Analysis Overview
Threat Level: Likely malicious
The file http://bing.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Disables Task Manager via registry modification
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand microsoft.
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 13:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 13:14
Reported
2024-08-10 13:20
Platform
win10v2004-20240802-en
Max time kernel
310s
Max time network
311s
Command Line
Signatures
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\th12.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\th12.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\th12.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\th12.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_Evascape.zip\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{F8CA6087-F277-4E92-A9CE-41E4B64F9F75} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 876124.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffacb846f8,0x7fffacb84708,0x7fffacb84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Users\Admin\Downloads\th12.exe
"C:\Users\Admin\Downloads\th12.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\th12.exe
"C:\Users\Admin\Downloads\th12.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
C:\Users\Admin\Downloads\th12.exe
"C:\Users\Admin\Downloads\th12.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6482251694535758628,366005503507461773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_Evascape.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Evascape.zip\[email protected]"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im taskmgr.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 13.107.21.200:80 | bing.com | tcp |
| GB | 95.101.129.233:80 | www.bing.com | tcp |
| GB | 95.101.129.233:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 23.209.73.74:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 216.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.73.209.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.129.233:443 | th.bing.com | tcp |
| GB | 95.101.129.233:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_440_AAGTSNHNYPBUMHWQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d66648ddaafe9959157705f72bbeda0 |
| SHA1 | 032bc055944246d440d757d97513531af08e2f7a |
| SHA256 | 8b96567d4d91c5ef12e7507a467e52660b5640b70a9631e9e1c0e99400b291b9 |
| SHA512 | c503c980291df2641e3a15b4eec14dad44bc928ce364c8b88d2784dfd956ba96e4d8384a915da8aeba37d27e5bb352f9281e6cc60008e95fc94a3b9a43050761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1025af811507c8ed8bfd51be820f4a25 |
| SHA1 | ea931aeac04f5345bd28d1e4d24f606432615c9b |
| SHA256 | 93af134a94b9fb03583675a00ff8f0bbf2a9396d639ac95e386840fba8942520 |
| SHA512 | 3bf2f2e116733f36d414b9c18f6009d98451565b205fcea267d3c342c54fcee0e72b8258eaabc7a55e8419e10474fe3d44f730506c9111cf2c5ca69bf27e1bde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eae1cf99d0d86245850e8771ba256ff2 |
| SHA1 | 9ff683b3e94f56adb91d9ad49b86327b31cb13be |
| SHA256 | 77e985b3c274f1535245f5cf104cbf49d2f61c4b3f65fb101320b39e3a44a0c0 |
| SHA512 | e9a73b47c65ea134ca6c183ef5a0025163d13abd24c6918db0840bb027ebc1d3dddd8f33c2bb59c1336201d0f57ca06bcdc54309707489dcbe491865667f690f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1feec2c801b8e1596ea9d63d5c8039c |
