Analysis Overview
SHA256
a29954a0eebaaaae33399a5327e4fbcd1b2b0ebb8a1cbb6f2600981af1c3dc81
Threat Level: No (potentially) malicious behavior was detected
The file . was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:18
Reported
2024-06-13 18:20
Platform
win7-20240611-en
Max time kernel
137s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00bad530bebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{580E6F91-29B1-11EF-9266-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b8a65226fca42ce57b36ccee7cb00c7bf9416400555bf1fab2561a71e9c1026d000000000e80000000020000200000004791f85427ea9f945983a102dddc12d9a39288edb97f11bad9b8b6b5f68912e3200000004dcfb2bc16af970be4c7dfc16767867ce91b49fd06667e3f5da0c75d27e8f3da4000000049f643f9cd69a3d3ba2116ca1cd0ea99d095c7ead1ab4d2644f1ca8245d739daedcf882fefc6101a996fbf8fee642c73c40dc090f35cf1f1bb83884197e2199b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000058c799c2a347229a0eb1f591f4c80e34e51d31c7e9a8e9ca36b06702e08a4622000000000e8000000002000020000000467551c65e11e172ea72ac4429b4fe7b1ccd86ebd513e780aba192d95b32c1f690000000b92446bf6dfc2ae00df2becc0b5ed444489f32c37d2bf99c1eb3439d3b104bb24652f77db9f88ebf5ceabd0f842f838911b8dcac37fad55414aac3d9eff41ace22d9edb2a671f9d1037b22e27bdf319113e2c94ddaaf8047f0452ee22b074d08000f18f4b1f9162471d90199f6e32a922e1c80e8810788b1bf5431af09b406ed338ba52631f6d884f3dee59b002d4f5a40000000a9a511f08bf0abe67ff75bb87ef3a105d82e3357f47216dd5b9643697399760b83e2886aa50fb2346787ae9a63ec4e0e8743c6894ddce5d3d5476af1fc9a95cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424464583" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2968 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2968 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar6FDA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab6FB6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a16fa43ea5c8bdcdcb00dfebc4c20f |
| SHA1 | 6ca521fb5f88cf17958a01cae7d8cbc6cfa8d459 |
| SHA256 | af07c1bd3ca7eb01063b2134e8e85dac9a2f11240ec56eb911c75d53f01b5156 |
| SHA512 | 6e44653ca41800b715cc04288b5fa532463b4a6c82619b2e6b840568e196106a4ac040788357d80aee535f9bb06e843b32060c30a7ace04b424f077a4d24466d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41dc7bb75f10bdaf4a67c8d2dc12a6d5 |
| SHA1 | bbb6ef5d5550b45c87a5081bcfb8d9d036663c02 |
| SHA256 | 6ef06daf49d2230fe3a2c26a55b30afb3fdd62f1accff16e2fcc4013a9984abb |
| SHA512 | 220cb90583693bcc979b94aaa664d491d350c01c292ee8d85256bad83da0b154e96d326b5b0d68e571a817a7bc43b39e4c27daf2c83a27fda5f33eb0f071501e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d0c7bb3f512af19c3d18791b879afde |
| SHA1 | 61e31f4080c21668a59746156e2a1c419e061f96 |
| SHA256 | 25098eea493c996a8a8b070d7fd2c062c71bbe10e45eff06ae03a68a8f70301e |
| SHA512 | 8835babe2c6721663571f3e4b41a3a422874fd2fe498ea6751c3f64d689f38b976db305d5f76b36b4aa6a22a3859d3c02d64936eaa47b2ba2f746e69ce28230a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b4525c74e7c546ebf20267d1271cc84 |
| SHA1 | b888ea5c087c1f8a898980892e34de18e63136ae |
| SHA256 | a6ba01ea8d55b05e32f4b31dd719afe2b9771edfed73daca9d3d9445200ad581 |
| SHA512 | f826c79e039c80cd11800ab0928b08cf3a39ccb6e3213d155174e86d4c9942c5a9c7200eb0f4a15e2089da2e017e4d2bf67e027c2a712327bb41a357d41d1415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f246dfb34f6d80058572dfad1de92d0 |
| SHA1 | 50f53d05609856990e940f0ad82522a7bc0ab6d7 |
| SHA256 | 278d601b360f1b050f19468851bc8e77a4d91ca8d82886acd0d3d9606b311684 |
| SHA512 | df08b8eb3dae6331b2e04f5b5f90e176031c63af180377f5a541b5c0f7efde8e38a019f46c293cc27a1243e960727c110bfb8423911f83d09f8a35c47524b78a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc3bcf67e2c831d118fc28d3cb1115f2 |
