Analysis Overview
SHA256
af6722c21be09d268d19883357790eb35966dd06f726495df56b7f42c9c845dc
Threat Level: No (potentially) malicious behavior was detected
The file eInvoice_2049920213-2024.pdf.htm was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:54
Reported
2024-06-03 15:57
Platform
win7-20240221-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423591960" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d88d1a08df9a34fb636a81f8856f11700000000020000000000106600000001000020000000f35f81b58cc01fc6f71d02b59fbb0c9e230064e98adb2e1f3c54cbcb713071c3000000000e80000000020000200000003383a53950ae3fab62cbf72eeda5ae701a8365005be38e945cfff6be34ab0bcd90000000d7f7ec43a4aab10e576f3829d5e9475884e22766122c05fc77f4714da5f0a4219bf56edff73e7b81362198078570ae1db49c10df7f150a08b9d9d3e83ae20ffa0c7749fc4f2e6e600f206230e307a44978a574bd416de96bb5adf2808efa4658565a1f8a92e20910a9a139419fbba15b1c379bcba9a1af894a45c5ed11b501a316a9adee700c0a5adf63a6dda12ef4ab40000000b8637f9f0a1ce3ca3128f772d730a6936ba21a828f79c25ec35db8db79a80f00600cd660df342f2797ecba4189bcc48dcab623825a2dcdfd6e47e0dab9f5e79b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d88d1a08df9a34fb636a81f8856f1170000000002000000000010660000000100002000000070c9e78c3257b646311e09161383e4c3df67f107ad10c03b851fd6cddec495cc000000000e8000000002000020000000e14ce657b56d95840b06fdd3914de95fb03bf5279d842db0a1108c2f8cd3074c20000000c6936518c5c7ab35b7c726e334212e40c27e447599961b40e1bb75f0e193a070400000008ef6086f0ddede4c3d706c7c398ce34f6ff520a0a5d2df3de9ecbc13daa355e783ddc8e76ff79a86eb88bc5003b2c5f4024086472c3c6fed22e45be10abf8758 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80576472ceb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D48EE71-21C1-11EF-9542-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2932 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eInvoice_2049920213-2024.pdf.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | intl-img.sf-express.com | udp |
| GB | 43.132.64.190:443 | intl-img.sf-express.com | tcp |
| GB | 43.132.64.190:443 | intl-img.sf-express.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.219:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.213:80 | ocsp.dcocsp.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1767.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar186A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3f19dcd69d6a4a1dc7fa0c3034b19b3 |
| SHA1 | 5c500f2e0ea23d49ccad30a73744a5e23afaf50a |
| SHA256 | 506074142555fe0373a0d4a9a099c8fd3de857c69efe3db0c5f982967eeda9e8 |
| SHA512 | 455ffb77e41de77a3e0ec72c675947a2f3916f465eb17bf7385df0901d803ae2f3ecb9c1e947f389951554af1dc8970a685cfac9b78e2d93178a9db9651aa1bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c62c6f97135779d530540628138d4f89 |
| SHA1 | e97b88de3e25339c5207409eecd942d11960c2e9 |
| SHA256 | c1968b48e709a071f1bf8b16c23840d25c18c26f87527f81349a772dee70746f |
| SHA512 | 2263d64081479b7ebc5c7827c49c1991741ee7619ee2c7f3af08145193e13c43c688d70053ac8b271b5204152f9601b300b5faff7ede66a27d1cb0604cfa338c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00bb84206d75519f49ac35fd5c2afcb8 |
| SHA1 | bd632af23ba31f5fcee4c9dd2f596229bbd924e8 |
| SHA256 | bc0a1275394ecc6f603682be770c051606f17356d8cf629a7ffb6401384a60d2 |
| SHA512 | 2c616451301aca46f82b14cd5932919c3d5461a722bad85418236e61da3f019552d25d76cb5358f5a2c490933231b32361462e9df043bcba5f305c6c9436b490 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12bcbf7f3eea6a8a5a01511ffbf21ae5 |
| SHA1 | a77f9f96466c5d55f54eb7670261a094add8d0fa |
| SHA256 | d127f5fa092d64e64992b6eb9065b549706860d9da56d826ed54e5ab03c340b6 |
| SHA512 | 818138cf2c0fd47d4930305beda9c78b53a1b90cee1dbd640bc8962f6b23bc6f5a2f648fd540a2b85a405c42419c3264cb44b34e0d5088e3866ad21947c64e91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 751db1d048d147bab218d77f6563f0d2 |
| SHA1 | 1c40073c272f479da64c0028203610d41b80df81 |
| SHA256 | 829b0ff825b4abe8f332131273ddb9b493bb42ab3ccabab22f02da40d1240d48 |
| SHA512 | 9053e6c25da489a36ed626717e63b7e1f527953442a1f2a55a3dcb9eb5acdd0b8f72cd0871cb570379fa5bc33dd2b1eaf2c51d2423bf51cbe8b38bdb06f79be8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4eee7baab903921b04de49815e3d6d0b |
| SHA1 | 7f7a38c8aebe898626d92819357e37a1125771c0 |
| SHA256 | f78e3c86a8acf62bc61a889d28d932fcfd3e7c48658a12e47421c1744270cac7 |
| SHA512 | bd34ae977362cc196c85ada1146b88063b892e5a82c9da7b1859c4436147c6ec64245eeb5d65e2e1a5461b145933bb42ecd83fcbfcd1c7cab88fec39a46c06c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e66b9435811207cba0f42ff060cfe02 |
| SHA1 | ac863d1a41d4a38c5235849df9d3a21d11ea24d5 |
| SHA256 | 0845c13af2167cd945a77a7f383854d52108237ed6c4a8178b5de748c6ffe1b6 |
| SHA512 | 45beb5031a6bf065746866c8a3a262e7f7055d084fc972b1c73004d52dd4aa9fd8602224178042193720fde3fa16082ca4faf57c58a3ec76647172df27734b31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fdaab3adb4d25290351c2d8df4e5d63 |
| SHA1 | 552c289f70ed4fa1de6a8cf6471ffbf8fce7cfea |
| SHA256 | 979e4e95e93844977e0263473fdc65fefd13ed022cf61246c22297a0c918d185 |
| SHA512 | a09f8ea5f41cc9bf8edacb8b27eb4fd8c6a492957a027ab17c5c1491929967eda5318cecf36ceea38803492679cc65d697e9890bee4e000af63322a53e570619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f5b15edbcb80c51614eb6befdfd0fd5 |
| SHA1 | e5ba5af3d4efe06489c18ea7e57146f503c63bed |
| SHA256 | 5fbecaf50ce4dd30e24180bc2fb2e6112dc23bfdad9e1a14779e5fdf9bf0ae36 |
| SHA512 | 0bc9601a909a89128fb943eff96c0af387cd84fa431f7d3c7c306fc7ccb52a2ccd10116a44200bd7ecfa40939ff377231c1345aada0d92d842dab1d76a415cc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416ea9ca17136208d4e4e28c47e05e28 |
| SHA1 | de673168f88cb2c3ec2e8e6c0f33b79c7a04a5eb |
| SHA256 | b326cfc023fc8d91b4c5ad1c591d09ac5630f011d7b94d53fb80c7228603fbad |
| SHA512 | 94dfa3402ad0937f545db9bc67eab00f9a0ce2f709d5bfca36e9e656acada6765967109778c807d080b60fe66af75de879b6451513cc2afc6d83a58f34f71992 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d78bc974f296a707e7a080f44e33a8a7 |
| SHA1 | a98332119ca5e48df7846bed2c78c1c897d1f462 |
| SHA256 | 3bd5727ff0fbe692800caefede6412438ea4c0466e8e6d1897493d9bde16b53d |
| SHA512 | 4e43faa1b67202f995e1769725478dfbe865cf7fff043a265afd11535c729d984408e5918cfcb3da8b74a177b88f39f2060e05c87d02f34d89fda793427fb705 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a9e5365d3c0fab5655dd4ea82c00004 |
| SHA1 | ca0945e8e6af5a2c8c5fffaace2458d5c1ce2455 |
| SHA256 | b28588f4db7094b667c451738ad39bdf8b475f33f1fcecff499836f0777078ca |
| SHA512 | 3b55dc87935da461093c5d85394f9044b099074596bdcd4960356570d8233fb6504df8d78f4292cc4f867028e65b213644b4a5fdc69ecfe9304ffa72990b1460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 071c9f218e2bd2e5a54b07415ffeeaf4 |
| SHA1 | 0c44aaff0b2df1dabb534532f9f1305f96a7b297 |
| SHA256 | 4d1120c1e4cd94dfa4c5f1105c3e8cb6f5fb7b0adb034c3533d5f4d7dfa0d7ed |
| SHA512 | 7a25b7a43f613e68f7fb7055a23979d5f3879a51d7c6242575df195e98fb5a2352f69656c47be1bbfde6abef063516427016f528c9dedc5db6290fec3466a178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6de2efea924a60a4b78eac316e859c41 |
| SHA1 | 3c65aa7fdc9ac6d2fe3b67a143815af6a273360f |
| SHA256 | 616e9cabc881075ce939a1ad13d8afb5c3ea3376c857a8f0485faa42de30905d |
| SHA512 | e77f8c92b36b99fec699f10aa7d562814f2aee5bc77316b06bf8294f9d4091f1de29056e2c523f3abe5529e6e86a691a90e1bf661ee0c8df72f5a23c4828d9e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 369efa6a307909775bec860f323b7697 |
| SHA1 | 2f509425caaa888da84ed2ed7f4fecc079101129 |
| SHA256 | df29f2b6510739314f167dd68834e4ce5251f5fbf3cd05ef1dfe087ed38b89fa |
| SHA512 | 6dfdb392714298837d33a9f4fc330b86026c214a0ced5b9a8cef766a0cc0a1303d4fa24e834f30481ca3f34b351232b2d445ee86cfbfd6cb9e64886115022c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a17dcac5ca36e05fa494593ff50c5521 |
| SHA1 | f91664d0f80f1173e559b57f445e963c4c19f67a |
| SHA256 | 9f95f7594e982048292b2b0dd87fc17ea1ace9a73694e6e8079d0806d3eb6efa |
| SHA512 | 9a47f2005f4370e4f5d16b78ffe1dd422a7c22cb320f19ac4746770e05bd6a02a97783db6b3cdee3e3aa41a68b9f032b9f54f01a08f14d55ef63830ad119ba6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20d49681b2e82d5343c459f0a162a8dc |
| SHA1 | cdf601d75a28fc993e7d741954407929dfe46e3b |
| SHA256 | 50742a497249e38492699cf85537b90960b4d11ca18318c85b3633ea5cde1431 |
| SHA512 | ee718ce19cb090b863d162db9600207cab58ee3dd67aa9b57590f9e97e641045f45ee049785fcd230898116a903af2fd6a4bd129e69fbb0d765e238bf5566e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd63171090ce947c04efc459a51cd78a |
| SHA1 | 531b7f602940d4fa672c7a34c934fb68657f6840 |
| SHA256 | c64d21fe06ecb74f0e20e4cf2098f2e526ee25171f8872c948dd828bafd5bdd0 |
| SHA512 | f62d9a5104cde20e2c8c715182b479b404869ce4e6c88a1be5b28634017463837ef3a7978bdd84b5cdbce586a920d912cdaff8c0a5b37f4640b056d94a76a0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d57e273fc6e71662cc542cbd1adc010 |
| SHA1 | da16b753142abbbbb425ebbd69718e8bd6cb9f76 |
| SHA256 | fd90701ba2a2d5e3cab4d806185a4b975af0bef6c56d3cc837c23d15888c0545 |
| SHA512 | eb331e299893a04365c75eed1808916af7848a30c570328ddfd688bdc0d0b306a512230076bdf877e7861f40f1f0d88fad61ab0c367c9c199a5568530aafc52e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8e19eb77603948c39c6150d77cbef5 |
| SHA1 | 7dbff97f3d1963fdb3caa109cea2d99522733566 |
| SHA256 | b0952b62a499740402abe8a20d42db8c15d41061912662359d230a2bbec65fa5 |
| SHA512 | 08392a54792308c65b8630482f1723152ea30a730455aea0c2283fc2bfb99319e051ee3c30c38063eb7e546f7448c51d53123c50d74c1037eca1d84e8b01adc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0a091f75123a81d71461eeb5af2ef84a |
| SHA1 | 9dc5a017eaf12c9df2e2056cc43561cf0255867f |
| SHA256 | 238d36e8ee063c31cc6b1eee5dead8b4376867da845b5b7010fc446d7a870406 |
| SHA512 | 75d5ac8c15dd905326614e17ae1ac305fe0db76e3ef5c2a33e65e18f3943dae00e1980191c58bb23f8ec5668103f8e27e1df52e2f87200eeb4c4d5494dfc6ab5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3570a0d0cd58305302e6841aad9b240 |
| SHA1 | 29918599b7eff3b69c4616a234bbe6bcb479a908 |
| SHA256 | ee671a5fd40b30712226816c57019a1f645c9259470c60310eb8097552e6e1c2 |
| SHA512 | ed9799e98e23b8137d30ef09f0600387e5d289458b17ff4725154b995f0a14bacfeeb2ecab7a3ab1c2871ded86e776547ffb88fcc30f794eb17c2cdc00d8fe2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa7c8052f4e8eb66fc9d968f43950b0b |
| SHA1 | fc29c9a846a0f4d113ab04ff749f4678785e9070 |
| SHA256 | c89081aa174e42510873e62bb7e094b6c18d5346019179cd77019cd4329657d0 |
| SHA512 | 27d8920051dfd5a800d6f7ab3ca8580cea304fa1b8fabce2a5588bc30bdcbdd9bb56ac98e81e1e403f21c266da2a6a9fe6d74c6f7c806fd85014077872f0b7e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c75ee1e3cde8e1916f0ed3920a536791 |
| SHA1 | 8e0a33b9dcadf4cd30d4ddb7416c389dadd8b737 |
| SHA256 | 0ebd794c837a4c0185585b9e46c4d84df4d3bd90faf2e1f193807dd32aa72c62 |
| SHA512 | bac7fa2d570945540ba96ea8dc4e8a54b31a1bedcce6b273b1df3f778a8ae36a4722ca1fa5c4d39ba0338c066fb09d663d4d52e76c59f013f2d5a589926cb0ab |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:54
Reported
2024-06-03 15:57
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eInvoice_2049920213-2024.pdf.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1859587949453347271,13329808544538917263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | intl-img.sf-express.com | udp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 43.132.64.190:443 | intl-img.sf-express.com | tcp |
| US | 8.8.8.8:53 | 190.64.132.43.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4592_UUEVGUZYKVZQADIX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3681652c870c2c7a69ec8bfed7de51e6 |
| SHA1 | 5bb3eb61929ba037f98a83b34795079a83b2998d |
| SHA256 | 74fd0c2f2d354095e9e9ce70622b023f6d2a6290cc1a2110fdbf9db7752690b7 |
| SHA512 | 7e6fdd2a8b9db08b5441ee9faefbd1ce5956dd770283b4a8f3f5ab8751380d4150da2cb3e77e02217f8ebf9f7a9a342ff266f6f5373fa671221803aee5a0f3bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6a5ce9bfa956f38c226694eab597b2b |
| SHA1 | 60a16457d8666cb5ddd29e99e5938d450b50ba23 |
| SHA256 | 5f267ac1906f3a9cd382963c6b88d6ef7f3f98c95af13371bab8b3b9143a2616 |
| SHA512 | a4798cff5131210d8d94f1847b1af68e4cab678d39951c14bab32ec4e2b5d1e24d03e6ba9cf85b09cb04462aeb2b522ca0ed2a416a1381d23efd3887b53e917c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18195e7c66fbd8d858129c81461a9a20 |
| SHA1 | c0e92b3be74d53dd2f7d9980f9d79c3b29abaf79 |
| SHA256 | b13e537a9c2d5f5a0d178d07b57d0df2708a3afc0b9943a7c8c76ef30c8bd872 |
| SHA512 | 0f9382fdd4752890d72fe7ca5fda70358e523ca11d47036bc95a3ee4ca17951e5b12bab0c1101e25f293892ddbceca3c00bab011e2644973886b0ad8cd61a90b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 98f78b010d78fc16608ca3b2954d8da2 |
| SHA1 | 4d9842c33f533477b3e89719c29a8e05f11918de |
| SHA256 | b811e3cb1c443f41ff46a9c10e6178d69034bdc164deb3e80252e2497af36a1c |
| SHA512 | 0932a399ddc0c3f59a72a1b48b6b6bf66d1542ce9fdc1ca9d7b6db4759c7345d0f7ac35602e6a55178bde95d27ba33f883e90e1fe094a175392a8319f3e9c9d1 |