Malware Analysis Report

2025-01-19 00:03

Sample ID 241107-wc9zkswhnd
Target .
SHA256 f75e8e5a49ae2775ba362b1d31dda98a23302360ba3da67a3d3ca53751d914b1
Tags
discovery steam phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f75e8e5a49ae2775ba362b1d31dda98a23302360ba3da67a3d3ca53751d914b1

Threat Level: Shows suspicious behavior

The file . was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery steam phishing

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Detected potential entity reuse from brand STEAM.

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 17:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 17:47

Reported

2024-11-07 17:50

Platform

win7-20240903-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105b90403d31db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000009a5574a54eefb48b6f21744332e138beaae4ec4c0a667147feeb17d24315612b000000000e80000000020000200000004d6870c1f934b790933cdcf4008964d088cbc6c537f82a638a37310a01e2bcde200000002d78154aa11d867cf1466c58cc1e48b2bd7d185104cc037ee6ae788ca589657840000000130ead4be3c1c510d829328646effa98a487498f64c2b91554c3569b80db79f9640a74d05d56fa26955542a34f98021468c459e001016b188e109b010c205130 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000765bffd35073c64044701eb0ea696ac5d999f5092424a3fc50a07ec94dd16caf000000000e800000000200002000000059d5be708dadb646722aa5b79b1399faecbae5e0a9eb0c1ecafbfbb4f819d3eb90000000a627308152b4c12a50c51e0baa3fb7c3530041db64616bce30f22ac7209f8bddfeb69db0d1001bf7e011874697aee28a4fc98568eb675b81f0c71725ebf06c2deeeb4470ba929cbcdfcb5e54202a386c60062887b307a7acf5fe51dc754343ab11b1a7f7411f16f2dfa7cff1f6ff4590719059b7b6b470a9dde2ea461cbba8fdcf4bd772ef390e39097f2764dad0d8c8400000002faca92bf19ffc9dfd6b13e5a547860f0d21f1d73621dad4c89b0eb3f823cef927055ef56226ca4db208f707d953568321d30a94a79a251dfbbefb46bf20c5fc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437163540" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69EE61A1-9D30-11EF-8C85-523A95B0E536} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 community.fastly.steamstatic.com udp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 151.101.3.52:443 community.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 151.101.3.52:443 shared.steamstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD694.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD6F4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35ecfda3810684588218bc670837cd8e
SHA1 ebeb2e7a33f51be5b0d22fff6961d0849a299f5c
SHA256 c64d68344f8e8f22516524a217ec1ab2370a93cde6d7f152d08aa11f32dbd5c7
SHA512 4d53dd0f3ef6611cc9afe1040e66495c0b0df929a5578e9121d277572c9b1673a6b2697810ee9d563847a1ef5feb517cfe01fbfb063e7b34a2d6d0379c2d3b68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05197eb13b89f3bb3ba165840b890d48
SHA1 d74de809e90e3c47bb88be7d2ecbcd6961e63600
SHA256 16f0928f8064ac3b5488bc0989acd2d771736f174a2dd55eb18a210f0b245ce0
SHA512 8c7c2213919d4f34d9df8052fccf6233c14c4c9164bc90f89782328d1cf28181ce101c3cc272289dec3959bef63417269f8d1472396a12d98ddf434d2bb89849

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72f41f7ff78c728ccf3f87b3798bedb2
SHA1 70751bfb9a4e8fe6f3c6510760c1e1c1832e5932
SHA256 1cd33af1f928a2708088faa7a1291dfbfb32880e9af5dda187973c0931c98f0b
SHA512 0cb374e5d0659c6bc3d80111cc73537d0b65e077778390bd0f2dd43c3c7782561f68e45edb27c24c5d1d1910afc8d871d8bc8f8651e51b5d607227d401548a07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 964ac49fef78759a76bc0888cb6852d3
SHA1 8cdc2eee8a7e8bccd799b39fe8597b44130c0c59
SHA256 47d0c2fabec2afebd7512e5036344b1b10818b204a4dfa4ecf85dd18f0eca053
SHA512 09b8e4d93a17668bb4abb5283fd6dfbd23242053fde4bce4682ab7436958abdcd65f3b6140c66ff2f97b3a7b5b9332c3244e48d2238aae8d2423efc2430694d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92b419453f400101d504f0c7113c7cb6
SHA1 600fbc08296909d57371e19bb6075d5bf09c4dfa
SHA256 69acb9a6490b67ddee938fc3b77dd815fe5e98b42510d40aa901d9a3eb1c7091
SHA512 1cfb97cb6a2c0e27eb269b0f602c44a32672901537d516a563ccc45dd0a9a593a23162cad098ab7afb34e00692f365c4e18b77d51b4a01698822eaa0d8acb493