| SHA1 | a78cc0caddaac80e86a9ebc899600f40babab763 |
| SHA256 | 037fd246787a746e2b2c1da2f2414f7f8a261fb4745602f93589f7436bb870e8 |
| SHA512 | 62739dc0357ce9856b43e24329190539c49f706aba5c8bed80d0516b80cd13654dbe86bd3e8ad6fb50a453f5c565b309e736c76a3fc8898092a864b27e61e6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b21dc57b08144809c7b521b32b480eed |
| SHA1 | afea2d98e8310024d0c070cce1bbce9200e74cb3 |
| SHA256 | 1c9061613e938e2e8ca36f1b5f7c31849bbc6625a1cad47625fe28e4535af8a6 |
| SHA512 | 9f9f729c3c70e220ee8a4829d4e572cd20eb2037609a6f1d489166d9545a33281376fe5a513c13590794fd2d4be77bca80f0a0823d6abd2d737af9398df0e7d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20aa2140aaefba0eab23b79e80069377 |
| SHA1 | aabc9cf1c084266cefd25a8b6385fea53a8d0c6d |
| SHA256 | 240842efb885c6372ad1b18501b2da9cd9c35c8fabf226fcd0695ea58c2ebc05 |
| SHA512 | de19c560949f3db124ca49d2693047de8d7dd9518143a180fbf07fdfc9e9f1701c1c1ae34ab427be07d94404214b360cd95958a834f5fe22380f5fcf1b0c6d9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de42a2a4213b0d24666aa15fd3cc982b |
| SHA1 | 0c2cae121d7ee0d49efbb33969a1d0f7e2fa75ce |
| SHA256 | 79cb0a0e0c6d3c0cad6c9dc67f09cdf596cdf3458425788cf7421d66b6bf6197 |
| SHA512 | 470ad409d4f12097e1a8fcc1cf05f4db3db9e9ad421ad77df7fd8d989ea871b7c3bb74ae03655f326c13b4f3feca236209ef610f66369bc99fd2c2c9d747012e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f479273ed570e97b68a1c5c97bb2f3 |
| SHA1 | b65ca56f9d1a80a2611a7e684bab2619640fafb6 |
| SHA256 | 735d7af35d643f093d220fdbd459c0143dc6a00107262f482796ffc0383828a8 |
| SHA512 | 974252b4af5168fc85c0d7d05c29653df6dd6de7342e92d3843f75971ed2a5c11010799f1e83687831b18de7cbb915551f236f82cbeed594eb1a7c30256a68ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee95767759c1d3bd8670211e85db79b9 |
| SHA1 | 06904a0ade1e2da70e3b109d5d4ee6f6f13ae947 |
| SHA256 | 032cc03732f087bd6b0d416554dd1a6bfa8e5e3c5b359b2506698abebcc75e77 |
| SHA512 | 381ba63daf55ce55c352039ba363ab33a68b0a53a7689ff506cffeaa7f21c74297160220f0737a6c6c986e3627d6960a1f16e2a3f2d6614a530e7e6faec7e7a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dc437ab7843dec9e5e79058861bfce5 |
| SHA1 | ecbf4750823fa00d04d0b26609260c120e0edc9f |
| SHA256 | 7d3b5c21c92afa63438eba99f210441573265a677fab8f8c269432036a7b5b77 |
| SHA512 | 7b3925d67e7b5beeeef4f828e068af0afa95f7552fb9f8fb1012e6a2d887d0593692347817d685395d50cbb4b9aa16e153b37181eec424fe372e80499645406e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a0c9188b444dd8844dc1d541dc84ab3 |
| SHA1 | a883bbb403aeba46898a44f256c8ae41a7fbad3d |
| SHA256 | 68bde24620af5d056c6132d326449170a1b743d327e6025e7c7d3505da55b6e1 |
| SHA512 | bf965381559fd812eba9a55a5a6c14d0e218c25c53f44badb3beb4a3587435b796b70da29bc17ae6a97046edc1c853cfbce4a9dd8efff4024f7418712845b3c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2d5daae0e3693cf142212d29d63acb2 |
| SHA1 | d50cb8314329da7033eb1e425c9069dd33b5d735 |
| SHA256 | cbb32b600cf426ba67b668f70add9c0e91df4d19cb92372cf5694fb96696fb51 |
| SHA512 | c5488b772ab677f5985a917a1ce68d99b847bf43945829fa10024f88f73826757569cd4eb77e0ceaeeb7916b46a27103ed05ccaa0146efd37dfcc6e0038c06bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92de45db0e2fa13dd13ba1b99e4185a1 |
| SHA1 | a68769398d2f46fbcf183e334c5bab437784199c |
| SHA256 | d217bb0f7cb5f73fe954f1f8228b7268c117d534cd78f710c4d20c8f5cddedd9 |
| SHA512 | e685bb8d43b08d7da80361d7891f7c13c283063585ea7aec6a2c01dde1f5c56b07ece55b48b46f0614ec3a4a3929980376a879163100efdce150aa9c491d5725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 789ea39e1a9dc54daa692ae66203e50c |
| SHA1 | 9e8a552f5a754d2e590ec0fd3b02aeb1ca0d2b65 |
