Malware Analysis Report

2024-08-06 18:12

Sample ID 240704-tvfgksygnm
Target 0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe
SHA256 0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bb
Tags
xenorat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bb

Threat Level: Known bad

The file 0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

xenorat

Xenorat family

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-04 16:22

Signatures

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 16:22

Reported

2024-07-04 16:25

Platform

win7-20240611-en

Max time kernel

121s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ba99f08e4b89c70e3c7d27723179a308328e34192b6927b9a0e7840f3ca429c8000000000e8000000002000020000000e2cb4424c3417852d5aac5b69276f3d0046a57bc8b3a6abec4d516aa2e80035c200000001a2198a995b85935805ab0b76c3419c95dbad7f7073bfa8a4ab04bafd845cac040000000ce267c21be472001704ab843c14515a3087920773b002f7b2e26410fc73e6b20971959e3da265fab6d720bb2b4af07e08fcf560c0814ac88d4cb35b8fa0cbe09 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d4347e2eceda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000005ca01e1c3036e0e1d15b4f95c9a8deffdaece35409adf4037f0a3039fe956804000000000e8000000002000020000000fce0bfc989ea0baac31c6a6d7066feb6d38592ed5cc5dfdaaa925d10a2dd394f90000000d96537ea998c2b2ed82f54f93c7bd1c4bf3d67e480098dc89accfb4290ad199f4702b805bd6fdc9ffe5537107f784314276e58aa33dba785c1cdbda1d3e100f22eeb0ae24cb2c57f23c6b6a313f54a3d3ea93981e149a5c6d44e9100d1d466e017846edf730e232e19c80a2a29cc58b8320e59d73078f72c4d26c0b15c38bfae28b2377ebfae0488c8c8b410b7ddc06040000000341736e53c7e29c5d1910c8722919efa31a907b5985879a71744b9295f8085b2b0b036d7605cca1daa4623f510662ac32762588ef781f06ddce478c343e6c4e0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426272037" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7E60C51-3A21-11EF-8E7F-CE8752B95906} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1912 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1912 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1912 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1912 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2168 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2168 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2168 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2168 wrote to memory of 2656 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
GB 184.25.193.230:443 learn.microsoft.com tcp
GB 184.25.193.230:443 learn.microsoft.com tcp
GB 184.25.193.230:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3CB4.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1d7c94c5dabf74aa950653b9a5a1a4d
SHA1 5aace66f642397d9a30e813d59f5cd978087e05d
SHA256 134df6bbf42c94e3ef42152b31070c978928fc7d7d5b28c859443cf5c9eb8e89
SHA512 039cb6bbd9dd675ab35b1c38e6dc264c8b2f3fd92e2767dbeadf8f8ffc339fbfa2c27935d0aa26664085ab3f978025bc66c1c5f3fb7d8e72331990fb824202ef