| SHA1 | ff6f5ae5a1b38a9ac9c9468e55957f30117528a4 |
| SHA256 | 47320b448f87d30681c3b7e6206e928cfd265f3782b6a3fa3434c3a11452f8e7 |
| SHA512 | e436c2e5973706ce59739b89bdf694f5684a022401c5a84cfa29fa1a7a938cc32ced9caedaef4aee6761df9ca24768100c3e13532598de5cf932f3d20f30c117 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ba6e73676972ede800c4fd1fad7275a |
| SHA1 | cfeb035bd27f28a65d776d249458d8cd2ad9079e |
| SHA256 | 3f2878d27ec5dd70aeb35778cada2796a56362f36435566dab1487c24626c748 |
| SHA512 | 242ab1c6f8b5e6a56b6727c367fef7bb6d0b4b334a67e75f9df39c30449b042bd6b30c19ca09414f370b9bba17c7d68a438e09bb62b62eec0d0de53de5602f61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef03.TMP
| MD5 | 7f91833c7e43bc9c4f688866f3c5d9df |
| SHA1 | d613554003854a301edf308229d713275b145419 |
| SHA256 | 8bd06412985d87d0f1515e0c15db7dba47a197ad0cac1996ea174e8610287079 |
| SHA512 | 644871b0185ff463ce18ae8b46dcf7c0000c888065e1f9a33610ee707a94aa786071ddbaff9d4b13bd180c70d4ebc949227dd6e98ac35fdf049d9fb4cdaa1844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | a7ee007fb008c17e73216d0d69e254e8 |
| SHA1 | 160d970e6a8271b0907c50268146a28b5918c05e |
| SHA256 | 414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346 |
| SHA512 | 669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | a074f116c725add93a8a828fbdbbd56c |
| SHA1 | 88ca00a085140baeae0fd3072635afe3f841d88f |
| SHA256 | 4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6 |
| SHA512 | 43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 9f8f80ca4d9435d66dd761fbb0753642 |
| SHA1 | 5f187d02303fd9044b9e7c74e0c02fe8e6a646b7 |
| SHA256 | ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359 |
| SHA512 | 9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a702168db698ca09304e9feb5d47b31a |
| SHA1 | f7e9aaa299412430ffbb04591cd0c37510a1a89a |
| SHA256 | def77f684fc5ddcc56800075b91d1c2c57b6a84296cf325e8a74f6184ede10dd |
| SHA512 | ee42e54a1d25ae31db83e2b829188f809ef41ace5a5ed23f80702f54a13bb827914ac009e71c14295b23da704fef7680b0d4a30299266df6291ab35edf105d3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | c3bd38af3c74a1efb0a240bf69a7c700 |
| SHA1 | 7e4b80264179518c362bef5aa3d3a0eab00edccd |
| SHA256 | 1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8 |
| SHA512 | 41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c8655ecbeca22c869f4e2b2ab439f52 |
| SHA1 | 4a440fc07b8421546aad9fa404bc6e3b134b78f9 |
| SHA256 | 121764737437e215ea30437d7503d0e95a21f05288689560b4bf43dbe3e631a7 |
| SHA512 | e5a51fc3c0d52304d2e91e6fd2c8384fad6a24db358c9dda539db653939e8f15ead7bd5cad543261568270c6b63f458e5dcf5e02d8460460b47cef27e19f2160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adbf5d4e241bd66ecbea7235692cca03 |
| SHA1 | ac6dfdb41ecac107ae97262c79b0ef216b788c7c |
| SHA256 | c0475435cef40a6b3d7be21cb9e617554c6f7feff4a369816373289ed1632321 |
| SHA512 | 7b12d7274766df5a9fc3ace6b62178a93c9ae39657d072da92e0e2f542ad8eb25fe19b5d559aa40964d8acecfb7134ea9d917b2866a1c1d05132c40c53655ad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 212f71ac73665f8e4dbe558d7c4ec97d |
| SHA1 | 9a015eec2ed9c9ddcb7d32dc732c973ba9867ba6 |
| SHA256 | ac6c03bdfdf6e00631a9d1e61b4eed470cf104f4398372d96246ec0beeed0e14 |
| SHA512 | 50809ae962bf4fdb863834b8d5237e1861e6595ca4c73a692ed630d3dcaf4d1802235784988f3dfc5987f708fc99fbf07c199abf21f17d6b58ec8ad2531a6472 |
C:\Users\Admin\Downloads\th12.exe
| MD5 | 48dd978edac7cce6386513f6b96ec090 |
| SHA1 | 289484ecba676e54a8ba8059be1152ecf27409fe |
| SHA256 | 262dfde7073dca4bc876bcb13b03f7f193d536ca7ddb7b72de4a768eb3dcdb5c |
| SHA512 | fc9bbf59445689b128f145e9b83b38a1b4f27c5e1ec01319c604ef1313cec47b821014f1ee8b59e7f5a05064d65cdab3868a73d90276f12059bc98872884acc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e2e4c7435859183cd316a3a530c775b5 |
| SHA1 | aa601c7bb04cac7fca490c4b5ceb4ff2b07265d1 |
| SHA256 | c3c0a9c70540a0f33e4e7ff1ab748f0d992d86f5c059d9cbe5b82abae3f9e88b |
| SHA512 | daf05a45d5b152c97bc71915e5e71c3a24a370d836c91705e3b498b1af1214bb2e7a7958bf5c868b797833ce9e176509fb8a1cf619f16c1422b8fa3503b3044c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7450129d239c18377c83b4ce17363b3 |
| SHA1 | a9159743936e764e4fe3204b4e33d06f39c17fa4 |
| SHA256 | 0683242fa4a66f25ba2070dc714990a3fa0ceccdda2babdc9143c2734d419319 |
| SHA512 | c069a99a7b9c8e73f2afa949e3fec8a388f02914e906cd9b9d9370343323a3a414bd45f8ffb9183f80763340f3ec57b93220c17759ba1276e2b661efd05435ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a4d4c23b36aa8519257fd4a81c74a33 |
| SHA1 | be0ea8cf58355af52126fccafe26cd03563bc1de |
| SHA256 | e1c3b7367e12acbe5f89857416fc7203b0d2b747d9ba47a3fe4d7016584335ee |
| SHA512 | 68fcc38fc7be71053e8c73c79ef2ddd13603fea0f9fcea6f6fa6a3a2b0b3a590dc97dad4effa5efeb86045080fc07d1fe93aae238042e818412eaa3d9825c6ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 695ba40cb4c21ca3f0303b5604573d17 |
| SHA1 | 3da57eb4ea32d9f0190c27e800bc1ea4d0ae2f6d |
| SHA256 | 7a00f70ff60f4b2e0724b323867486ef3d6b378874732c7b5a39b6c97a3afc37 |
| SHA512 | c7d2d026a9b4c4a6dc49a3a3d557ad60a6723c2ff6fc95428a65feea7fe617e6ea99607053aa6f0594fa83e9c5f984f137d1f3a11cd5c5098299060f1494b179 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11824ed2762db2b71321df2cd65fbb4b |
| SHA1 | e103efc4ac9f3189338e1414422dd5215b946911 |
| SHA256 | f49b5afb45c14c2371ff2799f774c31d07d8dc5ced6d2747f2873c6d7a315304 |
| SHA512 | 0ca2f5402a67e62a362e3db1129fe83f5f0497b092b546890f0088854a9929d2aeb10f32e32618e1f654e649dad50ec98a8487ca21c800b2e35ec5c7dda0f5cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b302aeaf2019191104f09eeb064e12b |
| SHA1 | 5d586d34a522dc3f3908360252fe411f4b5fee4d |
| SHA256 | 0f69c90b1fc79e898d3fbd2267e7fc774df247e7873fbf20ca10b80a50b87e7d |
| SHA512 | 8b4177b32bf6e574e5f4e3a526c85acd25ab71d1e71351633770aa2983eb87775e89a281dc817cedecf9d8dea54b1bb53791351001733b1f63f0e4b3bc1245bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 73dc8a6f1db25e2005126ce8e29ad6a7 |
| SHA1 | 247d11898a18bf4c31a33b1721830ead2e2db386 |
| SHA256 | 9c100e2896cbfa27bcccb4f45f9c738d57b2264ef5ff29805f7a1b0c6486cd09 |
| SHA512 | bf4c7155b241442b4b64229d04909ea659d9417a04af2adc72d33d1cb3e09bc6df018feba69e435221ae590ca69fae8a9f3c44908334a98d1b44c4b474304730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88b42f6d9a96a09c822181a512977304 |
| SHA1 | 1f9152ef87eda7524189c612988ec898210ebc83 |
| SHA256 | f4de286bb34aa1ea007de38927510460cc1db23a6385801147ad379ec4a5eeb3 |
| SHA512 | 41fd646d85eca2a333f81924c6b12e0a6b783f0adc9a8fff5eb0b9669b890e9c42052823a7215e0f0e01cc8a1fa9b029b766aa32173e9b0b2a93d98271857cc0 |
C:\Users\Admin\Downloads\Downloadly.zip
| MD5 | fa4f62062e0cec23b5c1d8fe67f4be2f |
| SHA1 | 0735531f6e37a9807a1951d0d03b066b3949484b |
| SHA256 | a88edca3b030046fe82e7add6da06311229c5c4f9396c30c04ab3f0b433eac6e |
| SHA512 | 0ffd333dc84ab8e4905fb76b3be69c7b9edba7f4eb72cc10efc82f6ae62d06c36227f4e8ada4f896e359e5ffc664d08caf76e15a40bd17e9384e73842e845995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c6e5abddad87ca6e54716bbb38a54d7b |
| SHA1 | 3f7c7bf75a1ed64a26fd07d00f53041127cc35f1 |
| SHA256 | beaaf39d30ed8ebc6fdbcfdd0729e7c45b613813aee3d74adf23a46dc82894c9 |
| SHA512 | 1a2ed83cc0f3136e35a3fa34b4c943d09e1de94021f0f4d2b61d35f1a0b67eaef24ace0a13f73d26961197e6710c8adca889576f351555a980748ff067f4012b |
C:\Users\Admin\Downloads\Walliant.zip
| MD5 | 33968a33f7e098d31920c07e56c66de2 |
| SHA1 | 9c684a0dadae9f940dd40d8d037faa6addf22ddb |
| SHA256 | 6364269dbdc73d638756c2078ecb1a39296ddd12b384d05121045f95d357d504 |
| SHA512 | 76ccf5f90c57915674e02bc9291b1c8956567573100f3633e1e9f1eaa5dbe518d13b29a9f8759440b1132ed897ff5a880bef395281b22aaf56ad9424a0e5e69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a2f3f156e045dbeae08d67a2e941d5c |
| SHA1 | dd3b0efa756d289045e8c9c79b77dc4743d0600a |
| SHA256 | 5cf57812301a8a443c0f068c6f9c87ef8cae15013edbc5d934a3475c6a068ef0 |
| SHA512 | 8aae52be3e74b63906d6764e56290923ae3add879d477bfca9fdda4c4025a3b89cb086adddeef675ea96713e07712238213d68d74e869292db25f53a5776ba38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd400a7f7664df0f7acd1edf129edbad |
| SHA1 | 6b51c18db1878b911487dad1a1407636bd33b8f9 |
| SHA256 | a619575ca46914a0d7a65404ff0c15fe531687236d8b8853e3729ae8e38dd79f |
| SHA512 | bd9d2c7b0aa583892a718083f1797dab6f0f787fafdc93995dbcf17a82babfc03e3c12b4e277aa187626dd9c8b8948a1a79c57e3116a1e4d24bce19ad1903e33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 957cd8427e343d98834dbb1f2f418094 |
| SHA1 | bcc3412f247038ab5d9ed0d22dd4bb1feeb606d7 |
| SHA256 | bd053008f28ab58b64a8d8ac5a585e5044ebacbb2597cfe545ac759e003663a4 |
| SHA512 | 5a2d82604edd042477fedaa6fc553e273edbe691976b8443db0aa863cf0ba90014e6d426caab5ab0e2dc586ff71ea8304430826f52d6d952b2032fbac0643591 |
C:\Users\Admin\Downloads\Evascape.zip
| MD5 | dc6e7760131e079e65bf8f2077813133 |
| SHA1 | 9ac5dfb227ce624e82956de1c245616972794548 |
| SHA256 | 3d84d2a869371e2196840f8382bf23691857303c82d7b5c1cace8a2c4e1d960e |
| SHA512 | 15c76977fa3532f0ec54751fb9377639daeab5ba430f5f3f098615ab868af45fa7a59a8f76c4583230fee0bf231ff75df68022b835be3deb1dc773d80929a8cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7bb76df6cf8aee2f551c893baf7677bc |
| SHA1 | a62de2f0da2cfb0235d03e8b15cedcce9a570a41 |
| SHA256 | 28fd8a8fe25611785a9aa49f5148de7ff0bba77fdb16c4b28f9672f536d44c58 |
| SHA512 | 23a64ed093e82685344fe20c9d3c19d6b4bdb48011013ae866f1040e5d12b3b96e1f0f8c0f1c534070d1ca4dc2f209f0ff26fceccd0d88add3c8a0d7e7f92131 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ca9680999b11151867b92c11ea5abf65 |
| SHA1 | f69d659551a9c16c49bc80e96033bd9e8952afae |
| SHA256 | f718a063215e7af5cc161791f8a307c97a0f05f7bd73176ec3ba38090dddd68f |
| SHA512 | 1a91159515d63417558f3252a043521b911051a16ce4c5528ec3073f0d643c5cfb23e25473b88959720ecbdde01b4989a29ef4fa7a4406f561feaa3b51eaf043 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03d0711240f72d319d5cd799bbc3de35 |
