef1e
SHA256 eb711becf213722d4bb4e6092721947cf36dfbe157fd5ca674e9b7a081f78890
SHA512 15cfe4bce9911ae1361f2385d98216893b539b0156c5d6afc2f6b29da490119dc4307243a89b03779f0f0929fc1bf9e53cdef539b449cbd1a715394021b85771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7094425b3781479dd2f6b6fa42d6cfda
SHA1 387f9531fcdddc978ee0c297938402e69b8a49dc
SHA256 d413e8c70f9a65d2721f41606a36028f7e6cd4caf7581e4e0f73ad9814920cdf
SHA512 6dc5d0f82f38c89dc3e9d880b9b65ea5e38ce2c38966159a825a5dccdefb7fc32a9b28e52e0f922fd1fbba53ea6563c5798e8c0f0f0d1ef16fe450eafe8152fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64bffd5e90d4402e11d4ee3b4d4ae0fe
SHA1 776d239f91c6caac6467d1c64fc242e11e2b2db8
SHA256 67c34efa9d74e3883f5de2132392fbc4af0f96a91d511308a4bb23feab1d3afa
SHA512 b3e56c5d31b26812478935a8ee16562525bf27a831b6ca6672876fe363259e5090b6b86d237ce02954d327a1f9f5e3f5d431f5de28e1115689f834c1b56d2ee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fee8ef629101dc7629e7f9cf654ed9a5
SHA1 5fd51f5793ede9207a598446d077d73dafa791f3
SHA256 3782397b66e4cb6f75b502e5534d453f216ef2d8f6edfedc5ef4a5a7e152e2c8
SHA512 5a73edcc0fbeb4bbd4a3febb0429951a9b483f6f8f8b44ac39dd10221c4d14614140508338356892342efd9a99eb6d72a463c94e224af0b91dfe616cac27baee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7a9d36681af8886cec0492ad46831c2
SHA1 735f2fe6f632bc1b3985410d3919dbd972356cd6
SHA256 d08e03d698e24d874388ff53382a51ba7124f5794df01fb72c286245d6695fe3
SHA512 c7d6d64909a011b5b64c97170e976738fbb7ee8f57b520cc1508858902026a25800da62925c8a239e4854e4fc7b2ed563c69050952738eed413db2a62a026f0d

C:\Users\Admin\AppData\Local\Temp\NDF40B8.tmp

MD5 24a83befd99ce6fd033a7ddc8cb530c7
SHA1 86a17a9095bf9b485283fb334c62646666bba526
SHA256 3aa196449c59d64a11fc8ee1c1847f25d1dadf8c0a137d97ffa4874834126dc6
SHA512 b930d85b4e49ee7adb1f30b6d3eb0b937069f883246aa0d5f2f6136dd66cf1dc3477285f7ef11a6b64e59f4eff1daf3c2508045a18cfdd570dcdd48b9752fa1f

C:\Windows\Temp\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\en-US\DiagPackage.dll.mui

MD5 1ccc67c44ae56a3b45cc256374e75ee1
SHA1 bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f
SHA256 030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367
SHA512 b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

C:\Windows\Temp\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\DiagPackage.dll

MD5 4dae3266ab0bdb38766836008bf2c408
SHA1 1748737e777752491b2a147b7e5360eda4276364
SHA256 d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a
SHA512 91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

memory/2700-834-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2764-835-0x000000006F5E1000-0x000000006F5E2000-memory.dmp

memory/2764-836-0x000000006F5E0000-0x000000006FB8B000-memory.dmp

memory/2764-837-0x000000006F5E0000-0x000000006FB8B000-memory.dmp

C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\NetworkDiagnosticsTroubleshoot.ps1

MD5 1d192ce36953dbb7dc7ee0d04c57ad8d
SHA1 7008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256 935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512 e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\UtilityFunctions.ps1

MD5 2f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1 fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256 886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512 322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\en-US\LocalizationData.psd1

MD5 dc9be0fdf9a4e01693cfb7d8a0d49054
SHA1 74730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256 944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA512 92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\UtilitySetConstants.ps1

MD5 0c75ae5e75c3e181d13768909c8240ba
SHA1 288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256 de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA512 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

C:\Windows\TEMP\SDIAG_b6a63c82-c8fe-45cc-a2a5-3bd83a463859\StartDPSService.ps1

MD5 a660422059d953c6d681b53a6977100e
SHA1 0c95dd05514d062354c0eecc9ae8d437123305bb
SHA256 d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813
SHA512 26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060313.000\NetworkDiagnostics.0.debugreport.xml

