Analysis Overview
SHA256
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef
Threat Level: Likely malicious
The file c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe was found to be: Likely malicious.
Malicious Activity Summary
Sets DLL path for service in the registry
Loads dropped DLL
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 00:37
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 00:37
Reported
2024-06-16 00:38
Platform
win10v2004-20240611-en
Max time kernel
81s
Max time network
89s
Command Line
Signatures
Sets DLL path for service in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WindowsClientServerRunTimeSubsystem\Parameters\ServiceDll = "%SystemRoot%\\csrss.dll" | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | dropbox.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\csrss.exe | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
| File opened for modification | \??\c:\windows\csrss.dll | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
| File created | \??\c:\windows\csrss.dll | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629718638726631" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{9AF48081-C2DB-4B51-A893-6471E7F8BF35} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
"C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gusanito.com/esp/tarjetas/postales/buenos_deseos/excelente_dia/974
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1408,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=1940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1412,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5376,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5500,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5516,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6012,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffe09c94ef8,0x7ffe09c94f04,0x7ffe09c94f10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2392,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1904,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2548,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4016,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4016,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4772,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5092,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5116,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5472,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5584,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4580,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4544,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3580,i,4435073546619841093,11979310290036655447,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 75.119.206.59:80 | www.gusanito.com | tcp |
| US | 75.119.206.59:80 | www.gusanito.com | tcp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 75.119.206.59:443 | www.gusanito.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 75.119.206.59:443 | www.gusanito.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.gusanito.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.microsoft.com | udp |
| US | 20.109.209.108:80 | update.microsoft.com | tcp |
| US | 8.8.8.8:53 | 108.209.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dropbox.com | udp |
| US | 162.125.248.18:80 | dropbox.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 69.64.59.144:443 | tcp | |
| US | 8.8.8.8:53 | 18.248.125.162.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 69.64.59.144:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 69.64.59.144:443 | tcp | |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.yahoo.com | udp |
| GB | 87.248.114.11:80 | mail.yahoo.com | tcp |
| US | 75.126.60.251:443 | tcp | |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
Files
memory/1544-0-0x00000000009D0000-0x0000000000AB4000-memory.dmp
memory/1544-2-0x0000000010000000-0x00000000100B8000-memory.dmp
memory/1544-5-0x0000000010000000-0x00000000100B8000-memory.dmp
memory/1544-6-0x0000000010000000-0x00000000100B8000-memory.dmp
memory/1544-7-0x0000000010000000-0x00000000100B8000-memory.dmp
memory/1544-9-0x0000000010000000-0x00000000100B8000-memory.dmp
memory/1544-10-0x00000000009D0000-0x0000000000AB4000-memory.dmp
C:\Windows\csrss.dll
| MD5 | 7dd38f8951c2fa66a1291c7d297e1947 |
| SHA1 | a3feb1be32160c5196bba30830c1543958ac0045 |
| SHA256 | c6e185606e9ed62db354b8b8a298f470c01dcce8c5a4f409bfc5b918b5fd1c09 |
| SHA512 | cf6575bbcf7c8442e98d3e05519c79eb58a1e268acd1b66ce1fd8e9e8192a3791ce02474e5a41c4848644806dbeccb40dba93e6ad57bb37a5fa78528df0536f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2091d0e7140d7c00ebffc80d1fa01932 |
| SHA1 | 2bfd04b3cd14b568983ea81a6f588ee2443d1617 |
| SHA256 | a453e55bd9aa728f4ac31aafefddf02ed8e06435dc908d1f973c32fe6ad5c6c0 |
| SHA512 | 61ebb1e781b9afaf9d4f58e3a1cf7c9b9ebea9d74f9ec816476606c4f2d9deec5e1c57401d5eecfbd95b126c1a5cb0b5843018a18323a6505c7dfeb88837206f |
\??\pipe\crashpad_3124_KDQWISZJXOVNJEGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 436d81c7ab1cdb4a736dc4a4b767daf6 |
| SHA1 | 9f17e3a3142e8b20f822da27a2f30e9f5b3aac04 |
| SHA256 | 92969cac136ee7ff8f1b8106eaa67a07f168afc320d67525614d1b6c202419a1 |
| SHA512 | 8c355c0ccc17e97a7ccc721be188a1d8470aff66d914915461e19d328b976cfdb8709b462bd0ecb193488246e9340c4868ef77eafd249df7e1bfec0367b4d2ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4fea3ee7fdf2f337eed9715582d0ce1a |
| SHA1 | 23a3a22b074c73bee23a12a683a9ad4cd793d14a |
| SHA256 | f466529468f88c9c55fa92e690bdb04f9fc3a8e157ab9fc4507324aea925d98f |
| SHA512 | 81017ef2123bbe0b6d6f945c08b0ba77d8014c21734c33a49bbfacb91c4fe89bf5c9f2f0a2b47f97e36245bfb07d7909fea23da5b7a142c6b91cdd2ce772383e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |