Analysis Overview
Threat Level: Likely malicious
The file https://mcenters.net/ was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Modifies registry class
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 09:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 09:32
Reported
2024-10-15 09:35
Platform
win11-20241007-en
Max time kernel
129s
Max time network
126s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mcenters.net/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff87e553cb8,0x7ff87e553cc8,0x7ff87e553cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004DC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe
"C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64\M Centers.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5907080923063729565,13666604686816531454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mcenters.net | udp |
| US | 185.199.108.153:443 | mcenters.net | tcp |
| US | 185.199.108.153:443 | mcenters.net | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.195:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 74.125.105.135:443 | rr2---sn-aigl6nsr.googlevideo.com | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | udp |
| GB | 74.125.105.135:443 | rr2---sn-aigl6nsr.googlevideo.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fc959921446fa3ab5813f75ca4d0235 |
| SHA1 | 0aeef3ba7ba2aa1f725fca09432d384b06995e2a |
| SHA256 | 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c |
| SHA512 | 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e9a2c784e6d797d91d4b8612e14d51bd |
| SHA1 | 25e2b07c396ee82e4404af09424f747fc05f04c2 |
| SHA256 | 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6 |
| SHA512 | fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1 |
\??\pipe\LOCAL\crashpad_3280_ZATZVUVXBEGPVRBT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d3d6762afd1e003f197afb1fe58ffff |
| SHA1 | a4eb551b2002ab7150a7c84aff32008558f1ef31 |
| SHA256 | 5e0c8854030b1c7b8c00e331ea9fbac63424e7d859260a828fa041512c67b999 |
| SHA512 | 12698fa2e686b4caa531e8f8e3a7d531e4acf1b6dc497ffde23320dc4ed0fa2a45f547cb2e13279da7bb64d4d8e087fa72f5d3e631d860955f04c303adc59b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | e59cd9fdfc694715c62642fc54bf11e8 |
| SHA1 | 50cd8e97497a40cc6a33bab400d74d7d1b21100f |
| SHA256 | d3af31168b699b7bc965b6f6df34c60381cc5c3276509f9d65a08165a1c2b1a1 |
| SHA512 | 5a03edd0286b8011e3838dd547d27196b20748d2e75358052d9f9014bfee7d4071da16496b6153e4b4379f888393fe5e270305e0b53570c8d28ea4cd25cd4736 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 241ddcf95fa5492446b25bb95a04edb2 |
| SHA1 | 8d513ff4589cc93e7c2a07fb15b3d62dd9e3d88c |
| SHA256 | d9fce2245a5787354be5ba83701330e3584efd1950e3dad9b424a4e37c6d6ca4 |
| SHA512 | 4a82d10b16e107ae712f5c872c1bd46ad79f3b236faf13f2800894063c77c71e483a159d320a72d872ae811af0f527be0430691f278b6566314b545877d30ffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 456f4e39d5ef8d7d0c8bb5cc912d417a |
| SHA1 | b2fccd9fda860e9e25dd7d0e11d8e5014fc04216 |
| SHA256 | 9411eb5a71baa46cc9d68b3495be4b1f6d3fbad7cf4868c04fa466133a381d76 |
| SHA512 | 90bcc20241f1152ca0d3ecaa5444620b0ce1ee99432a51510d53c266b176e8433684a8d26e6ab57256a9623928f4e4acc62df5254e45b3874e4daeda907dc07d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 84bd63cb3622f80d056b05fa060a534b |
| SHA1 | 65a34dfc604b6833cc18f6168a45a978458086f9 |
| SHA256 | abdb9fefc4d4167e4518d5696e1d34686447c421b477e4f6e76b8fdd670c5f3c |
| SHA512 | acd5f0a5218a623faba737dabaab59224090e4aaa7fc4a32ba8e35e39d0b0627d4cc07ee2e324cbdf4e6611f6ad4bc6162168e55c4d5627fbee66f19cb640723 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c563.TMP
| MD5 | cc2558d23c6b75ec5cc4f98fb833cd9b |
| SHA1 | 243c280032931909a721d6e6bfaa9529b058606c |
| SHA256 | f7f84fa69a31b77588e035b37ebe627f8e1e20a6ff3e2c81d2a786aef90d3883 |
| SHA512 | 2de4d438ce3afd061d3e68cfc165f879fbaa40e7200e5b47626b63342377ff57af1f81d2b7d32756b0c5df8e8232e62f51b88b63d8a79cecb11b1eaedac9a4e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ffae0893e840eb2e5b92f64535cbf63d |
| SHA1 | e5875079de1578d73d9924790ad816a951d04a36 |
| SHA256 | 9b3eace3ceb65cb98b7daec1702ee02ccbe9b55d4eec820d8680f42b34213b48 |
| SHA512 | 5a307d3416290b1b64cdd6c1010da319ddd6c3ef2acf82662279c4c08ea0deb11a0c2c1fc5d62bb26a68dab93aeae9c5a0dd407d78b5f16850e826dcea7b1c99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | da93aa5083d4a8a231142493c28fdae3 |
| SHA1 | 7ec3646cb8219a1e3f4d2bfb9b80343ad4ad0fde |
| SHA256 | f953d546d5c0159ed38fb748e442276e47958eb0f95f29c6af82b7e31e3667ff |
| SHA512 | 4af42d49043a6d8d193ed491a66999fa5d57942b6d1ceea33574eaabd53bb7cf86573980ee9c4aac98b3e039011634c2450041343872de503661416cad2616f4 |
C:\Users\Admin\Downloads\f3ec335c-95d7-4199-964a-9414f5332d60.tmp
| MD5 | 45e79c6885617d804b3cd32374b73c35 |
| SHA1 | 4fdbff28617c4a42df7584767bb55970cc071411 |
| SHA256 | fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654 |
| SHA512 | 36ab5eb3f2feade7bc8245c9e02ab2885d89d1016667b296f1fb7c0b55ba8448a82a42a6ebe7bb19154e9f27008f1b1fb48d9571572f218714400c582489a772 |
C:\Users\Admin\Downloads\M Centers 8th Edition 8.0.1.3 x64.zip:Zone.Identifier
| MD5 | ebfe374979d3b13da3e63ef1b06e2743 |
| SHA1 | 4c83a75e9ec6d10a82ba12967ab9421dcf4fb650 |
| SHA256 | 626bd24fe6081faa9dc1f4cae878983e51446c7ed1e6c08217b6623f51c5d89e |
| SHA512 | ada204bb36ac87a8bd2179f557c6b12b4d58df85c5f08d4cd001e52464f38e3d720500a3316c8d6e02ae26c0862ca8f4619ad97df26662b2992a0e1cc5b3650d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f38a463c52a925d4d4f99dfd8475facd |
| SHA1 | 9e58569f7c83e3f655d7121810d777197697750e |
| SHA256 | 2768ccaca6e0de13c8d333f551b499b227b97aaba20690b7097d666426a63580 |
| SHA512 | 735e34a961ed286c519640c44188bfd2c118c47b4659db424523a2ed3cc42348d9022b7b7f6d2f75a57ff679d5835b21367c4422dde6a9437dd4f03ba662c940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7e565642cd0114a3af7338a21946dab |
| SHA1 | b816bccb88ad8859fed60f0b2ad940df5582acf2 |
| SHA256 | 00e8dba42d1e24064d1cd4b24d0033a5308ad0a0aa2ed154cc7821a38f6e834c |
| SHA512 | 39f5de537034168b49545f921c30ac48dda89edd8a382e64a055fef2125fa5a105fba05454d04067d0466f47a87d76a4e003a1458510959c370e496d5a136aae |
memory/2884-339-0x0000023E00000000-0x0000023E001A4000-memory.dmp
memory/2884-340-0x0000023E80010000-0x0000023E8004E000-memory.dmp
memory/2884-341-0x0000023E809D0000-0x0000023E81344000-memory.dmp
memory/2884-342-0x0000023E800B0000-0x0000023E80104000-memory.dmp
memory/2884-343-0x0000023E801D0000-0x0000023E8028A000-memory.dmp
memory/2884-344-0x0000023E7FF20000-0x0000023E7FF28000-memory.dmp
memory/2884-346-0x0000023E7FFD0000-0x0000023E7FFDE000-memory.dmp
memory/2884-345-0x0000023E80050000-0x0000023E80088000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 74b83cbfdab8eaf42f9b11991e5f0cf5 |
| SHA1 | a363672489980a3dea043bbeda38fc90417e5235 |
| SHA256 | cc2768bc2e2d665f0c0d87de59d24e598a6cbbdb4379961d761988d320b9c24d |
| SHA512 | 20584ee6a6079b4b2d1974511bd545640a1afef35ded240d8615e1ee94c26a1a6db8d847007e8b7bdd9d7b4c29043d037814131054da6fa6e492ef346ca534a8 |
memory/2884-383-0x0000023E210B0000-0x0000023E21145000-memory.dmp
C:\ProgramData\MCenters\Methods\AutoPatch\x64\Windows.ApplicationModel.Store.dll
| MD5 | ea7d3effa3755dce712f27adff164c0a |
| SHA1 | b3fdb8f3ed4d5f9beec2661e59ea731a68524a68 |
| SHA256 | 2f25e695db2801b007fc98eec523661e6e44237b3b097601a7d64a67df4fb342 |
| SHA512 | 9f5dc04c567e76c3d4aff030f4968789ae0db95fc6f11dda30310df273471c18cd9b09fc1704156b5565330035e064cfb34d6874d05bddd1d51cf2bd95004388 |
C:\ProgramData\MCenters\Methods\AutoPatch\x86\Windows.ApplicationModel.Store.dll
| MD5 | d94f1dec6268117671a8953f09e7145c |
| SHA1 | d94c97a35e746a976772d2cb3d9e827264f9fcda |
| SHA256 | 2382210421bcbdfb6560b0fa6306483b70de2fe627e54439379993f4982e6590 |
| SHA512 | 93ec5531c910f7bbea793ab9049cd3ed9719433c06c0a1420fdb9809a302b9e1feff0358a08497783edc4343adf605fba551b069ad04a01042b0b9739180c473 |
memory/2884-434-0x0000023E21160000-0x0000023E211EE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d4fad8767a7135ae3383f0a56763975d |
| SHA1 | 6a05be28ceac3b1b4ee899ad6467c3baa9162e8f |
| SHA256 | 00d517f2f3b45652109d57db61a8e384830b658bac01a399c741c385f8a876c2 |
| SHA512 | 48fc96bd106850eadd7daeac98b543d5e42f2b5f7f75a4a4db4008f15483df3f0fad71037d268b43be3bb8581d95c210f5d47654b4acb201c6188091bec54f23 |
memory/2884-442-0x0000023E21160000-0x0000023E211EE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5227d0429de33a598da6385667c629f |
| SHA1 | 2025e22dd8e065e45910413ae3b6031d3ad99f57 |
| SHA256 | e4488a54cfa64f83180a4a69967b1717baf7909bc83817cc0310de6e9e4cde69 |
| SHA512 | 8a708c641137e63ae8d1d9eac8235f47a784fe5269e91ac5aac91a63f6dd5dce2150d8e9acfa9a5fefa5a20d154b87d1a73f2266ed08e6342266301b91ca89f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc90b6edf59e46a1e165d236a61d1875 |
| SHA1 | 0fb64f3b11ab2b49984b36910e74be467cdc6777 |
| SHA256 | 917ec4349efb6c9c6e0d966e0baf28149d2a21c2b458709b89a2e69655b5f7c1 |
| SHA512 | 0afff5be2086438f9517a075c0c55bffc9bdc796d1939ab8794f1b097dbfa4a53d73dfe96075cbdbf918b5aa9259775e3b8b65c1ad8ad00416795f257c51cf00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6c2ef8ac964f84693ee492d65aab68da |
| SHA1 | 0d7d3bf93e92c81ff51adfef5d3423795b5b130b |
| SHA256 | ff10c9645d209922597c05a8e8184913e5a23081c7f8b9b7acd308ca56d471ec |
| SHA512 | 43943d0083b3e526a1e0fe6dfea249e5839f610292d52ffbf83357d6f077fb0a17388ecabe1f2c27a54817721e08a64a9dd54cfd56e25d44bde44077eb3d2ea3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 711f1a880c08e1f7867f1bdd117320b7 |
| SHA1 | 50c2d0859f6fd41024d486e2ab537507b975991d |
| SHA256 | f868e98aa21c341e365d73e301d87c006b557033d8d7b2808fed207734fe5143 |
| SHA512 | 885c2abd9047727b33ea760836cbbe4eaf5fddc08375a8b37840c99332131f0f7164f87c0abeb4523f42262349ab12a1c22c12813a9d81d6955c7d20b41a9a0a |