| SHA1 | 25d4125ea8fda91a1024c92a7b31732218870de0 |
| SHA256 | e0fdbf06a93b105b912daed438f622adfb8805be660f7631561fa4f720fb9df5 |
| SHA512 | e528c8fa62842bf2c59a3158cbf3318403b12356a0b6985a888bcf6637c2bd2cfd32d29d2e03c252031b46573559ddec4ef36584c93923cddf83ae902b621b71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | de8c6574e9057e4b6ea7b9437db4b9d5 |
| SHA1 | 265d520b6a04b434f5c3fc8c28debac183898db2 |
| SHA256 | 51f281fe367854904b3db4b6f4cd70ccf90414335716482aceef382c536ae746 |
| SHA512 | cc8791772d03ee3f4b13654d2bd3354ab1ec28322ae3522187603bde00b1a5d940e99e62dda0fd3a7faf0ba9c3cd42425d0e64196f954bdb93c979f5e990e7dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8c28f6b323bc3dc66eac66eada7d7b1 |
| SHA1 | 980cffffa9fdfc2938190a478fe5107c527cbd78 |
| SHA256 | ee66c3c5bcf30a727f6a4901ef0fb4a1ab3fb41438cb3da776b18be2e4faa847 |
| SHA512 | 3ed926536a2fb6d6d05b1754185ffa88c66bf3016d2ec00966c2e108da18f641d36fd271b4f2b92bb8e0ca905681624567dcc738f9a1b7805031d919bd5ffb62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d17890bbda7d2474a12a307a5ae1170a |
| SHA1 | 000fa809d905c9e458d33751f9a7ebabf94fc114 |
| SHA256 | 3d067ed0d79767f933f2e8b6039ce2ca8fdebc0b386449ec79a1f150e36bb03b |
| SHA512 | 0147825ebfe5c8df65c9c8dc7570a4e18e1d77fd8eb71afc912b1b2b23f7d5a10807bae4bec22a3459b1e3123bc4c0801ccd7f1f8fa07fb569ee681b88563fbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | 99f7b59bb69d6870454d0e3b02b058fc |
| SHA1 | e8a23b7f7d941b128e378895861c79d501b2e5d1 |
| SHA256 | 9d0dbc4343e9201276b332eb7a0de1c3efd103f86547080a5e6162ffc5f21e0c |
| SHA512 | 16bce0bba157c0b45b28a90375075739ef702a3f2709708a4adf4e6af99ee343cc2b25d752968b6053cbf5317dc30fbd6713bdae825de58d9f06bd2192ef92db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7bc63510f1d0f10d906ede796b498140 |
| SHA1 | c905907e9a93e6fd7446986c8889fb3a6fa4c8cb |
| SHA256 | 9d11a4df5c52b581717706c77d43753a694ac0db186c5bd1d1dbdfdea334fd66 |
| SHA512 | 36d05963a50d5813c528e4ece14cf34ae4aa419205dfb5bc1a00a3da075c08e07c364d86f64da9e7224d52671e3d1a82c5f6d3f9f7e3410139dd75753f9240c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e3d19c7a272442397daf68b484b22bc6 |
| SHA1 | 2e09c3ca4df9a33f5c140db79a8b04dee8a7d9ee |
| SHA256 | 2e38b5ef3f376a194662995edb40bc1979b9d8493e004f2f5471f9eb11599429 |
| SHA512 | 714a326aa92918006d6f0ca77c1ed99eb655de08b7be0c6fdede34741d0c9cecf0c6f9b0b7d02557d3b3b404052f5e430b5f295ab29f11f433fe599b9c400d1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4911d702add6f02582948d76b8d176e5 |
| SHA1 | 7c4ba25350bf5ca81c709013cf407297bb82ae90 |
| SHA256 | 956c04bc6b9cff38312f0fe0d00993d5b54051dad157af4f1a052b2c177d46a5 |
| SHA512 | 6221ca1f81db08cb1f3f8cd34826063ee2d0b4c9163bdf3f0b59f7d59304ee0bacb7a4cd8919910ad1c8c782c064922c1288e7024972ae54c8db726c5fa6869f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f75d289cd1f7695e41eba7aae6a25dc7 |
| SHA1 | fe6140e3c3ae57fae891a620d0cc4b7e50b979c7 |
| SHA256 | 48a6cf74b01be60f4f340bf3b71dab7316340c90c8bf04de86b8b661bcddf2ea |
| SHA512 | 084eaeb8c2025ef9eb8bd9cba9ff01385bb4fef0a948625d4e698ca9f12e8d8b3bf56b8e65dee2e8436d0d034f99912d7d235d367394ee41cdac413805a2184d |
memory/2564-1553-0x0000000000400000-0x00000000004E7000-memory.dmp