Analysis Overview
SHA256
71050844beef6a2221e7a65df0f97646358b4aa41c12cadb85132c38d0a9effa
Threat Level: Known bad
The file Danger-Multitool-2.0-main.zip was found to be: Known bad.
Malicious Activity Summary
Babylonrat family
Downloads MZ/PE file
Deletes itself
Executes dropped EXE
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 11:25
Signatures
Babylonrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 11:25
Reported
2024-11-06 11:35
Platform
win10v2004-20241007-en
Max time kernel
599s
Max time network
441s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO847CD4D7\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO847F00D7\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO847D1FE7\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO847E0359\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8477CE29\Danger Multitool 2.0.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO847F00D7\Danger Multitool 2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO847D1FE7\Danger Multitool 2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO847E0359\Danger Multitool 2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO8477CE29\Danger Multitool 2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zO847CD4D7\Danger Multitool 2.0.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\⭪耀섀\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.md | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\⭪耀섀 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.md\ = "md_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\md_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main.zip"
C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe"
C:\Users\Admin\AppData\Local\Temp\7zO847CD4D7\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO847CD4D7\Danger Multitool 2.0.exe"
C:\Users\Admin\AppData\Local\Temp\7zO847F00D7\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO847F00D7\Danger Multitool 2.0.exe"
C:\Users\Admin\AppData\Local\Temp\7zO847D1FE7\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO847D1FE7\Danger Multitool 2.0.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO8479AEA8\README.md
C:\Users\Admin\AppData\Local\Temp\7zO847E0359\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO847E0359\Danger Multitool 2.0.exe"
C:\Windows\notepad.exe
"C:\Windows\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\7zO84754079\Danger Multitool 2.0.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO847E1F19\README.md
C:\Users\Admin\AppData\Local\Temp\7zO8477CE29\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8477CE29\Danger Multitool 2.0.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO84780929\README.md
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.17.178.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zO8479C5C7\Danger Multitool 2.0.exe
| MD5 | 1f491b029221bcbcc52f101effcdcd05 |
| SHA1 | 0df19428a47dc69ff5fbf09ceb89169e8e3261e8 |
| SHA256 | 6307526cdf7d6d87e41f57b43c2231e4a88cd65f974a72078ee247543c24241b |
| SHA512 | c43c633a335361001e789cee9eed489a284b9f7f535e45ef2851d9c42dcfbcfb7ac83bac34fa9304643d93fb5edefd480c851294a720b261c98fc3c1b34de6e1 |
C:\Users\Admin\AppData\Local\Temp\7zO847EA388\README.md
| MD5 | 1578b4fd6f566e5315362ae30926a4b2 |
| SHA1 | ec02b4a2580491e426dc4f1139f8cd8c12770840 |
| SHA256 | c76414b13a2981641a279b008c131649457233d7d90429c696d46bdfbad57f01 |
| SHA512 | 611713834a549cdc3e1862d69bad6cfb7f866981b4103c98b0e56215022273580562a156213501a720134953e21b6f9f1b8795cc807394b501c019dcc7f1aebf |
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 11 06 - 11 25 AM
| MD5 | 465c856d600061594cba9f813b0629cc |
| SHA1 | 29349baf5aa8df424ef7e44dc1b0e86fa1b8f684 |
| SHA256 | 9dd175f267198be5af72d33d9b0ca7a3473aa72bd6ae59b7d4ec100f6b2752cf |
| SHA512 | e8047e0b4ca0f6bba79d50ee8ab1112d5df57035f4af76d6f32971e8715f63a121d8d6453a8769e11588fa8e8599908dcab357900c6da4cdb348aef69eaab336 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-06 11:25
Reported
2024-11-06 11:35
Platform
win10v2004-20241007-en
Max time kernel
599s
Max time network
600s
Command Line
Signatures
Downloads MZ/PE file
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 193360.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\Danger Multitool 2.0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe55d046f8,0x7ffe55d04708,0x7ffe55d04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12831991342497725117,13760995311353511429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3528 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| GB | 92.123.128.191:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 191.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| GB | 92.123.128.170:443 | r.bing.com | tcp |
| GB | 92.123.128.170:443 | r.bing.com | tcp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.64:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | www.python.org | udp |
| US | 151.101.64.223:443 | www.python.org | tcp |
| US | 151.101.64.223:443 | www.python.org | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | media.ethicalads.io | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 172.67.71.230:443 | media.ethicalads.io | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | console.python.org | udp |
| US | 159.89.245.108:443 | console.python.org | tcp |
| US | 8.8.8.8:53 | 2p66nmmycsj3.statuspage.io | udp |
| FR | 3.165.136.108:443 | 2p66nmmycsj3.statuspage.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 230.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.245.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 143.117.19.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_752_DWORHJOXUGDIMQXS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 404f2fa73c3c49b1437e032ab0079a5f |
| SHA1 | e1dcd13d3ec2e7c0bcd689ba72684fea9c830483 |
| SHA256 | 930bdb1c8a4394152f12eb92aedd485985d5c7969706e696f59583eb287f91fd |
| SHA512 | 619d2f535264ef7b76e6ee2dc4d9d30a7eb760d35927c655c222e951a903281d550a1a2d0370dffe3d93217b960cc5ce6e3893acc1f3be29e20ed0227b1eba01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 807dda2eb77b3df60f0d790fb1e4365e |
| SHA1 | e313de651b857963c9ab70154b0074edb0335ef4 |
| SHA256 | 75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc |
| SHA512 | 36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5bb84e6fc2914fbe36f0f095d7c88b9 |
| SHA1 | ea17c723f040f5dd229c84044c1c3ee9efc85590 |
| SHA256 | d5c259fa8638c86fdb9f5ab0975cfcbcf17aa8eb594030d0f02dfd5552cda494 |
| SHA512 | 837f951ff267b9346d88be9cfe3479951d49d7f95e320c4498c0145139bc31311c285175f54cc065201df78ee77989ed6fe28455e66ac995bbd5030fba79bbe3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48e890e52ce58192e25d3c7e1aea65d2 |
| SHA1 | da316d821efbbcb0b324261523953d7205f8d155 |
| SHA256 | 72d3e77e5c3866c112eb0ae898232117615b5f0ddc1fc4676dd5755e2a0881fd |
| SHA512 | 964410244f292c63de2510fe685ee14438bd47df8eb013baa91fc3831d7efdbee1460592a21837d1d9584a4e72e41cdff41f1b3b4a6484065185ef4581c2d05f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79001d1cf0011202dbcb8e7d832d78ad |
| SHA1 | 631345674800bdc4bbe04aa10408304478d153f2 |
| SHA256 | e0f13f9aa66eef4388d4123bc772a761806b153c8b0f3f2f1b4e9d328f913853 |
