Analysis Overview
Threat Level: Likely benign
The file http://steamcommunity.com/75848365136433 was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:30
Reported
2024-06-12 16:33
Platform
win11-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamcommunity.com/75848365136433
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff960003cb8,0x7ff960003cc8,0x7ff960003cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C8
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3068 /prefetch:2
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2041153
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff960003cb8,0x7ff960003cc8,0x7ff960003cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17043218363851988089,2606907048213305950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:80 | steamcommunity.com | tcp |
| BE | 104.68.92.92:80 | steamcommunity.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.83:443 | community.akamai.steamstatic.com | tcp |
| BE | 23.14.90.90:443 | cdn.akamai.steamstatic.com | tcp |
| BE | 23.14.90.90:443 | cdn.akamai.steamstatic.com | tcp |
| BE | 23.14.90.90:443 | cdn.akamai.steamstatic.com | tcp |
| BE | 23.14.90.90:443 | cdn.akamai.steamstatic.com | tcp |
| BE | 23.14.90.80:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.72:443 | steamuserimages-a.akamaihd.net | tcp |
| BE | 23.14.90.82:443 | avatars.akamai.steamstatic.com | tcp |
| GB | 172.217.169.78:443 | img.youtube.com | tcp |
| GB | 172.217.169.78:443 | img.youtube.com | tcp |
| GB | 172.217.169.78:443 | img.youtube.com | tcp |
| GB | 172.217.169.78:443 | img.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 104.90.24.180:443 | store.steampowered.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| GB | 172.217.169.78:443 | img.youtube.com | udp |
| BE | 23.14.90.89:443 | cdn.akamai.steamstatic.com | tcp |
| BE | 104.90.24.180:443 | store.steampowered.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 23.14.90.99:443 | store.akamai.steamstatic.com | tcp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| GB | 2.18.66.75:443 | tcp | |
| US | 52.168.117.171:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| IE | 40.126.31.69:443 | login.windows.net | tcp |
| N/A | 20.190.181.5:443 | tcp | |
| N/A | 40.126.32.68:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 196eaa9f7a574c29bd419f9d8c2d9349 |
| SHA1 | 19982d15d1e2688903b0a3e53a8517ab537b68ed |
| SHA256 | df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412 |
| SHA512 | e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f717f56b5d8e2e057c440a5a81043662 |
| SHA1 | 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f |
| SHA256 | 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945 |
| SHA512 | 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15cc7e10-898f-450a-a2e3-547d44b42d75.tmp
| MD5 | 84ba03376abcc31492c92350cbb6b0ea |
| SHA1 | 44793ac72bf6963097b3d41daf1ff435ef3ff571 |
| SHA256 | 4c17a00bf13839e40608c7e33e44084c1b36acec49d3df88cd0e287313c3ff31 |
| SHA512 | b4426e4593d32a1b03f0a79be194ef8e55358e0a036228510ad05780fe126041678e6f0e1fb5a2bbd1f86c2dce59382c524db19653da640c74904f3a2218f005 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2bb5f3e3dd562b780fce5289d64b1078 |
| SHA1 | 2b1f1c72610b7b1d9a1cd3ab00be0a08ec08cbbc |
| SHA256 | d9d4f7440017025f69c5afb97c5c622d1f3f7da4a6e9eee48780f27334228924 |
| SHA512 | 86b5d8fc50ddcf5640ad17836ff9b3e0e02dda818226b989875f8b8c7349791b188a7487f726b3df7ae260ac2f46daf23032f9b59c048560b824011f5cf3b712 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09830fd1c86ab2c52b0c82952cc1b3ca |
| SHA1 | 1f922dcfb7525c3b81428efdf7fe74defe25c048 |
| SHA256 | b1113e0afeec8d49cac937e4500a357a1cb8baeec5e6a55b3f0e908a3c3e3c95 |
| SHA512 | 5ef176cc6b9eec85895a2804dadf69a21c3e761a5598c4506a94a1afdb627249114aa106576f0fae98c254cf5e256f64fdb9d7bdc5e27743b6c5dd8b3fc399e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c8a70d1b07644fe3d86f02364664fa8 |