MD5 ac2de9b01471760a7d001c6d3a734194
SHA1 76d8b2db9d93f3d21911f115129c9c78a311cf74
SHA256 5c908ed800671e76b937c2e7de5f151e0b0ac88dee038696d277d64e6d79bf16
SHA512 03c3a073ad91f31553f4d0a3afc9d0cb3a1f3f55033ab72c4eea234d237092373a2cc4e3377178187ef1bef1f6d48a2347953bf049f60ef9d71b662dbe68aa8a

C:\Windows\Temp\SDIAG_7ebb0828-65b7-45d7-84d2-1969e92fddb4\DiagPackage.diagpkg

MD5 c9fb87fa3460fae6d5d599236cfd77e2
SHA1 a5bf8241156e8a9d6f34d70d467a9b5055e087e7
SHA256 cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f
SHA512 f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

C:\Windows\Temp\SDIAG_7ebb0828-65b7-45d7-84d2-1969e92fddb4\result\results.xsl

MD5 310e1da2344ba6ca96666fb639840ea9
SHA1 e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA256 67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA512 62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

memory/2764-1239-0x000000006F5E0000-0x000000006FB8B000-memory.dmp

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060313.000\NetworkDiagnostics.1.debugreport.xml

MD5 8703a94234c4be4a272d526883e14b7d
SHA1 efb84b1fce93e55ce4f3035de494ea56c374411c
SHA256 fb132955972572068f353ede8a388f8b4556924ef312340e175c158a8df8b87b
SHA512 e71e9eff1f58115e01abe247d9482d7fa1d51d1872c037e3a77cfb8305073b8b521bf30994bdd9cf3d0a2ae4a7ea554090b559d373662ca0da3f85586d3d4739

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[1].xml

MD5 0ffe35c2b262c6077ad79457929a02d5
SHA1 0e306490f6ea15cb1e7f9e1e1fb74ec055c9bab0
SHA256 00ce06ea8bfbef00439d199293e083e2a3db12263a79fddd517593f1e3002aaf
SHA512 cbb7ea297203db1affc0e055b85d0ffebf42de66df5805cbc1eb83e33d5ed0a8765fe50c4e4d8fe8742de0243d5e702aa63a202b67ea019500bb7d0866cb6852

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[2].xml

MD5 8680c8319c6924ebaeb4c4755a30dd00
SHA1 0f323f3dac2a758c35d0166756a9c063c2c0d403
SHA256 1efb511b1dc3c3ff052fb319b394648287e7ec3bacb2fe106d063a4a32b29a75
SHA512 5f196d89a2e8eab9c34e10375dabcb7b761bb80a11e6ddcec015a6141dbf368e4bd0c1157eb2259edc66848d45693d9599a53f67a08f746fb282b918020ba7b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\qsml[3].xml

MD5 7274cc7b902ad81351d8c1f3bc4cd1fc
SHA1 e6be3c1524ef2a6104b8550a7470e8d4ca2d8f23
SHA256 049ffe5ff398a42b74f8baa97fd78aaab23fda6e974fa98c4af8bb3369d1ee3b
SHA512 42ae9c93e687105aac766939355b8d2d2358945e41c010bc9394d39d3d6503a882d1d2a3aae48590a1cdb09805a00ea035828bdfea1122b2b728e9c1a53b0ce8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 1d2c65bef5b2bf4a5670eccd07ca9baf
SHA1 64434c4e694041ea9d8572c09c13c481eb22423d
SHA256 dc42a562691884c8646b7060f12ab79648097915b3b983cb1de8f5e4d46efeb8
SHA512 45e2a91900ee3bc3edc3c641d706b07e9f88da5f8b7f0a5fe9be07fdfb5585d66bec4e7a4d84a7e936765c309ff3faffac24a34c9b2c871c949dfa7c9fef4b7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a04b6c91294eb4c439a6c1820b417880
SHA1 8aaa1ef6a397376124269c4302660745348ead84
SHA256 f4752bd237ddc1f5ee721c062d3220256a5ba47c9d7f9c9ebd0f2297273d7b2a
SHA512 bd782af64356320abdf2c73d1b188803739f9bde74527a85be4660ed821a79d0d09634a286e08a082407e381139010611fee10f6e56642347d91f3b29e4f1e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd75254b77b0cffc09ba056e32328305
SHA1 a3ad1d0ff9625f7ef49fde056504a1f0b8d8a79d
SHA256 098c41f62268fdad1440a7a87ee716cb149222aa1ca7c9a76a32c5bfe26df6a8
SHA512 ac08a2894ffaaf9f33a2e4d52d0c152aa1c4bf09fc058a4929679a6ae7fa16ac8cdb76ec26d51e7fb62e8623a2b7ec43a62a47a477e250189004676dde4186f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 bdd09eff5e440cd298cc39e347dc92b7
SHA1 2301629a9f901882b80bcd5282f0b7b7970248ae
SHA256 40f7f5c5d1801da600e0bb8f3808347acb02c6787180fc230ba8803563b8036d
SHA512 5af0db18e72dded8183263b33984486de0734a6ae51e3ef08fccd0804cca932d000f31fd6ba2e2c42b40be1556205519a9d512de282a3eecca9f4482b94bb430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01dd4221c188bcd9d680d63b2df8b623
SHA1 e96b23383b9aa77a090f664843a287f06fe9d0ac
SHA256 5b53f70bf1e0e39e3116b7232bead86d55bc621781d7d5f1fdf424b047344e09
SHA512 cd8f2ffef8adfa7724431251b62a6a770f3be9b40c4c4280a60ebf310bda6d827c905435f77a187687e0226a27576769836f3a36f68eaa85a65ae62a66738629

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f90439a8cc8d29a9f9efd29e9eb4ba3
SHA1 aa3721406766f1a8f4e726e2d678272906e37c0d
SHA256 62b2d7fd9e2fba32b755a3d3298c238cf7e06bba2a387ac6c58ba418947c9f0e
SHA512 a0e17620d6f49690852cf7ad9e1693469fa1e60d867ad2dbe1c481a947cfc2725713b9f1e285ca59216ee452b74310b82aec454602585b1fb777154202cb84f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06cf903dda93ab52cd3969eaa245943b
SHA1 d9dad6984324ee050db543ff68c36328e3332d08
SHA256 7979cacf1060c92599cacb46d9c81cdd15236a6cc40d366b41ead5347cc8d00a
SHA512 801ac55da9e3ca6e0ac7f60354ff92aa253136f39771599f4cc6376d0ad7b4e8d9a9ddab402005f40a69776872eee6da258b0f2ace7b428e9e26aea939686372

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aebbb9f2eec75641c56d90883f5dd65
SHA1 4aafbc4481d696ab6b9a9f1b7944a09d5ee1b490
SHA256 e3133dbb80d2e2d7feb1d639ddd013dcacd67e60ba25a031397f3d275230cbba
SHA512 1a8c8dfebbee2437ae1134e9014993f2b28ff07c448db4788171f0fa29c2bece25a90628a3fe976a715b1da92b937f3b926d2f3e322c1a1dfc598fde2a650015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23fa2cf94c532f9fc2f5fe96d7f990c8
SHA1 5ccf1bffeea2b11f9e1f1b1e2024a9c071670cf6
SHA256 c433a19c2f200b9ebf07070ca80838d0e2d30a97887d2b4aaa7b273ed80584a3
SHA512 b0ebf8feaf929865bc9cda432b9ab32f480c0caa687485c9f0671af7fd0de000939864a3850a785c1ca1199caa56a21c0862268ce2ff021cae74887c02efebb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 222e5ec84e0caeffb69cc44a9380a283
SHA1 df5c5139b66bc2c5c29210c293b1cafedc6fc009
SHA256 395cff62b0400321392e00bbd7ae02d38d0b63f720d6d9900ad8fc6c86d19aa3
SHA512 d93f48eaae7c62a451a5c64cc96cd59950006253875368d604c5e5dd8d3212dcef445f73d7e438c491cebebdcacc22e16612321c3b50d12c9df55c7e3355ae9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1aaa554ad2fb9b7afb557485d060f10
SHA1 06f9ff83bb496bf2ea9977fbfe2d2326aec526bb
SHA256 cabe8c02d283cd08b35eb1ea38452cd148ce1157dc793ee083bcb859495317c8
SHA512 2ce57d37739d113b76b54c5c1e941d73f0e520a7d4e63ead6d5421c925c1691d7dd599d035eaf6d850449909fea7b9feadb1daea8ef3906ea12261d71a75e5aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19103a87c3a72deb724ae037b1bb4679
SHA1 36303ab1a993864c66d9fb842429198db594de17
SHA256 00c26df50b578934c2dc133c4ad7e44bc983073516c13f0acd06e427933f0788
SHA512 6af5d9096d6d9c0b75ff3df5b3e8e0beddea9a9978d6909b1ee12fbd54b56b8a54e5b8410e9b09e4572e52f96e6ea140ab61a469c5d84233739be79b4c6ce6e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78897895191ddee3d29f550998a2b844
SHA1 de14a58c798b051e6c41638a8a270e061fc2a89e
SHA256 56b92f1964ec28100b86d5b4af5c73cb3f2b37673a250e09c42819a9f0394a84
SHA512 d7621021f8dd0136fbd1d47a8667ce7723c39d39603dd83a2f42e433ba75f8c33d071c0a623aa8a89e4965d66f4fbe15b4677f3a7b552eee7329b559aad8e44c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25213a2b36fba46fe2c9a64da7541796
SHA1 91e8097ee847c659750848e4b1417c10a90dc9e3
SHA256 36501a1a7633add8c60dede8a22ec4d627dbaf6a16617458f7e6aaf7444f8b41
SHA512 e5faf821f8eb3aa843e82550c3e0d2d7016603aefacaa831f6fd26d4a683da3a25e858394d9261dc3f389f39e997924a20802e01572041646f4e328785c8a48f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec856720b046e170370ee77f51ecec30
