Analysis Overview
SHA256
d59dffc694585719dc3bc4e6ca347e396cea690e99afc59d66231df22c94cbbf
Threat Level: Likely benign
The file d59dffc694585719dc3bc4e6ca347e396cea690e99afc59d66231df22c94cbbfN was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:09
Reported
2024-11-09 23:11
Platform
win7-20240903-en
Max time kernel
105s
Max time network
74s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000007db0b3a5946521838b521e20062d279083b27af27a286936cc80dadcf50bcfa4000000000e8000000002000020000000c0819e556b4debcacd4e3dbb9a6c69f43a4dc3b34112dcb2071d4e6a879cc9bb2000000053782d26c6bec0fac1b950d3ca33bd1b557098f43f39174666759ec8012d3a1f400000005421798ed2a7bd94fbb569f27cd4df64afff5cccfb85300f24831e9e0f3edd53c545e2f6213a92cc6ee4448f1e3f1f76013f277e3622775d74a105953cb831f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437355615" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F85EF71-9EEF-11EF-854E-7ED3796B1EC0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b88b87fc32db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000005bb061522b3e3eac658a4f375b028cfbb881a17904e98d2e75f0ffee7e4a46de000000000e8000000002000020000000727f3c240c778c5a65e703e0e2ce3624cac3673f0a1086c1e32fcbcb2c0724ca900000002238475891bdde15bb7bc2245e5d2fdcad7fa835e3862a9596fe6dc9e2c9ad09db39c5e214c970d71ab6dec740c6e632be9a88cab7104e5c4a4bd7cfdaeb6cffa7a769549a18a314008024093cd4433ef4ea725a9eb6dc387fda81ff77d461364988c4b95f25d43f54178829a833a97409f2f63d14c75bdd286b2eec89613fe5a3cc152b76d4e15f7b93e49fc555dfca40000000f1cff196951c8c0a4e65a3af690ddd0172d10b906fa451289868255b1425ec4ab27e46711715f092282a39160fa86d7a2f04093e7f4250dd9da7c7e22f81ee55 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 1048 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1048 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1048 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1048 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d59dffc694585719dc3bc4e6ca347e396cea690e99afc59d66231df22c94cbbfN.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | oss.maxcdn.com | udp |
| US | 8.8.8.8:53 | oss.maxcdn.com | udp |
| US | 8.8.8.8:53 | oss.maxcdn.com | udp |
| US | 8.8.8.8:53 | oss.maxcdn.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDBD0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDC7F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f3fa92abc61bc6cf4c2bb12db991dce |
| SHA1 | 626ac758d6a26da69270ff8497f124d746a324c2 |
| SHA256 | 16f804bc2e3c4951bb1cb0a5288e039453fa8ab3effe65d615d1b78a0ce1abab |
| SHA512 | b6eeb53861f4e04736ca27cc16b5fc258abe4893d2ae9066db5e22c4642362307e0e9813edca8a9a3debdcd6ddaa78ab27aae5105ce11aa10362d2bbdc5423c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4eeeefc9b13f61e972c71bc588d24c27 |
| SHA1 | 36724d3be0f8a5d9875b404376db6c55f980790a |
| SHA256 | ce7d3956a78da799fe6fd7736137c006a261cdb36fc4224ff7618a1031df32d1 |
| SHA512 | eefdabbb398f4ada5c0cc90785b98fb7faa79214ec939f1dfc516ed4e990c998d519640680122b52e134cc3542d1c30a97ccb17cb5d079e6797b15da87497e8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b32e936219c1c9d937f5bd0632234d |
| SHA1 | 431c0d3f054b2d0f3d1035c0575d5d38890d9bee |
| SHA256 | 916db43d6b3fe909663d6d89aca4be5f3ff0cacf9bc0e8559fdea0ffcc11d416 |
| SHA512 | 2bc6f98efb096e74555ec00f02b77e098dafe1e49d216d101f9382a641a2551f34d89dd3d68ba145c1d6fb4b6066ac498695f7b97ad691398af468c6844dcde6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7017478e37cd2cc78c81ec5b2ee26339 |
| SHA1 | b189dae189a14fc5f4422559af54057b3f9b0ddf |
| SHA256 | 444a1f59f4747bfc1bd247732c73d6fd7c5421220ef342efea10ef0ee04fae5f |
