Malware Analysis Report

2025-01-18 23:32

Sample ID 241105-wqs8zsvnhv
Target counter-strike-2-hacks
SHA256 ffd902ff33b4c5ab5c2365320ba4b436f8fb7b2dbe039d5ffc0af7da409a8f63
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

ffd902ff33b4c5ab5c2365320ba4b436f8fb7b2dbe039d5ffc0af7da409a8f63

Threat Level: Likely benign

The file counter-strike-2-hacks was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 18:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 18:07

Reported

2024-11-05 18:10

Platform

win7-20240708-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004eb8598f23aa9c4cbc37a7686417a4b000000000020000000000106600000001000020000000676ee734365f2001abe0a5a141bd69c1374874136b13084e9473dd0e0f211870000000000e80000000020000200000006d1f8e2754c4bbace7b43759c6423bb63607c1f43294d9d1b61078d1983d9a6e200000001308cd1090868209eae9dd575bdb0ea395931906e704332bea25e7c8078cad5e4000000089861b733d5e2cc40858bbf42f29259b5c62880b1a23c376a9ca5a36238c5dfe6543d387403bd42a67cf6b4683456ed7f4b35c99895629000214b7004ae89b33 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2091f1bbad2fdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004eb8598f23aa9c4cbc37a7686417a4b00000000002000000000010660000000100002000000090a8f278f0266d6a01aafd2986602a2f24c2e22a594c2a8fbc51d245f30e3895000000000e800000000200002000000080364600d035988c60dba1633e1edefce10132a8740c2cc15a953c432a0253bc9000000042a4f18e28916407463aca237733140f26f7c500267a9519e984f232a1a909805f4aa7e7a312c1806654907ca1d7a16e328ae997dddc8f13c719be24cc90162bd41d67c938834b646e357f0899df96329fb9384df285965ad81d688357cfe6d9dc72a6d2113e53fb515f9615e7aaf3245a9e38e37b0fa888ef61f7f266191d0f1d8f409482429d867df540891de2322c40000000b2ab86489e2f468835df844b8a292d2b08fdbdd1dde92b3ffc5af41c5b8d8048b0a28d0f4a37885297e3b5cc56e00f48cf18e47a9e4281a9387d26f465821f8a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436991953" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E781F871-9BA0-11EF-916E-DECC44E0FF92} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3508.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3597.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f96bcd2433e22aa1854f59fd266f0ab
SHA1 bf4d7544349b758be0f8aa0ebf37e30ae50abedf
SHA256 b520bca24bcbbae8f8ce092311ff46ea8c63c1050135771b2b208d3432ea2b8b
SHA512 841fe701c6918b2160e0d1574e5ed28a141064774377b62c7ff9a3bc6806770de8e0a1e0e6092bd54838c8ec5f88775f690415184b6cc435cd408d8af581cfd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d2ec89476e24d4e0db1aeaa34d5b49e
SHA1 4acbbe9699ad3ccbe7ac32d4de6ec77fe93108bd
SHA256 d5a70d4edad3483b8285c574e7d0df559c076a4059198e3add531eb0e8571258
SHA512 e5757bf26262b455a34c7a42fdc3165c58f56db23dc557cdf7d0699ea9987811e18f441b86023a22898dd01357b182140e29294fbc075ff2add74933d870fc40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61bf125eb703ec410e7c021dc5a44a2e
SHA1 c1d58405223713a232f81f6fed1b2ca2215a13f2
SHA256 ec462824abe5a412c9e6c181ff45ee1b055c549ef100193392024ec65d5de564
SHA512 69ddbcbc791cc6a892fd83ffbc1747098bd0e1887d1cf420f15e9dbf5dea6aef22317b241be06e0843ddb93783d334f6f569cb0884dea199d239c748b896ab4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f75e73aaca56bd32423d6e63583d0c2c
SHA1 8585fe81587eefe770cd802d65c4c59bed007fe5
SHA256 13972e99256a1ea2bac3fb5432f807646404207f7c08e1b97e1d4b5a6897e998
SHA512 1cb1ea18fb92d0d4e98b477bbef40a443c6243dbbfd078321ad6ccb744fb87450315da76ef98bdd1b6f0907a9413abb0a4c6aeb5f862959a884a1ced84415067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b589680d995bf2d3919282ac1e34fc84
SHA1 90d91772541d528aa7f32077fe816d066dee965e
SHA256 94cf045f6023dba963fe0115b58e3e1acdf9c182cb380525575b87c1faa67d73
SHA512 600a144f3a861246b3077dd67d37b00ffb033272c5e5f6a59c07571bcce1d603a0c2989375bb6dc9cc8a647c4f5ea311139d75135e4b991b5b0025010bdf02b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1379434eef55fa6fd4fafdedce141fe
SHA1 3a0bc25c99dd3dc3e028a9d0272db7b4ba4d094e
SHA256 5d05dc165f0e315a442929573f82ade0746e51698c8cfca53bca0df54667900b
SHA512 c3b7bf5db16a0a2656e0360bcb03fbbf9ebba14138cac848ade044d006b4cdd673565823c70b9a698cae48464acdfc6f40fa9761a6b63f3df6589fe648b192d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a8a65f6046c71ae2d1fc7cbd8e202b5
SHA1 7c163ab6da5ca96b0407bf54306e0417fed3d3e4
SHA256 5e32a9f70c2da8445d640697c7415123b8ad2f5f857053958bf0b0821232a710
SHA512 64ad3f479284fc38470c7dff69c1503150d4eedda988efd72994842a4c2a246de006058edf578d5148130d8088a96eed71e1d40014584e3cafd4960819598ba8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85d8f0388f2528c30849a079776a78ef
SHA1 2bc5a0069244e20e09bab794174c61dfb924b167
SHA256 3bd00a274d16134054cb8e7d51ecd62bda12453d98ae2c64bbca49ac3a4e6e2f
SHA512 c3476e52c2ef7596bbb510b357aef6000a00a01998e93532b9186d6846b400bb7eb67abfb0d8b80c4f54b9e6d01e0147b0a28c9c184062d963c9c94f9f6ec445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97a8c81af8d603a6caf7afb43a6d1a39
SHA1 1067253527d94170d2248c3593ed95e1e39469ca
SHA256 a38c6225aa88661981ac270180ab75a19e227e5e23ae7df026ed7556223d79c0
SHA512 583f72406d0d7e707dafc160d591f431e23fa681ec9b92d4d27cffd368394c3bc3e1fb915e06bc680c2d2272cb87a76fe208806b7f15b5dd1cff1c586b830621

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee12a9a0bc369e86c32ca2ae1e5f9ac8
SHA1 e77f41bf439282ea2c5c323f87dceccd44fa478a
SHA256 827c09ea5f21e319acf2f747e986a962859b2bb5b82a7e5269f9a10eabccb635
SHA512 73aaeaef2b240f2edbe4673b3958c36b2b28b1f1824e9f76a67800d82679d741d72e2195ed794b44b1d99cb55d3224143725f0e165be02195e60e4408198bee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88b9cb4438bc981ae780d62e6de0fb03
SHA1 95c97411f8daba96310c57f10f126e2f6a355f8c
SHA256 2b0ac8cc50ae1d2676da752e5385e6dd959beeedb32453cb1e5ac3d180c6f1db
SHA512 2ffa0d08cc48e0e3483f0c0b92f61ae8535394ce2c59c6aad67f10280575fdae81e32e3fea49908dd4d6544dace7fbda1441af14c83eb3d90ae3007df24411e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb80ba8ca984b9684c809caf48c7848f
SHA1 9c3bc66a33817b40100bb427353db1fb345bfd62
SHA256 954ae1085971aaa6c87863260272f280f07d7f0cda95daad075a03f680e04b93
SHA512 4d1aa56376151b29c7f3255c8a6d49e2a25d3ed26454af020ce7357141b14c52e8463824cfb60bf7670a5f215863b28eb5bb0042fd6f9539777e8d8d504953ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90ac0cb8e928375c9b4b1b43854336dd
SHA1 ede615557423215f632681397c33dd79a849c8ab
SHA256 059ac979abd223b29fd81abc90a02dfbe2dc7f94cc945420dfb8250e2b67283e
SHA512 9a15095cd95c32a64ef76639a04989aacd5742316f33aa137743948e24f473d3a668478e2b46d5599838dd45cc41b95d562bf3b894c6feceeabee35de54c7f9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01dba2bbb4bbe4fdff9f9b1917f08610
SHA1 876daac6ac253547500a6e47ca83e5043c553d81
SHA256 49a079ebbb57bca474a1acf2b76ce511edfe8dc3e43c64be79e2164e0ab3dd07
SHA512 3b57bd29eaa454fa4c6321fbcd9e487b3f61c232da39b831d8a42f8f4b0cea7e201b6db54840281f12869cfa7d1afd97878826906aed363bb505f6466d562b64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 459b385eb219ff8b3bd14c7cbe11d991
SHA1 0e9f46ffe4cabb89232f104e1806fe819c2b6888
SHA256 0c962b4720a49bbc85ee22d3bad12cc6c2e0fece20805cb2faaf362ce060d7c6
SHA512 2fb27f155ba4645adfb6e70fd423d883a5156c46673a27d248d1d37ff87b944b3986a0da0d8507aa92642a4bf7e901e9203fe907da08a4ac67786b5172321c12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c7f106bc72ee907b3aabd9dba7a171c
SHA1 6bbb1234053e6e46d5b5f31f1dbf68c3db3c9e3b
SHA256 e912c676dded91ddda65cbdcacf04556c8e6d8ff3adad10db2d6306a2d3f8ed5
SHA512 7d178e9d577b2ddb6bb141379bd71e058c68201e1d03dce1df1938727f5f2f57c4449afa930622c29a7f200cea3adeee2e897d4ed56f7cbe44911c13d6520806