SHA1 8a2818a4d46c0320b0dae91f965d8bbcc0cc5b52
SHA256 a768d2968e53fb32a88fff9cf5bcb0831f7c6d4032a97e4a51327c2211590cd3
SHA512 4a6b753b97c263c1207146df003366bee26f764f81cf551c97892102f4bb75dc8b3448fda79aaef3ce539fb98bbcfaf765d2b289d84471e2145b429afee8caf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c19308b1efb43dcb3da2ae519daa4e08
SHA1 2fa6274880b411ad2f59240f0ba6928beddb6683
SHA256 28e5de0e90d0e8bbc31adf1a54ad32f860f283613af7ba2bf666df3c5759eb3e
SHA512 c29d750bf01d050a4c8b6f68ff4ca3f2287aa85be2c7e06549e05433f0a165ca6e89669fa2ceb1975e87b32678f14a7a89092b34d555514b176dd8af4fbf7379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4129030f598b3dcbd9f0d0519760127f
SHA1 31d22dc9ad47aa302d6a38019670116a23cc5b35
SHA256 fafee5c117efbafefabff0a930e7c3861e847859fd9abe949d683be4b15659a6
SHA512 e53bb0a064774f458f6fb921a570f4f5eaa0fe3d843a6506be62d33fd50c955ac7635d7e957a4fd5bbd9fad71211c0fcbcd84646d0d70ac8126c4236c02f50ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\favicon[1].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 4019579e6cb24d5850e033fe972498fb
SHA1 dbad7a5aaa8793e425cc7424941a7244c7f199e1
SHA256 189e36f9c737be84af8f942e6af939dbce3f9e04a78e1edc11cf076b145763e6
SHA512 1af95ccd38812f67f7a6db8505fe858e64c7e619ec31a7ed26371396f20feccac0391eb15c300dc1c85c0b8d32bc4f7b3ded6a85c1f70b0010888ef441813d4a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:02

Reported

2024-06-03 13:03

Platform

win10v2004-20240508-en

Max time kernel

46s

Max time network

47s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 3264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 3264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1688 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6090654582070497392,1335935761400386845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
N/A 204.79.197.203:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1688_FFCYTNBFLFWHUYYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbbb3248cd01463b43d9d290b4c59424
SHA1 896a31c8cd958765d57b5db4cdc181a6107e7d49
SHA256 25a689252d5f258e604e22d36e27bc71508f79ab703a25b48c0afafade618158
SHA512 0b901fbb55f0dad81399260d029393c83556f3c78e4f2bab0c76f2e786fbb7637fbe8dc464498780919e42bf099769575950a1f9cd424570244e9c20fe07ebce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32b233c856de7d21bf401b6fcd287d1d
SHA1 73773ef3d232bc85a5c6d33d39a26230699f8666
SHA256 2beb8e41dc348e66b55edbfdc2940987f8cb7477f025d4ff451ed2e064373f8a
SHA512 6d91959f0217bffba8a5aee8fdb10dfd132d91405ebc53aa3bdbb77989ce69311fc86bc6afc4e0275e0e3b6d85a1e9289709b2bc773ea33f895a9164fbb9ba31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3df7100684ac28b6c88a366b29091543
SHA1 eb29e8a8b7388041be7a52b9eb4d1bd80055e488
SHA256 fbd4f2522bf5112ac5369ab669c931f1e77ee7370be5e9d8d61d970e2d3d131a
SHA512 f6933babcd653b145acc1776b7013029f150f1cc6d7133c85b2d8d544888e89a5c9cfc03a617d2851a5fd6536e033ef5324ee7c61d927ec5c62f7cab2d9b8e43