Analysis Overview
SHA256
1d2a32632d110052d6161d41d4df822f7fea963a62137afb957b6023f22d8121
Threat Level: Likely malicious
The file u is cooked.bat was found to be: Likely malicious.
Malicious Activity Summary
Sets file to hidden
Checks computer location settings
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Modifies Internet Explorer start page
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Modifies registry class
Modifies Internet Explorer settings
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 23:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 23:19
Reported
2024-10-25 23:22
Platform
win7-20240708-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C1E2E71-9327-11EF-A7C8-6EB28AAB65BF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5042fe723427db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000085ab07ca873e1441a741367a3f306c1b0000000002000000000010660000000100002000000078c098d40cfd7e45c3719fc6f84a57f6019d9a70968c405a064744a93e96b6de000000000e8000000002000020000000596953f782612da692ce5392e9c00c0f3521d1bdcf431e25c77224ea94cc54b72000000089448121e755b90fbf8e43698ccfad8da9a47a5e3739d54510946d51861a08db4000000037b54ac87f26f9fdd74ecb60d114a556f1adf09e302b34b27043816a99bb68923bc6bd540a455ad99f83621908a15c34e06bd55886000cb5a3189a74037dfd09 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000085ab07ca873e1441a741367a3f306c1b000000000200000000001066000000010000200000009049b12852db05b20c288dcb8b26acb3da0de358d86426b8a5d174094ae790ff000000000e8000000002000020000000d4b8dccb82ca0e53483383632e88d0e307a809174728fc372c50c1e1714859769000000070e1ad591e9c2f9dcc503bd0fbf90c564f0bb3cec770ae0cff090604c74fb3a715800dd225b17a56634b4137116a853764077bdc73390a9f613ea903bc81950a650d9ce30a4f9893c587290f4101a379f95908f3e6b9ee28b0d647825f535525fa9e6d3206a3f36e2088c46a534d1a75ab8609d3b122b45fd8959017ad1466b36a1b08057651937a8c9c837bb4cab117400000004c68d5d4f298d38b085672c2ac89ff56a9e8e22bb5544315ec2fb458ca9c6a1f0bbdbe9faa9955d82309b703a106e8ea2056f17e76df0f369e95d6b4f69c142f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436060248" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\u is cooked.bat"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=Of9yvKINITg
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\msgbx.vbs"
C:\Windows\system32\net.exe
net stop "wscsvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wscsvc"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
C:\Windows\system32\net.exe
net stop "WerSvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WerSvc"
C:\Windows\system32\net.exe
net stop "MpsSvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "MpsSvc"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "FirewallControlPanel.exe"
C:\Windows\system32\net.exe
net stop "WPCSvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WPCSvc"
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\system32\net.exe
net stop "WSearch"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WSearch"
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "START PAGE" /d "https://www.youtube.com/watch?v=Of9yvKINITg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.147:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\msgbx.vbs
| MD5 | 4a77c15fc780eed073b24b451dc79eb5 |
| SHA1 | 14873939db8189fdce2c0ba26c8d500bab7f8e8c |
| SHA256 | 9ea1e56184a95613e661337e37df8634498daa34ed517f36fb63f3e8611b6607 |
| SHA512 | a665c88819c0280fd5ffb5122330899650f64afecc7dff5b28277a37b68482101390a2cf123c630a58cb8162a965d55c2f6f889fd2be60dba18b4a24fb2a5171 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\favicon[1].ico
| MD5 | f2a495d85735b9a0ac65deb19c129985 |
| SHA1 | f2e22853e5da3e1017d5e1e319eeefe4f622e8c8 |
| SHA256 | 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d |
| SHA512 | 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
| MD5 | e58e253436744e386cf91220e3cfefdd |