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cf729b106b3975dc9b13e69b52aef67
SHA1 ac8434da0d4533370c8dbf5e338bcd1b4c3071dc
SHA256 658b3fb0bbdaf789de2f426bc6fc3002e9736da9d8f396772a3f956c25487f17
SHA512 7e133a926c71e1fb07b1ad12d47c3d9a5635a7e7b273433d8768f8fa93cef0141d8128271856a4779a1736dae0dcfee92ab05898afd36b746d544f4a7e4583d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00efb4c7f9524e6a77ffea8298fd6695
SHA1 b9d19a0784bae7f16ff03314a45b9d5f510af795
SHA256 242372e14134b42c0e65bff3069698b8874c69fbd56953fb751381fe6ef13658
SHA512 e7bf94767871d3a47701fc0995940986c950d083d48780c77cda65d30879df755aa8e4fe2bce7161d7ae84444682023eeca9abecc4c8b118163a1d719133fa35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e603da5eaf803ac1dcfc993ba5c57afc
SHA1 b2c0095a2bdaa1b7f599ca9899f6d96934cd7f33
SHA256 4f4b4122ca12d9b5ff066044226e931275e382268411755c186454dc6dfbd10e
SHA512 5248332ec3261cd9e60ac3f75ec4b65fceba12209b447eb69c7e55efd1cbfb72f90d4a822ae1eb35e0fd80c727906592f867cac5dd05fff52c110419f0f07bb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c08e4f78b82560d683b60076fa8eea5
SHA1 d261b46e47ba55f0653e2cca9dac1461d8979c9f
SHA256 5f0d9a6dca2fda74e8d4053f5955023655536f750530921b83ade1f5091bb93d
SHA512 5acf6b998f268748b4ae529a3037e9ddd1f838045800d0328f980c7a23a309c0b4a4215458a0e88b2b0cb4fcc50e78fdff23d7eb424f93b6c270f74b01cc3cb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82a69b655a19b3a0a1b66c4058e21e92
SHA1 b3efd95d0b659aa89f2aa4439a3a34aeb49b6d45
SHA256 cae02b25c2a15991a2610da81d55254c2261f4819d63b28a247430447bf8a502
SHA512 d36ef46d1034e74d5b3ccf088e21349e59d0bb170d1dddd12eac98ca49b22a801cdbcd7710860c7187ae593e4afb61c1ff76ff5536470e93c9ff80e6ffb75df7

