Analysis Overview
SHA256
f1b7816b760f12ba96fc7060ae0938a89ffb1ecb5b0462d7c3e36f7db660a522
Threat Level: Likely benign
The file f1b7816b760f12ba96fc7060ae0938a89ffb1ecb5b0462d7c3e36f7db660a522N was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:23
Reported
2024-11-09 22:25
Platform
win7-20240729-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cef9cc9ec839814c8d9933a0e8429aa5000000000200000000001066000000010000200000003c04cd7c7d7ce1248ecb4fa2953fa8d69c218569bb8bf41a397b50f9aaa29c24000000000e80000000020000200000006d868c5e46a51b3257c05d259d129a12f863c6bf3cfbb63ced7295d386cd54de20000000757d00e093a2745aca477571af48dd3a9c7932ff8292e93f2edf43e059cd78e9400000002da38fd15a8d20ba65bdce3bb46ca900790aa51c2afbf9a77ba70174356c74ca649c5fe50229d14f5658ec1aa78bace27dbe1a71a109b5eb80d52e48add9fdcc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437352874" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e66014f632db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3DCD6C01-9EE9-11EF-88C1-C26A93CEF43F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cef9cc9ec839814c8d9933a0e8429aa50000000002000000000010660000000100002000000013aefd00b52fa99c3d29856f19c9e9df7eba2fc31bd7d5cc5d921b8948f850e6000000000e8000000002000020000000d4909c7b451115f8f2b1df0e08c11f8587576e24b42510fe30bed2a6fa1f58e790000000d055367b9f400d1a655db31e671df689b36f67fc06ea81fefebe1623d7b15651e1384aeb7f754e65ede70d8c8f2e662873452c2f70f47e1e8a015f8364c30ebe421de0b29c61573f4bba3c774dffb46af9efa82f85a118132ba12195997c22d6a404bd061ba70810dece33de5ad5665f4818df42022b71d5726b05b204939a861639cabc2f99621771bd4ed92f6620d4400000003ff0595e8cbfe7ee1fa51918db2f54468152a99123e948ab55777fb43bbe3c2de712b2a553382486a00982bba8f62e83d782cd9227fddd8febf807b39f5ec40d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2284 wrote to memory of 576 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 576 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 576 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 576 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f1b7816b760f12ba96fc7060ae0938a89ffb1ecb5b0462d7c3e36f7db660a522N.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | laurishillings.com | udp |
| US | 8.8.8.8:53 | thumbs.dreamstime.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 192.0.78.26:80 | stats.wordpress.com | tcp |
| US | 192.0.78.26:80 | stats.wordpress.com | tcp |
| US | 151.101.193.91:80 | thumbs.dreamstime.com | tcp |
| US | 151.101.193.91:80 | thumbs.dreamstime.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 192.0.78.26:443 | stats.wordpress.com | tcp |
| US | 151.101.193.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.193.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.193.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.193.91:443 | thumbs.dreamstime.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDC1E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDC60.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f4c6fa54cb15a5d76c688beff4c704 |
| SHA1 | 63ae7be62e2fdee773e3e707a038b285ee001520 |
| SHA256 | 9402dde4153d392bd203643f8d8405d1608722dc827e239064cf37193aeb6dc5 |
| SHA512 | 441c9a67dae963e2e70c98ff518c65a2ccd9ffae033dfc4bacce2fc50bec97625f62b1ee1332e9f74fd76b120e351879c9bb41dc78a1b2dfec75f9c558f10faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e922fe11d1cdd0ab8014ea5c84934fab |
| SHA1 | e379eaa7d2872283459daa7e19719f913463a52c |