| SHA1 | f0b9a0b87e09a1455886f769fd394c13f4ba3c22 |
| SHA256 | 32b42e06233ef0cefeda005a5bcc44c51db8643c183246fbfb994a4c52ba41fe |
| SHA512 | 32ce7fdaeda432152f3e932b6da73003629b84ac9db5b7967608169c8ccb218e0a25877497e65f419fd1df609c273f142f83c09e0ce4e2358e4e56da61785b6b |
C:\Users\Admin\AppData\Local\Temp\CabC063.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC066.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8944cda87659daf9b82da8d1d3ea3da |
| SHA1 | dadbfea525a5719ac5430e379016bf7aa179e384 |
| SHA256 | 41808aefe11af1646c969bbc25c19fa38b616b63db7b83be16f25372fd1d89d1 |
| SHA512 | bc64ed6ede7da5607cade30586be3ffc9db051d5ef8a2315bc8181e49a198803a8c14814ecf3320f9c99dd5e748597b4ebfc4a46df3cba1be67937f8c3f3c645 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d61be478c954f4165bf5c641db42a951 |
| SHA1 | 42d261ae38b4035f3fe150332cd2fb6362aede49 |
| SHA256 | fd3e7a797ab7625840830b88089d8752207b0841e4aaf07a7111293c0f7585dd |
| SHA512 | 9d330cd047b7001d75b19a6e2d1b88e9b883e5cfdebc9a9c56c9ff7e798c76e17ab768a6b46d53dc7ad5f16aa9df272a7b631d07790a28e024d379f0d979e27a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d40f5cc7b18c6e47ad2b3d87dacfb42b |
| SHA1 | 2f41bd7bdd06248b717c558bd170b266d84c7a3b |
| SHA256 | b52c10952bad6eaeed597237336344761dd0f5fc8aebeff3182f73a06995c308 |
| SHA512 | a52851774bcf05adebca4aaba58c994e41c1960357a24e4c8f675378e980df3e34c0b5f4c207ff505ff293a559131b142cda5c8d9bf79ddc53a678c5c6a61e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a440640cbd763131f08911ce7240452b |
| SHA1 | 8a3abf112e4365b8b1226964a0fe6816574a91ad |
| SHA256 | c50bcf43a7116f8f70241ddb59207b3c4af8140ac5b253aed186368903d1409d |
| SHA512 | 8792e89d8e6f98629b351c0382f091853d53d4c45223529957f20f23be35ffcd4f6b8c2ee01cff2b11b648564494fe3ad59b282613cfeb141db686e5b76ae995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b5692db02dfe0cd7c794b32181f1b25 |
| SHA1 | e5d7b85f41c1a2f3eba8ab2c8cd98885862aaad6 |
| SHA256 | b6bff213458e1fbef93677555dd902bd8f4ab5b453915b7d9d23af05806271c3 |
| SHA512 | da8a68c498a98c9c0e63797e11dc19e558be379f4d9edd3e34efeb2b152ad18a5f3299d756529e51c845ccfcd2f0e04777906409ff304d44fd810893d6539ef0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f88102946cc0a08c7b65891e19fcdcbb |
| SHA1 | de39198d26294623b9eb1d252d68e7e9d4bfaccc |
| SHA256 | 0d00de0beb650224e59e8d8a036fc6adf87d2526c5377adf9ecdac745103baaf |
| SHA512 | fe95287a05097d59bdde1431bfc29a27461ae4707769fdb27dc53260c8909f2265cd84fdcbf5371d7087e952dc3ab1fd74b0de97e833d7292b9a250be3374afa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aae2a6c8767ae4334781341b9d72806e |
| SHA1 | 0df993cbc46d6cecd09945d9b94146e2fd0979bb |
| SHA256 | f474f2702ff73518b0804aea0416d1ba3bc96b329b99ba34b571e808d79c5380 |
| SHA512 | 867e7aacda9baa48d4b27558fa655a29f692e1260763c72235ef59b0f883b4a0e1335827133773c890102522ab645b3306f3b31e576e34778bec16880bad5c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeb29643242d52201e284751c52e6d66 |
| SHA1 | f9059568364ec0f45efcea7d1a5941a7a0cd056e |
| SHA256 | 20b771699dcb6b3e376b1a82e9eec363e33507abdeb7b978ca8eb09b0b4e4ed2 |
| SHA512 | 7fb8aa8d0d0258be0f931088dd023ddeea7d8a57cf2139c1bcd54a11250bb9d97c454a4087721c04c0baa7fa6a9a6e23c056895a94a264a195f5e9c29c40a1c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc8fbaeedf679b5a98d300334b70788 |
| SHA1 | 7abd27d0b865d7eba86905b27707deb18117e4fe |
| SHA256 | 2b891f5d4a3f06925d6e73ad8ce0fb1f5f50470b0f616474d9879199a1bedbeb |
| SHA512 | c1dc3c174d0b063fabe800ef246f1c62a0766719288f39d4c8c7cd9af9ec38dc90980fae6f432707662f14ab63c69f78c802ca1172150fe820b5ca9d03ee00c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deadc6491d74537d7899b3239edfdeef |
| SHA1 | c316fd0eba8c98b81b8c0c4b1985bc5e5f616bef |
| SHA256 | 8314898dd2e13261e3300e8f037efca0bf862c67e7c14ff7e805aa28cc4eb4b4 |