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 18:07

Reported

2024-11-05 18:09

Platform

win10v2004-20241007-en

Max time kernel

86s

Max time network

87s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html

Signatures

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{B7DED891-9EF4-4A6F-BC5B-4B30A7DAAF66} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3480 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1d5946f8,0x7ffc1d594708,0x7ffc1d594718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3416 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc 0x424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\Install Guide.txt

C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 92.123.128.146:443 www.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 icheat.io udp
US 104.21.25.33:80 icheat.io tcp
US 104.21.25.33:80 icheat.io tcp
US 104.21.25.33:443 icheat.io tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 33.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 104.22.44.142:443 embed.tawk.to tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.44.142:443 va.tawk.to tcp
US 8.8.8.8:53 vsa107.tawk.to udp
US 104.22.44.142:443 vsa107.tawk.to tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 www.premiumvertising.com udp
GB 84.17.50.9:443 www.premiumvertising.com tcp
US 8.8.8.8:53 premiumvertising.com udp
US 8.8.8.8:53 c.adsco.re udp
US 162.252.214.11:443 premiumvertising.com tcp
US 104.17.166.186:443 c.adsco.re tcp
US 8.8.8.8:53 adsco.re udp
US 8.8.8.8:53 4.adsco.re udp
US 8.8.8.8:53 6.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 104.17.167.186:443 6.adsco.re tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 11.214.252.162.in-addr.arpa udp
US 8.8.8.8:53 186.166.17.104.in-addr.arpa udp
US 8.8.8.8:53 5.214.252.162.in-addr.arpa udp
US 8.8.8.8:53 186.167.17.104.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 162.252.214.5:2087 4.adsco.re tcp
US 104.17.167.186:2087 6.adsco.re tcp
US 8.8.8.8:53 sw210s9t0utl.l4.adsco.re udp
GB 185.200.118.62:443 sw210s9t0utl.l4.adsco.re tcp
US 162.252.214.5:2087 4.adsco.re tcp
US 104.17.167.186:2087 6.adsco.re tcp
US 8.8.8.8:53 sw210s9t0utl.n4.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 8.8.8.8:53 sw210s9t0utl.s4.adsco.re udp
US 38.132.109.126:443 sw210s9t0utl.n4.adsco.re tcp
US 38.132.109.126:443 sw210s9t0utl.n4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 8.8.8.8:53 62.118.200.185.in-addr.arpa udp
US 8.8.8.8:53 126.109.132.38.in-addr.arpa udp
SG 185.200.116.60:443 sw210s9t0utl.s4.adsco.re tcp
US 8.8.8.8:53 60.116.200.185.in-addr.arpa udp
US 104.17.167.186:2087 6.adsco.re tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 vip.timezonedb.com udp
US 104.21.93.68:80 vip.timezonedb.com tcp
US 8.8.8.8:53 68.93.21.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_3480_WCOUUBXVWRQKSVXO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfdf910d-1cd2-4605-b0f8-0295182feb3d.tmp