| SHA512 | 0be9bc4e61692cca040f4383e7925ed358843ec4b2d24898338d342172282776647d2d20dc9e641009d1f0e2a2039769076f07be1f50f294e1613fb380e8cb30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccf29cb587ba648466d11f31e8b81d36 |
| SHA1 | 5a9e6ccec538db311e31607f91875ed057161c59 |
| SHA256 | b94514fa78849144a306f1a112d1ec57549c132a401402b80a4c257336fbe214 |
| SHA512 | 0b679a39be082cde5e06c00b008aa6c5615d8e5cd99bbfcb3b625d3110433259c35c144e4c97621e8b7df3c7227237946d700f6d5cb1008d87418aec594662d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e3ba12bf8f0a2150078fee4854d0b54 |
| SHA1 | 7179867c4d7ba465f93a0c265af2f926fb89251c |
| SHA256 | 89f087197bf247ec66a1fdf298637bb800173c24e198009e5bdf2b97cee5e7fc |
| SHA512 | 6e75891230625989ede7ff1d0a59521c6fde2c1dfedfe6e091bb13d9e56475ef3cac05a15dd723f6fee8c4fd2576134e5e4d3a85a21c5abbc9eb0f5631087b37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fda572c21b543f90400a4bdc3cabf1bc |
| SHA1 | 2b35e7187e2a7a32180736d04bf61e2bf6eb790c |
| SHA256 | 86cec645519f6dceaf6cff949a51eb1b61dad8fbe873095041e2dc183a7f4866 |
| SHA512 | 443fbc024aa6c6e47fb877f9cc39b61a99d53feb40bd53b9aa58a6f4ed1e363c9e009970cd14de4d8b6a68ba9265a49142364dfa44e547d89910972b22b4d234 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7f5003f6d99835b5121a787b3d6f239 |
| SHA1 | 9326edd08cd14070dc26a86e888efdae065b4f70 |
| SHA256 | 868766331c8455154cbae3623ec9011b3c3c2d8483029260e6f307f62b6407ba |
| SHA512 | 038be7f47cb181ed9e629a693b43afc89e18548d4e64c0bf1f5ec7da9ee56417110382dbf8ff6ab8f3905af4d522784f598e3c1783a874b906c75f008e96f450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e63bd3d14484180c0b52533da36c05 |
| SHA1 | 049e3ba89a8a82bd572274eee6c08f145d8bc262 |
| SHA256 | b74bd81179bf24fc9f3788ae52629f37ed04a7ee77e6c28f1dcdf75b67f4faeb |
| SHA512 | 6031168a932bfb2adb31648efa575b85c86ea7dbdc4a957a5fe793eae9f477fb8e866b76b8298c42c4cd91a208f81b967fd4a5bd5b83d9830898ae50546b83fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6dbba06ca589aee6fb52b6531d7b762d |
| SHA1 | 872b9265b0086e0ee5609bdd9d6389b6115182da |
| SHA256 | 372a191a7bf50260c778da845e5d6f2ffec36340173f2d4db3c1f4c4223f74ba |
| SHA512 | e092f70088e46c7174020e1f60a4897985d299eb1dad3e326460d180ea5abcc5abe6c8bb277f5c25578a2e4e54c2ebbe78631d6a4e1b5cda95368b5bc3fa1479 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 753ce83ddf968bc145d6d8c111b48d44 |
| SHA1 | b314127f4425700ba1ed569a22d534ae056849af |
| SHA256 | b1b2cd26347efaff20a43368d00942775110a68eab819cb5d61c9faeff1c0117 |
| SHA512 | 68f56bc0616eca9091e529ee7c61d4f862ee70b6b13b527079634ba3e55028f5edd04a14565a29f721ee611a6470443719bbef503350ce2b5bd35b3620d087b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c8b43200b19f256eea4faa27e647ff5 |
| SHA1 | 8cc820cf495b8d2ff5c96aca83fc088327d4bf5a |
| SHA256 | 261bb38aff93d896c73904e034444783a6be2835e2bebacbdc4f08de7c1b3f24 |
| SHA512 | 3f71c6b0da5bb063f020ec856819d3f37911b0f1c0fd684f5d917b9c8ef0c39248e0cbc432ab7fcc51b4036432802d850cbaef407213b4a57f75e43ef344c695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d41a157094e2c76554105d6e6a556e |
| SHA1 | a15441c3d2bdc34221d74db47ed4ae21b96b40ee |
| SHA256 | a13135a14099a84ba24fc400601e340293c497c623dba438e87b1e57b73c9bbe |
| SHA512 | 7347412f2eae6f6db0098fd8c5c5b7d82a2d13888db8fe459a966e886a59db422cf477a49edd43e7c1b56cf709e0f8a37e69f1d49bdfdefcfe9d69a3ff923316 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3356a00ba5a0338e7f12b136466eb2d |
| SHA1 | 34b2a4b61d7522264d4b2aa5528dd2f0c19c1076 |
| SHA256 | ac25b341dbd879a33020a10103a2124577dfb97348a1b55712029b226b75bb97 |
