Analysis Overview
SHA256
047e62c2d5a8082722a48bfcfbe5ed53d71a20c11da36113c614800a8a925bfe
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Checks processor information in registry
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-05 20:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-05 20:22
Reported
2024-08-05 20:26
Platform
win11-20240802-en
Max time kernel
199s
Max time network
200s
Command Line
Signatures
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd45b33cb8,0x7ffd45b33cc8,0x7ffd45b33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5237469114905496730,17981316173129808551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\CheckpointRestart.vbs"
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\New Microsoft PowerPoint Presentation.pptx" /ou ""
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2a855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 142.251.36.42:445 | fonts.googleapis.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| NL | 142.251.36.42:139 | fonts.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| US | 74.125.3.106:443 | rr5---sn-q4fl6n6s.googlevideo.com | tcp |
| NL | 142.250.179.131:445 | www.gstatic.com | tcp |
| US | 13.107.22.239:443 | edge.microsoft.com | tcp |
| NL | 142.250.179.142:443 | consent.youtube.com | tcp |
| NL | 142.250.179.142:443 | consent.youtube.com | tcp |
| NL | 142.250.179.142:443 | consent.youtube.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.142:443 | consent.youtube.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| GB | 173.222.211.224:443 | metadata.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 104.86.110.115:443 | tcp | |
| GB | 95.101.129.146:443 | r.bing.com | tcp |
| GB | 95.101.129.146:443 | r.bing.com | tcp |
| GB | 95.101.129.146:443 | r.bing.com | tcp |
| GB | 95.101.129.146:443 | r.bing.com | tcp |
| GB | 95.101.129.146:443 | r.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 228fefc98d7fb5b4e27c6abab1de7207 |
| SHA1 | ada493791316e154a906ec2c83c412adf3a7061a |
| SHA256 | 448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2 |
| SHA512 | fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56 |
\??\pipe\LOCAL\crashpad_5348_OUJNYGTQRRUBYRCV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 026e0c65239e15ba609a874aeac2dc33 |
| SHA1 | a75e1622bc647ab73ab3bb2809872c2730dcf2df |
| SHA256 | 593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292 |
| SHA512 | 9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09ad011ccbe5737e6d3e15dfb43f8ea6 |
| SHA1 | 77066c799a08916ae491869f35d9e0e425f9484c |
| SHA256 | 01f3f7271bb813b43626040a8d57326985b31143f541f2c323fc14789a202067 |
| SHA512 | ab3584a2e05e13ab19d752ca322765197cf053be492aeef8cf88a5313c7b44cbc9f3fb9caf2d6cc47b0af113221e05e49e6aaa899263241bcf6f42ae2f00d554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9c65510688b6d8df65d6c6305dbe5f3 |
| SHA1 | 904dc720ff14854eaac8f56560e9b2ed22ad71a9 |
| SHA256 | 4068671248322eab8c9febab7a5bda2d00d5ed93225b34e26f2ee9a23617db5d |
| SHA512 | e4f0f568804161c39a11c4de43457d14bb57e3e2fe862cec8a789df844ea9b9cea4024894aa0a26f242b405f2a310c1ed6f4382a9b933459e924e0c4251616c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4072ec2910e74f2cf4d2f8ea9d63620 |
| SHA1 | d3ca4026d6d47fefa68a115fcb13c871312b80e3 |
| SHA256 | 4761eb1c7d79c8a5fe25233b76c59610c2a9a82dd307e7c3288e0edd3c63a035 |
| SHA512 | 0dabc9b570fe45a66c928bcfae97bd3eab1ce5585cdf482c02a603042b17463e2b77a680c2662ed4e76a9605e0fa4e8e7f5a4b1e4ec507abd05510e189df2c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | 881fe781789a771c91d9a7081c7c636c |
| SHA1 | 1c2062abfa10193ca5e7de2342e32acf6dd72c80 |
| SHA256 | 5261107576bb721d024caf0623e1a441523e6101527bdb8caeb57b2fbd7ec913 |
| SHA512 | faf9f993d5f6e3335721cc91d2f225f3b011ac7436d3843338305f3eacaacdaf0a7930e7ae8d4983aad43a71fb0acea5eb11379da0aa60e6374b865203374322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | 0148efc93122056cd7765f571dce4a66 |
| SHA1 | 432977db7316ac38454d0efee9bae4b79a583053 |
| SHA256 | 0931c337f87f42c09e52fe72e6faaedf978abd98555884ead667b76cd0fd1689 |
| SHA512 | ddba008722eb8f6d05f22e544d469f25e30b7ee0ad85724cea58af5ec91d747eb69fd3ef61f15b79a4fa928272186b59421828732c2120b8b38ec4b771a01a8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | acb84b2888edec374fae782f760a31e0 |
| SHA1 | 26bddd494b2d830a662ffa9d5e5c0d5e17d385f2 |
| SHA256 | 3380fe0641b638110a29f4a3efcc1787128a8756cee9cf38ca81c8029b7b7063 |
| SHA512 | d40ada959d0098498201ee109ad1acf0cb76665e0a032c2e37d3c4a3f40399f59b33b69e454d423944016b1a560f4773c4fd26999ae34469a8404a194678a3ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2741b78c31b6e54fb4ec9d5342634666 |
| SHA1 | 3eefbc6e81c92ab5c1ecd5c42f4e5d5844f7bbd9 |
| SHA256 | e69919bbdf8688c3d512b9f8b8882513ceee8c6e101eec69ba4af191eada2536 |
| SHA512 | a7b524c25ce5f7fb49f26314ef090d48854073123519825e65c9147b26e83fd4699d4433897a6b6be9f2413957907ed60ec6422a3f4ac0ac96ab40d9861d5087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a248f71edbcb67b4f238a4b14d7ffd58 |
| SHA1 | f086676b3e38f33452201cd1837efe367f011294 |
| SHA256 | 0610f64f6f87f1db1d68d7e2d8d61eecd67fb293f52a0b7558211427306e4109 |
| SHA512 | fb726981c17d6e6016201e3434977fb8177c6f04898c735b60d604cb583715e0a59d96277581581e182a955c0c8d27a6b64854bbfa35bf542f87de5d6e8e059e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ca9789fbdb7678cefa59c7662f64425 |
| SHA1 | 3a53ece50839c8b6a48e95ab30a258fa5febf14e |
| SHA256 | 6499de54f3eebbbe2a248939ee7f4ae7d0b5ff56535f0bd643aafb033fdc56e3 |
| SHA512 | e67e576f11b640b9c355eb987290421de37b5cac24566d3a1dfb623f13493d3286b6e2847b9df488672528374ad0f5d93ca78ff09433c750398b70e09f6a8ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3ca434f5-39c8-498a-93d4-c3f854d259e6\index-dir\the-real-index~RFe581ba1.TMP
| MD5 | a00d93fbd02859021cef9afa8baa4eac |
| SHA1 | de78ffbe59754d46ea3be6546874a539a65cb986 |
| SHA256 | 53cfbddeb92618021390563fb53508495925b56a6a20dada496f65ff6a257b0e |
| SHA512 | 0fd53368b19b9f85ecf6ce96d1c1e9471aea3624344d44af4cbd53a2be26b7f98c72323a321b3b0da8645595fa022618190cd26b7aa88af965d0195904a39459 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3ca434f5-39c8-498a-93d4-c3f854d259e6\index-dir\the-real-index
| MD5 | 9f2689f53a3b33e75c3b816160242424 |
| SHA1 | 2fc11dc1bb36478ef167720fde91a7b219b402db |
| SHA256 | 2c75adc8c5feac23a6fe238b09d755f6c6ad6b374de735117c9c76dcf0f22bd8 |
| SHA512 | 21021c82e77b393584e3081fdb9c1ee6df37d2c00f81894d39163b9954e7eafa0752f6f3690753bae022911914aa161e442249ec61509ef4a5ded3ba9add4853 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70d076245bbe8fbc79223f94b40532a2 |
| SHA1 | 7a52cde22259a67e2bcbad3f31381b8a8476d124 |
| SHA256 | 68929abe542efbd48a50aedd97c05ddeb7557a875977395ef7fc7b00cc094231 |
| SHA512 | 03231d73a41bd20cce548deb63f68158a804c83d9b5db8ff0fbbe058468db403fc21745acc8a24385fbbd475a271b57eea6cbb025aef6d1e569360aa44d5643e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | 0a3bf3a38de06902196d0e8403e19f0c |
| SHA1 | 8680a267e55c8b3cddb4132f296b65bf3b5f94c6 |
| SHA256 | 8b496344142f0ac1206a17050036f952f6439cfcebcad02fc357bc060184e1ef |
| SHA512 | 77b3db57c84ca57e121f56f151984c94a0d974ae13a52f7a87698bd9189f625e43f7ff5b914a017c685cafe10fad99946a1fedafdd4f52951f11879f186b76d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aefd6b1be7873351301e086b2973ad9b |
| SHA1 | 515da5dbab2a722f4add207c069199a7f58fce3a |
| SHA256 | 9de9d30e652c7af1ae76294c914efa077482bd64a395aa33deff825766b06f64 |