| SHA256 | 8a4ea835590715841cd071029a003d1c5b4dbd01197d62849ec9bd8cc0b9d8c8 |
| SHA512 | f01dbc1881d6400c4305e71f121cee828d8d4d9b1d6c645d769111abeca39cbeca31a3bd67a27d746584746e7e99d3a6f675f59d6e0d645687130fdc358c9f8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47543f00f2715515296d65ba1ccee3a7 |
| SHA1 | c00a07ed67b344fb3ea85f1c23f99c2b89b3e99b |
| SHA256 | b4e51b9015029a2e66a474ea9b862a100de5c7b5f1ffcf50c7770081ab193294 |
| SHA512 | 1f57fef39f26fe819415c721c295faa2b528a768d5739be12bd04af03ff15cb913ede93c8f47d8f67f5f85d1bce30b5b6f376c96839167ff601809b318a474d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 616fca1e434d196387b38648fcfe2aed |
| SHA1 | 66bff5b2c1bb79a6db301fae55209dae1b84744b |
| SHA256 | 2bfa84af19545cb663126e808fc12935121b46c32c7370d77df60b4ae2e44caa |
| SHA512 | d334b3dc446a5dfc2cf40c2f26ff1dd9687f90c53724a7e65485b90aab0c88962e524dbe82fc4555d10feba2cb91082c8b78d9f8d9314c5e20129775c49985aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4f67c38ace53b5eac3d2a1849f4f6bb |
| SHA1 | dd967b27c585c0ab3f2074ffe60727189b5bc231 |
| SHA256 | f99e415d8f39969897f35a29936e1b6eb4ea151993d5159bc759ac21ad42089e |
| SHA512 | b1fe548154fa648a8cc5c0437324b15a4c5ac1bd078717a6b247c45ffaf14eee4099c2e515b93978f6ea397628905aa0a09818ba05c9e67c6ec18551db56ffe4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8729f4ad1a8c41e670e1037145dcc2f7 |
| SHA1 | 3850990d800d9e66f4bfe78db8839ba4f6f2d359 |
| SHA256 | 0a15d1c5c954731051b878d76435d14d8d9366068fc929b6ee4b27f4cacf8b0c |
| SHA512 | 14e818fca4bdbc899d08fb4d04185371100a69d86254b58103a11b741f697fced650510218ddfa10ccaa1aea9d135e453684787d224b1656b4e4973e16a8ac0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0f1916a503d19f06fc78db56165d5a8 |
| SHA1 | 2b40df95aab8a6738083984c3fa295f58e0e7dc2 |
| SHA256 | 21cff4ccd16a125cf9d1835a9f26809f51cd0754d01cca104642476cdaae64d2 |
| SHA512 | 317181966a4dfaec8756a1d500db5e7cc89874296dabe8b9de7a11a0a4ab9398ec923aecf1795e5191205bad301d369a65f6e1ae5426e733d86d5b4050eaa061 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df18f259bf46a53e86905b5a88baf416 |
| SHA1 | fae5c139d374d1699a49ff397634caf87d1aff17 |
| SHA256 | 4a308fde2c44b16f59951bfba997009946a3222e8fdae02238781063a8020d13 |
| SHA512 | 5c3cfedb1d3d01657be7dd5091977b0ab1a9719f687d4f449a79458b62274c05006b3072f0011f23b647998919fc7495e92d82a2a6507260de47fcf2f859a5c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74d9cf41164f5f2d5e6cdc1426ad775e |
| SHA1 | 9467589f6930ff1e141a563d06a3d0d0cde0bf1d |
| SHA256 | 0407c645e601ba949790e2223fca1f3cda2747114e45f97a22088900456c3cb8 |
| SHA512 | 145ce8b261cf5b07b03653df8e2480d213f5b54f2691184121b8531d842fc9afae5e7e7498d0c83461fbbd540a3f6c7417980d3d60f847fcf530cb851ddcfaf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2439e3bff0cb91cf6fbceb8e36eab26 |
| SHA1 | dfd79bc4f97b37f534087f7011fbdaf083ebe74f |
| SHA256 | 60aff17697fa3c44f92d32851ea3dadd273400df6dc7a053bf107dd1d087bebe |
| SHA512 | 78db36634ac1a8d2ce1a3cb6961c3d84de890c340cf66393c196038c3ee59a9b010d5061fadb54ec2b6df5e694d9716495c6b242274036cb1c2c57726388dc65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af9608a37042a9b79f906b59aa72459e |
| SHA1 | c59d98fdc18b29d5ee1bcecc43b20acfc0460345 |
| SHA256 | 91e2ad0c28931ca44768422d60c588a403025153c495149eb78a9d0b2f041d9c |
| SHA512 | 37f0fedd0a6577d5ec5d301aa834ddb207f7fb760a772c409e36b4d0a9eb24dbb1bae072ab4cace604d83b489cadc7f49628d5a015b382781b4b70fbaa1e600a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96c96933694ba35bc566408500034557 |
| SHA1 | 776b59d3316f901e6356991df809e4a9979e101a |
| SHA256 | efb30b6882b361fca1f0dcb1a1b9763063a30a1ee542fa183d570bf24ee79ca5 |