MD5 53aa21bd8821c32451bec08a67eb30b1
SHA1 a1b3c8e4aad14cd64d3662eb4842acdf11c5e1d2
SHA256 d760823a713e173c16f10c225a5ee18bacb43f51c3abc66ceb97234c2df79414
SHA512 7d0d157d67b1b50457e26b98995ac4ba96406ccd71cf6d532ad784b69bcb130f0dae07cc2a14ec032eb93174890a0411de7a109ff2261d2369f3f4a0c8071c5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1acb37901c94a8f12f111c7a7d3cf01
SHA1 6b5341a25d0aaaf965e65f81aa464a2370329846
SHA256 f53a2380b448a20054778d8ca58673c5e326105181c7b4c15ec2a3099950f6e8
SHA512 101000ef04131103155d7d847c03f1d5c7201da556a334c0f50e8dbca6ac37a5257d163243d2f87a05061a2b21ac622acea6b57ad13ad61f2eee1be3e33a8351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a8e7a6cb38eebc9fbd7850c901ef422
SHA1 19c2dfdcd02d5b8ba1a7f2c76d2e21a6e3912149
SHA256 c7ec8cef61d65e77378911fa003ddb7f8f380163a3ac1742f8950908d59ddeef
SHA512 9f316882958012688ca1fc893ce7050b898948dd5cfaaab03ed2a2e9743cebbfe18f3223e6ec943b2d5baa1eb2ddaff683af3045b4b16d0a234527151c4314a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 03b1cfaa7d36337d472a96c4375e612d
SHA1 11dc55047e35bf5de4cd9355d63dfb260134fc8c
SHA256 ee0a54330955c4516f7f57f9cd56eee28900863f7de6598458bd88866b7e40ca
SHA512 7d7750b8622f0a6c3c9cabc582956602c531ff8568f18ea088d267454cf25a0dbbb1f5a43215fec995e9aeaa379976fe044d3ea3234db56a7ab4a5444273a437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 307cc9c90b07960982452fd122fa89ca
SHA1 d3f42e1a37b7a5e959c39a58d2a0a0e052b49961
SHA256 c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718
SHA512 ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3ced5a715e69aaffe187d0ee26c9f4b
SHA1 23d1a4b904e8765b396301f4f57d593ab4dd6b34
SHA256 250777126448dad086038066434c3038e2eae594a973022e770039d1d6503dce
SHA512 f5dd4f1337e4924478d266f30eb9ecca7069dd99ae21d4595ab7c7ccc0d2ccfefb29903c02df5bc4220b759ac9075517599ccaf1c8ccb5266b778f2cc3a55632

C:\Users\Admin\Downloads\undetek-v7.5.zip

MD5 8def5e2fd03961dd14b0a89d1b6f2a61
SHA1 8611936ba749041a202dd88bc6ce722e55f2ef9f
SHA256 d5c89a4b9ad6b0fcbd9692a2b444878630a23a1dabac11a28ee2445a3093280b
SHA512 ef33163bf2081153811d2d433050b8bc882b8647743c15336aa0529e40323b2a175f77e7b4a5799f558206e82b044cc3989afe19d9410a1f526829c94e595a72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 91069e65552d998d18acfbe3a30c85e2
SHA1 22421e1a16dd4d6febf33b57eb12f211df43440c
SHA256 5d4cab6c8b25df9eba2a01d9d4e234123dc2b81322cd6696b06ef5c821276b20
SHA512 7e64590570e886fcaa202d6cfff74e12ea2bad2d4e5b98ccd6635dcbb81094082ad4206966219cd852a5167da44eb9b3d261b9bbe7978f9acef50d46b5c0c7ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb171e0fabe6b686311d7e534a6775cb
SHA1 be193ea8fd375e2b7d44ea19942921dfa2c56ac6
SHA256 33ad3a3205349f1f59c4867f034bf6e2c2728cbbb6eec7634128e7b82512e5cf
SHA512 53030a402cad60b4a3d365f47b34b6097d07eba189f2d2b867b484584e5df2db7bc8d0600a25f11c4dfe2aca73dd024c7933e1fbec72e6650db88bd1e9947294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e65d2dd4091204f563671be1a19cce79
SHA1 bfebb685dcf5107210c38236256e9d95488ff844
SHA256 8c6956c3e08d0c78f35e67436a552617e063a7cbf85d34e04fbb45a2e7b6f472
SHA512 15137661345c15335afe06e91c9be7810d260c20dc7692512b96d5ff69230b72242d27e262ba90a68d365c526da749dbde11392d5a0b728cc92802eedbdfd375

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a7cba42beaf8d94b2eea907a3af4059f
SHA1 573e0a819cb163e8230e618d639f8b0c71bdfa72
SHA256 2d071858eb4c2407292dbae6219657995ccdc8d7ec7c6fd976ba96adf73f01a4
SHA512 f9cec0d50ac0267b49119bc4b5f86c375fbac1eddf147f9cd11d27d608c953b6209b18995ef94eae87561599302df8974c71dbb80eaee59b531e0121358cc4cb