Analysis Overview
SHA256
5e7118d4d85c86fe2f3b98541694f1fcecb4cfc3c5de57ba2e9fffed7335a41f
Threat Level: Known bad
The file waveTool.exe was found to be: Known bad.
Malicious Activity Summary
NanoCore
Suspicious use of SetThreadContext
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-05 18:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-05 18:52
Reported
2024-08-05 18:53
Platform
win7-20240705-en
Max time kernel
46s
Max time network
49s
Command Line
Signatures
NanoCore
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2764 set thread context of 2708 | N/A | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | C:\Users\Admin\AppData\Local\Temp\waveTool.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F444C661-535B-11EF-8CEC-EE5017308107} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c568ca68e7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000bd726f123d24fb79c7dc880091f48973de6701bc4477183f22a96849c49faa69000000000e80000000020000200000007c8ceaeec25423c5af77698c9268ec3f7ecb42aba9a2e3f9ed00c1e4c7bd2d4f9000000027970209e1289c67fd1fc7cbeba2cc6ee691d1e71bb4ebd236ff86bfc4055ca0df8c62f99ef9fe86f574b619eb25e5984f7f3acd55c991c8be6e76cc44342893ebfae91ecfbbc7c6c473650951874ef28066a43aa22b2dc15afd7e6f401582b1570de7aba286d1ab6ae1cf7fe18556347fb1c62298ca150930bf9c4116231326b9ea67d5e1f5c93dd3c57fb501cc2ef740000000eff82d78459aa9b28a4c1bb3c19a4493ed3e59b82cecb8a29a4d8e933c3653c4ecd50b0b5d3718f4102ea6a4281a89776b8fc2f04937f7f9876ed6a16c306e39 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000c00ab2471976340fe95f9c64d42a23c877fea82d5f63db56382ab3ff20bdc1c6000000000e80000000020000200000004fafe2a94746a5210790da885fb22afb7a89ad63ef9850f9ddefc9210ad99e3520000000ca5bacfc49cb4cb972ad17b43bf4fe686a146e56f18c6b86a607c70a864e68df40000000fef16d9814f036170a83f089b76cace185470ee5ef54c7e3c15495661e072382786f781a483ffedcf569091e0829318ce44337cd6d1c20176e926c825c99cd9a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\waveTool.exe
"C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
C:\Users\Admin\AppData\Local\Temp\waveTool.exe
"C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=waveTool.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 2.18.110.2:443 | learn.microsoft.com | tcp |
| GB | 2.18.110.2:443 | learn.microsoft.com | tcp |
| GB | 2.18.110.2:443 | learn.microsoft.com | tcp |
Files
memory/2708-1-0x0000000000400000-0x0000000000490000-memory.dmp
memory/2708-9-0x0000000000400000-0x0000000000490000-memory.dmp
memory/2708-7-0x0000000000400000-0x0000000000490000-memory.dmp
memory/2764-5-0x0000000000400000-0x0000000000410000-memory.dmp
memory/2708-4-0x0000000000400000-0x0000000000490000-memory.dmp
memory/2708-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab3E79.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3F37.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b037e637a689857888c0bda46d4845ce |
| SHA1 | c4d19f250d84dc1e27a9c201b1473da6f3f40b41 |
| SHA256 | bfb024c30be4320b0afb21ccafafed2fb120cfe5ab5eab5660ecc0136fb21fc5 |
| SHA512 | c0ec1db84c509731a70716e168ec0348bfa85acf0f2799d421feabd7036a0d96854f9f05f1629b8ac696d951d78c20922af16808e09013616ba38b0841586d80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 415e8ec01d28cc0d11c716b03d1ea85b |