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b330b049ecb325d6d397820c01afed7
SHA1 196bb16a8a9aab8a8a6aa6a98da80377068595a7
SHA256 f31f1ac6e2cca022b6e438e691064ab63fe59fab3fe28befe988ecd7d03f25d7
SHA512 fb676e259c74e5e172ab2d145d1edbad43d8ddfea19af5a242f83ef80edde11e7436e5f32e8d5c47ac3ef65fbfa3ebe6114566ef8f0313d6cf070b9f7a25c50c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d30240cfb4a3ef8aac39bfc762c448b
SHA1 335666e76ebc01601aab10df4be935568e0de654
SHA256 140569110690f22e6d2f7014a8035b25c163eaf56c20e4ec4a70e8c17f0daed6
SHA512 bc81bfd847878cdf900aa6c9511e6f923894eaa0346145c0a06abdbd887b3a8875e520108431624be67a682d02ba0c413e0f31fa0303463b3019cbd1fd14c829

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5386487327a823c37e780e1fc0066ebf
SHA1 3a24e21c60404b3e39e05edea6f11385e34c352e
SHA256 9a8a5657e7a63642e892ecddaa34dbd1e7e00d51325b57ce794e8d34acdacff2
SHA512 6cc0e1d3fbf2d8feeb88287bb615a679fdf72d53e2e78aacf2caa1eb0925df1c7895fc2803baf853d720431c6e3d2fd1debf543f4b91ec4de5240e1d2deefdfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff48e31aa5faf55041be73bad3c844f
SHA1 e19f8dcde42aae400f7c56b23b97f5781184ebba
SHA256 1ebb91ff992234483c33f99e679447aaa4b3c70035f261e4ff0341dbac538687
SHA512 b58c2ec590dc2d82aa243e5403d02b500ddb04f242dfe986cfd0ea869e2288bc3f8d52fd96046d555ff2c7a12073175aeafa09a8703298350afa4052cd836697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af01bb255de09d5938008acbfdb522a8
SHA1 4faff5a3d9056ad090f89670907b390bd610fbbb
SHA256 e16b922599764983a904860b6b627e0471c42834e38bba3b10953c4e746766dd
SHA512 d3e9a6a4162973757c53c679ed0a5bd8e725ac9eddc15e65de7745c35b12f5a3fe4b63abb861501957e814c5c85ec9532d3179ac54ad7f2ae77cdd4d311d41b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8b41cd63e8523689f154608ac8523f1
SHA1 f18697c2f68a5011da432ab5a1edc13a6143429e
SHA256 57df3e757c5758527d561e0b73321b7dc96cb53abc48dd656632f9abbbeb4afe
SHA512 36196546afb75ff1f308de3f85b072f28869b971929b2d9c5b3c953713a91449b296a3816d31d133cd59b738818ad6ebf38780f2372dd78c1527eac2e9035419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2272f6fc8d939ab7fefe0fd11c0b575c
SHA1 25b23be5b967f05d928b544639f37ca54373b78b
SHA256 d6a02e4d0c15dc5790288ea47acc28dd97ff281dc085c1ce1aee27475302093c
SHA512 30d8240acf354a02571c24eadc3baf5c4c6e70a8f4e70275a1e75b91fc389a5d8df29c3a25bbc6d2e88f833fc8c137d435c52749aa53119c441c4c0d5dfc320f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80f5f0b1fb609fa38edcaebd4674b0e
SHA1 3aefa8797bfd4060cad9eb1197e4d3149ac65d00
SHA256 13827c21638c9756f8a453b315f926193541535c8ac5a27912b351855112a758
SHA512 0d1d388e3cbd4f4b6f23fa419c5732b168e55f193e47205dfa693d424cb0f5e4e271f663d7d24e0ad45bed1674316fafef2af6481795d41064e14b80290481eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97a6d9e53e58aadb5c51ca01031803da
SHA1 db4af7f06930821a1c218a3319978100caeeb4d9
SHA256 9218bc75f208568cdd5872a57d0837e0c649f726b7ade0e947583df9b391786e
SHA512 e147b6adcb4e8fa0ae1a34b6821f036752e5e417a07c18e24ccae5e6385c92bbd7021a42f6f4b7a5231c252da839b47351dd02b4725431d66d367c58870b814b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc693c1faf70f8884a3a08fc369227a5
SHA1 b8dfafb64981d37d925af13479df528ca6a8df11
SHA256 6543691cb44070e7cabf62499e3ed8fb3b4f5f6dda97574fd9f1ecccd37cf083
SHA512 e1f103040da5d0c0e9e21b58b8236ba1559aa272c5dfaed41960e5c3eb8c5c67a0b637b9dfa071788aa0fe7874cc0c676cbd5163b8ba05d372492fc9c434ae44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 206f1124059943e0003a31e59b671951
SHA1 246109e617b65c6ad98b1cd10060de76616d2139
SHA256 57625b3ab54cdd62fc5001d2603dcecd75ceaa47de681ad9967627a27621042b
SHA512 7f194ad9ace1172131cbc73d828c139a1ad644d99768a2a3ce872b5c82298823a276434f8d992afdce673402b920b554be716d60fb949877e135451e4b487931

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edebf7b4d2c868add421660d66c2e55d
SHA1 0b76de7cde6ac9556381990ed60f6a5108d4b459
SHA256 08ea3b609e8af65a36a7d6713e8321c59c77c48cc9b89c032c0fa8f8f43e8ede
SHA512 a970e426b2f6b50c93a099ac97f15f0312dfa59c54d4f91b8fe1b45247e005dff54cf3187234b2ce7763e5463c71e3c6704e9bb53c62f61c1f1feead0273ca6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff229ce62e7c1d6258e1bbb5f7b4626
SHA1 1e34218b24e0eef68ae57d71fc9b443f715576ba
SHA256 60c1683e64e50273bdc26e0c1e34ba88483b31b58743d91ecf2bcf3fc8f3709e
SHA512 a27db56b411a000634e2cab3bc6d1994f92031238c4ade637ac859dd446f9c9a717fa9f8b6850b44b22369be19a16ca7991d9e43b6b0acfd8ab7ef83c6662ce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a66941aec9d6b0e266aa9619c299fe7f
SHA1 8f1ae4e7b08336bd8634619660da9294472d5923
SHA256 19fe6bafc94497fe8264ed2fc7d195ab989b474bb2c918f1736d88b501845af1
SHA512 a6f672dc8a169cf1022cafc6bc40b848ebb21a7ca044de67cc36c8b15368494b1bdbed820922fad943c2e1a68ad082c509eb068551e996310df22d283cca01a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97196c4abbe474cbab3dfdf88a9d3654
SHA1 e163e50bad6285697040206ce7bb386540e8a455
SHA256 c7d7411b13397d689a173ca12311ad1503ea11983c6eb8f7de2ca73e02ffed81
SHA512 ca4b8f712ef0397f6dc3fe0288385428fb7b934d5381ad5a3e9d511498713ac14311e19c1207acdb6263822b06edc2a645836658c42a7bcdb3c8955ea6984612

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be37522cfa5cd3c10423e6cd6bf2506e
SHA1 961efb2597b262762e72b8ec390ec186c6e602bd
SHA256 e5cf507f7d6903a4e2bec37530470c139ec6cb48de9bb5b35284f0ba0f6adb95
SHA512 d138e16b3adf0682df812a427a2f3270d8344ac45cf05126190dd8bb56281f853d10b398e5a4e20f26bffc367cc6efa15725f7f77ad699edf4c80eaa5cb1ad82

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 17:47

Reported

2024-11-07 17:49

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

101s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Detected potential entity reuse from brand STEAM.

phishing steam

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4868 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4868 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9da5d46f8,0x7ff9da5d4708,0x7ff9da5d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 community.fastly.steamstatic.com udp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 151.101.131.52:443 community.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 shared.steamstatic.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 151.101.67.52:443 shared.steamstatic.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 92.123.128.137:443 www.bing.com tcp
US 8.8.8.8:53 137.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 is.gd udp
US 104.25.233.53:80 is.gd tcp
US 104.25.233.53:80 is.gd tcp
US 104.25.233.53:443 is.gd tcp
US 8.8.8.8:53 53.233.25.104.in-addr.arpa udp
US 8.8.8.8:53 syteamcommnumnlty.com udp
US 104.21.18.169:443 syteamcommnumnlty.com tcp
US 104.21.18.169:443 syteamcommnumnlty.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 steamcommuniqy.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 169.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
GB 2.19.117.29:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 clan.akamai.steamstatic.com udp
US 23.192.21.216:443 store.steampowered.com tcp
GB 2.19.117.13:443 clan.akamai.steamstatic.com tcp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 13.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 fonts.cdnfonts.com udp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
GB 2.19.117.23:443 community.akamai.steamstatic.com tcp
GB 2.19.117.23:443 community.akamai.steamstatic.com tcp
GB 2.19.117.23:443 community.akamai.steamstatic.com tcp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 124.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4868_QHGLTTIVFPNWWDUE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e0e423ef0e32139eb38d95f2b8220f9
SHA1 f9975082c21b3d7b2cfc18e6e441aafa1c753849
SHA256 126c0e5d990c5a1f86089b6a254e74fc41ae50ce1c75e34421b3865355254a07
SHA512 16423156ab0e572980dddcb2db110e77f7ae31b47f0cad4a2d65fd286b6d048287aff044384993838b03abe3878bb6c329e0daf5d6dbcf448b10d54894cb7baa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8825443da359579183b05dff4cffc9a8
SHA1 42509bd9a1e8244cabc991850edef1f787ff8621
SHA256 77d3eaebba36c7e54131161c88349d80eb4c5ad5f63348c2e5c755715b83c024
SHA512 6d5756407bf30c0aca2f6db1f280659b57880fd85a5572d20377745c44351c1bd86fa26816ae327a69e30947e94a66447db1076df1a4216f0f53792ee6a0dfdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4dc2a6de648d04878665414d9c7b72b8
SHA1 a6fee0ef504fe15e5288f87674df26594c51a597
SHA256 4e8ebdb28e19d1315d5727bfc729d07d5e58afa47d7e63b4ec0e762962bcacee
SHA512 c3432c7c4a3cf28b7d2d00db9f4141a5d2b251f7ebff3351ba325731800a17450b4bc98a4bb04995bb992e41688c30f3f02483e0e72bfee42277b120b2b3b6e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cd51f2a227b04fadc30078e39293755
SHA1 45bb4f60ae2a46802875506f844b7fd23a5bbb2b
SHA256 6c0013ee793af4b12750caf8171d64e17e32eb694e1be7fa0be67032706c678c
SHA512 8ed3828b6cbe2de73a569c2d8131d3cf3551de7469a0cca06dcd7acadced2c341d2e00b36a018f0ecccaf1ab489566e3334bcfb988cb3c042f2629ed86c1aa3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40e71a0d336a12ca482ff1ed7aca37d5
SHA1 9f2242138830b70759ef9a44a36b74b7e9fe8489
SHA256 02e8e06ea444ccd6b70032903af3b2cac00fa42b498db837233d332fb89aca34
SHA512 8d8413935b00988247cf7b97f6a38832b24af6d9afb6a14bb9dd7e421f95fc62389c606bbe4e8be282dcb0a648ad57e0d9bc0d795c3f30753af2bc605fd0ad71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d79cdb2f058ce2a2ca6295bf12b26736
SHA1 b28d7b0b65c5efdfc7bb08f80283a38c7cbced6b
SHA256 f503e9f9e0741c317ef7e64031b5564dd6643104e51b052178ec3ddbdcfeeb2c
SHA512 f7dfdabdb8fd6f772337cbb4c86034a4cdd693be9bda37164a12177a107cf00f3fefef03ea7a3c28b4ed7dc30885055d6b281acb3fadaf7390d96088c481c93d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b67252c37809564478469f293f428d84
SHA1 82baefd5ad600120e91e098e5396ea43616ecd2a
SHA256 e3f0dedd72d4282e1ca2835261281ae1b399bc82fa15950e210675244ee9b953
SHA512 5604130acc30cd4a61702c2f9f0222d48081857b04c07b087e13e823c9068cb2128574c6effecd6b9da99ec0b00d772603360db3924f689c2a62a3b90f8993e3