| SHA256 | 9b1f8423b6c489112aa309ae86c92a202b2184b07eedc3802bd270f446570cbf |
| SHA512 | 0f86b9b76317bc5d9ed11c08c9e023184f3f01679182a6f1f637f5c72c23715b48bcd5fb016bdd41543c577dd2d3ca0016550353c33fe03815dfd4de463411fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cb6343c711283815b3eab48ca4ef07f |
| SHA1 | 9a852a96c13cde66ed954fe04193a62adca1719b |
| SHA256 | c54e757c3d1f4e24eaa01642057773bddb07ea4c84b65aa9c2e998a50c13c1a4 |
| SHA512 | 237893b25d3e423e6b49b590fbb140464576404ec7ba236c58bf0f0a4a97818c6cef5461741f62bd251e7b0f677465f5e68af593f9498c203e1d37c830e8085c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d1084abd223c718da54290270ef76ab |
| SHA1 | 6e557296bb42311d37c85243e0adcb3cd6a61bf4 |
| SHA256 | 959b88c15cc4146c8a44c01b3504e574fb25ce1965e019ed5b9cc182dfa09ee3 |
| SHA512 | 99d8199cf2148ab1671c772fd62d4d66344af193a12fd924747f61c2187543691f8419a0a8938273329a606ee1e673ced6d0cd969416b446ab06220e4d600051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee03ac3fb1ec8d060eb880d0a945ea7d |
| SHA1 | 893e1b3eea056731eb6dbdab5b7880a6a4b9b6e7 |
| SHA256 | 7a2a8475f36606472824f1a3ff5375d9d189954680c810e3ceb800eb37487cb8 |
| SHA512 | 076bac94c73500a05ae79ae0ce7673d36a0ce4f0588ed3211d47b7322e46085081d21d850b31f6b152ded0a59ba07dd4cd5c43f75bb610c1647659e378c25304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 248bdbb2d85f9e9bf8ce57cdb4a4a298 |
| SHA1 | 025c12c628d6a041c6f3cdb1181b0c8cb0b01e90 |
| SHA256 | 9c28e1468527b7a4a670a79195024fdc7653c2481e579003cdd344bdfb9f2fb6 |
| SHA512 | 7a3c88a6db1e52272a0da58d2f0a2a5381ad4023788fd51e7ebc8c8b48d10c4b8f706d05ac6b45ff35ff40abe95a9ce093cc5c5fce01ecfc59859b92d132b601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a36f2ed68e6f9a3c9e71af42cd9ac698 |
| SHA1 | f62def014d4fe0c5b091b3d01f031f9fe37e58e7 |
| SHA256 | d97221b9e8dca38cd01457924e5c11e72bf5ae2ea2d1fd2edddc6dcd04897bc5 |
| SHA512 | 5f8ca1b938e9d4f75645d39258d23bb15d6af98e14b5f2eefb05151d480c47fd8f14387454174ad9edbd63856a171303bbe4dc5e8f4d249f7582aab6add7e950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc947080f8313085158f3beaf73b50a2 |
| SHA1 | c19f8d525cd925840021b8fe3dc1142eabac589d |
| SHA256 | d5ade123aa759ad313ce7c7d23e996fa4bab65d3b03455e98749abeb1bb3e8ab |
| SHA512 | 723dc120cbc9987d3c760de98e97255618d0a35258290a10a56ed72791183a72bd44072dd5c3cec327fef431d104cbda9f7b6209439a92b966b91287aef022ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b81d3a3cbebe3bd8deea78f0d5d98492 |
| SHA1 | 969b34cfa44ba686cc44741015e8bbbb2e84af46 |
| SHA256 | 74916a61d341be4fbe3302af007accccf520a7d0f5395273a08de6bd939352f2 |
| SHA512 | bcc92b759c8dc699af586fa4ef97c90db7dac1be6da48dd4251fa2999d537336687dcfa93356aacc8abcd05a85b86d989733d826a68c4a4f2f4cbaf512d47ba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dc6f1009b7b1bf359bee5872aaa2261 |
| SHA1 | d5eba38ad887c032b705b19930cdbb8de5c43bd1 |
| SHA256 | 2f76ac791d6b0e1d4a28ecb26b34800f46117938dc1a7a68eb29f8c168c0d742 |
| SHA512 | 6dcee53eb4dbe90eb9ee1f80a2a752693a31769b7148c91b2283de5d43794f9f7f6431eb595b65dd7a4c3136b10c6b69c7a23235f9f23b6cea5aaeafc5b47aa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1286d1abeaef2201292becf535ce869b |
| SHA1 | 219d3d0677dd17cb6b9afe76800c721b43c17bfb |
| SHA256 | 993341b6f040aaddd9166162cb423af26b88bbb182c5bc0647c9e6c778cc42a0 |