C:\Users\Admin\AppData\Local\Temp\Tar3D86.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7679a585e4c27aeff91d24629cf5b4f0
SHA1 4a676b2bb5bcc5faa3d9e3dd0cacc0ac418c49dd
SHA256 f670c566df0b86c4cef8352262e289850ef9a8d7be2bd61d63300e7b52f563c8
SHA512 45d04e60c4384f8b9c9b2cae930756346079a016a8f18644fc85126218f2123e41deb7d4cec08015ecf6346f9781f5aa3664cf9d289bda4fa20ae17a91a32820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b1070615027f100cfbeff534460e38c
SHA1 00b1306442f81d35829a05c0fa3fbc4ed14bca9f
SHA256 2a4b7024b4a592dd3531bd3651513da8c5b9aa21fd566b3deff5380d71a81f6c
SHA512 eb675fa12ba7f889c5863989d37a2a45ef474c0ef94530a76cd1b05f2d0c0ab612f726808f12880a6197f3a464ed401c86a9e83ada9b4ae3e1098ad0fc5bebb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 523d5144898ed6314908aed1fb972d88
SHA1 73fcc0ec68af69548bc7fa9eeeac354d3ce49ea6
SHA256 72f5c829e972061f37461f6b37f22babdd6990915925401a3c19f0ae793322a6
SHA512 674f4301ab545a00a32dfa2d35e3c1053714c5e4e54f3185589369506ac747dbeea39bd82050266f56449230d98a35e9b146eb21a3eccb43be2813313f8d4949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44cb87ed068af6d655208283fe695b84
SHA1 742c761a8664daf5cefebbf2a200e2ef913154e9
SHA256 0161f3e0ff1ac0c02e1d314e5b143236d4b5a0d1a3c3f2b98e797cd1627741ac
SHA512 e602edc27b230e4f88fd769aed3d1ce8a6f14b7ed96cda96ebf60c4353463b6e4f201a983ebe42eba676f2ee4ee83703ee55a0faca5b22ff01b862ede700c6f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 b5d619932d10564693b831513cef0079
SHA1 2ad737a2f1d0c459da82ed7e74525f07352ad8a8
SHA256 989146d870f69c23b417ed254f822e08177688be9fc1d69001cb0cf34a8e068e
SHA512 a57af0d4f2cc774362c35b5573f5a714f34cf4e9a4ee8a0c9edff03a8d1b779874d7124d9fb4e677ee73ef6c866649189ed7c29d35ce7cd72aa295481856bef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3e68e02e442c45419ea7ca76c72e76
SHA1 17eaa4bd4ed6da1a993465098b5302f53de46353
SHA256 8ed0dabfac89b451cad5b708b59adc14450cc88ba637da75da19e743553d834e
SHA512 d1137b35fb93f878cf2356fcb86a34ef79d7771258ce6a9af4f8c7dbfa9a5bdd91acda27534d223a75c9728983f63fb7b8c5e68d54a5e09c0127b61f010c385f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 968eda79af8a63b06f9276a3106929a9
SHA1 ceba83bb0152c7ad43884aaedc045ff6ce680216
SHA256 eebcf9ab4c3cfa1cf7ac214b1121a7e30de31f9a3908edc411651fee0f5ec78b
SHA512 cb3617f607b2fe89135216d0b3aea4d239f933bb4f2a86da999ea19b05dc765b18d1233da6432073658ac36939588e9cef3fb37911b6d6319f1060a76e375d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91251ceb8df9951faa2685cedd32e94f
SHA1 96ce01ba06a5a4b521ea1ea43898697556f48dec
SHA256 6bfdf113dd4a82cf5f41eb1f17e3ad4dc6d52d3fd87f7017a35175c54cfdb585
SHA512 04cf44753dc4a35e3d4169c4717c95e01bd663835d021981ffa147aa092f3ae71a04c5563578d2ae819dfe39e61478dd8878df21a11bc3212d2bdddc64327c7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 586a257bcea459d19841c495953b895c
SHA1 28c765abe899d927cd86dee04e1a387e2a33a6eb
SHA256 96c744568b7bcf393e00a388848fc66b8a980ae3809b4707a6a1132bf1906c9c
SHA512 01947ff7df8fb91b22d6289c79cb3342724edc50e9e4ea9d39f7896ea1c84e972dfa63cec44591d8001f74a859f5e9f6e582272b3456be5053d81b631931b167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca8a11a60c58c45dce85efd1b57cccb3
SHA1 8ac16efce502282d17fc1506111ac2e38b44603f