| SHA1 | 766afdf1f99633164086eea7c93246a98a5eea90 |
| SHA256 | 3707351c3f1e30d27e27e1739b950ab5e0c4e757a30c49bffc46938a44448e95 |
| SHA512 | cc15a09ea0af0ed67eadd5427d8e86a7cb4b6a65069b299d1829325f682d105c66578081deb5eabcd61d658ae7cb045307e4b5986b74517395f80ebc0aa59693 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6cd847b3675cab070b86963b29a2106 |
| SHA1 | 1f00b8f40f30bc58cfb43b96742a844f1f21a2e8 |
| SHA256 | 71672932487b379b357b40cc0ff25a0283972454c9264f8eb22d42ba80d8acac |
| SHA512 | 4907d0275cc824ab67e7e278c4d377a66415d26ffe0977b9b01490334fcb69596d1df14d7426616868b2794f6504fdf1ba9f9750a4cad7e43627556b40ab4806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88fda258d4c8bc0878e3fdc36511b93f |
| SHA1 | 7e99e273435e4dae4f97b13ad565dc0b47fce2d1 |
| SHA256 | 10252918ad63f6abfcfd6ef3d77d93a6c07e935d493a287d56b0c8bbc40a34f1 |
| SHA512 | a09f8552df1f69f312d58f588487c6d4193a6d56104f89e2bcfc5c56c643344057c61481a4151b41c988f84ae093f3e04a1ce805cbf85675b8b7bda883f8b378 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5843ca.TMP
| MD5 | 2ad3938cafa2e8cf1f7d30ef5c47cff7 |
| SHA1 | 6a6f186fc5703ad183689f7b28fc003f87767d8f |
| SHA256 | a46e80971536972b26dd42415c632221a066a4468d2fc63a36bf2725310df7e5 |
| SHA512 | ce1aa259b759c743f38d762321889d0d32e17959d360c1305e1fcf17fbb46ad4a5539b0194e5a4838f0def6f262a4fbcadd30ec3ae9b10aece1298246762d5fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c12e86ffc4aef9e1971bc89a3026396d |
| SHA1 | ed2e09eb56da688e777d06b0f6b0983cb8ceb9e6 |
| SHA256 | 2eb736c04ebfcb99d0734df2ce0fff0883f06138ced7156f0c7822e4dcb217ab |
| SHA512 | fc504d655519589477f8c9acbdadf9564b5b6a3bbe806e2e3066bb375c7e7768189e1efcadcf0a2e91c603ed3b3f04525dee89ee9ac64fc7b841b15d38455099 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c7c4d8b45fc3d45d4ae1e9f0728fa2a |
| SHA1 | f6eb56e134dd9c8ab6d66b2fe0899cc211f9bfe6 |
| SHA256 | 9d30ebaff8eb54abcb48e19760bf3d6cda236c2559878f62fc473c93c690a02a |
| SHA512 | 0a284990a3e3597bbcd0219937b9d1483a01f9ad2c1af9666acaa9285b676c4453af86579f7565a7dab73c987ea3bdb662731d9440c20f7910a022ee1e0000f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b8a5c7be1cb986db8cc595c7f5408e1 |
| SHA1 | b89010470521a6267cb13295911acab4d6554bee |
| SHA256 | ba1987b7adb7c0477e32879ca9892c5c13e1e2c3ea3a6f4227138a35b0f0cf52 |
| SHA512 | 3d407a29a04725570814f874f45e0890dc389d89a3f2087866f07b4753dc908dc2a9b6667660f063ad81c93815169f19e0ae752123afd24e6b09bb837e3b8288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3527ef7bc19288cc42cdbef2532a00e9 |
| SHA1 | 69e40a5e6d97c7fab0ff59e5f96d0f53deb67415 |
| SHA256 | f4317eb94cd7b08de0a020bc080daa52516be648b5719ce7104be2321376f978 |
| SHA512 | e02cf8536d0120cbd57e18c862d0f1f21af5051a24d12e2c13a322e8e92313c249a7dd308dffc5dfd10b89a8116773da75635664a6c9132dbfeb632936255088 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0bfd0a7fdfc1e5dd23d652ef6048693 |
| SHA1 | e6aa22b5f5265c71945037a5ebca66e92180e3aa |
| SHA256 | afc8250c20503e5ed146983a9238cc183102957f8ed5b3768fcdb9a2066ff2e5 |
| SHA512 | 85f36c28f72294e7f0d4846edfeea06406295f518a27362dc1c52d41da3c38642d566e5f9bc34459dc2e51692e54c8fd065ae6d7415d210059f31fc4a61018e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e79590134507aec7867f1be6628a18df |
| SHA1 | 78022802d16361a63f63ee3a9185111fc61e2953 |
| SHA256 | 5321940fb5a814975f1515e6fbe984ae7c514e1ee0ea2cd8f87187df9b98d442 |
| SHA512 | 219863d5f7ed4263422ecfd948117d1b128a7fb752eb7836903ee3e4ccde872ac4eaa41028b6a3980d1e516cb04523f92ba7289c817a88dad6ebed3c777149af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d20a927bd4b44bd2f0f18293f569a60 |
| SHA1 | 3170c97a7ea924f4c6bda96b79a02a6e55b4da06 |
| SHA256 | 366685ee46f4217257c4f0fb4235f3ab50cb8707b75f591bb54f4ef73fe27bf4 |
| SHA512 | b9160cfdac7b948f0210869346296b2455b76d44d5c07be62122d0c6d64de3012606d52d9c277d989f7d5c15a9139f5690d83716124867bbf5f486dc86fb6c70 |