Analysis Overview
SHA256
0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534
Threat Level: Known bad
The file 0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
Stormkitty family
StormKitty
Executes dropped EXE
Drops file in System32 directory
Browser Information Discovery
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-22 22:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-22 22:42
Reported
2024-11-22 22:44
Platform
win7-20240903-en
Max time kernel
119s
Max time network
119s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\svchost.exe | C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe | N/A |
| File opened for modification | C:\Windows\System32\svchost.exe | C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\System32\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C4C7911-A923-11EF-B945-527E38F5B48B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438477240" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100e4bf72f3ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000006f20c135706b641d025a15e9d69444115fee9b50713eea64e21421a8da3ac2eb000000000e80000000020000200000007ded997825ed739bbf9d0c893f29384db24383c10ecaed5f8c57ba4d8a2caafa200000002a02ce4acf3904f5f685935611924c6a019810f0302220aa342296605800271640000000d146eef1376cab2dc5f3234f4f228f423241b35ed3030b652ea6ab704785562035a337a09deef940dab20159d46c4cb038848381d4f1f56903dcc2a4fa247b60 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000045a5f1aeae4bf4e047f35243c6326a26e99ac1c1e239921cc4fc8daebed29928000000000e8000000002000020000000697beab4756231eae1043a5302ce788189787417650b7e6d34a3253b8322746490000000377874bd05c13fd96a9a2964b1360991fffd299de5a7bd6457da402789e8913051faf9da54c7514c91d98822865c722d0c3c1cae851f204b8026554e73bb0bc69154aedd639f2c6f457c77b05167a78e9f1453d2d039cffe2e2235ee9c1660376c9eb70da50f6b3e43fa0580a2fb7b0bd0882862fa12bcd3adc0f5edc2d11d86c0329880e39ded1b23ed21ab6bb1421b40000000f9cd812ebeed856749d8dc00a39bf991340869a2858986847e8573d3feb1bc5aa5c7fc212597aede1a295c3df1e463918313a4b39af20c5f253511f499f8a290 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe
"C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe"
C:\Windows\system32\schtasks.exe
schtasks /run /TN Update
C:\Windows\system32\taskeng.exe
taskeng.exe {575BFD29-508B-44B1-AAB8-8FBB07E0AE61} S-1-5-21-2872745919-2748461613-2989606286-1000:CCJBVTGQ\Admin:Interactive:[1]
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:406550 /prefetch:2
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| DE | 2.18.98.139:443 | learn.microsoft.com | tcp |
| DE | 2.18.98.139:443 | learn.microsoft.com | tcp |
| DE | 2.18.98.139:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 104.78.190.43:443 | learn.microsoft.com | tcp |
| US | 104.78.190.43:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2644-0-0x000007FEF61C3000-0x000007FEF61C4000-memory.dmp
memory/2644-1-0x0000000000370000-0x0000000000448000-memory.dmp
C:\Windows\System32\svchost.exe
| MD5 | 3ae4a965680a6b9572c238cb51cd0f33 |
| SHA1 | 850b303af5b5818c8c34cd88ce67acc6f093c248 |
| SHA256 | 51f1e33f84709ac4ff359e47fc0c98395cdb12bd70feb8af78e40f494ef9803e |
| SHA512 | 328cafddc052b566033bba0e5714c0dbc53e7c442500969a1a556e9fb90d97fb9efccf233ac4632d148b2d6350c54a0e5a8c6d4be5b19b1dcba04b0a61e17bb5 |