| SHA512 | 2440366c452e6bdb965646f473da6bb0854a42131734d8ad7afc3190a90c9b8924d91c3d0e5e8a93c1ff385d5d97f9fd6156f090aea10eebb9aab99ecb90332b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f5c20466f8cf1b84e7930d1e35ac1f4 |
| SHA1 | 72cce28a23422272e76b64d37810d13f36c6d015 |
| SHA256 | 35ccb2dd523a8da02d32951543c11ea1b678eccf331f4f6b64829f14910b4835 |
| SHA512 | 859e77e8b2b730fc239029616f2e187d0862d704dd4135191d842216ffb01aa4aceb8031fefa8ca97b6d7fd5c37df6c78cd5b843cd16b741210f7bdc1ab7f710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58773e.TMP
| MD5 | 4dead37beec499d7fd6e73975cc2219a |
| SHA1 | c323b5bfa24dc9410246f0e4092a9493dc854bac |
| SHA256 | aa5219e91ced4554b1d4fa81f02fb2546d0401968f94dc1435202be3cd738175 |
| SHA512 | 04875fb0fd062742bb902e36b57acfa0c012124501905518c245beb26fd34e02494dcb49a8e029a6d8f722eb40200348e84344a5fe116041d64aa091be2134f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 287df6cb2ae670bdee0ca5d8143a9734 |
| SHA1 | ed5aac12f061cecda2ef3fd395bd57365c137353 |
| SHA256 | 1c00ff92a051ba3db281cfc3495077f46d4335593300d9836c2873cfdfda0f38 |
| SHA512 | dc484a9d1a9ab385686c950eb0aefbfcda894258b99dc329cb4a41a6ed25d68fb3798600c3c0851f3cf2549b4d2a291d9756feb61659ac10c52ddcbdd02f2a7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4320b3569a1197fc6ddbcc5197cc327 |
| SHA1 | 74f8be9110aaa459df164eb40c4847863b093a6c |
| SHA256 | 927b85bf072dd2b9e9f910fdef93a7d141a854067f572d53518f7699d6cb542f |
| SHA512 | 00552e230f81bd83ae85c158b154ad8b9abe7ac5d0fe52f286f5cefbb5c8dced3ecc91e8133c0f2670558326def3ef7a119f12d6275b708ec8c46aad8110e87e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae6ae5ffa21129f493b189411f54d4fe |
| SHA1 | 1686f92bf3b65fa9647f8a1457f6947e11220c63 |
| SHA256 | 3ec649142cfce81efa9c79bd5b92da650c8c41b304e7bf0ad37b4002e3b44203 |
| SHA512 | c462db1f74f3b804d0b9e7191a10c539b3972d089130ebb293c8ba284ec79c3c68ed4687e7f4e17d00b4ae54e77be0d5dd2861fdaa9318073c76907d7140296d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c8e6a1b5d005cb8bfe38f4e98a70b2ee |
| SHA1 | 46298d8aa2410f6c5da138e168b1ebac7e0b1e95 |
| SHA256 | d5f7e39df4f85e85b16f6fb6ad3ba42f2f627a5c23276953f10c6d86e32e1afb |
| SHA512 | 00882a61c273404b9288e1b50f0e3eddae76810bf69cef2a7356d5a3d236acf144a62e206682a2d5efd35943b48a28c454e0a87bb184b1882669f1bcb161dc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 269cfb41acf917824ec741ea711dc606 |
| SHA1 | 492f0de7e28829db25f1ebad71e4c13caa53871a |
| SHA256 | 125533ce6cb1235d17779b63c6bdb1499f675b0222a40345a487f2c68ef63408 |
| SHA512 | e1191f8f8d90ea09e3b5b9b9e1bcaf22c8d046213889c0914a76a15b031d5801269aacf14520910b12e61def92676943b6fb57d94123765ff9e4df8c6bede103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5bd5b24555b82449360f6cd380fc089b |
| SHA1 | 17cae443546edee22ca0f7526ec224d17374face |
| SHA256 | a1e4e96cc975ea73bb05d42119a0ae636a0ac6b2e7fed452ad8bbb734f064327 |
| SHA512 | eb78d929d3a058539caf2e72475c574a9c9a7d5cc4d8e57dd4667d8fe7774ed7a2458e5876dcc1ef373181ac13be260d5f6161f88be49cea2afcb1e55c257c0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c23cb91de4295dfcf92984234765b612 |
| SHA1 | 5898109d9cedf4b7f894fc419fdaf99a1e786beb |
| SHA256 | 843f3974291181c0c05ceb92e4e0169bc17723ff799ca0c89eb73bb0ffd51c78 |
| SHA512 | 9f1de9999d6af0a4384b3ff6a0103e25dc41f77a3e4f5410fb4b090fa96652136a01efce010cd83a9870d0ed33145880a0e9512ea3fb612d57b459a2e3c624c0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-06 11:25
Reported
2024-11-06 11:35
Platform
win10v2004-20241007-en
Max time kernel
432s
Max time network
433s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Danger-Multitool-2.0-main\README.md
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |