Analysis Overview
SHA256
a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8
Threat Level: Likely benign
The file a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8 was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:36
Reported
2024-06-13 04:39
Platform
win7-20240220-en
Max time kernel
120s
Max time network
135s
Command Line
Signatures
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B6993B1-293E-11EF-AD12-DE87C8C490F0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415275" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a105794bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ba04ead205a72438a64d74a3ea3f67300000000020000000000106600000001000020000000a7ae7fc8296911d8cbadbb837c64b1d82e864631dc8b4c19019ae4736678b0a4000000000e8000000002000020000000ffda7abc81ba94b7c4c387aba1ee08688cb1f991495a6918615c54390a6bd01020000000b26f2aa73d6e25a0862473087322b57848ff2f56d0928c9807015c781990ee2c400000001d39a232abd112d365dbc7bc05a543a1d0cce090ec3fd074b46fa4675617b865f0494283f47a251226195ac7dd3f16757213b9fb344ce93532dd2e1f531a54f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ba04ead205a72438a64d74a3ea3f67300000000020000000000106600000001000020000000f90b34db05d5f07989e7a8ae9429cbe14bb2591e5fe869a3909ab8b3bfd28c50000000000e8000000002000020000000edc84454c778c520c12616c01e8f1ccb6584bcb1489f8d4a4fcff4602dd234889000000096aa915db906ace86e499e58a6dd4fac28e21276268984b27ac2a2d89cbf6765759fd3627c0ed6269a4d67ef52cab3b1cc6c513bed01dcd9ce9f170e43ba59fe8a56e5661cfc88f438aa2d9c4f478e1575e17e4e193473395eca6fae303162987afbed04e36117cc5524bd3dd50c00468bc07c21e8a860b189ea3aad410526e5892a5b6660f06fffb875f3f3f212566b4000000099df8982c35b1f6513761e1146799a10a7f22b25c71f785abacb3291521f914a702bbedb5ea2a799ff0ef8e7a20dc4b9770fb79f4df0499e15bf892cd7330ac3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe
"C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://8.130.50.108/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabED2E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarEE01.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82e7a9c0691be42dfedfc41a2aca1247 |
| SHA1 | 7286b93170dd4ceefc1216f25ec7f03dbb1a07d5 |
| SHA256 | 8784c7a74d30c24f30038038edb71a4095046413596d171a5886146aeee572fc |
| SHA512 | 53a9dd10b8a2e53d43458a39237af53e88cecd74728757dc181442b844e31aebc63dc7b6e8885bd6fe9c53ce026b922352ea36f0b1192740b6b0081684e9882e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1039689726eaee7b505a01135b170d07 |
| SHA1 | 46040f77e9d63d08a9aa891c78e39005d82512cd |
| SHA256 | 18ac49e3a1f3e5ba484a765f2b5fbe6b7f187215184040b8c32b970db7de5ee4 |
| SHA512 | 61726c4125656eac8591ba02e2cbe6c09fbf3103c45ca8de5489875553b1ecbfa6f19e446035d9ec4fb18aac56c30a215b2e8e71a542182453c30471a7ecff5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bde29d9f328bc4a17e9da32f0599ba04 |
| SHA1 | 0d4e6521cf0816a2bc9108d828afccd4a2474cb4 |
| SHA256 | 05639d39705347e8359d80af41b74d837d655f5e134b5f0280962bf7a9cae35e |
| SHA512 | bcd422014989c10cfd2ffb1895ec89a29ef93121a0c979d2a1731136c6e2969290e3c11c47cf92ffe2b1c888a77d14df77d4f45d01fdaa06a3a1bc76c7a00b04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09fc141942e014a6379c6bfc8a6a3c9e |
| SHA1 | 5fc45dcfb1c83f0f45d12084f9986d2a4be43cbf |
| SHA256 | 821f0046205b1bf65c2864348b6cb9e4371e94b81ba4ee229cd02d50c597a8cb |
| SHA512 | 2705b53d68771399f7a007e36258656848874631077b1c5cf4ce54b8eb9e45ccbbf1882664f014d0f51611860a6d17860203244f82fd12c7c78275edee1cd5b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f67ec0eaa708cf62e32ff7c2bc3ecae |
| SHA1 | 21958ea9847a465901efbd889995b50f6d3966b4 |
| SHA256 | 81b6954837707a57da4b23313bb885b53af1c7ae11ba549509bf6de8c3b5a7b3 |
| SHA512 | 967b6492609fbe6cea05635cdcfb83a286f31f8919c3e8477698da1d44425713441278c625f8e204138e95cfd6efe585eb4b3d239e074fe1ebab5ad17629b3d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f888f6401386f572337a4e5b84c4ffd |
| SHA1 | 3ef8cc38b322b0323c56443616220852e53a993d |
| SHA256 | 8a2aa385374d078e16758d42f853ab70d7cbf2bf69ddf0622d02c0e250aed592 |
| SHA512 | 29a7a620589d4c9d94719cbd1f8bd1d2f1df8658f2f9cb8daeb45447ca0b556d944fa5932f415baa192c726ca6a40b617b81c995d9774ed2c116bf06eba16f25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f71b8d488dd01090601d3f6ff119f26 |
| SHA1 | b5712e992cff9d7cb4f9e8bc00f0d4cdefa03f11 |
| SHA256 | 8144545a9d10fe8e5f48cdc4bd6c8923672d749b98506c135eaba21b3cbe694b |
| SHA512 | df15c1ddd950e4f99d126797127ee78d28659f0609ed73c1f27baa796b9d98051841fa546044990125d84c20ef85817014b492f862ee559d3d419cc8319660ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eef1dec0ad970102521390355b94110 |
| SHA1 | f53c75004b38b654a42ca6287bcbbfcd150d2f2f |
| SHA256 | d2d3d7eac823b6cd30105b66947c31c1ecd1ee97158907b6a60e949034d206b6 |
| SHA512 | 579a7e476cb36830cb5a8b49fedb5cb12a0ec07d46744f15f10abf8a732d2306766130b7a6c7aa3826a5ae5ccc3d559c779f8ff73cd01f27ed5ee349644478fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776e52be3ae74d67f3dcbbf6a2996acf |
| SHA1 | a9d4f39bfe79282a3cfe3e3f6b3d3933efd62389 |
| SHA256 | f3418b37799f7322cde3307f03a589601542e018bf32b5f2021a4273b527077d |
| SHA512 | 91a76d7ecdd7a7c19114e3e3f621978f706e0bf8eab95ac4681b8951d03d39c72e9dde8d62df7e44706b160f29d76a07cee724db3d88bae5c0970e3fd273ef36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9af9a882142236e222873f381ba6086 |
| SHA1 | f1d0980e66915ef86fd848c18d8febe4277c4fac |
| SHA256 | 490964067af339d7326e15db7e6a228f4afb648ffd578acb71a24a3f36e6b357 |
| SHA512 | 47dc23f8a5e27f039038f1d3b2f49cba4ed6ceca79011290298eecbe6670602678e106b87382870e36b1aa6178ffd520dc67f0494ac85d2fc5403386c45d24f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2379bfe5c895d4a26af84d01cfc05c83 |
| SHA1 | 15fff799f124d989327c45a090603e7af343a2c7 |
| SHA256 | f28ffe5d4774069299a4969602295d3cf77a64e56a4ab6cea47587ddd87c45eb |
| SHA512 | 38654186879d53f3122b74a533d4bfe088ceeb9da7e4b4b1c29282d312a8ae2ed65ef7d417edef422c09bcc779e110478e53d52c2e065d714e92addd4391f80b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a142d5c14648bff811adfdfc744f1c29 |
| SHA1 | c2e69c0b6556e14449ea184004a3a408f85cf97f |
| SHA256 | c3768c979b54038dabd46f1224a88cf436c075b60e1e09e20b581f5bb38155b5 |
| SHA512 | 3d4c5219ee9b6a6173c547b04eabcd577a5547947bdb861aca6f3837bc0b29a43ffb083ed1562d128a42b10b508cb02cabbb5d89a435381cfb47a33ba23d67db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c368b7f079f4a209402c8f338449dc8 |
| SHA1 | 58fb824086fd9aadb1a873bdf1a05476959ed3b3 |
| SHA256 | e44b989d11390046368563cc7c2cc262ff314f598b9945bab9917017d25d0cda |
| SHA512 | 9c8935eeb73719368feab79a5c41191f02c56dd94d25a1c51fb3a3335f9fc2740721ee265cc4bcc15e87bebb5fd7de3eeb169b531c7aa14404cf3d9ffde0c94c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 354a8ecec68cb8fd495db2166bce1e97 |
| SHA1 | 439075d851704fea6063be877f01cde994ad93fb |
| SHA256 | 4f6948e3f38524d34448f0d422be0111ae122928b9286672673743a0042282b0 |
| SHA512 | 533e9197bff36f21e70e344044de007377019ee234a2ff252bb3aa0b1fab8b6d97b467d5fe37bda259f52135c123b553b7c352b2a9370eafae669c2d5687e8ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d255d174af3ba0eb4cda69e23f847a5d |
| SHA1 | ac73a303ef6da6ace88257769135d3784a0438ac |
| SHA256 | 4c118f7f3b993415b6e0eb4d6eb2ffaf222ac9abda01fa518330a3c571392995 |
| SHA512 | c15ff5f7d4cfd8dad98db27783cb605a53e644d9b457e4c88e3676433ad218333def7c2b03b8cc9baefd2a3100965294ca2480d33bd95832590fce8704f5b01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa602560d0e523da10721c95686a35a2 |
| SHA1 | 5d632d9f41dcc0da58d18940db595da4b3ba41f5 |
| SHA256 | c7d34aa93ff46b832277d734832068cd6e7618e67937bac43b7706467a135f40 |
| SHA512 | 30fa7fee252f6c6a93d705caa16b62059cd9fa931dd0111773445d1f1926cc0a0a7c0caef77a0d7f41659f55abb6d901c748b615c06fcc3a71ebd3a203bea63d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f93b77e73a39403accb11d1088739413 |
| SHA1 | d63fa81bb3087864028e0b214025d244319149fb |
| SHA256 | c8388669b684cac27390fe0fac432ed7c5fa9766c056a4370a3335abdecccb16 |
| SHA512 | df09ae51b219c859a3ebbc9a900bba004de853f7b1dd1a85945b2a321a401c5c7d8841347e568c26102596e21286fe41c5e625e74438384d00b8e450cbe09be9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56b1133ab8f40a739e8853a214a99e84 |
| SHA1 | 2b55e3eca471a66117a1a5cbfae64b6de19613cc |
| SHA256 | e46a3bb851852621fdead2409e754cf07a62032ee404a2551a8521f4483210e3 |
| SHA512 | c970ee3b7ecb8ace62ab495fea67c2d007c4f1e8634637071ef05a874e1b55252436e396b1eac04b0177d6f2970204a5020bcdbdb581938d25c3bfc5250e6d64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec886b36c38b3e678abc5486345e300f |
| SHA1 | 117d703b25e133a886b2398d489b01f28bb420e5 |
| SHA256 | dab6fd20722057f3d436b55e43efa1f1930f7f24f3876c1a2bda59ad43fb562b |
| SHA512 | de233afd9e5760f5f402fdb7ccbef75ec13f03abfdf55e473c964d52d03677fd7de3b8691e56e5b3180876cb906dd34758e38873c9ebea3f25f7fd0c6a3cbadb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5e31ce52fef0143b6326c8e8a90d03b |
| SHA1 | a0bf0d1feadb6a7a362c45c1fe84bf33edce7049 |
| SHA256 | d1a3707a07584b5d0027289ba8459a4f3a9fe38abdd7c0ba9cba37e015d04d86 |
| SHA512 | dd6824d3eab6fee8818cd24779e504a493941df1d1f608ea3724f2098b24fb11ef3ca3ba1ca9861434627bb32f12f09e12a82878c013df0b0216b29d83a151cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a7d3a29571e109f08f4806a805f865a |
| SHA1 | fa8d1578bccc18ce3b44b8d55226af7ac6f01503 |
| SHA256 | fd25e5a33250bed3ab74eb950a0831664e3253f673b50c0b55fd9dd8cca420c6 |
| SHA512 | edc85d5cc82e9d4be1e3b0fe162d4f6d2cfd4573f33dc9dfa780d1e15078c7f53c299a844fc76a5206c24e9a845419d3098bd82a23397fbd06e44765f631df8e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:36
Reported
2024-06-13 04:39
Platform
win10v2004-20240611-en
Max time kernel
138s
Max time network
136s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe
"C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://8.130.50.108/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe85ef46f8,0x7ffe85ef4708,0x7ffe85ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2414694032539985250,8601725101026396654,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| BE | 88.221.83.186:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 186.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp | |
| CN | 8.130.50.108:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_1796_DTWVUWCMZMSYTYWT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab81d4a90bc8d481d9fc91e88a90686a |
| SHA1 | d7ba8a3a3b1530f3af63ddc92cd25423c5a817df |
| SHA256 | e395f6585d5945fde464d71630dd4372e5ce67f101b91edb924849cc4244924d |
| SHA512 | c2db3a3840134c01993f71095950599926ae4552bf7e4f88950f45460ac0f73d3bc8c1581150e83069f70ec195148eb82b89a3580aac06ef6c559f9beea02b62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e891e459cdac78efc09902d42beb1238 |
| SHA1 | e6aa9a399460d3d2f325e818deb98e989fdb216a |
| SHA256 | a4ade5d523a47be6729fef60af5c82c3563c48f6f7bee080eff76fe20b66a03a |
| SHA512 | 2f4e5ef58e5345caf2001f293d6e8ff0308385a4cca76aad78f5b7336a8d525ab4dee35dfd3f04d1240df0fda0844597c99e55728471e867af597c094c5fdfb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 314d01f71706fd783342743813033ca2 |
| SHA1 | 9351cd32e9f6aaad6151dfdbeb209ae4a28e6097 |
| SHA256 | 4fdcc5e5e766ed056e533bd4f45eb96c8d4aae2b76cdbfca1afb7e74af1fdc32 |
| SHA512 | ccd5259fb175042bb33df5f3ffa170b495856890c0fba9fefd00fe7de5b20b98c818435016db1fa42fc5393979f5f2c067f5ddc30ff5ae49d15388037b166e2e |