| SHA512 | 120145527a01a28742f7eca80d50da1eeb7b1e451fcdd8d9f59eecde2ac489474a258f3ad9579485f94dcd165f0c67e4fa68e361d94ab9bad1b012c726430b0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ca5e7b5d3ab94023de05e1e90519b2c |
| SHA1 | 13a3f15ec7ee34b9d047c6812bb28b390a02068f |
| SHA256 | ca265abb42082f1ae66039a0eef55dc25e1b9b9ff9c55c8ac80e89ff23eb48e5 |
| SHA512 | f818d043046898c4a4f22d1166120c4332118082488f14e92920b58b389d171636b86e521a24e1005e1497f8f67375ad1b7ba07086d6f8b4b66dec29038f9154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3878fb70efbfaec8150a68d7fb798b82 |
| SHA1 | 6b97ed7ecfd80abdaebf95e9b19c5efc89e657c6 |
| SHA256 | e37c32735c3bdf27b81f5a5c4e84be4b823116997bc8be5b1d86eb84561604f6 |
| SHA512 | 11f78444424efe2084f0d8a2b115e423945f95247df05b5d476065515f059c3aea69a520c4938eb56df256794b8d91240b51edbac9dcfa170e5a11adf511a500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7140fa4a4213bfbd2e4d711f357bccd |
| SHA1 | 1e871c87050253e0ab3e016166fa569eafa61d1e |
| SHA256 | 40dcd5e1b12250138a20c99ac5ad2c01afc619f0e6c746f280df3a7858626abb |
| SHA512 | 7e00c43f547535d8730a1cce4c9e5d71af1102d397e5f6d9de4daab91dc75ba6253c0166f30ce60e0468801ae45b8cd3ac71294d66614fbc9dad49c5e03b0f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76ccb121682bfe3b5e1967280a17e4e9 |
| SHA1 | 963c33f42e157fe5d479922de7da150d146d4a02 |
| SHA256 | f4afecf0f08c678761e0c75df865fc6b6a29b4b1daa780bd0721e874f81898ce |
| SHA512 | 69ba9c6828356ccf061a09bd08cd1bf5ea0cbccdb5e8bd45bca11e2732495e1260e36d3985cc875bcca9137b71eefa62bee846ed12e32de55a3a2c6881142dfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d00bb63471dacbb0d8dbaea81614cff |
| SHA1 | ad27a2ed3ea29f0c1f742913e5e486938dcec78c |
| SHA256 | d02fcc4e1900521d3786e4af512958c444c8e9290d9dc2cd986e90e1fae96629 |
| SHA512 | 90ae4928cc5d1b8cb00ad10b004eab2e688957c1e0c0dbb46c76b629164bba8c2e9bdcead7c48a67b72d888ea64acf93e97211bf143fb61f7a9eb5f696bd1f41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea27410f7ee940c018b5b3b311c3e8c |
| SHA1 | 416aae7eaa59a5da4dc95e15e1714dcb4984686f |
| SHA256 | bbf3bc105b39c52694ce3cc372e3c2070514b53804d9bce70376bd226ceac15d |
| SHA512 | 78c98934a9a0d9313b1818e55b3742560959da85f57915d916a8cdabc1718b316e9d29a2ddd48408e6c40cc9d6e77063f594195c3239ee01f7e6c4070f77306b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef88685d09c7051abbd1e00521393c25 |
| SHA1 | c6307901517f0c48dd87ae1aa3f998a8c93d84d9 |
| SHA256 | e10bff0afc9eb092dc369af4828f6a48a747aa3b40c291afa0a60dcb0c4faccd |
| SHA512 | d985f902e4610941caf8b4a2bcad41a6b03c6ab66502e861258d03e7666878afea7d56a1dc8ff67ad3d8f8ce0a30a7ac5f7938bd9e26956a6c04788daa7f6a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 8391d313dd844fa407fa5d41b6da27f8 |
| SHA1 | 13d4b2975a2b714759ca9a553132594236453631 |
| SHA256 | 5a59b6ca5a787fa7dbe14fafb112a8c727edda19b6d0c494485319dd2b40ee55 |
| SHA512 | 6198dac06eeac25bd1ea16afbd67f50e6eb4a9eafe38f2e44975a98e511ca8d301687ea733647531c4cb96544e579c09bebbc0df66945371b37f4c3d77f6501f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb8efa0dd6c01c2c68b7bf88ee16f84a |
| SHA1 | b82dbc96a1eda99b3f8bdc721b87e477529a3a91 |
| SHA256 | 1a0ddc51bc3c422735d2db0cebd63cc745e7edce2c3b4151f225663305ddbb4c |
| SHA512 | 259094e5d6e8b241381e95a66815bffd4de6a92267f6a986c6f9b6949596b901567daa4eea9dc30124873359844863aa46fe8df6efe5412b12c0828f44699ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a43afd2c6102c9bcc89d59091414358b |
| SHA1 | c170a4c1ecb0cb78412258412f1d1d3c1924b6c4 |
| SHA256 | 063679d37f8f8e4519c524723408dae62917fd5e99d051f2dd43bde6297b81aa |
| SHA512 | fd5ca6e057d2696b2efd5259d4b7c81a380e1fc8ebfa3000a7589f1b062a3585329a6051d33e41f32404b25bca966fc19816ba9e9d0377a6d82ab265740c05c8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 23:19
Reported
2024-10-25 23:22
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Reads user/profile data of web browsers