C:\Users\Admin\AppData\Local\Temp\Cab3AB2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3B9F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1c36c33c97add7e0b1f4abd067f7df |
| SHA1 | dae055748daa26ef52e96723bd1a99ccea2d9732 |
| SHA256 | ddd51a0ce6192791a9191bd2ea63237f37dbe3de62d44446b1646f879ac04a64 |
| SHA512 | 73d4320ca6967810e0c0b2e18786fb3a2997b6fb1b95cde119a4c8bce92616efed1d09fc5668c1065bc9f31c849cf48d1112c6fed0afc8e4bb3ee4b30f1f3be2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b31c09c2713f0c5b36de3aa21679af4a |
| SHA1 | 2b4a7d664e07cf79215bb5c3fd0fce354ba483e2 |
| SHA256 | fdd0ce0f1da1d4d181453b1073beed34d22fe8a627d523a4c8450d5add1d9668 |
| SHA512 | d58e0b5b864e03aa296287470de62bd1ecfca115b0981ce7f78637259f37a7267c74feaac010a704ed14636c5f93fed825aad378fb83736da6048276511eb6a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 671d2f1a0c4a4745a45f047703e4ed2a |
| SHA1 | df483f0b15ca57cfb959bd3dca7752c06c09b0c5 |
| SHA256 | 7f3e13695bee3b585c27a4cc85209adfd0cf7b6538d5fe084df08fda435caf38 |
| SHA512 | 27655c0aa8a04b07fb315929c591e71f93dc58c51b98d8947dee09fcd26ba53e8685b2d2f2ebefb9884ea5caeadc854d72d14e8997f5100aef2de57d5bb7eda0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c224e08a9c198a84a9305aa4232b1a1 |
| SHA1 | e8fa46539d75964ad50a99845578d72984c4d49e |
| SHA256 | b3ce96d084c27f0a0199e8dd9e9dd821166cb3e98aa5b830ebe06a8c054b4f92 |
| SHA512 | ba78c72878c57fda0629d2926c5c91ac14de07f84bea5a142e7ae3dffa51da7da4f274509ea05d77764cfbc9a55e58608cd90d6106c9ab2938e78c316ff4e986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdbc129a70738905e96f607d0142a2da |
| SHA1 | 6011414d1c13c043b3c434f7ef3070b8b4cbceab |
| SHA256 | 75a5490b9fc6a460c24e3fb45794d8e11adaaff12f92477e51a0ffdcafc8101a |
| SHA512 | ed73746812ffd810a5fd04e1e3daab7ee606be0d03165f8d95ccb30eccf75a1c57b13af8371e2219aa6689bbfcdd4202f4f49f699775953c3ddb2c8089cf7224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6acb014ebe2f73782bf6042c9e4716d5 |
| SHA1 | 8be96b030962254e94d1a90910298e76d05dee64 |
| SHA256 | 97434df8be2fe2da677a116b6aca0e33c02d821bd561b3199fdfb89eac8259e4 |
| SHA512 | 2e445614b11de86e5aa7f4e6606bbd700ad0468bf6fa7f6ef43ce1ee5f2e0f541584d8e1d7bc946128481e2e15ec7bf7baadb0ade89fc41b73cf56e3149c1c6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 637dd25779d3b71b3727d998784804ad |
| SHA1 | fd66dc2afbe69f3a7c92ab2af74fd0ecdacdb107 |
| SHA256 | a3d9a875ec36d2a6d5bc33f304d7e7be9eb24d5ae371eb18b5e0360e7b27f2ec |
| SHA512 | 3705be5bf7515a33f7f866acade0d3e60e1ad9ba249b13159463951d2293e0f9597eb843ce51f70626c33a8a1d09fd9b818f71661ba1b151ab2b9134ba5cbdf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65fc9b4a589f15d9ee3419873b756bb5 |
| SHA1 | bcac4ca660194e64f6f51586f2a4dad99b33274e |
| SHA256 | 7d7894db583bcd90e36a238509a584e314c322aa846314cc7508c46bdabab4aa |
| SHA512 | f124a0453ea0387ab8802e6f3b52776812de09c1ccf1f2d6c8a48bdfbd7a554ea8b46fc769ea9fb1a877479c334030ce1454fd507057aef50d47c26ed91744ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 4dff43e41bfb70689534e5fbe14d628b |
| SHA1 | c680c81d0afad469adb6c8e0b8826dff5823c89c |
| SHA256 | c127f30566fc1900af20205323ef707fbcf3d5a56f1f9574480b6f88a445a53b |
| SHA512 | 6ea24ca85b118121b0c7944a2e55c4eaa85374c8f6209cc597469ed323085d91fdc6cc6355dda7c6d44d70af9ceeacd6436aaab37cdc7f80ebbdfc753575ecfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a53763908128b01b64bad15d95d195e |
| SHA1 | e2ec3a9ea1d79193f8475b3991f96759fbe8a34e |
| SHA256 | 081070ff7efa372e46b4d142b48457202b20e5caa99a25629768d13c4ceb5d0d |
| SHA512 | f5b5a1f9a088bf6b01b2dad4928de2d1ccab0451310df701e5bf92924ed70d30a24d017ff409ad209ffa0b2f4a05c363a8d94025a405b9bbe2d3e85711a7d353 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 469774fa6cfb3b560f9ccc962ed25f61 |
| SHA1 | f2ccde4a0e53a36f6cf7d3b34a658b72f38e4ba6 |
| SHA256 | 9e4c3bbee0ab7c6e0968cc5f1ace3ebc53e0525513c04222656697f88a32d055 |
| SHA512 | 581b3f802e5fbdaf09d787e4512f46fdafae9958472cabcdd396e8d2f463aad792b341464a4a1c8bbe95f97e988a61e3cb5a0ea646f6d0dfe6da5ef0c7290f0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10f9259ae5bf088a9350287db4e9b94 |
| SHA1 | 2798894a9844674606a67c66fd4e9473ed05f988 |
| SHA256 | a9744b75d5a72faf3e7a1ad5e2c543d6e70cd0e9c2a3f67af245d7871682bcbf |
| SHA512 | b8a8477c50d510e4adf243c38201cdf2f84956275598fb160551b7096bb790b9c1bf139458bc7ce940dbcf757c30f12e97862531d34687b941fb0a7b2ef80f6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edbc40726459cfb97172418d3fa83429 |
| SHA1 | e95d99d143ab9b73361fd289ba1fbae4ed63b334 |
| SHA256 | 5362fe5423c219dc275cf0b06698651a254a07ef25bcace4bbd8b1db5361f81d |
| SHA512 | 427a761f497cc26b9e6e7e7d039b11c81d0a841ba5dcb09580cfa6b970657ffd6741de2424fe5b5484e21852316f63a3dd6fc829f05ec701a8c0c79f69a40082 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 129f03e339d6f8c7d282c56c3a43bc06 |
| SHA1 | 0f18b0e486b56abfc441d9c2acb6fcdf103520b2 |
| SHA256 | f62ae385ccc253223b2581e20c111213a97e79470f43a6bc90b667288803afbf |
| SHA512 | 3a1ee76cfbe1df88818bb3dbf93205003eb1fe3ab2de4c59211fd96775b24ca7e066d3f34b522f731a4c7a272a966f0f9a3234b00e327a339910869cf159069d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3cca6df473f10a99c96f8cebfe66a08 |
| SHA1 | 3570f2478f9ee32e2b9e1f20230135d0a616d464 |
| SHA256 | 6a06fbff88049c0faf889f839ce41b0f9a2cfb5dca4cec6e8ff3aa0a493cdd30 |
| SHA512 | f6e3cbef4d57eb11cba30ea41bffe09f712153cd1693e22954d1fa97fa8b5fb4c04611d565899f51a8db27ff34853f546a187468fd25cf8175f50266b620f255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8d6e6f13acf471243fbbe39d10418c9 |
| SHA1 | 635c7b4c166558bb341e1248c5e6e2bad1e86827 |
| SHA256 | bbafd9a91ef0d95fa7312b43997134b96f3fc7047128b100517c4beac01fd7fe |
| SHA512 | 70a96d470a3ec677154d2d5ac6725ab76ce4cab037970b69785286b56905fdd0935358db94e734d6c410ae7953b1b61207ed62e424861c0f85882f8fede25454 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a13b28a2c411f5906e58be1806f72a9 |
| SHA1 | 153826087f0569041b552fee5c677191462ab1b2 |
| SHA256 | 8e0fa75486413db4dc097e5becced11cd24b0cc0ac10eca3a3ad08653697401d |
| SHA512 | c5102dfd46d76e1908ae80ec8341f946791e8204f09b23b84d2327101e444a3909758afc9825154ef9a341bfbdc1086d16abcee3a88e5366bb07c4cc8c481bb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39b2621483459e01b04723a8961b2979 |
| SHA1 | d0d45b2e29077125a651ef875aa8a8b6f289fe32 |
| SHA256 | b042dddc5916aaf4efa70f008561d07ad4f7738b1639e39425205ac3ee62932d |
| SHA512 | 638fed410e43cb38798103bbc7bf6e2853fbf523be3522dcce29f2a69efd0d224695f548d77bf56e7e254eb771dad53c6af78aaf42aec03ec71cae1572fe649d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5edd8881b6b763130b15ef932668cc02 |
| SHA1 | 02b4ae3e9cb7e8a090a046bb9d7f4b689cb47641 |
| SHA256 | 012feb316a9a317d06c4a07187f3c6117eab1b0b582b0d9a42432fccd05abffc |
| SHA512 | 959ea63d93a5161bb948425e63f94dced141293b2ad3dd1c6dd953f613263dda43d030c852b4aca25858efef6d39a99804b65cd0cb4c3654a81a77b34b51ed5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23b77a0a8f71f6b8624ba3915fcaa596 |
| SHA1 | 93bf67f67e2dd473a236451f291043e8104177cf |
| SHA256 | 3bb31e67708aa20b001c7d6a58e8019092f8c70a9d5a6af711c0c91f12a3c939 |
| SHA512 | a6d87b3ffb15f18e88180918df54949dbf7196fed76e4479aa8feb62ade597e76dcee51a1b0d347258e72b5bc284b8e3a480462951c1850c8df34962757a4c7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00967433882cde3920cf4fa24780b072 |
| SHA1 | 31938499aafd4efe2001207aee36a62e6d4f1121 |
| SHA256 | 1b0b809cd2792af3bae7c3762c586783be95f378275ead6545434a915d658f72 |
| SHA512 | 9e875096d9bca7d50f4f383b208971705a75a475214c9c064708054fa7be5d6beea8fcf9da8992c41998030dd87b0a9931be7bbdbac0c8b2cbac518984abc462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a6960adcc7c8ed50a191d49c4c5e021 |
| SHA1 | c60204187af8c8b1d87276fb19324861ba7c747d |
| SHA256 | 0bd61252eb0c07de3c114bd48783a080a4f650218b935c14c4754764596b087b |
| SHA512 | 200c164c0bfec43d84f0a206218822325b3b1f5ac0a2b602dce43c762381930bd51273ee2685970d7079d87436903adfa5bd644e4957abb8a11902db68cf72b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef8d094eea1cc6afd906850df5dbcd2d |
| SHA1 | c3dbaa8e57fef435b42c9e99b55264027f193e48 |
| SHA256 | 3ee5c392305f78a81639c49e117501ba8fcf1edac8221a24ebb0d0bab7db2011 |
| SHA512 | 622ac3c1c7a9c0b46091dfdc4ebb4475848b15455eea155304c86eca933a1d4471c68de89ba2690feeb9bef9ca126762a0ea1e809a02ed130ec9347aaaaf7a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194943bdcb5373419b31280f9f11b11d |
| SHA1 | bdd1874e99688727385fa4b8be4abe9d3188ece2 |
| SHA256 | 411c26970b8e09609ab7849681128dce0cdb718f3cc31fca5c5da71d11cf20a6 |
| SHA512 | 69f1a074740fc6375810620c90a65a5211dbac2da06e2793b9431c71502d61c1718cb6dbc1512a68acba7786db6f29b677d2baa2e822b3bc8d4a9ee1df5f0201 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b181dcdc091351acb542a0376d41169e |
| SHA1 | 3d96ea7477d7e4608897edf505d15bac5db1ce27 |
| SHA256 | cd5017151fe5746752e524e8f9a6e5a56d9e8259320bc520472049f9b18f41d1 |
| SHA512 | 6ddf9a8fe49b813d898e4a9a267aeabbfc5f6dd0838c647bc473077133b73512cd15ec34dca2ec42ba2ef90f76c432ae99b3fbbfd5c1328c65b7f02a31c6a99c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee60ed718435a91d3d32c9f6fecd7fe4 |
| SHA1 | 42157032a34a09cf449d894ea29b955d3e1da32c |
| SHA256 | 2e078a9c30d17a9b5f8e48332fc59adf4abbdc759be86d9e59df9478e512743a |
| SHA512 | ed25db1757202b1603bbd8bad216e0cb839c32364ad8fd863b8d0191c9a289ef6b218b34e28f31b72e36b53d3040dcbceda52c27a47d426164eb900bcd4af9c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf082cfc868b91d0606357d2de75de03 |
| SHA1 | 1d60018b390473dfc83bc9eebeab25a5bf88b243 |
| SHA256 | 8e4a3efc36a311f7c33eb86bc6239eed98636c99968bc808c44fe3c57d2745a1 |
| SHA512 | 0a35a34e0dea364194a5d5f7826e52d6aba8fe78102e7a246b542624ba2a6009686d45f6b9827aefdee0a16546d1f7a38bb7362f9d0771f07db03a71b6a425da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67a7806bc48cd97466de173a1e901471 |
| SHA1 | 76b46631ff627e376a3bf2313fd2974e0c2d4537 |
| SHA256 | 69e711bb1b340df237b81a4fb2b916c647a7248000d3aea3f0841f5218bb0c40 |
| SHA512 | 49359f7e887c961648e372cd661aba9f966dc3c2fd822674e8c4b8b14a853cbe222f9b7e8494d9a554cc124c433accd70b86faabed967a18fef0b3a70ac21241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2923ceca76cf5dc7539338b85eaaec96 |
| SHA1 | b912dfa642d3f20b8f318559c2051bcdb5e4cf2f |
| SHA256 | 8d1afc72014a42b4240825468f26dbdb39322d196c364029fd930c56b10c6490 |
| SHA512 | 087454e4b3e5d53239c486387bfbe6ca18668afaf856484dae15e0832b5da3b211d3555c67c22b94e5a5b8bf86a36a53582d68c9279e2238d474bfbceab6927a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aab5bf3d4c02924c02a93637cba9298 |
| SHA1 | 115d21068ed02abf0132abf9526ab980fd3cb8d9 |
| SHA256 | 2ada433c92d8db03e703ddbe51fe72968fda9d9431a68a49be5be86f82fda654 |
| SHA512 | 7b960b799b15a0c1ca06ca630e2702c242bc2cd4e187c6be2932c8a71421b3aa404f13a4172168ce97e6b3d141024e4ba842894e93922a97fc9a99c470581f33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19a4ed97e6f8f883616e98712f17efd0 |
| SHA1 | 71cf96e5782bc3351b5a46e1e0ff48c4bfbf467f |
| SHA256 | 8434768fabe74118804b99f355409aee670bc7f2743638c9bd5028325bd77957 |
| SHA512 | 3d16931c0e80133d6b5098837983c90244abb3b91c7750e9a1b807a72e57e0f5b25609a8597aa9faa1122b221df15a2fe26586d7c28695bceca0971812bf25d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 321772b0b93df474254712332e98c5f5 |
| SHA1 | a5ba57025626af41b431ab4094ed7caec52c7e7f |
| SHA256 | 250cb0efe1f2efc408c517c4c79ecf5624d4dad73ba2803c2d7827491942adff |
| SHA512 | 1df16e2396cd13ccfc24cd294a5e043100e1f16f78f80b31b779fc6bb8e1d30d907b31cea071095371a1e4bb4989b3d69d716a2fe84430073851d14f8991c8ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95c41c1c90740cbe1542347b88a24e0 |
| SHA1 | 8379fd7c05d74529253b2a0515234b2d77dca841 |
| SHA256 | d8165a43611a9ec5519f79dae304a55ed1581aa14fd080748d5d87f470841fd7 |
| SHA512 | da87bcdab90753d204e33520e1be04e50339b26063ad5ad3f034b46e048815aa0f990355a7e382300b96ab93da09cb0fb253665329c4bc4431e9de64c99f438d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7d3daeae409e3573ee13fed7bf92897 |
| SHA1 | ab698af7a9ea76dbcf09c1d7beca5c52e4d288bf |
| SHA256 | 77ca0218a16df0d4fab8580a2fdc437d0155ebcf2bc79ce1fd450c9a3a99f0e4 |
| SHA512 | f3c1853a82b16941318dc85fdc44d5ed71d86da779f193e2a4705a18ecec0bea83bd02f2f932fdd1053b1c90907e150c051c8f541790f58a24149f7aab09e864 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-22 22:42
Reported
2024-11-22 22:44
Platform
win10v2004-20241007-en
Max time kernel
108s
Max time network
119s
Command Line
Signatures
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\svchost.exe | C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe | N/A |
| File created | C:\Windows\System32\svchost.exe | C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\System32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe
"C:\Users\Admin\AppData\Local\Temp\0a60ccc70306d123abe0cca9c282b476792015f0de3e1df4395f357b18c10534.exe"
C:\Windows\SYSTEM32\schtasks.exe
schtasks /run /TN Update
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc4546f8,0x7ffecc454708,0x7ffecc454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3088 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc4546f8,0x7ffecc454708,0x7ffecc454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc4546f8,0x7ffecc454708,0x7ffecc454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecc4546f8,0x7ffecc454708,0x7ffecc454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8165954509866478507,2399153000689704885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| DE | 2.18.98.139:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| DE | 2.18.98.139:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 139.98.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.182.143.211:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 52.182.143.211:443 | browser.events.data.microsoft.com | tcp |
| US | 52.182.143.211:443 | browser.events.data.microsoft.com | tcp |
| US | 52.182.143.211:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2536-0-0x00007FFEBCFA3000-0x00007FFEBCFA5000-memory.dmp
memory/2536-1-0x0000000000890000-0x0000000000968000-memory.dmp
C:\Windows\System32\svchost.exe
| MD5 | 3ae4a965680a6b9572c238cb51cd0f33 |
| SHA1 | 850b303af5b5818c8c34cd88ce67acc6f093c248 |
| SHA256 | 51f1e33f84709ac4ff359e47fc0c98395cdb12bd70feb8af78e40f494ef9803e |
| SHA512 | 328cafddc052b566033bba0e5714c0dbc53e7c442500969a1a556e9fb90d97fb9efccf233ac4632d148b2d6350c54a0e5a8c6d4be5b19b1dcba04b0a61e17bb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_4508_BRDEVSGQZMINFXCT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 626383313de8acab47dabce887e27c5b |
| SHA1 | b583e5940b3d67e4cbb2372ac00457d99078e197 |
| SHA256 | 0497be6d54e6c978a08a1b0acf785aeca3b9c0663ca57a12cd1226951396e272 |
| SHA512 | 4f1d5848263ceb8d27b46a0eb28e1a903c0c34e2b565f33d7ef396e50bef361e0a1acb3054deeb6a256c6fd4b95adcf22ab157884c9c69f7855a94731469d41a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d3cd046e653fd3124eb2056e81e18a50 |
| SHA1 | ca2f524b750fda0e87b16fbba628432aaa8c663f |
| SHA256 | c3232544e711e8fe3af66133bfc16ee45a064edee07d412b746ef38af40fc7b1 |
| SHA512 | f1ad9d257fe7678ffec05f6229349861dfe606ae635b597a3a2dd72208e8f2ce982d91c260dccc79fa9b4af02f949f29c91a79be6ec446302eb55ac12fc74cb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4934016b4d0eea167553675dbebcb80a |
| SHA1 | 81f1f0bc06e615e3377037ac381850a2f5f645c2 |
| SHA256 | b1586af741608964787cf54c82ceebdbe45e54f8142ecffd47a45e5345969f8e |
| SHA512 | 7c60cfc14470df339fdc058071ed9445e18083564a4bf78d5987fef26db007c6b6f664c976bb4b5b5af97b7c36f2a77a9b8e35709fbe0fff4cb1e2271a7be156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e5a921d9c6f9653b6b316e46ea838ee |
| SHA1 | 29e5042d8f82f82f1ea92be4bf6f164ebabd4dd2 |
| SHA256 | 89141fc67f65743c2398177c0e40710f47f45755d7d385457ea53c49fac40f89 |
| SHA512 | 7f6019b1666e278539874062244ee38b936029bc37e1af3dba40af37701c9393c91f8801759d6217b67662aca77050c28a5db121114d13aba3d3fcf03ea6579b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 32fe5c41c8be4730533b24849eb992d4 |
| SHA1 | a7c6fb7380ab8ba18a92ce65709bb44373770d3d |
| SHA256 | 174e2b276c85066c277f923bcd1bfc085c0b3a836e1e4eab5fbafd5c9b804411 |
| SHA512 | ba15cb8c63de949ff41b2fa0cbe6a073ee3f446d820fa49364f449b342e0f8ae58868c141f155734855c7679f5d9038e6935b513f782d8e073df84a58be81436 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 6c66566329b8f1f2a69392a74e726d4c |
| SHA1 | 7609ceb7d28c601a8d7279c8b5921742a64d28ce |
| SHA256 | f512f4fb0d4855fc4aa78e26516e9ec1cfabc423a353cd01bc68ee6098dc56d6 |
| SHA512 | aca511bfaf9b464aff7b14998f06a7e997e22fcbe7728401a1e4bd7e4eceb8c938bbd820a16d471d0b5a0589d8807b426b97292fc2a28578a62e4681185556c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 522037f008e03c9448ae0aaaf09e93cb |
| SHA1 | 8a32997eab79246beed5a37db0c92fbfb006bef2 |
| SHA256 | 983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7 |
| SHA512 | 643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 831a0aa25af2c60a7380ea75c321d930 |
| SHA1 | 140ec306c24ab6f348c4dde5900b219d817e2026 |
| SHA256 | 8cdde5daa52335c0a4e416f6fc22aa80744207a38fc276bd65341c2d2e903557 |
| SHA512 | 0147937b2b2cf9bbf7e8dbee2d598e156c6ce4ddff224b3dc48caed96e89038ecdff1ace743b82fdf6155c40b674f4b1983693dbe45c39898487d3b7be258161 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 240c4cc15d9fd65405bb642ab81be615 |
| SHA1 | 5a66783fe5dd932082f40811ae0769526874bfd3 |
| SHA256 | 030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07 |
| SHA512 | 267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 4d0bfea9ebda0657cee433600ed087b6 |
| SHA1 | f13c690b170d5ba6be45dedc576776ca79718d98 |
| SHA256 | 67e7d8e61b9984289b6f3f476bbeb6ceb955bec823243263cf1ee57d7db7ae9a |
| SHA512 | 9136adec32f1d29a72a486b4604309aa8f9611663fa1e8d49079b67260b2b09cefdc3852cf5c08ca9f5d8ea718a16dbd8d8120ac3164b0d1519d8ef8a19e4ea5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 34504ed4414852e907ecc19528c2a9f0 |
| SHA1 | 0694ca8841b146adcaf21c84dedc1b14e0a70646 |
| SHA256 | c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810 |
| SHA512 | 173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 6e78ee324e008296108bfcdecd77e318 |
| SHA1 | f7c39ee02c65bceb2c66ad2d7f45523feb5ad156 |
| SHA256 | eb7a4ff0f8ed4c8a95b2183968b5a59f4058b177f580ae2d2bef4595b6f6e092 |
| SHA512 | bcfff936bcc46ab4120690cff3af93491080e13084ea2bcd8bce1a2470ea86eb007d695aef23b73e0b84cb3c7fbf351d025be47ec5d232ab613a420074f8a448 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7224fd8688eba64ce6aec140889375b6 |
| SHA1 | 37f9f344bb73d3f8a68226c9297734347a8c51a5 |
| SHA256 | 7eb6f877004b45894567192d7cd8806dbc7edbc329a94549a683526320bcf1f5 |
| SHA512 | 715edf1aa16fc3627a85247e5e3479215f65409b83d360b4a3a4f8eae7ebfce791de5fc6f28c7bf4acd4c488ec66140f91fcda6b416ab160d142741c1ebb2247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c5db.TMP
| MD5 | 86a2bbe91283412e381e492c81110f38 |
| SHA1 | 996aa57b4808a8de7b6f13fa1127ef317bbf5f22 |
| SHA256 | c10f1fda7b2e953dbbef4aa293de43683da1a6ee213c103ff4c635c6868dc25c |
| SHA512 | 1e5c79cc645d5d023e2eadc170fbb70bd66ef72e5bc550de11b687000e0536fc1a2eda5ef712e33bf9d421e5f73b9c3a7200a9a69a95b14bf0cc65cc5476631e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45583a2cb646e2b2f3b1d4063f67791a |
| SHA1 | b71285f7a5a2d11c022c26ff8736dda0e39854cb |
| SHA256 | 4bdcc5ab45b8186c0d4d7c4c0ecd4c71bb08aa988f2bd8c27823afadd86c1fcb |
| SHA512 | 6cf00526e0cc0a4043fdceaf1ff5cd386c9bc19ded05c7b41dea7afb2a16fe91466ee82646d77e1713d00ea3906c45c48b28b350f28db86c0c55c6eb7722408a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f0956b7320621e2add229397b16cc4e |
| SHA1 | 87428f0d0ee271f3e9edbb647569ffd17e6539c0 |
| SHA256 | a0c000dd88d7120fb62fe5008e6b6dee6a948e93cbe6fad152ab227bbb04f71a |
| SHA512 | d00a4b80c6ccc972a6c4d35e1a4739f49e4292b33ea83924a7a3f8a0a599fcf6714da0431bdf7f1f4a351febb000d91f63e010ad0d8070163822f262bb5bda99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3ba9b343d6700d35a394c479d0bfa9c6 |
| SHA1 | 4603266e4a15967b337bb48e23fc91689e1f12ce |
| SHA256 | 1de147623959bc2ff5a9eb76a4c46b84ecb2a53de91898129908233fbb021902 |
| SHA512 | 4b55decf39d24b95425e4c2a9422277521c7c9d5ee7204c811481fd0583d21f5872b7fa3ccbb3d3a073f135c053b92d9c2076032b835e802fa47358fb53dc0b7 |