| SHA1 | 9dabc4b6d97157c0353a94beae9fd5c957917ee6 |
| SHA256 | 2f6b5d8cef9175b8e3c0f00fb02a1ab0186e4e44e264d835fdade54f1d9fd45c |
| SHA512 | 6b6d8b8930140d8764c1b6a838c5d46b069905fe315a172ddc6744d52264aa64ef2d14a498fbb1c945d5bef26b370d57655f135467662c1f10609c4b692dae13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2eee54b4deafcb7999bd6d9411fd86c |
| SHA1 | 6fd647eb7e1b0347e626853c588d3f37d1d76866 |
| SHA256 | a7c72d68e5eb636af0109156b1686157b29c9aa05e1055cbc00b203e3a99462c |
| SHA512 | d18e51c0471d2130aef2ad9d2defca2a3eb697a34eff420b6eeeb1273378ddf9801667e293b79e2479181697a5e12ccdaf80949e759edf7c5a87130571c0d1df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e76f1c4a4f2719956e5d2460094190aa |
| SHA1 | 753906431408789f75b5cb8134729985d909e1f8 |
| SHA256 | 34c6fa4807ebd9ea6a2950f99bb4e3a23d0c2e60088892f542ae081298688eae |
| SHA512 | 54a1a627e9a6bbeccb7fcb6c218324019daece7168bf9176bf9370da6947b1bd65ecf3976f231e0ed86e90f072607a353c6f7d05add8f173e07169c007c1e08d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f126badc429808f3b84b5c5451d2d1a |
| SHA1 | 0cfe9da1f7adab868b0e5e93f350bcc604d8f8fc |
| SHA256 | a9859f48d9224c3b26ab80b5b275fff26aec67258e473e2d79ca8a7e8c53c9fc |
| SHA512 | e7621cc2129ffe5a1b30f26dbe8986abd77652dd590e0095ad00818d35330c10bf38cf4eeb8bb0d63f424442ac4fa71de5eaf8b57c4df886c6dfbcc7e23cdef2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c33821d74b9021d238063da3f897326 |
| SHA1 | 206f3d27cdf8d55b392c0286e122cf3417ef3540 |
| SHA256 | 39f1721fabdc0ad9909af9d0e5d1f12c5225f4bd3fd9833cbd0b649795f721d0 |
| SHA512 | 5049dc29aa7744fef1969c81e337ab7d6a1391e08aa1c15ac8999139c1fd07ce1269ac556606fa746585dbf6eb6ec6a662f1c570d9ff4ca25e39f663d4d17270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b120f918c2c241a08d910a1120541f50 |
| SHA1 | 9a008720029fe99a7e7255a938ed3eb59844c5dc |
| SHA256 | 960aa08cdf0ea6458bbfc13f43397645d4c2477dbb8f8e1daf61441247729d00 |
| SHA512 | 4ebe43819d45d92e7ddf8a1a5bcf8e9659c09cba31241f16313e09f4d856f818281e588a7e8a1cc80a85061ea1f3b296787d5008c07749858988e28f428b7233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05ed9ad8bf76c70e39fe05a2f4f8e6c0 |
| SHA1 | 6eb428126d89c842d128a9115ddba47d98e2dfad |
| SHA256 | 3ae5f636af02d02fb09295ccd034eb5f90dae6f4996c256498054181a516a023 |
| SHA512 | 2c98205c10174c352269d1230076f3d2c0fbfa3f8ae69a5b09c46d897143d47e30117d468fb5da9df2b0e0776d212eec2ce8a8fe8eabe622875a991a0c455ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 7afcbdd0a0f8782023c993d0013c8f23 |
| SHA1 | 3ec6c646d278821f2eaadec1c9259b00641dfc58 |
| SHA256 | 7d868fdfc103299bbed0f63bab6971e8cadffd16e6b5748a957ca70bfbed8cd2 |
| SHA512 | c717688a5198843503ecf0948394893240fe3d2f43988ef7b013c428c87daad0f413700124fd5eb49e2326d32627198d3bd9f886e7105cd53a15339a71c9853c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d1497c148906e5fefa7af762e269c0d |
| SHA1 | c2298945ccba4e21fd8f78d6cdb1e441074c0e71 |
| SHA256 | f13dd82a595cce6321a17c7efb26784c4a05f28267626338d32788a5001380da |
| SHA512 | 54028ae2ecfb4268c834c09cc1f5cba0058f86b85e459d8e2b007e3bfb447608a0675855ac2a36182b28aec183c7dcd906b57068af70a74b07df38030362655a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eed9e1454efbbee9527675dd93d85f7 |