| SHA512 | 32583a6b2d65567a7fec74c6ac2019cc4a1473b67f5ed3803bb23eac23a54b0dc0e7e264fd407992c8faaeb0a21a5bed591288c7d25833a00df87206801c198a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 614b1e92a62992b587a769301ab6b9a4 |
| SHA1 | 56fd85a14c3d3b3832390deb2c2a8a674f0802f5 |
| SHA256 | 113a31c78124746bf989ebe725e798cd2dfa96a513982c70178a731cdafb1d9f |
| SHA512 | 5c8ff0298a8013beb36cff56199b6763be44917bc039bd961f96017140848792f23373346688368f57d0b2098b8afa1f5b041795a666beb3073a8d883b0e1390 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bf03c8e7563ebd09fa280d8801d88f04 |
| SHA1 | aa34707585499139ce98d2ffa6b0aab8d5d3f2e2 |
| SHA256 | 4d5ca54d53a0d9bfbbc15e8badd420f44aa7a4d6fcff62fda1d8116d34d3aea3 |
| SHA512 | b6ecc4f5b4272eab9b360761ad7f297af96db0f8113aff1a3578b7bf7a8df0124b17f6ad7fdd72aa5f75363e43539d4b1744074200fadd97b091da1c1796d3d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c73984b843cfede256ec1f23924ef0b6 |
| SHA1 | d267fb9fafea8c6a2f187fe69304f41797ec8eab |
| SHA256 | caac21596abf48ac64f28bb3463a02cceb415a31b8b3354b096eab7aab9d4167 |
| SHA512 | 66252f86b8e285b5a747de725cdf8597222b9380be6b8816bac1faab3ff5ba8276c79218bf9129ed5408ed483bb08eb7de470818733c0044c1e5bedfcb678df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9c1fe756d1666caefc3ca3010957b0a |
| SHA1 | 6150370ec8ec3cf9f7d86e042dc1d292cbfe0502 |
| SHA256 | b65d6166e9105018ef92654cd1fa62d5be44ad996ebd6eba8a6e0869ae2f5b47 |
| SHA512 | 0adcdbc66befef7f9e4994d1cc1570c18d80b617b90190b5eb897c6fb7d02e6218f4c3efee6ea114872bb2723133188f9775db828fe0378f5b6d396313aa72fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de08606e73484e49f14589512f95cd4d |
| SHA1 | 7be80b0385544448eb369cce5c3f6546edd4d3bd |
| SHA256 | 9aa1362310978881d4aac8c9c9ff7e6db5b50735efabfa3d33351533c5928312 |
| SHA512 | a4eb76ec1b28be7db11ae72e864c90cfa0f214ce2c71ad0e9ec9fdd4a9a386555dcf5b6dacdccd1aacb0c46b1581fcfa449db335ab73456c0e91da9de57cc0c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 15bcdd646baa7125d1f017dedcf8d796 |
| SHA1 | 7b0d699e889723b14992ed9dfa133b3656714506 |
| SHA256 | 9943341c8ff131cb0150e20ab56edb1df469b76ad52dfaefbf89b97051558b58 |
| SHA512 | 8b06f083d219710db7c5ff21d0bc37c19fd53813298a9066a1fe53124ebe9ad196df3489f875c48b7fb05ee8bea2027d8424cb42c7a833167e0b19be59a36ad6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f98e20c7246a21a62b42e8e32e21766b |
| SHA1 | a55dabdacd55762cf75dba0cbb9450f3f948f6f1 |
| SHA256 | 15c59a0bdd96672953ce177903621c20216527dfb84573878b3e69c15af4b22e |
| SHA512 | 58a6c189b07b742b661747f987d3c6e8d634467f846d5d6fb0b80f7ffa220e4cd00605572a34c6e7f65c18e5c278c4f3813b6eb099413632e7a1dcd554b248dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ff5e502ab45b5bde500f368ccc3e98b |
| SHA1 | abe3a2d2a2b9e8f176218d84b1f0f3a5d4eaf02e |
| SHA256 | be59f646b4af51f79d0c48eff7366ed336a029ad2884b17b792a69d7b751020f |
| SHA512 | 94ec38de3f076bc9b3708fb484e993d9f490611d0deec7f647bb9dca509f44349d6f97ecb5e1d57192a311122fcc2cdd7b5ad3f61a80e958b15dc2f69d722562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae93bf4d249d77cf738488494a1170b0 |
| SHA1 | 5c7ed3592755ac8b5c9776d5eb926ffef4e5d347 |
| SHA256 | 9359fb5cb1573e974a62ed85d13e08e1fd34b0e834075d94c85ac2fb68c7691f |
| SHA512 | e0a6fd50412b28890fb34bd40cb1f97e3b7ad664508dd9694f66704ae4ab71f64bda2368b6a32e1ade0480a9f92b73cae94b7189f16f836865f7b00bc8345715 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a9babc8cde3fff450b51922c566d610 |
| SHA1 | d8552290401df72dc1d776234e14c254fd93c943 |
| SHA256 | 8b89f4905c76fee2b9cd936ec31b6046a6317afca5f7cf3f52bef843777ded38 |
| SHA512 | 37db1ed320813d60841c73062c692ed0dbbe876cbb427da45898b88ede5c642183efd768686946776ccaa26a5e8c356730e6805f49a807ce132d3b7ea1b71ad1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 22:23
Reported
2024-11-09 22:25
Platform
win10v2004-20241007-en
Max time kernel
112s
Max time network
110s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f1b7816b760f12ba96fc7060ae0938a89ffb1ecb5b0462d7c3e36f7db660a522N.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa333046f8,0x7ffa33304708,0x7ffa33304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7712196950755207547,5456638718735992959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | laurishillings.com | udp |
| GB | 23.44.64.184:445 | assets.pinterest.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| US | 208.109.49.138:80 | laurishillings.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.49.109.208.in-addr.arpa | udp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 8.8.8.8:53 | thumbs.dreamstime.com | udp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| GB | 142.250.200.35:80 | fonts.gstatic.com | tcp |
| US | 192.0.78.27:80 | stats.wordpress.com | tcp |
| US | 151.101.1.91:80 | thumbs.dreamstime.com | tcp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| US | 192.0.78.27:443 | stats.wordpress.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| GB | 23.44.64.184:139 | assets.pinterest.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linksalpha.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_3332_UVUNCKNORGJBBCZF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29186d4c6d63111ec8b31dcf1640b375 |
| SHA1 | bbdebf90e55708aaf952204d979283f274a6002e |
| SHA256 | 6f40ac467051c5ba9904b0864796cd7c61a476b073ca52424a60435ac5282028 |
| SHA512 | 11e109765e7ed0f1ec0018338e83bb198872c8c5acff1b4e7b6dd7edf19c0bb5a352eab22ee1f1d3c4c6e4826c73034eef8f0726ed08075e970725ec73df2d8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e4d2623cb2c2e7559ea9840db980d55 |
| SHA1 | deb90e885c6e5ba07f53e0930a2adfe955b19d93 |
| SHA256 | 4d16bb8aec086c4274b15f667f3932a741cc4d52d5ad6a7b1545b0b1bb10f155 |
| SHA512 | d21d074dc8e31389911f29c1490a5fdb90cdfa0de9568debf6a53a57c1d687a4ac63b14fe9e88ba4f28207bca042151543487b41b89637f68feb85ee5de06c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbe407b714ac414f76d02353c2e7b2c1 |
| SHA1 | 2b993b25819451be5f431d9f27698e6b7ce1424d |
| SHA256 | 284f41b796a1693c179e342df35fa78514164e2e5d51af54429cab079209def4 |
| SHA512 | bc5db0a0004a94c07667f0dec270759f005bdfb2542863c870c3cf244432179ed8a765a9653135270e8358256c0df537a5860ee978ed58e7bd23d7fbd5120fd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed8a47bfb3bfb5980d73f700ab606994 |
| SHA1 | 7066f2042da4009ee587bee6d9916a1a8933a34f |
| SHA256 | bdd17d7b4477dd14d479cb45d657cc60daeda808a8d67255d689fa5e10a58587 |
| SHA512 | c4c4851b7f7b4e274aab6874e14be6cb4336836f84ce0df7c02f25f736be8b1ba6e9ba327680f6d109594e178788b9a9a48324946985874dbdd0b0b63844adbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 249a4f9661c5a3ebc88e3ab07fe5b83a |
| SHA1 | bbeebc2880c58b99a4516e91b2281ce040b2adc7 |
| SHA256 | 90c5ea9e8ea910a422e49a9a89a0ee468042420fde60716ddcb250833b328a63 |
| SHA512 | a37dcaf79a34ed780007397d1f43710dc95deb6ea7657973c54d481cfbfd21b52f38052ace5f451074ad8c0462f46340f0c6ff878e20a016e57797842d168abb |