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\reg.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\Main\START PAGE = "https://www.youtube.com/watch?v=Of9yvKINITg" | C:\Windows\system32\reg.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C:\Windows\*.txt\ = "htmlfile" | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C:\Windows\*.dll | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C: | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C:\Windows | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C:\Windows\*.dll\ = "txtfile" | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C:\Windows\*.txt | C:\Windows\system32\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Windows\system32\tskill.exe | N/A |
| N/A | N/A | C:\Windows\system32\tskill.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\u is cooked.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=Of9yvKINITg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8157646f8,0x7ff815764708,0x7ff815764718
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\msgbx.vbs"
C:\Windows\system32\net.exe
net stop "wscsvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wscsvc"
C:\Windows\system32\net.exe
net stop "WerSvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WerSvc"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\system32\net.exe
net stop "MpsSvc"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "MpsSvc"
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "FirewallControlPanel.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Windows\system32\net.exe
net stop "WPCSvc"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WPCSvc"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\net.exe
net stop "wuauserv"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "wuauserv"
C:\Windows\system32\net.exe
net stop "WSearch"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WSearch"
C:\Windows\system32\net.exe
net stop "WinDefend"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "WinDefend"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Windows\system32\taskkill.exe
taskkill /f /t /im "MSASCui.exe"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "START PAGE" /d "https://www.youtube.com/watch?v=Of9yvKINITg"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4e4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=Of9yvKINITg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8157646f8,0x7ff815764708,0x7ff815764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\send1key.vbs"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Windows\system32\tskill.exe
tskill chrome.exe
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\ftp.exe
ftp -s:a.dat
C:\Windows\system32\attrib.exe
attrib C:\Windows\*.html +h -s
C:\Windows\system32\attrib.exe
attrib C:\Windows\*.txt +h +s
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\send1key.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sendkey.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sendkey.vbs"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8158773605745359241,15743729899689387291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nzs.googlevideo.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 74.125.175.73:443 | rr4---sn-aigl6nzs.googlevideo.com | tcp |
| GB | 74.125.175.73:443 | rr4---sn-aigl6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nzs.googlevideo.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 74.125.175.72:443 | rr3---sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-q4flrnee.googlevideo.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 209.85.165.198:443 | rr1---sn-q4flrnee.googlevideo.com | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 198.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.212.206:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 74.125.175.73:443 | rr4---sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.72:443 | rr3---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 72.8.125.74.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr2---sn-q4fl6nsk.googlevideo.com | udp |
| US | 74.125.3.199:443 | rr2---sn-q4fl6nsk.googlevideo.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.3.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | youtube.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 230.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
C:\Users\Admin\AppData\Local\Temp\msgbx.vbs
| MD5 | 4a77c15fc780eed073b24b451dc79eb5 |
| SHA1 | 14873939db8189fdce2c0ba26c8d500bab7f8e8c |
| SHA256 | 9ea1e56184a95613e661337e37df8634498daa34ed517f36fb63f3e8611b6607 |
| SHA512 | a665c88819c0280fd5ffb5122330899650f64afecc7dff5b28277a37b68482101390a2cf123c630a58cb8162a965d55c2f6f889fd2be60dba18b4a24fb2a5171 |
\??\pipe\LOCAL\crashpad_1968_VYOJFHHYXKIKGFSQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acc43cb452254ad67ec2ce0567f26093 |
| SHA1 | e858aa31e24306af6273b88b5a751e0736830fb8 |
| SHA256 | bf13614fca0b869d8d05db53723a1682d25b44469a8970fae1c2b58ac42b7df0 |
| SHA512 | b6ecc451929035458d527581a267398f6b32090ac00b797156bb2522f397dfbb1966f085ad83dca38ff6d241a93a85629d63f995e20c6ffa81fc759009c27f04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c38b3596160de41dc2a4cf5e9c7affb8 |
| SHA1 | 0f4b833a3546fdc68ab9ac47d4f8e5553970be0d |
| SHA256 | 4200140b392dcb46681560468c747e0568fd5095029acf8208a37f86f76407f9 |
| SHA512 | 9ccb2ca600d3282e68f9a42818582ab1b7b2d94104138817b889711bebb2db186b13acfa0ac290ecac3511fe95a1b0cb429bc39b8abeab678478e43e3f8109e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8dcfcb6b806f4b62baa73b37693eebf0 |
| SHA1 | 6d0ee57ab045ffafb51e548c7997a9f0ff743c1a |
| SHA256 | f163f1ce5c208632ff3d62e6553ca12a41f660fd02b9ea9061d2e20feb68a5ae |
| SHA512 | 6fa54edfe8629c380fb91e04645bc3c86e0b5dbdab482e4b7ade0b7b27ad7ebac9e8891ee81b8c09702f19bf3b7991e41a8d9f70c51401fe09a281e1af7785be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7be5b2d54f2201d6ba5cde5681e82f5c |
| SHA1 | 15459dfc3a0cc66b6d9c9855653ba9af1f26e143 |
| SHA256 | 58629b5f3958514f73627dc627dd5d3d43f695540044a0b2d325708ef0c699f7 |
| SHA512 | e4ba3cbfe39f36d2f8371d382ab10189ad2d75b1fad8f898c5bbdee6fb2fcc32d0293f8e3fb9501734cd35a576b7bc1f131b11c76ccf45fdfb1b8f74b3b34e8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 67692c7f3daf137e4bb01af253d5772a |
| SHA1 | f4ffc49745826b58d244df648f018de07f78c699 |
| SHA256 | b404b70237161ab5257b791868e7c8ec4ece47121804de03f78e738754057730 |
| SHA512 | 65f6067abd748d41f28c09c2a48139c101d24472810ff37f70a083f6b9648278c9e4a6b1c10e9a6647a77012a3e9043f1368d117dc0c68eee14b6cfc4c051e9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdbd3410049d7ae0d4eb2eb0a267f41f |
| SHA1 | 9e6527d00eb5e56e7aa356de287e0787b8ad91f2 |
| SHA256 | 7fbbf878d64bbcec1e9904eae1bdc14975c63630297898e2f6331e2526d821c1 |
| SHA512 | b9cd738522d086c48bb8075be571ba2fc2e987130407fbf8403a2ada565eff8c6191bc3b9d22593590f690dbbf126835631cf88641a095802f0e63a20a48da18 |
C:\Users\Admin\AppData\Local\Temp\Web Data
| MD5 | d9f3a549453b94ec3a081feb24927cd7 |
| SHA1 | 1af72767f6dfd1eaf78b899c3ad911cfa3cd09c8 |
| SHA256 | ff366f2cf27da8b95912968ac830f2db3823f77c342e73ee45ec335dbc2c1a73 |
| SHA512 | f48765c257e1539cacce536e4f757e3d06388a6e7e6c7f714c3fce2290ce7cdb5f0e8bb8db740b5899ba8b53e2ed8b47e08b0d043bb8df5a660841dc2c204029 |
C:\Users\Admin\AppData\Local\Temp\a.dat
| MD5 | 7590d4cadf912e6855a5e3f2f2037116 |
| SHA1 | 17a671871bd262abd9797c091273c2b0e38212cd |
| SHA256 | a8b57d702e7cd0c247af8f8a35bd7bc2d362952ebf0d56eed59de4d65846108e |
| SHA512 | 209bc190f7f2e7655bb9953318148a78fc8b1e1fe7094b20e0be15376469d0bcc9a8315fac4e1352275fc0104110ab5d076b1ee7ef9f398cdbcd04f22ba19d52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5b2794cca772c8591df9150079b213d0 |
| SHA1 | 6e0222788c3a7d1729f4ff2641c01e4a1980ea66 |
| SHA256 | 85508d7752c68b2ca505006e10ae9b4b41dd2deeb79b9e005604c3446420540d |
| SHA512 | c61a06c576fae45e90e37c8d0c6ab10de8037df52844301b48bb4c444704cbf131166e489803d8a99c0159d54856cf00c7d94e7537002fe6bcc20e975c3c8401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8790caf33b094aa5e2b984e06b91c1f7 |
| SHA1 | 466ee8c51ab56b7c959f3d9dc56a1d0f8ac8c4b5 |
| SHA256 | 3df3f03d287f678c5dbaad1b575c05581d3506e2a4936b534aa40c900407e436 |
| SHA512 | 7bc2e54a4f21771fb8b24de0289b260bcbede1aeb60f55eb5ffec618c9c0fbed73eb346040beb5723dc8dd530ae16feecee5179a2bda306b1b8e967625fcdbae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3648c1cdc0eb3217f3d712b90c44b843 |
| SHA1 | 6decf7f313c2dd7cac42d646b8b5fe30fa19ef99 |
| SHA256 | 326b2216691b4cd074f9fbc2a4471ddb37e7a9b1ee6a16ae5eab914047a2b924 |
| SHA512 | e1b35e00db48f439ca47667dc658bf733b3d26c5465a56f3b55475e839f288cc83aeac7653567576e016ab5fc481f232f69cb3884e11f8596a46340aa76a2c21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c2fbaa49cc6fda4308690f6f8cf8e5ee |
| SHA1 | 91312f7c2a69cc10601b67032b7350f46f119880 |
| SHA256 | 83102b38a7b6bd0387ab681b994ee5e4bb5e94645efd6e7cd8435578a74958a1 |
| SHA512 | e305af90971ddf47c77b55445626dfabb83a420c46cc8c3f52cea1388e7746a91a2af0d5d6224bfb862c5914ca72c91ce80441d4cdbdfa8504f1b93f922d699d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f760.TMP
| MD5 | 8f60e2ecddb1a4048c01762ee87f9c32 |
| SHA1 | 09d5810e3446d8c7ca4f50ba4eac015f0f101d72 |
| SHA256 | fb537b8a2de2b9cea5a71f218d6355af19ff0ca01fedfa7b5557905adef460a7 |
| SHA512 | fc7a617c72f0e8f0e42afb6e19a66e6ad8b4f49448a3c7ab4547aed3ef39fb63c6928f63a458d70c8a5f1f1da8f16ab6b47c9880450a7f58a244866fd02beb61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\df5292a9-3697-4abd-9b99-bbf83cd1266d\index-dir\the-real-index
| MD5 | d9f9665ed1c3b23ebd35f8d7a4d31ef3 |
| SHA1 | e66b8bf51f25729925c967d19d6af960d8a592a5 |
| SHA256 | 4ade86861636dea9dd6ca903cca31c9d84138767db46d23c68eeee565b15ca84 |
| SHA512 | 3843756f5e03c1b50c7904e35ab9a46280a394faefd5bfba87bc5bf56130bcd7a04c0bca1339ea7c06f7f3f24db891f9e5ab55a0abff835d905122f6a805f505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\df5292a9-3697-4abd-9b99-bbf83cd1266d\index-dir\the-real-index~RFe5802ca.TMP
| MD5 | 2146c5a7f2584aac1187a13183c3974c |
| SHA1 | 13e23f5063cbf3adcebce2c18c8f8ff269965edc |
| SHA256 | 07f27b1c5ffa7279cb0b410b83750a6f5b193bfadbe3fc6691ea7593480d957d |
| SHA512 | c58dd3344aa16a6be65f2912b10a359eab530b4b2e2a21659234b7e0368491cd0b5ae17928792a7bfe04a7b42dea98254f025372fd4c19ec6390c340e7bf54ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809cf.TMP
| MD5 | 4aa55c7e1e7e1b6aa8db6d08f01ac242 |
| SHA1 | e65c8df887e4f863554122904d2ab7f4fe598a98 |
| SHA256 | 62cdd0c36060bc4c440e4749bc8793aed5c414f9b6423d7999326d92280aed69 |
| SHA512 | 633194bd3f1368f06d9065a356b85e69e1d1046f95ba74bcec38bb2a4528d2f1b286441d0f30a093d257a4f575e081e55dafb3b1aa4132584c659bfc44371f2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a828ade8ff3e7ca98bf535b120d97f4f |
| SHA1 | 540cd0c8a60174704732b4613d65a0c460b16014 |
| SHA256 | f02ca1c79d19c156e2bbca678a148ce04cabd903ef313ef415559d4ae9df9ab8 |
| SHA512 | 3488ff0616657706e253dc0cf0bc6d32717745ea5238bf194e6b593b60c99bfbaa95c6d80b252ba51411e5da54f5ba8b07fe56d41bf3a2a6fc772611214be7ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 778ca3ed38e51e5d4967cd21efbdd007 |
| SHA1 | 06e62821512a5b73931e237e35501f7722f0dbf4 |
| SHA256 | b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0 |
| SHA512 | 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | bc2ae26fad1e628d27e06461fa6d33bc |
| SHA1 | 8e0a7a19a884ac94a441caa37bfb2ce7244978c4 |
| SHA256 | 74ec376187f07a60503495a779a67c682dfbe183bf62835896404cfd57bf176d |
| SHA512 | e8c69b29d3e9f14528ccaa24a0f6e1f749a9d562790ceab2b67d6e3bfbdf68e42f278a7a5e9ca0c5f169df605ad49d30e4f3a1405060767b2ed9931a26e2df56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f2ad3626dc3266239a6dc6dc577adc3d |
| SHA1 | 51f048e1e76bae1ee0ceec0ec51dd2accf7e6adc |
| SHA256 | 579d47e85073862ca7ca94a72e9b66f1b1c316ca1a2b3584059024719d7bc285 |
| SHA512 | 591a90bf39df41b6f3ab5cc2713f23ec44d0e0a661fb3512080416042444cf8df98b34a9388b90d81619c516e1014ceb441fbbc1e2f4222f9499c2f3a00ae235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 5c623ebddc3fbea46e0f64090c04f9c1 |
| SHA1 | 5b68d1734bbc41aa26c370251b2892ef71dfd085 |
| SHA256 | 0a89f6ea0409af6627e965c23c87f06ffd78a9c45135bada5d864e2c5dd9fd50 |
| SHA512 | 167aec7e8ddb4cebafb0f944ec84ba78a834aa9ae4af1a024aca05c7aec38be0e685f0ca6b95927e118b8a6dd7fccf900f54af14039d44f1062e511347b4009c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | bd9a0ea80362180badfabf5853ac7ed7 |
| SHA1 | 79380cddbc9ab6107a3d776d924d291a78165611 |
| SHA256 | 54b047637d7bcef8e2c8cec942a7369d8b5dc68578620950e71fd437551d53b3 |
| SHA512 | 63005f37be247c5b2ed018579afe21f1eedc6ac80ebed49408002c7e2f15ad3533d00b275ced87af5a33ff4c0845a79a450b181b1b5f4d21f49ad2f655438b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 33fff7fb6a016023c955ee8b15e6555b |
| SHA1 | cc9bb7c769f9a4bc6153e49e71ce6992cd053401 |
| SHA256 | 63bbca6e2eff30a0dd9170127b02028449a9156c53787478bf96b907bab1875b |
| SHA512 | 590a5900b0e8729c09137aeae9a15e92058efaf23028ff46a8354edeacba748ad95037d84ff27dc3f035c23d219a1f91034efcffc7aaa6278b280a18198ae40d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | a61066562af27d41deea62da22ea8ed5 |
| SHA1 | ec99ffb625ed5c04f45aea983e8516e42c5e5447 |
| SHA256 | 5dcb86b48794560b49f0c08844df3588a934b3bfa2c6b51b531ea05d5b12bb32 |
| SHA512 | 8b8071497209803f10ac5e2e591b2c58f71200f1427268caed1df0aad7c29b15fda51f67e844f2d1b865fa561df670547a7ad75e2990e9a4271d1d836c8cef3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 49563ed57a097ddd0565873f1b62492b |
| SHA1 | 3134f982615bc63d14394067cd288f36d0e9809c |
| SHA256 | 679a97a0448d8e19a9058c35c2e6f98306735e996d43befd884d62797d17b097 |
| SHA512 | 7f49dd2d3b32a6350fd0754c9f17c89d19af3b561f1cde19697a03fe42859f73ba4952341cbcbda71b844b9cdb574b5fbf64fe180178420ad126501933a78b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | da97446dc90337d14601d5bc04590b06 |
| SHA1 | a63a32ce3467f3d23e3b61d80d7516a9f41cfecd |
| SHA256 | 8acb4be1bef051b394e403ee913445686d0a43e840120bc096f29ab3cbe519af |
| SHA512 | af2159505e96d151b9aa181ad27044e1fd720aa0b011b5752c59a0c68898c02310ab688cd01b2b4f7c9516d498a1ef3522af05b8c064b6e3a27511fdd3154a94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e583a425-0e2b-4dd6-adaa-203df3f48f9a\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2d0cbcd956062756b83ea9217d94f686 |
| SHA1 | aedc241a33897a78f90830ee9293a7c0fd274e0e |
| SHA256 | 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2 |
| SHA512 | 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | c83e4437a53d7f849f9d32df3d6b68f3 |
| SHA1 | fabea5ad92ed3e2431659b02e7624df30d0c6bbc |
| SHA256 | d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb |
| SHA512 | c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 350fef14b9432c8888714f9d69ba79fb |
| SHA1 | f02876195e3b3628384124d63cbcb3606a06996d |
| SHA256 | dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5 |
| SHA512 | 8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 51ada20f3d9b2e10bf253625b6d3e93c |
| SHA1 | 33ae5c605995bae21738b607de2e6ada6c36f947 |
| SHA256 | cf059862ab8406773d991f3fbbfc8ac5da8333cb3f0ea9735718a0ceb0e3bb41 |
| SHA512 | aaedf597d8ca4bbaf6f44a621b60b08aa699b788ed2b938b32044715d692b3e5536db1293e237b1fc904a87fe9f8e2121eb8f4a31c93b2e596e190762aeaca18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0e02211f2a75623c0af1e004f9f2b5c9 |
| SHA1 | 784138b06f0ceda465a9a002f66f56c16e4415a6 |
| SHA256 | ab7132d53e28bf1813013a5f1527e08e36050acbedb9b5de240bddf89d894385 |
| SHA512 | d9bacba07742c3583bb1dc6a5320c748c042ee99193fceabf69219983a4f4ccb68bcfc68e2d2b70949b0c818fc748e1be696f9fc46c7473d783599b11c5e3466 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87c556b79f7e4f43adc220ab7f593b2a |
| SHA1 | 160ad501f5f6587b55be4a6132278accc890d3ae |
| SHA256 | 617d291323eb8b07c5494bc567114c4f265cc2b83ea772cf15d797e7586fdd4f |
| SHA512 | 45fc0b4ee8c6c3b45caedea461106985d940d2669eb5bd57f6f874de939180170b6e171748d37d8796a9d43d43b92b2bac2deea44853daa99b9a2158d7cd40ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18bda474de1a19aa8ed1c15955430c72 |
| SHA1 | a2139505849311c4818a01c366daf592acdf5b20 |
| SHA256 | 2a487f748729af492105bce93dd1b7303949e5aeaefe54a14151e8e418c27967 |
| SHA512 | 97557dac7fc36cac81540476d34c68ebc464703ba6c9883e2869c3b9e4e0bf837488a17da05172235b54ecc81c1c5ea368021099b83c35bd070e9b1b4982b6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\df5292a9-3697-4abd-9b99-bbf83cd1266d\index-dir\the-real-index
| MD5 | 9345d8842a53d2dc74cd79912e759841 |
| SHA1 | 78f2fda7d2713ce0faeadda4742965c322ea3a98 |
| SHA256 | c18bfd7a5f75a27f15a56a0a406ce45eb5a61d0825642a51ce4f4e014dca12f0 |
| SHA512 | 5c74c4bd5747fb09978212b193466b14af66d9e8006403ec15f876f78e54347fcff45949081bbf6e8d81f9c81723931fa79abdc20ba84084973e2ad52f8dd52e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f53cd4793f3a9f68de45b64bdcbb241 |
| SHA1 | 152b1507e49d55fa249c46599fb8e9f3931285cc |
| SHA256 | 618c9584bfcf719c934efaf2c0c32cbe9edd7501d9d55c16d1a600b65bd94f85 |
| SHA512 | 9ab673685d884b7e10132dcb7c9f8e1a8b6b8416e56cdd87f9f75927e3df329f87f412bc4969de12ea692f884028f0c2d1a4e56c9f108d35cd0149f2d43b8105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef1618c5-a106-43da-9df3-e1397ee227d9\index-dir\the-real-index
| MD5 | 790f7e177f57d1918ab067f956f50b78 |
| SHA1 | 2055626178a034bd4b30367adc6dcf2beed93518 |
| SHA256 | 846539dcef9aae855dd88c6f9fea3eecb731ff129f838f94db49eebd3708239f |
| SHA512 | a8c114980a62f2f650d5328c3ad219f8bb0a83b3f1db2f733501a3204fdaf60cd774464f2d964d284d46f4c179e9096050d4ce402a78bde2ccb43f47badcf18b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ef1618c5-a106-43da-9df3-e1397ee227d9\index-dir\the-real-index~RFe5885f4.TMP
| MD5 | 3302906977b434280ad23d85048a8a89 |
| SHA1 | 2d9576c9c6350b785d135ae78e6f5251b6fdcbf5 |
| SHA256 | 8a212305f489a016a20ebacdfb4cd49adf59a25b5831700d050a7fe6e1f7dcee |
| SHA512 | b949e8205b0f219394b83223d6c120830360a978493f6fb83788349cc36daebe6a89c2df8c80cc96a1cde7fd1aa51d47c02e8298767f4bca3b2c5513e128c6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c26aa64ee8ef0692f723d2f2bb43cfa0 |
| SHA1 | a3c56d291cc6f1778425d248a4ac330b7f4f1a34 |
| SHA256 | 290ed0ef22d39b1bdd9e06313420b3d864fa77d1798a341a3be56edd143fbed2 |
| SHA512 | 4c9178a270815d7b855957a04ad2ff86e0592586856e5d6d6e688c7308b6d2bd8adcad13e8aa4a1eb6aed82c8c5aefbebeceaada31a7db768b0cbe3228ed5134 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0cabb2dcb63dc5b415d16810d023cd43 |
| SHA1 | c0b03efce45a757d8d753d58b9e009e2d5fd6e46 |
| SHA256 | c362d9296515fa316ea82ae0e175e04bb9279590a3fd4bbe506951549efde9ba |
| SHA512 | 4f5b32da3f4bc35707fdc2fdf335acdca6c83413399d2ce3621ebc0a1214f16d7a85eac5912f65e70263d709887195ebbd3df702472dacc27469795a96da099f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc7b95f79e3c18a6e702cd8a7df8deb5 |
| SHA1 | 698e01c0af7aae896134abcd178239d294122e16 |
| SHA256 | ec873f279159212cd757558e9ca8d6b68d46a2153f9bd89b62bb2f10b6b0727d |
| SHA512 | 82a0f8327988e1cfca8854de62d4f758ea2047996fb6c625bc854ceda0f445ab0f09c51a56b545ad35fdfef8474d52c5ab8e299e7958ad908e5bea4f7336f426 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 19ee54e58db86db16543a437d56be4c0 |
| SHA1 | 0542c5c43ddb18139e55aab2b3def1cd655b97ec |
| SHA256 | 5e3d6905fb9f142d606e9e85293daa46ba5104fcd6c15676c58d41f6ee6f4ffb |
| SHA512 | 88ae9555f71328563cd8d79afeb705a303559adeb8e242f8b739d1286a5a3a5b432f02ea20660a50887356747a509ff4a1984e5502fd01f1cec996ec036aa1ee |