| SHA512 | 80eeef233f77a6669900b51f7782d0fe4b32adab85933497c7117b8ea98fe1bd81a6c90ab981e69ef5bc82d2a8f87915eaca1731b01421ac3f7346098f322ad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b567c27b3676440aa0fb99baa1153c4c |
| SHA1 | 0e1bfad3aae59fe770f4cd722fd497302417827a |
| SHA256 | 243c368902c0323590f722b4ec4ed7da586b898734fd8a05e851440f32e2c716 |
| SHA512 | 9ccb77f1453c23fe4b957f4565de2e07974215327197dde9baab07a6a95cdb76c1922140b024d03fbcbcbbc9c0cceed606c2009fdc6dbb901d37c62f77aeba31 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:18
Reported
2024-06-13 18:21
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
150s
Command Line
Signatures
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4fc
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6240 /prefetch:2
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.8.26.104.in-addr.arpa | udp |
| US | 104.26.8.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| BE | 2.17.107.242:443 | img.itch.zone | tcp |
| BE | 2.17.107.242:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.107.17.2.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | samperson.itch.io | udp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 8.8.8.8:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 108.157.60.87:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 87.60.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 108.157.60.120:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 120.60.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 54.213.45.60:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 60.45.213.54.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 104.18.8.90:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 90.8.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_632_REQHOHZWLECOFIQY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be0edce0b540675f8853d1adc3eda6e6 |
| SHA1 | c1b6c02683d34c21017bc2305992d3531ed6ef99 |
| SHA256 | ec0977d1b3913213048824e9e719e13d78c99f91f17fc7a34d5e0b4ba1459038 |
| SHA512 | 4d2f49e1197e91f76dc4f33d859c2d00883b1d996016aea89737f0dbc8353f58da34f99c2dc5be0605ba0692f3238c8b89381767253d2af2de6925f4ab607d5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b3933599-7524-492d-92c5-7c3d03b44f4a.tmp
| MD5 | 68c5152d426c9558e43efff9fc3314b9 |
| SHA1 | 30cf91488d6a9e6686b2219840a08b46652b517d |
| SHA256 | 14e48c1abf1dfc9437d6741b273490fa3ca5a236c5222972ec69317dea98f302 |
| SHA512 | cca966467b3ddc153510a69df67f4a8283f1f0f28210e68e3d7e5e463b0dbfc92bf005b4988328aeda5c153b4d6f9b84f9c4fe9bfc6b558ec8f05e1becc36f4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c19ef7e92ca551b292b4efe7b3bcb566 |
| SHA1 | 6cbe5e123cb824659e1c3ee0489eecbbec928053 |
| SHA256 | fc4b6b588b95cd69f1aa33e93baae246fe05a0b66c5817c358c0670ae3297c4e |
| SHA512 | a32ed1e82325868d352fd1c5a289e8fce0bbcb749e47f255b3f684a8bfeda3742753e0dba6776933f8896291ff93023bdb8924abcd336eac4a4e2c794950c401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c74c038f5af8ccb18c208d1d7b0964dd |
| SHA1 | 1a4dd574aad704e0feff34e1aff3cd6bd8b155ac |
| SHA256 | 653d38ea86534916179f1dfa82c695206b1dd140ad5c4c3bc690aa30bd080b27 |
| SHA512 | 6df4444a9098dba971c318bed5a44f3456205961071159923c1c45ccda8e11c73597ee68b4c34c88bd9edae345db504fed1a135ed0157eea2f6d18614096cb11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 022c9f98219848d4f966f99678df06bd |
| SHA1 | c80612635e3c1c8a59d23c4bd4eaba1fd78adda7 |
| SHA256 | e75d59ffdfc2f50ad5edaf3236c6af3dabdb791fe3fa788df77b5a7844d711b4 |
| SHA512 | aaf8f307e4c35af6ed0d7f3278415c6947b66230e462410579840aab854d732a288d11cc0ade5a70b3084d6e5874dca90579236808f1ddac174cdc6d3ccec8bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5792da.TMP
| MD5 | 1cc3d62c876ad4dea6e8f8648bef6bde |
| SHA1 | 69a37a20f35853b419ec51a248dd0deb1e597e6b |
| SHA256 | acd8219dcb08542455fa5d21395a577d9f88a451f68c0929f6a526cc48d39243 |
| SHA512 | 8807e47f9838f338f2e6aa0df28bfbc0fc8cd710da4cfbcb9cae328993090952031362dbad49a2e7992fad0a96a36638a61406eb9471e9f79356886bbc9f1349 |
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip
| MD5 | eaad0961b52b14d9a323f092ef307d8a |
| SHA1 | feb3aedf16432b063ff93c90623a865a1fd5214a |
| SHA256 | e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6 |
| SHA512 | fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | c52f3521639f61d058b371c90f7340a0 |
| SHA1 | 26cda00aa74d363215fe8e5de80878cf767d9747 |
| SHA256 | 98dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736 |
| SHA512 | ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 522450caba219656bffc6c50f0bfff2d |
| SHA1 | 161d7d45e54ca0dd6b10a0a900fff893109c1a4e |
| SHA256 | 93e81338ba6f3ea6c29fc6770783298b028d147c0ff49feb10192b1e762d36c1 |
| SHA512 | b45fd837b9ab89b24b35c9ba4a13d54ffd002b26db679d280e48201ea1cb71f2ee6459047b73995ff232219b256f065141418c4af2220d17e12db4baac76368c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2800bf31ac87ba02e2c564d01b24a970 |
| SHA1 | 824a00367c0c6ad9c8e527016683f859ed76295e |
| SHA256 | 56ef4a13287e0bd2238df0135013bb65af771e65e18cf17f8913965783951d0b |
| SHA512 | e4022b85206fceecff0b46e397840e409ff600b93c59845d3697861f4686d2585240a10f3382efb08513f9214c3c49c1385feb14379f6ca983dfb55f2e9d7b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 663e270619318be334081c3684fb83f8 |
| SHA1 | 0ce826d38112353ab3b4169cd77981d24b332ab3 |
| SHA256 | ee5716606a7fc9f303ed6038d305f00f52835a39d7d1f7d5687ff020959ff97c |
| SHA512 | fdd1564851d88d39f96b8a3bfa07253bb23e8fd39905ac1547b96a082f91a6f35cfc560e6b9c6e93877a5968651d5517d6e82dc0708028bfe509c6b575d72f8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 17638683ff68b1ac246c96793975ad3a |
| SHA1 | 42105c2e591c0091720b222683420e8c0897b5e5 |
| SHA256 | c1ce77e3a62188c9e01323c7dd5f793259b68c53dea14d504072aecdbacfe53b |
| SHA512 | 693d065fa2ff69292062af11b1701ff31f98aaddcd7854bed77d920e26ab276eaaa25709e048aeb45f5c38b80b7a0d9101251e8344b4057053e0c83f55d3f65c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 621f89c011270b1cd6d3291e26fd1a5c |
| SHA1 | c19b75623d8c822eda7e92bccfb57bb29b51528e |
| SHA256 | 82a6711688fd50c4a1fc4091a1f47cd9588fe0f15a2d9891d1069ed3ce2661bd |
| SHA512 | 854e2d01fb2595cd3c7247aff0773af95a3d641f0c08ccf3e5dba20a607ff2922526caf9e01bf1bb718cc07f7323ef7c964dd1472b302e998bbdfe371ed4cdd6 |
memory/3796-412-0x0000000000B20000-0x0000000000B5E000-memory.dmp
memory/3796-413-0x00000000053B0000-0x0000000005442000-memory.dmp
memory/3796-414-0x0000000005A20000-0x0000000005FC4000-memory.dmp
memory/3796-415-0x00000000055B0000-0x00000000055BA000-memory.dmp
memory/3796-418-0x0000000006820000-0x000000000682A000-memory.dmp
memory/3796-419-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-420-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-421-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-422-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-423-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-424-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-425-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-426-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-427-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-428-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-429-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-430-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-432-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-431-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-433-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ffea0ca020279ddec82fcff2ac95c302 |
| SHA1 | fe0f3f460d3cc623174453d219e2f46bfb5914cc |
| SHA256 | 58207b703691b61bea5c3b87ba41f7e1173f6d0c6bdf5456765f23d6f2924af4 |
| SHA512 | 54b636cdfa521da244eadde3dbc5dcc490f207829e370dd101d2bdc24f99e8c2dc5c3e01305edbc9c8d3bd51134cf168c5aae74ad5f8ee733c8519bc2a3a4a9c |
memory/3796-457-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-460-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-459-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-458-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-461-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-462-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-465-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-464-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-463-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-466-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-467-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-468-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-470-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-469-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/3796-471-0x0000000007BC0000-0x0000000007BD0000-memory.dmp
memory/1884-473-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-475-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-474-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-485-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-484-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-482-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-483-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-481-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-480-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/1884-479-0x0000020BA1370000-0x0000020BA1371000-memory.dmp
memory/2652-486-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-489-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-488-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-487-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-490-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-491-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-492-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-494-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-493-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-495-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-496-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-497-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-499-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-498-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/2652-500-0x0000000007D30000-0x0000000007D40000-memory.dmp
memory/1052-501-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-503-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-504-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-502-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-505-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-506-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-510-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-509-0x0000000007C60000-0x0000000007C70000-memory.dmp
memory/1052-508-0x0000000007C60000-0x0000000007C70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0917a60da390fba98352b4027b08447e |
| SHA1 | 88588f62b2314299150336aac563c731392c6b8d |
| SHA256 | 2f19f1d0aaa1d549e4cf8a7abfd70b088741615cb39cb47eafd7ab17b1c6b345 |
| SHA512 | 86c132476f176fbc8c9c773461d4732e67aa46c5f033a8770eb137cdd5be80f58bd566971a6add547c8391cc47ea933040009173887017a0dbe43e4d301e2ca8 |