SHA256 adadc4825f4a617e4508214dc4649f52dd4be8f410325e137b59ecbe57c91464
SHA512 d324356b31732dac3a79b0d93ce44031ca860fc01754ee99001a27f7c3091da7fc934ac6e5f3c7d648acf2d23a5768f949edb648ad3d1677316e37ad2b35560e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 607a3a7648c64a82dcfd2adcbaa3ccfa
SHA1 4212302c6f8873d6b2eaaea537293e2c0bc5f799
SHA256 8fc4f47ea0d28c13dce1af70b1b77e1a14431a47dbcb347fcf17ec7a57db264d
SHA512 583bf4794896b62d171fb23fbad6130343a33dbedd90242ae45b95efaa50dee41a9bb1f409dd7ec4d051ac8eafaac5bde8e49bff001abf7001ec3cf3549fd042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c46bb64ffc23af11d939b440719102a6
SHA1 57db2892d31ac257e96891741cccfa346f131649
SHA256 107d3ed872cd81ea3c319d9f6b26d0acbc9f06debb82711a796bc1feadf25714
SHA512 ae66b111db8d10c08ebbe4d45740719c94051220ce536f045c83ae8e7b1487ec33695ef420118ca46e0c7911901d86ab86ba8ee06db3a918e721c1b88e839506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93a8422dfc008976fa50e3559e92f2c0
SHA1 d2674f5b765dff31f485e4fa3b6663dc2a258995
SHA256 23455964b48c455ae3f4bfc4d2284776153520b8a2cec6e5347d9abd8c6d50de
SHA512 d3d16e01ecb9bc7ef878439ebf1f9980a478cfde43bab51a9dca7d5b140a98cbe8de9256c3a0b44b1cc8dfa0289c9431e9e5f7e1049c5c9d18800e6e4b3410d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db2fc411309a5a10d250fdbcf2893313
SHA1 68d8c765c9c0ac5c0a7a27919462dc19ba1b5e13
SHA256 a47e08abd20d8e6f407259448fa975ea09700d5ca2616cdaf812b7227455f95b
SHA512 1046016ff1e8fb7d9c976d26ecc86203934a8db709d2cf6b0f73c438ea0254084e7b8f9dd54e9f593964b6fc27841c08bf0ec7e1237685ba66e2299c57c4409e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b72bf3990fffba8162f7c7cb94d7b25
SHA1 b1a355b2907184a4f27669dd892b61d6512959f1
SHA256 e352360225ad42e2216ccb8f2ef823b4d1fd2f4588cb2908ec4e2273e5427256
SHA512 e8019ce223e93bbf8ff3ee54b4d89726dd2e3e2555b467363fa60af7ab865f30842bcf44d0bdc150833449f3a7c3c10a68a201f0e416b392883a38f313a8c140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69bbd15383c357d8518227141f3e6c11
SHA1 481bea863a179c9eaed3d532dc1821bf84a74b0b
SHA256 d8242e0996ccdebf2f5484b9606fab31e3ef49daf01d26703cddb13e8b3c1aa5
SHA512 b206b0a6f96853ef4c5af86da0d509cf9483384d2ab75fa7b9281db289242d469e6426a71e019c16edc3b887614f460a56a1a8c0511ebea75eed11fca637e206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cb78ecb9134956a5c63f3301ad7a5ae
SHA1 11c6204e70f7773abb33d956b849811feb6dbd66
SHA256 a989cc3c6db97e4ecdeb99ab777af3c5835dafa6ccfe0f4ddcde9c0c749bc8ca
SHA512 1918ef340be063c959b2b0d96c959ac63cb77b0817e0e75aaf470ecd330e21020f0a7455667afb2afcea67d69be154030cc6848dd71863d7e4383727e6316488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 365712892e3e5e70a42594b04750a93a
SHA1 e6865d8c841bc9b72133a526b364ded1fde5c24b
SHA256 c841b23b67d72f74755781855bf1222a76dd1b53881cdd4f31c3fe67d2a5b5c0
SHA512 87afab9c0c93a21a78291e2e33d9676a472daa77c21e26741751aab381029acc825d676b308b704124428786b841caaa0d634f55a87d9d84047c7eeac75a21a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebb67ed61c36c9f70797c1f11b0cea97
SHA1 7322295a41868c9d411fb860a696b8dd93e97586
SHA256 6a8f41fb670b398be9d96a4feee28dc9ff8e284b17d17ddd18ce98edf6335cbe
SHA512 4e030971ee6ee964f76f4082be5f846e89bf1b4c07981332b4cdaffcdde15d844e5da7e26c2fd6d13790a4d1bca93cd7aafc1d3ab952ac141e4dd786e92ec814

