Analysis Overview
Threat Level: Known bad
The file https://wdfiles.ru/2ON58 was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
NTFS ADS
Checks SCSI registry key(s)
Creates scheduled task(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Delays execution with timeout.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 17:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 17:39
Reported
2024-06-04 17:41
Platform
win10v2004-20240426-en
Max time kernel
110s
Max time network
113s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 158950.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\IloveCollabVM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wdfiles.ru/2ON58
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e95b46f8,0x7ff8e95b4708,0x7ff8e95b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,14672588238679879969,7309513079518048129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "IloveCollabVM" /tr '"C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1BC0.tmp.bat""
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "IloveCollabVM" /tr '"C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe"'
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe
"C:\Users\Admin\AppData\Roaming\IloveCollabVM.exe"
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\IloveCollabVM.exe
"C:\Users\Admin\Downloads\IloveCollabVM.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wdfiles.ru | udp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| US | 8.8.8.8:53 | 41.72.101.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| RU | 92.101.72.41:443 | wdfiles.ru | tcp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | 36.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | csp.yandex.net | udp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | political-contributing.gl.at.ply.gg | udp |
| US | 147.185.221.20:10850 | political-contributing.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:7707 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 147.185.221.20:7000 | political-contributing.gl.at.ply.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4684_EXRLFKDUHXCJFCNL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e5caf6ca6ddeb10fa7a9c1104b21d0d |
| SHA1 | 6a39a2e9b1388be510928f2296674aadb4fb14fc |
| SHA256 | b2ff9f3cbbde988526b65d0c75ef65a3013a417c9863a6b88562e0f673756b5c |
| SHA512 | f5f69f612b2b800d74bfe2313d00578f21475b64ab196183d9d6e804026a804cf50e3bb414bccebaf3b3fb269f9e9a2c1a46f8b29d96bcdcc53d459e2580afff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 98f7ffdaf6fab58b8f75db881fe16ebd |
| SHA1 | e55fab1fc6da1c919211de9ad3e66a57abaef5a1 |
| SHA256 | 7defb4bb847fc2ce46225bb5a2a90cab26929f4a446f6c37f30928d10141c006 |
| SHA512 | 399281bcdafa3db33b0fa7a0a907eb595302c2192c8bacbc3eaac268b90a6d222295b414909fed71f9f9944749a802722913cfcf603e5910b3cff7f54fbbce8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4de6c9d53f040af6bf2ef76f901c267 |
| SHA1 | 969a8bbb975409d339637a6a71b3374b2511c521 |
| SHA256 | ba28b112649a0b75263bb340095f0952336b19762f6e974604b18b8f915b3f14 |
| SHA512 | 8afc1cf6df28e83e4e924b9391c62731ae46c4db47fe4bba88eb0c35c0a47f128c4282b12517c33a7626db0ea0ad63ab8d4b1ae70f049044d78f780108c3c766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52ea84520eb9a915aa9b9951cc66b0f6 |
| SHA1 | 5694d846b01bd9ddf58da58b2235237cdab7a6b4 |
| SHA256 | e10180c611e92dc1d26fd0e6acb196e935e373ac91f714c78f45613341321fcc |
| SHA512 | abe71285a68b3080f698fecea75d78444ef63cc47ddec57ba378a934984fd262affca2823baf11d9a3081c4248e8bab2fb8e37572e4622ab9411bc20f108bd7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45bc90a9204dd7c7abf88ed1a0d91a7b |
| SHA1 | 84ddd606c1f12494e403ac7899f7178d51f22e05 |
| SHA256 | 86d2be73c0496dfdbae82137b99584037f2d59ef4ca37aeb0328a8d02c3aaee8 |
| SHA512 | 6accf4c5b9d96731d0145da4697dc7d31a6068b083a6cce2ae282d7e43b9efa04a38ee2d68777fb75016a6a207de398a092adf360254bd3ac4b6e6342bde57c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8ce.TMP
| MD5 | d02460a8c2c6db0b8ca86c55de859c40 |
| SHA1 | d2ba6217d4baa46f6317334d294bafeba81d5cad |
| SHA256 | 467208895e4ddaa6b1bb88753e264db4263f7b161d1d967e2eba1781f4d883d3 |
| SHA512 | a4f6bd3fb8d6a217b8a33f87ee845a55dbb45a38c68341ceb5e94a60a00a8c7a3671a4ee6130b4bff81f0a3fbac1c6071db4131dc2758c4282969a8a3ad9c8d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee667bbf1725eeb6928b941c54db5c79 |
| SHA1 | 6423a3298ba9632ca75e1be117abcaf57dbc6a2b |
| SHA256 | 805348bfd9030eabbb80e830d0cdf3851473eaff61ba3c792c4bc871c6f66ed8 |
| SHA512 | 3b6afd474efa94b8d81d35f2898021dc0bebbcc197dc3f162bbd6e9a32bc0d2cdfccccfccddf6861fa1230d68f7468d66237afd61479307f20e1989f093acd3b |
C:\Users\Admin\Downloads\Unconfirmed 158950.crdownload
| MD5 | da0ac8ac08d3598f26eddcf3d1c7fd9c |
| SHA1 | 64c3a9fd54acb5c5150cd2200b2f0b0405990ea1 |
| SHA256 | a9eddd709a85f3b12a97c6d11b09da4c368ad1b500410c22f37351782a9d2dd8 |
| SHA512 | 3bea0b83c31bd9e357ad5d0fbf24b6fd7802562a7ea48f4f5001169856802e823afecf265a05bae659fbfaa9c99684523344e89f9b5c9a12d773dbf499782671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6bbc4df6cd4761068e00da535ea1e1da |
| SHA1 | f2ee23fd2d2750c7bcaf8cfa960c1ff5ad6bb865 |
| SHA256 | c4d332a331116fabfeb205b4c853a5d836c192c82fc6dd8593aa9dfde217bf14 |
| SHA512 | 9520a12098f67a1c9d6a1732b69f956d726fd82474791bcb457295f4d8650a8ae80d767c76f700b307d20812c794a9e8c3c268d0feb855b7e99a86f54969669f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98ef8bc45fe62537c557e21b0f8e0d23 |
| SHA1 | 998d849fc70f2f204cc78fb554792fd4c52f5953 |
| SHA256 | c26e23a04ef377b592461544fbeee8ee1bc3a1d4b16cf2f3dac9ce4405456603 |
| SHA512 | 8a69e4c630ee5d5c48b6dffd79463f84a2623abaa92c9b36c20235fdf28f1d3ed6ffd29758725635e138565f3103202a38c60e474e7f3ea998e8fa6e9493cbb7 |
memory/3716-390-0x0000000000C50000-0x0000000000C68000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29cef471c330a9da186d599f9ed3996c |
| SHA1 | 722ca3d33fa6dbb007f765755b9076211f34cba8 |
| SHA256 | d4312476a25665f3fe0956bbbbc063fa5068d76aee21fa4e10ae4511e2d7a441 |
| SHA512 | 52800a089878a73e5ced43683de3029a1ad5646cbdb42632c83658006daff82e1dba5ec985d1d6e6176a8b2056e01ca67c4a4e3865dbc93bdce304584986388e |
memory/3716-400-0x00000000055E0000-0x0000000005646000-memory.dmp
memory/3716-401-0x0000000005A80000-0x0000000005B1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp1BC0.tmp.bat
| MD5 | 3dcc23f5fa5088042d787d55ecc2a42e |
| SHA1 | 2c5c6ee8b0469f3cbf4fbb9345da5743d1811847 |
| SHA256 | d75cbd5cd62de66358552253ff8201bfdd2e2f6aa396f66b34acd1ca74cc8ad2 |
| SHA512 | 1e494231d958cde6623176f1227b4966c39011d575ebb317d183c9a7b48c866ccb6b0c438a88e82cf3761911e48cdb395b5d252a0b42f10cc86639d8cae52e83 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IloveCollabVM.exe.log
| MD5 | 54920f388010333559bdff225040761d |
| SHA1 | 040972bf1fc83014f10c45832322c094f883ce30 |
| SHA256 | 9ed5449a36700939987209c7a2974b9cc669b8b22c7c4e7936f35dda0a4dc359 |
| SHA512 | e17aa5d1328b3bfd3754d15b3c2eded98653d90c7b326f941522e0b3bd6f557880246a6bc69047facb42eb97d2e0ed6c46148dfe95a98669fc4e1d07c21a285c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df9b935ae0d8fe92f0430c21b52b7517 |
| SHA1 | 022e95d8604803f5227026216c8700934cf7b8cc |
| SHA256 | 95bcecc460c2582702b5f86e719919738c94d7762981ff13a548f7434027f1ee |
| SHA512 | ce8b2fe971db94bb74734efd9959864fbf605d507a9bfb5427f3e5cfb9c4ad7c7a4f812e8ae5a51e07fb87773ae8efb0f978e54e3c86c945360339ef28206d4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 99a401c4558c7993afdb7fc853189e15 |
| SHA1 | 45e092e6e34ee301ee203e338da586f1bd11426a |
| SHA256 | 604f6dacd00b17e181d570e0f376f7a2970e96bf4cc27e54d47c45c34c99df18 |
| SHA512 | bff6d0f26db646413b55f60cba0ea05206317b4c83ef0cc6df586aeca756e84526da771d1becd349138891c8cd66491e36c2ee964f9fc2b3b8f9de879af9bd05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7354210ff0a5e439864c3a7d5b8acdce |
| SHA1 | 7cc608d79df221932eb84de8219a0560ede366d1 |
| SHA256 | 3d52bc4b4f5b270e18c985d96752334cf06321909a4d9c6b73120e4f5fcbf09f |
| SHA512 | f49801b084e5738145a87ec4cb15fa2dd2aae3aa88579a69b94d5978ee6319bfa5fbb9302a125cf8ff534e9797b2e7609255fbf62012b0ed90cb91ec8c01294e |
memory/4612-470-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-471-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-472-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-482-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-481-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-480-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-479-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-478-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-477-0x00000231C2730000-0x00000231C2731000-memory.dmp
memory/4612-476-0x00000231C2730000-0x00000231C2731000-memory.dmp