| SHA512 | 5709cf7d1add8371d7e2ffa6b1c0a148bb0a4b4e9654f145f345c4f4cf71bb38772f0c8043fac96a22609b1134fd396566859727764672023728b3052af9c898 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d25a2d1b36402c704ea6eb23e3c4344 |
| SHA1 | 8dbb640e6be0a06686bb1173dbaeb52fae9f277c |
| SHA256 | 7370090574b0f131d3a554fa4280a6989d710f8b924d225604539a7178fddd0c |
| SHA512 | 53aceb98475e38cac934f87dd03c580feffa90009b668cc2d902db8d0fe06452b811732114425df86bada6c598596d608ca29e9333c9de5ea89838d266588b54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6f3a7831c75ec15901abe77171e3a4c |
| SHA1 | b0dca0543dea9f1c11253c7c0c9a70435283d406 |
| SHA256 | ffe37884b8818358ec5c05f155f47f6ccce6a2ba91bc27a389545b494d05540a |
| SHA512 | 44e3a86ab7f0f273c069cdd3a3fddd3c9b66136e0a7ccbbd9bc03dc46d50cb29935908df09ba0cd6222940436b2dcc757dc66a4b51e6aa7f58b3d66f4f4b6951 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0beb853a95a97a2939eb2de8638c716 |
| SHA1 | caef25b75a543ab25eac212de84f1d3c15aa42eb |
| SHA256 | 9aa988b672c97087400f5a6c487765c0da14b4b3753a5f5efe8d403302e29cad |
| SHA512 | 171ad032b34355f5527ddfd959a851974faf6b8f37527d5a6d3e63bbf32baeb6cf8e05e13da64bd601626d37827d33b2237c58fac19933e58c5bdb7160c9ca25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c95b1a2e5a199117c9d135d7daa39d8 |
| SHA1 | 1f3652bab9d79016a0a3b9d12564dec1666d99d0 |
| SHA256 | 009f76758ca2f7b6cbbb928eee8cf2526c38db15eb06f9882e2f821a25ac2271 |
| SHA512 | ecdfb131be382b9b7e2ebecaaa4252703531d88a82e607ef6c3e040d3cac15eb0a3ec062c71d7ee091623770fd71f6e77eabf945bbc22e1d4f14add6ef091536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e2fab7b5216e1745d064ee4f78ef78 |
| SHA1 | d8559efb390fcf5da0d1a4554fe34a681a62cdd8 |
| SHA256 | a3a6f77b315a0a4814f226b2823cf432b203e93275442ed1c23efbc795402717 |
| SHA512 | 3c42fc16979e30f1742805811a5d98bf9e4ae13805783ea6df3a75f1fcb75d2cdf415faf4b8b72c2ed9adee82739a602dbf51e157d617b4675f9463c38c6c722 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fa053d8cc2d5d5bcaa821de239cab17 |
| SHA1 | b9d4dc9e53cdb3ea670fa39a829347e079b93bf0 |
| SHA256 | ccf2729951b4d266098b770ee582e35105dfd6c62bcef1be943f68e6f1630e7d |
| SHA512 | 4559cadee6ef1a5f61ace5cf61921c3659472aa755b35596596d75d945220178992b66acb5e4838042db4f97bd5a3899ac9e8cb4cd1e44131e5525d801e24698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e4f92a49bf0b7cd0f73cc9c37e07620 |
| SHA1 | ca91953f20f7731863aea7fa685c7c3fc2074d58 |
| SHA256 | 6429999e48b53509d48054b3355036d2ddde0b9c9ade917a72bb5ffff6f87595 |
| SHA512 | 4de43035a25f99ff4b4968e3104395fb1bcab16a8a77a022016a5a95db18a42b095a2116ddb1237a5f3cd4b7d772e3dde31a3c4eeb2f4b20caa3851428870652 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdc625f284aca74d2d5a62a67084ddd7 |
| SHA1 | 723ffad13bf082de6df726f110d02c81310883b8 |
| SHA256 | 74968d593300dbfb6d21aba0e7b96a69794e542f6491ea8a14e17fec7a02a763 |
| SHA512 | 007715938e8c2a472e6a378850f25d93b007c09dc76d42bf5a0c1e28b18326a49ee1b5db7d95eb1c0af074cdc28b52844b9fc7ede8b3b94f9892a7fc2d4b0006 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06431510015454599522773b2096a40f |
| SHA1 | a8027ec361364f115ef513ceb67e9dfa8ba8775b |
| SHA256 | b95531406ab0a3f8b0b62620fc33eeaa8f3cba9e133e4e4cfa27a7dc460d0e57 |
| SHA512 | 8c0f2c04d9c0a0b6da9c7f2ede2258ddd53e2b30281a5acc899c6fa5ad32a681f154d37295900e94aa389c81e004ae38f5c9ba6b5657fbbdc4007cd522eb3273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f03169de88808ad6a3787284ec91dfe |
| SHA1 | 2966c3f79faaf483c5cf4b33a1ebcd8ef0f83026 |
| SHA256 | 06b02860da294a39b3f1cf43ff2546f2fdddeeb315328e4444646b9f3b5ae122 |
| SHA512 | ceea7a0dcb13a48ee8fe835fcae453e432fa5c519e7c9d55ad1b5159bf7e5b744a77f6de62d787499a9b369caacf09ea9f045264d7aa540ab5c0ad618a55b795 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 23:09
Reported
2024-11-09 23:11
Platform
win10v2004-20241007-en
Max time kernel
112s
Max time network
114s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d59dffc694585719dc3bc4e6ca347e396cea690e99afc59d66231df22c94cbbfN.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6ae446f8,0x7ffb6ae44708,0x7ffb6ae44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,18311916558173456281,1104897999532992579,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s.top4top.io | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 172.67.133.128:445 | s.top4top.io | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.21.5.137:445 | s.top4top.io | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.top4top.io | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | top4top.io | udp |
| FR | 188.165.137.170:445 | top4top.io | tcp |
| FR | 188.165.137.138:445 | top4top.io | tcp |
| US | 8.8.8.8:53 | top4top.io | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.187.238:445 | www.google-analytics.com | tcp |
| GB | 142.250.187.238:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 172.67.133.128:445 | s.top4top.io | tcp |
| US | 104.21.5.137:445 | s.top4top.io | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_3912_YOYBDXQCRBLWUUDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b60d2e4-c14e-4a5a-b82d-6af2426ae0ef.tmp
| MD5 | d334502b7b8ba6d370e7b2da3cf5f148 |
| SHA1 | 81a4782d7233b958d3dcc6ef465fb0dee3b8fa82 |
| SHA256 | 5722276a31d78ef27b9a9db4a304a28bfbddccdb8b4b0a28c210081711badcd4 |
| SHA512 | fee71fe544234834f4a7a7c00b62d4ecc890a28323c69f4990192dec0713ee8b12ab4a700f9c117b8eea4970ee0f956e2ac4aaacbf2ba9aebe85c2b64a013113 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97719fb2e2ea645bde5743fe318f54b6 |
| SHA1 | c48a50d1e7304a102c212a25224edcf8fbdcf8b6 |
| SHA256 | 9fba074d7015843b7f39095e9d23237562d92aa6322d55d9927931780a0d3c52 |
| SHA512 | 66abf82616b3e9eb6c42255e0fafe1a5861680d8186535d5a1067b8041603d54121ccd4abf6bcebd87f859a09d4128ac02d546a7dd4c974fe5817debdc234896 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc24cf72ee0927a7444b7cdd81e4481a |
| SHA1 | e9e4b4ce7691e826394d45ffa69029f83b6116de |
| SHA256 | f0caf09be2873804bc66dea100ce43859dd9cc3aa3f2dd00e5cd81ad4f4c679c |
| SHA512 | 21654093a5192c1280e10b56dd9532cd8c1e5e450b1272ee32190558b7904a0d2cc2655d24d2aac1b3cd10e54a5669bccb94b68c0c9b6a5cb0fadf49da9c581a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cca2421618648965b6371312e051220f |
| SHA1 | f35c8e8589d1881c9ce06b71b446b24bc11d0bf8 |
| SHA256 | 5de76d044d26cf23ee40c0ba5df6ae9893163b3408199cf284d7c513a598bb59 |
| SHA512 | 54920ada1f7c2ae56ceb60dd4b0ed4603c0353eb5d4b88433a4abb3b176384b9294650244c176ec8419979894f5db3945e49e0d43814acc23039de475d24c504 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a95.TMP
| MD5 | 7373d8bf058e7d94bbeec6984ca3c5c6 |
| SHA1 | 4449c8e81ea66d6865711fdcbaf06422d213dcf0 |
| SHA256 | c0bc0c83f3d9e4cc94e17bdeca4d4c208a3ec160e513b920d77d210bd6c9f63e |
| SHA512 | a11194434ef9faea4af21e4d6f69de0811c8c385fa71de8bbed0332404d5d868d378e6f38e5c6566f8e9ce289b8bf3440235911eac1dac21d77278aec807b618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc9073aa9ce3421fc33372a123ba1d75 |
| SHA1 | dbe9060c9a48ebb04fbe0aca8e9f8332e56d0dc4 |
| SHA256 | 62895c03da2a28899806d14cd5c0056dbef9cbd434a82ffcadfad88ea125f53f |
| SHA512 | 9c3d9b9887411a1d851b619f389f5746e78f67f24385df1f033d7743de82873e8c9a1b1e7d1dcd5d27e082681a9437da8e0a9c02c2acff5672d6631be90e071b |