| SHA512 | 91c1711b7105e3e3a8d86930c0328ad04c13ce13776c9e038cba84e181205f2d5d0bd486b0cd698a16afb937daa72d44df07099d6aa3c04ab0711c6545c6a238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da227a2c2113445ec81a1adbf6837fda |
| SHA1 | 51f5a2853dbdc831dc478d32ba514f445d09d089 |
| SHA256 | 4ef007b920aeb4e0e64c3de39621b255ddd1e5dd954806ccee6c0d0108b1d9f8 |
| SHA512 | 929237c532d8011f6cfeb7302f274b3fbeee3b1361ac5a686c6bd544436dde445bc608a1e7b9add3efb6771159343befcfc3c716b0d4e052e98b7910dfb15c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81fdf3870c11b16d3fca44a024d52e3e |
| SHA1 | 769d6388d373b88edc29ae6f47d11fd532ae9f4e |
| SHA256 | deb1ffa602b58118514ae81ba2e1c74a92cdce92714ccbeb7b1c6893e3f5934c |
| SHA512 | 7d38b50f9c290430b201bf158bcdc03c460ef3c4bc41a396bab4b07c64e3f290d80154bf528eec0a6ccbb53e0f325a5e31d7ce87a49aaa29452486fa9b4de510 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bfd208dbd122657ac532b3602b7a8562 |
| SHA1 | 7643f2164670e4677d79e95a8b2a0d0e7fe34f58 |
| SHA256 | 47d68b3769ad3bfd0be663b69fde0f0ddf8bc10e71279a76c385779424fa6f3e |
| SHA512 | 5ec9d133eddd3d0041d04afec590f7ebc317d5f38ec55688c1c925488cea594241ba57dd82df8f37ea88210a1f9ebfeed392b276013284033e0aee3f6f51c204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 960a67985dae145587addbf580f322d5 |
| SHA1 | 4df85bc1e1e4659ecb04246f5a1b310542fe10e2 |
| SHA256 | 8cfe935ff08b7c5b3fd47dbcff874b4bcb61788fed789bc1af656a4cf72dd7ed |
| SHA512 | f5cbae461e55495984c6f4a2ca896bd763b079e337ebae442a1c8ad9ead3a6eb8b42cb64af5df02d60dd57d37e0013dd556d6e3b3773f24284e6eee252caaec7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4c4f53ff7136fdad624ada83fb6e7966 |
| SHA1 | 40798fa33b9de21dbf47bae036bf2ebd05dabb63 |
| SHA256 | c61fd9ae1824eec6b913cc89b9a577bdc5cc1ab64a4120166c77e80ad97bbcba |
| SHA512 | eb85e920a2560af34a11941c04922063bea62549d34f8cc43f9cc2b1c767d6a4f8df1725da4a0568b112ae936c10da4b609414a77176a950a47c2e43e5ee66c6 |
memory/3116-456-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-458-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-457-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-459-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-460-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-461-0x00007FFD12030000-0x00007FFD12040000-memory.dmp
memory/3116-462-0x00007FFD12030000-0x00007FFD12040000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 0cb56e45edbfa1916275e3161c47b1c1 |
| SHA1 | b05765d467486753290218c75606c4c3bd60f85a |
| SHA256 | bf25376dc163ec676a52eccf9aec3dd7abf914573ba9316686d0c6baa9fec08b |
| SHA512 | bfe9b74cfd19862c91855467f9e779eb875929dc975d6f5c271c9ca5320a589edec99e8c82fb1c980b837169540f39a4ad638e03beb0afb513f4a95bf566c477 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms
| MD5 | c80c471a18224d4ecabb543e0303fd27 |
| SHA1 | d1379dc756306180ea9b812f1a142e97c125e6eb |
| SHA256 | 0c6d5f77d82d5ef03bf74231f20f07b9d570b6a95426fddb0f1793be2fe453b5 |
| SHA512 | 36cd115a464db4fe9e80233c6bdcf49828e01adb7a30b42194fd5adeeb85cf85c5a1e866a5c9f2c0d46ef6fc5ee5855839900105eb569f025c5ee9d8115c45a2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms
| MD5 | 4fcb2a3ee025e4a10d21e1b154873fe2 |
| SHA1 | 57658e2fa594b7d0b99d02e041d0f3418e58856b |
| SHA256 | 90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228 |
| SHA512 | 4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff |
memory/3116-841-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-842-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-843-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
memory/3116-840-0x00007FFD14950000-0x00007FFD14960000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 41ce6cd728e8893a0387cd1d5aaf201d |
| SHA1 | c6c5257c73d52968b03fa7a332f61f050229999c |
| SHA256 | c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d |
| SHA512 | 73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27 |