| SHA1 | 2dab5b3d6a394e2fa17d266889fd1cb6e5459c30 |
| SHA256 | a65f922532ff169d44fe715ff8e6b5e46ba61fbf44eeda393dc099c50f1b1d68 |
| SHA512 | 8c28fe5791a0c9e64528dface0406f7abf5930cc932b0a8f837962ffbcdade7af464e67921554c3499cd377e440c00cb2f211a7c5c3e89589b5004ccc2a11bdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44018e901969ad1cd71162002428c0f2 |
| SHA1 | 2cd62d2a382aa6c8b16e964e379b3094efbc63e9 |
| SHA256 | 67142526e8390691052af91a5dec22b1b0684ba2a7dca72ab07b509f482f0e57 |
| SHA512 | 5817ebf46056ce7c98a39a9ba257ebc1b02533c2cef5c1940fc98e85f5592b09f6212896888c69007a6e6edabf7edf23d8957dbfd8a0a62542f5731400758e71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508d42503f3d200881a86ffa4c96a92f |
| SHA1 | a3d913ae314810fa21ef756a6d8bbeb588a8b3a7 |
| SHA256 | d8ea19c6076faaee992f732f23195e7056a0ffd3d300af3ffc6f26d5f67b2943 |
| SHA512 | 1e8131b1ca0e45b6c3d5f34db1d63ea42466ce303bcd1979687222e18d3bbc4676775d24a4cbf80591e3b9b72609f4158f2731e5298484463a8ee5e1e5915bc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d06efa8c902e84a7f66083480505c78 |
| SHA1 | 6f3455cbe80210d6a18ac67de492ade8403ba5b2 |
| SHA256 | ed04ab2bd0cdad6dad99ce3fa87de9263467917f992c8896e856a2e3893630b5 |
| SHA512 | b77d5193657bc456eb506866ad844f0185575349db11b091e7470b1815c49a5624f5e93d049866656cb5f56ab6be7eaf4e6033020135dbd5ca1c193433773d8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db055a42dcdf72ff8f72d0995ed6b5d9 |
| SHA1 | c89f905c94afd647d19ccebc4420e660287e1290 |
| SHA256 | a2c127d50ad2e5b517e3fd07241ea4b4ea686d19189e4c09384024b57b677bb3 |
| SHA512 | 2976c2dc8242de61a825bd94f8dcd00b2872bc4ebaebc5ee6de9c2d07cc6dcf34faf0f4ca4a95800e1056c340bf369ed09c51e04a9783b2502d15e29f8e104b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd39d230ba640834a3bafcada1fd5ee8 |
| SHA1 | f309c08c0d41b87b3993722e7ad8f1bc207d90a9 |
| SHA256 | 6cf9357ae92c3a8bce1abfba32ad5d008e4ce6330b441a7c9a17b40079a4ea48 |
| SHA512 | 9cafdfa01fbe338f7ccc35d141d0e8a33c5903061cd9350eb3b9cd0adf40e5727126ba5edc14b4cac467882637dad5d2df3e7abe8fb69a200123027bd887d3a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e5ff8f3f7363e58739c6a8abedfc7f0 |
| SHA1 | 472471a9b13b56f4d68d4e8ce903aa21f897fa83 |
| SHA256 | 9985a207cedd2502438880cb78bb0a16b038776db535c010acbd8434cbcebcdf |
| SHA512 | ae5917ba8526e54ad0673d346db68f8b24c1136ebc8da7bcc0fc990016008a06a5d80ada50b6f3e151e69bf19ce4d43a7bfd9e2affc058b56c9aae6032645afb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df535605fddfc72f787407b25f16a02b |
| SHA1 | a1d7e56b54f40d45dc94b2ed51802a934f327d9b |
| SHA256 | c37bc8df28c475ff34e487fc8ac8b255cf65fe41bfb03e0164e88b083a2fffef |
| SHA512 | 4a32ad69ef3486b2ccc80e078b1bcd9e3763cbb6c850175807e76df1a6cc2454294a2280f4f1a9d86ea23c22ed39d0f84cc4f54ade275911343b907a394858ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 477490dd7e4e47896aaaebd6bd35e39c |
| SHA1 | 615c69b584158c123602406d6d3044a26d6404cb |
| SHA256 | 0910af98595bc39a0ef10783da86704b5b5e635d0d8fd598ac17db5fd9a11460 |
| SHA512 | 517801d347b9d96a5c9361ceee5481b8939305879efcc72a2588d84513f48c0a5d52db604037f67cd80a6cb1045f5e1b35539e94f528ee65414b3ac861b0f7f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14a97eb0b6faae37c6c14297c6e4c905 |
| SHA1 | c5652e51215a980f2fd2ff101da02025b4d8262d |
| SHA256 | 7e49a25ecbdadee13f957d61d3a40d4e8658d5478d51a254e67706ace32752f0 |
| SHA512 | 240193edd36e48bbd8d2e73133058dd1349dda2d2963019ed8e574c7548a2e873a843a88e91de78872ca7d3084a3cf8f276f2328f3477cc04008f3076eea4e90 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-05 18:52
Reported
2024-08-05 18:53
Platform
win11-20240802-en
Max time kernel
50s
Max time network
52s
Command Line
Signatures
NanoCore
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 656 set thread context of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | C:\Users\Admin\AppData\Local\Temp\waveTool.exe |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\waveTool.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\waveTool.exe
"C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
C:\Users\Admin\AppData\Local\Temp\waveTool.exe
"C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=waveTool.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa8c73cb8,0x7ffaa8c73cc8,0x7ffaa8c73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=waveTool.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa8c73cb8,0x7ffaa8c73cc8,0x7ffaa8c73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.110.2:443 | learn.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 20.189.173.4:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.4:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 104.86.110.123:443 | tcp | |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| US | 20.189.173.5:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
Files
memory/2320-0-0x0000000000400000-0x0000000000490000-memory.dmp
memory/656-1-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea667b2dedf919487c556b97119cf88a |
| SHA1 | 0ee7b1da90be47cc31406f4dba755fd083a29762 |
| SHA256 | 9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f |
| SHA512 | 832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72 |
\??\pipe\LOCAL\crashpad_2880_POYNFQZGROFDEKVP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2ee16858e751901224340cabb25e5704 |
| SHA1 | 24e0d2d301f282fb8e492e9df0b36603b28477b2 |
| SHA256 | e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c |
| SHA512 | bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bc53a2f9a7357659d0c7cc0e19ea601 |
| SHA1 | 413e515532869c4f07e71a5ce4974c2c0afb1f22 |
| SHA256 | e3f026bbc2c29284014dde89850d4ea5bab3a467c08becd228a9f2a6adb35bef |
| SHA512 | 598f6c2240b926998c345e70dd15c0be7d10d859a8da21baf8125548e36efe0448ecd43569fb639b395f74999b8f7a589eeeaac840621c26e264c864f221962c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68e80fc24c31815e3e6ea5b9236b2353 |
| SHA1 | cd7844b3a1262bf9f411c2f65a7b8a0736fde6a7 |
| SHA256 | f9065e4658b9c93618e4311aad2dbc65dfff925db2ea35bf41639526a507fc2f |
| SHA512 | fee7b7848ee5b52da824c1bf5a9568484baa0741a83666b55cacadba3e5948ce91ebe43d94a3803ee2b1ad5ebb9b81b64bbe3187e914e7e6a98eb9db523b7172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47df43239283b8dfa4a2baaa12377365 |
| SHA1 | f2a3529dd25bdf6843aeeb45871892cba8a51fa0 |
| SHA256 | 3bef3713d941ad5c46a5f0d62bd93659bb8409059057a718111435af2e1f79ac |
| SHA512 | e0db5026f0ad061af46cac0f7b5e0127ba4e6aea12d84267ef3903495869f416f719373f4992e04be08f323409489ac93af424833534ae49911cd47beea7967e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e160bf72e77e071b34b48589e64e73cf |
| SHA1 | 084a65258c8d8146d9083fa70bfab9dd2d397716 |
| SHA256 | 62d08b8a484c3c329dccda73f9e8fd42f2f1ec25cb5723bc458520f70758e363 |
| SHA512 | 967ab8309bfc88fe010867a0babdb3c3d65be83435bdf8cc0646f36591e14cb6e3d6c202ccf06126caa7618b0444b0a529b32d85380f1e4287941d494bd08462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810d4.TMP
| MD5 | 786176791f47d673611e114fb146e19d |
| SHA1 | e5daabfe139a4241ca66b5ba0a302abd8fdcdc3b |
| SHA256 | a8e9ccb1e03c6cb5f4fd7d9e434074a16744dc5cac65d0fe9c0c047e6eb04ddb |
| SHA512 | f830f53b51d7a68fd147712b96664e56bce430c573bd544787cb2abb8eda6fccfb1a8b5971b5fb91b18bff6d385f74662ffa29b249beef97e65c8f3cebef6494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83b5205d0e41976f5a0dd258d02164b9 |
| SHA1 | 69ff236b620102616c7c5b0375e68e63443a52e4 |
| SHA256 | f358c2886d8d112db8e3ec1189ee46f3dfef12675e321d45e710f3c5c98bdd33 |
| SHA512 | 7bcf93b5f8263479aff3109c60dd7f792cb144ebb449a75720c7ea78178e6e5b027b7ee68ce5433db0a6880cca3ff2ea1c1ab45d8597ada2e1b2b0d78dbbb214 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4781401e84933236d0fad7881251ada6 |
| SHA1 | a72778dbb8cc86e1ad0b52508651573a28bd62b5 |
| SHA256 | 984392432d3f79afcde7ab17523c202f55b533536cc6bb1c81c887daeeeee64f |
| SHA512 | bae3f7ed4e0c0ecf9d264ff2ffd38793f7628b4c7fd7a7a0f61ff8e1898595bd26c3e8e4b98b84b407b2b58239b990c59fca65590c75e6877b089dd226bd5f1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 441f9ba0827fb5e830a415e42989b249 |
| SHA1 | 0e7dc3a9e719a30e90b2a1c76aa6ad25ce2df179 |
| SHA256 | b636958fb3cdf05189da8e1e17c66c7b5f3cb9e26ab3df5be31ba3f243644a2a |
| SHA512 | 93bf18382e34a6724a16d03429e25ca99f3157ab2e4d73a928a8e2ff80f50caa2bfaaec81732326a880246ff324ecaaeb029b117a9e3f925abb1c0da175d3c6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12f1d8cd62944fb93b8097a3b0f18586 |
| SHA1 | 4f080c8b5bffb659f32d4c4e0319042b7abadf05 |
| SHA256 | 2b25ba2d4781f63a12568656ee6f7279bddabd5ccb29f95bf656463b70a4aaf1 |
| SHA512 | 521a674dc1e0aa0b4f445f3346d84ec3873b31612f3d3528700fb189bee6c5d8fbf71e8b12256e3c77adf83eda995597d25c0477720e9e04226b5745fde86c4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68ac216c0d363a7b251009b1003e31d9 |
| SHA1 | 6f249d2161b420de8c7726438a9f7c997911ca2b |
| SHA256 | 824f1c4beadde2fb8aa7249b87ee34f7fda98bd790654e4ce3e61e40e25717e0 |
| SHA512 | 34069f24d5d90a1539bcfb204646a9ab84b56b846263f8f2ebcda90adda0c4ec2d159082e5705d239492675d3062187cb9b131ddda242a8193bcda9160cc7133 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 63a526218190fb81c204f1da193890e2 |
| SHA1 | c55d9274dd1dc1bf1e859ff9c29532d255b3c05e |
| SHA256 | 1b117cfae4fae1b2044af5e783838c09f52b5b2519c2790beafc2d935fb990f5 |
| SHA512 | b1cad5673bcf82545351e2014830815d23cf63ddd353e9e24724c845ec7aae0c98be3d70e3a3b72c26e771296fcfe1ef7e148c1c27898d8c42ddb70599b28308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |