Analysis Overview
SHA256
6985cff3361574de9a919a8748d16d537cc8a7020cb04772004926937c7e7a06
Threat Level: Likely benign
The file 6985cff3361574de9a919a8748d16d537cc8a7020cb04772004926937c7e7a06N was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 20:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 20:36
Reported
2024-11-09 20:38
Platform
win7-20240708-en
Max time kernel
67s
Max time network
68s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48361DE1-9EDA-11EF-A567-DA9ECB958399} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437346450" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100f721de732db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2a597e9c4478b41bf4785746acc7271000000000200000000001066000000010000200000003bf81d4fca092a20d8e9f43f7c4e462835dbdce3bd2b75d00b3a462b2d3166c0000000000e8000000002000020000000601f2cf2be54dca1a7d484c3f802b897e4a9d62fd3d34432eda059122f0834912000000055fc5556cff78fd7a41492a5da0bac596f8813bcfa67460c4a04c879a6e9f590400000009d20e9979b13d0a1cab64f78117b091c5d39396bb51f698919a529bb76808d4272637dc173c9af6755c16b1bbdad64c22c681a0cd2de6616d58afa24b1ea6504 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2a597e9c4478b41bf4785746acc7271000000000200000000001066000000010000200000006652603ed68c3e4718895b25e1098bc832660c0500a634cf1832a39601a0f31f000000000e80000000020000200000007fb6dc5c67630de37988b9540bb08b993082483438a3168b198216896816b54590000000c12b9ea1602fd36835099fc175ca6bada15c517103f9038a79000347706f7d86f9fb6cf5aa423e831bd464e1ebbc95cd4e7405cc0571b555ac35278322800612a977a7b98b7c37ea74c53157e76582f9e044e093529058645db6cc40c6b4413e68a6face81483c5cac44d8dd709ec31f4ae2015cc146b7121187a8cd27748bf5e1384b93db62edaf1e0938cc96eae86540000000bd6e7b166e65ee0f52cdc3ca4a7056f8c173b0c9926f20d7cfd00e3b0807f633f29beddcc5e97d44bdd66b85d518e8b93d9e6e149099d63141b075625ec09083 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2200 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6985cff3361574de9a919a8748d16d537cc8a7020cb04772004926937c7e7a06N.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
| US | 8.8.8.8:53 | cdn.staticneo.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 172.67.71.43:443 | cdn.staticneo.com | tcp |
| US | 172.67.71.43:443 | cdn.staticneo.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 23.44.65.9:443 | i.ebayimg.com | tcp |
| GB | 23.44.65.9:443 | i.ebayimg.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab85C5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar85E7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12a0d4e20874426c04cfd1d8cd258f68 |
| SHA1 | 41144110bef95c2a8bcd7452b88440217a74fc3d |
| SHA256 | e0061710571f626bb99357312912a289002dc3cb440b0c47ec3f8decf00f01cb |
| SHA512 | d637e3c8a011aef71a7325798d0f42c60397e7699f80e1c3f7ebb5d25054f8669f61334f5221f8c2cf84c631a3251c5d579b78532fccb17a037129389e3531a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28535b515a99ae86bcc8e35ec5cb2d89 |
| SHA1 | a2dd8f0b45335363b8c6797908834af3ddad853a |
| SHA256 | da6cb37976f2caafc66e05fdcbaceb380d313c40343ba9760e5e9e94ab088087 |
| SHA512 | a512ab3e9b4f83c87e6fb8a0c29e5dc263a85cca88a7cd3272ba5a5faede436fae60e7c2a18f725c842b05c6c899b095fe32cc4af6a23959e45228bfaa945c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ab3de112c8b12cc5498e42ae162be40 |
| SHA1 | f3bba16a747ba0ed572291ce1bef54e179cfebd5 |
| SHA256 | d0bf0a6cf52ead0e594140eec79d224433cd0f092475ecf4448b99c462c7c828 |
| SHA512 | 249ed738d58108eb76549d83c30b62b3d837330731a2dbf9009509b01516f7e6a28361022a9c431cd8d55fb3406052c5a9de5509d350230cde36d5a9778a4ffa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9139a7196d0b0743495ecfc816f5fdca |
| SHA1 | f6d0c3e0f4e403254fbe1524893b18ec016c2f14 |
| SHA256 | 6c9d6b910870e27f4c10c5b4c2651dec56727b5ba19526493557e95300a981a6 |
| SHA512 | db69799b76bc9632aeb929372d30db8c7ec1d072758ac159762b66de8078c2f5c4c28f95497502fbb113190ff6414afe56a2bcaa9501dffc75c04a38668fa858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52254cb7e58a2c77b3012902478a853e |
| SHA1 | 0afdd488103787d596e869879f69fafa2cfe12f1 |
| SHA256 | 09bee11ccf8f4ef32793ccdcb7d6a38384dfd2be564edae9b0ff850e64d0cc99 |
| SHA512 | e230c68dc575759ddb3a098c24ee61f7e3349da81519ff1b5acaa5814da5db3f284a186803c23b0654111819a3aa46e78a2e74caffd1b9a343e37c7480a2be1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4881f80dbf3f942d50feb641f226f04 |
| SHA1 | 7048471f5ee3036671baf1abb50b39d7ec54e636 |
| SHA256 | f23b05c6cbf8c30a97e3776af9873a466530d1a02025cc5823a709160e800a65 |
| SHA512 | fe0cdc2311d5d8d9f7aa3dd0e58976b73350e9cbdb8c35abdeea80a585e44bf6d589982d1e21e081143cc735eaf3a3eef4e7e1674829e1801f841fab8c013ffd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15fdf15dab74aced420fe151b1851b02 |
| SHA1 | 2f7f5926f92c3ce984e55dfcd4904775dfcb844e |
| SHA256 | d2eab35fbba3b70584575d04187542795deb626d35e650327959e9021a44c9fe |
| SHA512 | e31776df04751e80bd1878db402b5cc319f202761dd696faf304bb4d05238b3b78fdafb2eb87c3beceb016f3296b6a2e9fd826b60ea1aed177e828b04b07ab1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be279851df88017bbf93d7032be9ce56 |
| SHA1 | add2204f6656d5a1116f39925012989dce3717a8 |
| SHA256 | 7e586cc8bd9e2c2158d0dc9afe062eb47052e568fcc7cff296fa4421372a28eb |
| SHA512 | 8a1aa153bddef5e47855ed50a60acd68eb580380164cf02e91c5b24ea4e476225b2a9db261dbb571c96b0c49624eac741e9775fe5cd73f5f5c3ecabfc8b0879c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14f82af1b9ccc32ffbb41a8f0dcde8a8 |
| SHA1 | 8e340548b9b3e0ec0b035c3a6afebc10be02d0dc |
| SHA256 | e2ba788f9e1910797b72872d9caac8645ebf10babee197278e1b3a6418d37e25 |
| SHA512 | 12f60594b6b4d1f1b222253f82b1e643053a5817ef5f0e4c5d5364b2b8ac14fb4e6e98adf20adac6fc16aeda6c0061eb1d8f222a3abcb5a7ee8c1e0406982c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e6446e0748305001f81447d641acaf8 |
| SHA1 | cf10b9d8f14f35780c602d9a6b9587562b35ecf9 |
| SHA256 | 30b03ccc80aea4a51eda2d1f2d912d40c648501a07d5bbc987ca9a96f517670c |
| SHA512 | 92ec4bcda33f88795c581ca15b88f08880eb4948def5f70cf0a12b27cf300edc9f708c9c29e825aea1cdcee0f57553adebf33835c08e1c16e58f646fe7de2205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ac37fe24be85d21c8f562b8d3c56f9d |
| SHA1 | 030c8bb2709a039c8b1e8d6d9df736c61b135b6f |
| SHA256 | e739bc45e824d18c242f1a89dbc7435241841da1200506ae358bf05b4b9c02a7 |
| SHA512 | e4d346207ac61f572b91d00e4604af69e48305cd1d35d4683ad40ebb5642908b17463d6b17606b0d702d03e38ac126e531f5bcd4ccf79973958cda2e33fa7977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3382973ff910fd956507976bb8955255 |
| SHA1 | 9d015b5cb4a0b858cb3aa980b2181bbd011f02e7 |
| SHA256 | c6f325b97a5c439c3446c13664845194d3795e09f4922a50aaf5ed2d3117ee55 |
| SHA512 | dcfdce906883ef2e656c151963ce275c0c3319f04ed21286f981e79def1450b814211ab9b1af53f9ae481e84e039f30cc605c2eeadfe6dddca3fa711b9113405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55c4f3ad36bf2a6b44fd95c4d6e04465 |
| SHA1 | 474998d6dca29aea27ae8e06b48685767876931b |
| SHA256 | de9dd5da88c3e49c589795900278c259ffd410c8d1cbee1c4e83798711ed23e3 |
| SHA512 | 71a04e77671a868bff83dd28c2aa3d084482aaa5327bf863944af05ed532fe485d5d68d102ae16f0b79bd6f7e5f672397eec6cc1404af5785278fae0f089448a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a27d06045d0bb7584f3cb93788439409 |
| SHA1 | f89209aeaa32d6e0f9f3a8b50a222d9749bfca21 |
| SHA256 | 44d68de1a35242c316502db4c1fbe536e45bead83c8de9bd8c1e55cd0e09b498 |
| SHA512 | ade606e32273f01a033aa7e5ebddabfe6e5d38e33977a15a3fec4d5a0da103197993851bf4d72cee86145194246ad22658ed0e0b8a81b228339f45dc5e3a2a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a88a0c8b25c4e7424015c6af774d69 |
| SHA1 | 8452f0649d857e55f069d742e2bcf91508080daf |
| SHA256 | 03b1d59f49ef4aa533c70a097b26a0d553e3ae156f5e5d58669a6167f702db82 |
| SHA512 | 2702f7a02d4acf37654962e4732dba938b934376ec96b174f40355e8e95ecdcc303c8e5c1e9371d489537a9ced2775908db5fba13c3236760b5b5e9c3e27fb0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c7b254781a6509ccab83838b2015ac3 |
| SHA1 | 25275d82d9269c6ffbe829b0f3f9a7cb225284ea |
| SHA256 | 41f06d6fcd27ee911a80fab8b6d5a0604da2f15e19d17f193b652aed6bb627fd |
| SHA512 | ab8ba0aaf9bb13dd9001aa5ec79c5e92bd85fa596f5c5bdae33c02f26b8be82fd6286676fc9fcd7bb67d6bd3c4272337439809c36831910f4a87be45d5abd17a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d0867cf7d3356588bd5b08e6e5dd69d |
| SHA1 | 602c7395e22ef8a76a9bf4939fe1b0b9a67dada0 |
| SHA256 | 2c1bbb950fa08b2fd881c0dc388ce162729f01cca31ef419e701bf7df488e1a0 |
| SHA512 | 28a81eca4a39318d8f89fb02779f24b3a1d7ab23831ff68e562656ffbf35d5850978726b7bb552f18073672c438ef813e75c02ae9c4431b24b9175b92cc34577 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f9cb018277c148e7bfec7e520472b8dd |
| SHA1 | 40e85b79971fdf9a1346de791431f476eea74869 |
| SHA256 | 50e059205e757f7927fe9b5c5fe197dcaf48ae03dad3e9c2ae7e61b6e909ddac |
| SHA512 | 981274bf300e5cee138f6977194a1288d2fbdeaf09d836c2f579bff62968298d857cb889430e51beb8b59e8b8db78d13a1846182a79bb4ffe8f7762583931372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8573eb11bc114f74356502dc1510007 |
| SHA1 | 69de8678f326e06d44cb59d20a5a1616e5814434 |
| SHA256 | 055b32c3aa430dc95def5939302eba53e0be8de379482a264641c74f684002af |
| SHA512 | a1f173c65afc6d087c31ca8291fdd13199be93554e87db3b81cb1123e8cafccf6cb0e2342c55e6d4785e8aabbe11fad565a3d43ff8ad150531d8ced8c40f2bd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9826b1f49271cd89923ca473d7e68650 |
| SHA1 | 75f1267f767850a4b093c7f26e0227c1309eaf2c |
| SHA256 | 06cdf76896bab8e155850f2d317bc2a6b9626e1d21078f50004a100e725e57b0 |
| SHA512 | a60e45a4f0717204ad1ab91fda4f45d076c7031b6cf084c10435ee6856d62db69d691a40882169f0de989c81a44d60453241f3a74ac530e35646e7f86ae38655 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3cac67976eb511aa73fc59a8c87681f |
| SHA1 | 812bc410692c67e88370302cb7b3c97bde5f2619 |
| SHA256 | 7d3182b13b7b701f32cda375451ac3aee486861a84f0aa2ee794d2b98da0cf7f |
| SHA512 | 4819a8c3c4f4969a30492df1fbaeb870af20bed8cc3dc23a3329481de252ac63ee63f15213d45f89b2fd2058f976b30c2083e814d9fd5ce2207aad7a67b13b1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 20:36
Reported
2024-11-09 20:38
Platform
win10v2004-20241007-en
Max time kernel
112s
Max time network
112s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\6985cff3361574de9a919a8748d16d537cc8a7020cb04772004926937c7e7a06N.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8568146f8,0x7ff856814708,0x7ff856814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13686192964670622238,8565978754137505078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 151.101.66.206:443 | i.ebayimg.com | tcp |
| US | 151.101.1.46:445 | cdn2.editmysite.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.staticneo.com | udp |
| US | 104.26.7.18:443 | cdn.staticneo.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.7.26.104.in-addr.arpa | udp |
| US | 151.101.65.46:445 | cdn2.editmysite.com | tcp |
| US | 151.101.129.46:445 | cdn2.editmysite.com | tcp |
| US | 151.101.193.46:445 | cdn2.editmysite.com | tcp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 151.101.193.46:139 | cdn2.editmysite.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:445 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_960_QDNTIPBXEFUPIBJR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec57035df5888516b17f834175f4c2bd |
| SHA1 | bf8f7c5f7bde31465f7fe38756b273586ef88065 |
| SHA256 | d870cf16f76139699f97f2316880b8dea03763a2da2f61cb498158561f02ebb9 |
| SHA512 | 21c85c3844d85e5bf4105c0f5f9074eadcf90de550b05952e13de7b2ce7d056456300ad13c1a45a3008ad499063fbb04242aa28f1fe289479f5ea9abdb0d8b9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db3c75ff1f9a93b849a8350d95e08366 |
| SHA1 | 8f80f3d26c28a78aac0883628343793332307514 |
| SHA256 | 9f5cc4ccad3dd7cd590745dbd6fb357b1faba428f3ebbd28cb0a3e6e40ad8e29 |
| SHA512 | 98962fb05905991abeb4919457d3ee73a6f0daf2565ef98465c786c2727d9457a46c976112e84c33c1947850842c309bdd3f4103f65e190b41e31908ff7a969f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45890c0d1186aefc460009d34b4336da |
| SHA1 | ede14294ceb1414b10eafbf792922f7426677c68 |
| SHA256 | 24aca8750e77efe473167716420d53c343ba9d5caa5d1888106fe931e97c800e |
| SHA512 | fa5a3ed9e4af726f4135372c79680ee004dc1b3f9082fa95941baff67f968f458a4989ceac698d2fc78593e15a7d1d5fb7547ff11c42666c0336add1566080cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2003213791bf8a34ff2c215f28f94930 |
| SHA1 | 07d3eb5d27910042d84ef6c947d5d975e9b1e6c5 |
| SHA256 | 4aa117bb48ba759c3e351d99dd146ab12d3fbb49d8ba320dd0a01a9548bf1c81 |
| SHA512 | 908f1ca8d03a7880bf9e9850bdeff24436c54c3e83e834bdc496c400a435f91f8694916d82e51567e9c12d4b87082f9ccd941c34a044d854f5dee837c34409eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 47547f9d6856a48de40e89bc8f64d094 |
| SHA1 | 05e98800f25e43b93821656fc5ab9efcbcf6a0e0 |
| SHA256 | a0d9d753a29eeac64f38a7260ffe8d376de6512aadcdebc1f9cec03c808f997f |
| SHA512 | 73690d974e13dc1889feb6694a63f20e92ef90f9d4232c92aeab4e554fdad9650ac1b6799f3f240723916dcc74bbf66335be38f4e500344caa332477376dee4e |