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94cf35ab5536f139abb28068d8d8d370
SHA1 581d10a01a87250e5cfc593b4b6298d8f5682793
SHA256 f641ba64b936cf3d62e53ef4856c2615183315fff3274576b27ecaabb898acdf
SHA512 65509abe94a18bd01d718c4aee991d1b23403a006302f80c53e498bc112bae73b3833023888fedee8efc78c5827293b840367184248d3a5cd065579259b6be75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d76ee0406e78b481594b10668212de3
SHA1 3a970ef6867e9e5d4b0b51bb1b0045d28a4b966d
SHA256 53f50076cfcdc00f3d48acc3e9745bf66d73b2f4dcf02f856636c4e9fa1f9dbc
SHA512 a7da3aa215e68fde7bf701d0f22246c8aedbda1ef981ac7bc0cbbae0a5ec232214bbc97d3b335d0d30deacbe4737b6d20623964dd936611f259c5e60a689507b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdf88f40e228b70829a05370084ceb58
SHA1 916dcde531aa1949221cf9f5e092a7031aed71bc
SHA256 f31c3aaf20b8d3817385b8b6fe22fc5e6d0aa65955232b3521d0df9492cfbce9
SHA512 a9c48f19e9836fce54d685675743fdcd0618423ed3f1fe86942110fd070888391a6508952eb2487162b5ec2f4cd0746b44adaabab1d1c9752da109afa678932c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be02b79171b7dced79767423c124d81a
SHA1 28ca0be10e25d4bdad965af954a0b6b8100856e4
SHA256 d8c6105faeea60faa1efc5c36f694024a892a2f2545c8580cb8d3f64f26dd094
SHA512 b4677e652ac810edec1843c2587147082cebd1c3211bb845e38bb4dbf94f74177068a4941e1c12c396f60a88d6966e9ff47463b91ccfd14fd9c1031fa0f43994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98bfa89a68690403f5387420f31247b0
SHA1 a81dd7b24e7827f0918c2a829fd3bbb352cc4c5d
SHA256 c1448fddfebcdf088a0eb01423f5dc1e692723e9e799b1294b47c1351955f519
SHA512 bd0b8dfe3da520382c11dda184f39f97eab9f5ed1ef3ea8ddb3fd439d9b08bd60bbb8d3be2a48c8a790f4ff6cc3d51cbdfa0191f86d35ceead2c2a7fb60eae11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a83c643f73155f07d92462313a09814b
SHA1 634453866603cb68dfd1c363736984adaab26081
SHA256 0970c4ce695ffee5b7daca77878164049c22a5be0d867cd68741ba92092f3a05
SHA512 60c11b6adc6404dda4656e4e38b234749d25658561ee4b3ce3c17bf2c88678feb672d737b0a0c066dd42f14a6ebd974b8232a9c92195b813f0e2893fea03a35f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41f36fc33676f3499ec002c85c71bead
SHA1 1963ec346eecbec373237d1695537fef0726e762
SHA256 3fd81c5596daa59a4c240b99c8d6913dbdf065f85da0588f73fe1554d9f80993
SHA512 9596783c617ac0fa94439fdde2e5f574a5689e82128826a1dccc6d24dec343cdc10e22a485ce5b6be02087bc2eb04cdff2a0737a1d510d658c4e210bbef2ec16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4bf7ef035ee63b75dabc614283aa99
SHA1 40bb9bb2a2b1ed3ce6e345b7037107bd28b3a2dd
SHA256 9639a30eb01814fca7a83b0cfa4349b9ca16939285edf313c37b8fab7bb04130
SHA512 8c7181fb6fbef9c504eabbb8b51b6602536ff152145b1ea5a80695532b2f54800bfe58b8807c6452fb18b89f7e06a29e13d65f14e13e555876e64323879486ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7962ecf655127ef96230fbb416ab1df3
SHA1 e8a5f94dfdcdcbfe7f54f51afa943594a80afbb2
SHA256 9e1e910a94f814c442d7be9af3db48254deb984ced4ab5c9d23ba2a37029136f
SHA512 16425cc079dc545414babbe423052f951e5974a1bffa41c5b596833caed8af1abc7fdde3b6e63a5cbe6e6a3134bfd1e7642f7c5057abd5a8d3c6d63775366896

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55c2683b1c7a08f665f1369287256ab0
SHA1 4635ce5e174bc9e863493ae6d660790b8a84b748
SHA256 51e7656f4e6fefc1552ff4915fbda2af0cc01a95e3f27a622083956d8281b80e
SHA512 967c83c2c3524b0ba9ac9e51ec8bac22d5d91bce324b90f306aad7995fe528ebe75199b5b349c7215f73da2d100c4baeb90d7f6e00926a5d419043cf16f07344

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 16:22

Reported

2024-07-04 16:25

Platform

win10v2004-20240611-en

Max time kernel

139s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe"

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2000 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2000 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2116 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xa4,0x10c,0x7ff9e70846f8,0x7ff9e7084708,0x7ff9e7084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0261b2f24b98b9d5646ed108e7a1e3081e95a9b42e60f1a31e7500144c2372bbNeikiAnalytics.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e70846f8,0x7ff9e7084708,0x7ff9e7084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17032251313891249529,5428249988368718425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
GB 184.28.176.106:443 www.bing.com tcp
US 8.8.8.8:53 106.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
GB 184.25.193.230:443 learn.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 230.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
AU 104.46.162.225:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_2116_DPURCJEZBYVFDVED

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dedd09e3a1b9883b703a736a9ec3ad8b
SHA1 e2209f1ba2a52efbce5c621d3cdcc1a84a6f0812
SHA256 4fdee8bc86f5e2cb27b27691ce02014f5dd41aecbd83dfeeaee32c7505fccab7
SHA512 6af86a830bc1e74338fcac4214364cb935771d655c283d4c7f2fd2bc025069786759b49a749cf50f1d76e4792662fce85b76a7607302374fb9c1597624b79d9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dfeba1a61742185b82c71d651d9645d6
SHA1 0476ff41a5cf53f36c208d68128259b4481a9f69
SHA256 83c84906e4e14b35809f6bd860bfbc740ef8c959c6d05e5c42af3f5f27079c0e
SHA512 4fa8866012ccd60796106d33e6cc493ff986f9c42eefc6a0559c2d69440c2581b591b84f1d9a170d8818059db40fe5318eb8e01be7c8b9b840fa5a339d49695c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d82d12c4e0bceb5b7d2cf4a7c720956
SHA1 ae741accdb49ddeb75a2fe4fb4cf3ab1f153d3e8
SHA256 2b5d50aeaeaedb788468612ba6d19ae19274933fc4d43b451c449b9ab4804158
SHA512 0492213c18d24b909b57600162a77881bb2fd873e486bc7efef453507dbc1cc1b879047c610e1727145e53ab6513aa9b4dfed2b042c5799cfc0832b98c2ca49a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e53b1bdcc066733b94111b4176ce18f
SHA1 0241f15f10400d4a431d7c584a1e73a43e8235cf
SHA256 dbfe5e86f01fd24679edbf5e6f0772ff2d86e914d3fff780b0d2281a22699f8b
SHA512 9b6c18c75e4fde59779fbee4099f9597759c154211b3017b26009d37dd96dd6bc3df40efba63317d5a334cc348d8eea128e813e9052daf3320844b754ba60756

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7d7aa60ecd81b0ab0e7461e8f8b27c4
SHA1 187d62b55f9892aa0ee5e5a96bba8eb94d00085f
SHA256 9ff0c57c3fde3b49fa74ea02cbcb4627991eeb3af2b8e1a28d89611a6f772943
SHA512 05e42a22dfa5467e1efaedb499e271454a02838276041498902ed4705ddc667419e6a0926e2f7f553c265338ef5eddd60e7d82921b69460f215e4002e23bc4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a25a.TMP

MD5 b6f2dc130a7e60e23fcadb90fa8fa46d
SHA1 9be02b4c3963b8fc4fc6cd903f700e18384d731c
SHA256 e6312e4e10bf535b2791fb599f54524bfed088cdef09d19d80b11a32814b73d2
SHA512 4806dcd746f59eb8ae146343c51f0f59c6b0fa04be311f05cbe09a6fe35fd82cc6a30ac9137d0a0863bd3c34fdf2e0dea1813b14fb665ac0aa28ebced0b81f38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54f4b4bba3f03ce12bca9c6d091b64e3
SHA1 6c735cc95521b3dde64b924b46bdd677a88eb5d1
SHA256 9638373d73495c083e7717b012a26467aa9637584544e783a1b74ba5d8a32c79
SHA512 78dc405f92f1d0f73882da91a6946ae8626339f0fb3d3524efec2e260541a497f84aa3f9ffb039ea602e07e52a26d99c508d2c1cb76423f31dbb235b16fa568d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa