Malware Analysis Report

2024-12-01 02:33

Sample ID 241110-bpbmbswfnh
Target d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N
SHA256 d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2

Threat Level: Likely benign

The file d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:18

Reported

2024-11-10 01:20

Platform

win7-20240903-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA63E011-9F01-11EF-A444-523A95B0E536} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000d0317cbc66b8ed824c233c73620b763778ed3212215e7c9d17573def9bd50342000000000e8000000002000020000000ae9530ffa64437c95f40ee92dab301695ff9b9198ad036c16d643d23871383a820000000f5e4e0636a7dde68d1f97d3966795b8f09e52703764e184f292d3f7e82c30f7a400000005a64f52f6bf9a2997d16f9fcf3fb50f71a7bff95c50711939d360d7365d95c65d57355456229e98547250e11f86b68f114387c90fbc71f55a06f94d2bed50f29 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308e62930e33db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437363392" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000001e276bdec95087bfca496d789e971e1c319ba49c435b8a6a832a95b71c262a99000000000e800000000200002000000001ad232e6720f5d982175d185f1364dc1dfd74a9166eaa8d0e53a8fddd3eb32c900000005b6e5b8a29054aa27e2787d1690ab2facb36760dfc092a7751783f0b95c037bb911e2bd252c0799263c9c89809572095fbc954331be907edcfb6a06cb994ed0a1681f7d6e811c1bac2b9dda0e0d4be267713e8ce9b2881df74473c3495c829533e9a3d2637d571f3d459836fababe002dcd1f2eddba2a972498cb594cc90c6380d876607015eefc02a69c1f422a4d8bc400000002a3fdb038aed85d9227f4902320e489bda44b8adac487b8363372d6e8fa2bd1248b65c65399f784982457d86dee7e74a472d0c8bbe7f16deba84daba0b0ce560 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 images-na.ssl-images-amazon.com udp
US 8.8.8.8:53 www.wireless-driver.com udp
US 8.8.8.8:53 alok.joseacb.info udp
US 8.8.8.8:53 scontent-sea1-1.cdninstagram.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 i.ebayimg.com udp
US 8.8.8.8:53 beamteam.co udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 s-media-cache-ak0.pinimg.com udp
US 8.8.8.8:53 www.wikihow.com udp
US 8.8.8.8:53 thepcgames.net udp
US 8.8.8.8:53 dlc1.irdevelopers.com udp
US 8.8.8.8:53 www.webapps.me.uk udp
US 8.8.8.8:53 cdn.shopify.com udp
US 8.8.8.8:53 ecx.images-amazon.com udp
US 8.8.8.8:53 djislam.ru udp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 45.33.39.196:80 www.wireless-driver.com tcp
US 151.101.128.84:443 s-media-cache-ak0.pinimg.com tcp
US 45.33.39.196:80 www.wireless-driver.com tcp
US 151.101.128.84:443 s-media-cache-ak0.pinimg.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
GB 23.44.65.9:443 i.ebayimg.com tcp
GB 23.44.65.9:443 i.ebayimg.com tcp
CA 23.227.60.200:443 cdn.shopify.com tcp
CA 23.227.60.200:443 cdn.shopify.com tcp
US 172.66.43.54:443 thepcgames.net tcp
US 172.66.43.54:443 thepcgames.net tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
US 151.101.65.16:443 images-na.ssl-images-amazon.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
NL 18.239.54.45:80 ecx.images-amazon.com tcp
NL 18.239.54.45:80 ecx.images-amazon.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 157.240.3.63:443 scontent-sea1-1.cdninstagram.com tcp
US 157.240.3.63:443 scontent-sea1-1.cdninstagram.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.65.91:443 www.wikihow.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 151.101.1.91:443 www.wikihow.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
GB 172.217.169.46:80 www.google-analytics.com tcp
GB 172.217.169.46:80 www.google-analytics.com tcp
US 151.101.128.84:443 s-media-cache-ak0.pinimg.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabAAC2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAAC5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ff853b9a3c4a24c39add2bbdef0c1f
SHA1 a772865a78c131c04c928ddcbf925ed95111e99a
SHA256 af3482dc95e491e05ee047d2129a068d1616dbb92eb8ecca59a8448d4b5a1957
SHA512 da16115ea674aa68c7e302ea8915ce2d1d2c158a8f769938035b065b7852d45c0b7633f55337e5292201da8434ff65a8806f51381564f305b473ea42738aede5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 515c3e6281be6574a68ee9d29924a567
SHA1 6450b083459b8f2f07d03d1d327620a118cc9f6f
SHA256 43f3b2ec488f96ed8219685996bc8127183aa6d80d169458db5b6048e6ab82ac
SHA512 08f453b04a17254308567a62a72fe4ca9475f4b351fc8361cb402bf861766d862162a62763ba3dd512424225eefc24a8d2e75f2b1ff0568b5ffd351c643d2e89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbb860db952bac9ce46b9f0f8dfdfeb4
SHA1 200bdd1478ac851599d517922c01ec0203e191c3
SHA256 64ea1739a7cd8ab11f1c9c0a9cfc9c324af2a05c0513eb2a62d7161535171fb1
SHA512 4a6ad3fdd53432bef2269e6cafe2be74a47d0d81358f3723ce30b94e51b11db035cbf7d34f14cfb795337fa0e7d63f8c537bb8ea15097ad2ea1e53c4d6b315d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 868cef9bfd31c8f3fbf2540cf54d5975
SHA1 887b723ea993a770ac813d9cacb0cea7c801b158
SHA256 5cce670235874363a3213bc5192b60be9a19575a15836f1e8df3c79b9e7e1e53
SHA512 501429b13ba5ae5c6729838b1fa100dc697f2f952c23203e32ee83f0d497075f45280334a7d173faf5745d21d6444c98089c32c532ec2ddd0ae28c2e4e8c4229

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac14664e8bc439f09cc8056ae13bcbe5
SHA1 9a7a75578601bbb370da1a93bb93032dddbe1d68
SHA256 3931ccfe329ce72165b8d3567c24f4387807cb2676a095cb7c0f4a438bfaa833
SHA512 7377df7f9fc40db38dc7f5fe08f41b3ef1ea58f1c650cc25158780c972929f2104cdae7bb9944024bd2056e04354f8f5399f1c652497eb253d6956cc0b9bc419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 dc8177ae4438a863403d8197eccdf5cc
SHA1 d22a0894e24a9055ca7e59ba7e2fd18acacf1b2e
SHA256 a4adb30bda574eed60985d6a2817ffcf8c72f0e7601084827fe2207ab88a50eb
SHA512 c2c21c2d70ddd6e28cf315b305f9348e7e799e80adba5fcc7a7bc4d187dc1722346b0e78ab5ba11fa7441a5d5735236385fb676aefd83750759a8efeb8fd7ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10dd7b3af903eaa98625909c5880b4be
SHA1 f8b61f30ec388ec7b89297ed9240c2f9570471cd
SHA256 c1ee4d3dfa9dc288e76ee91f5d5407ae995657a2932897b4eb1d0b8b691c12f3
SHA512 8b7b9597e74e38633c897cb15c907b4dfb15629cfcff639e4fc5ad73d3d5c71b034ad8d17535b3754b06fddeac86b4eb0f427500ca7d62da9d39b13b225ebfac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 922492718d5a0fec6a2bc18e6c78af7a
SHA1 03922d8dc7f01ba192df490eed7104be82d475ce
SHA256 ed2f4f6a334d9660fe78d18cc9dd412277acaa8fa81bc1f0f08a2f3e14f9c28e
SHA512 cc6fd5bde58bd4382196a886e645b87d3726fe86ffb3848faa5c9087140356b7b86bab9afbf0b9fba500c20acc210a4b80eeae7f3bf0021aa8c759aa002f7520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 874dbfdf374154b394b7ca4f26ac5ce3
SHA1 788a6a5e4addbd7920e4cce1b1a50b249a6fd94f
SHA256 4d726dc77d3d2df310fde5ba6d9b68c69b9baa7802ba5faaacc8d1e9c072c432
SHA512 67acdbb43b21a504984ec84afc0d8b523eb9471e2d4578cfc9bb8783ba771f94f3fca3500d13643b0550e4c2c32172f2357710d35ddda36c7e973bdcfeda81e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d5bbb08b1cec128f9864ecd5245930
SHA1 76f0562ba3362db758680143dc1d3a1e066af20d
SHA256 a5a71e24eccf6d28c54e2f302a322970f2e03401fa33f72cb732ddca98182e09
SHA512 b4354f06e89130f3c1c892e717400266474d643a7ab179caf3a32ee15c3dd8e631ef0b0d52f6ac7c319a27c17253d9285f1466979510dfa5b9badcfc878f435e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dd53f399f46c3d2637a6ba9e48d6d92
SHA1 124e8a0081148b2e13fadf489ae7c486bf06b727
SHA256 1b4ba8cff2296fbc2011f66b6aced3bdbcb8df2a2df2c180254dd6a6b751b145
SHA512 e0998043910d6ba72d4cea56b2c4c144376426f0725745cd819cd1ae059fb1f18f35b6188524c605350fe1d4885e728c6731f41ff7ada207d22d7fed6293c5a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0fab1101a21ecc6f2d652a185bd61bb
SHA1 053de79dc5fd68da3044e90e5e33baeef0f2ad49
SHA256 a838dc1d73238b24bff0f3d397618f2a2dafcf5d8ea58626315cea5cb4426d4c
SHA512 2b833743cfa29986d51a93e19a2b0a1ebb36db0f9fc75842e06b8491a30538fa333c95b0cbc754628519c928d5ed044ac36dc44dcd7d2be120f63900ccc950fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9a8e68a4312d264db757a066d65ff81
SHA1 bd5f56e34e01cafbce4df47b1ee625c77510afea
SHA256 b797079508964c1d10244a8ad43601e20694ddc08891b3442cb6aff1cc89ea43
SHA512 49a66ec2a5b2f7605807b4ae98b8cd20ce4cbd9261e7bb1a8ea69a133cdfb081ac1d5a844c0f101a393ac2f691628ac97d827e0172297d6d1fed35ab5635bdf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a1f43b495969582332714ea6b9daa35
SHA1 6ef2126e6b078ef013f720d07ccb2fc1ee94ab5e
SHA256 33a9613fed91125740df4aaa24ca68c07cd1540f9c71c0035c7a7141adeb3c64
SHA512 82468bac8b3dcd2da73097bbb095fe8b6310fccc6081f5eaa9d68704417346ab1f979440109e691d60523b598a6858c48cc6156c58bf30a397f5f54fc6c082ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cc77530d5e8517f9cf75b734adb2240
SHA1 f9d501f89e498efc051220ef615a4973321aa72f
SHA256 ed8f460a811d3c501c93e2d4ec0bd06e9c0fa39c2e54137e387b053cd3eee3aa
SHA512 2f35183a2d22e9031474de2d98960b23f87d91c3a906926f2cbf4e81dee3c3553b0c8e9ee42c01359fbbb93b10a2f62e8e42a2f4a6635bccdf7f01c18d6bbc9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4782cb9980cbcac014adc55c951d6b12
SHA1 0bff150260f5d5e958863c7b958c5526921d921c
SHA256 3651160ab2126aabb70891f456b698a036331664ac7fa749c1c5153714c45cd1
SHA512 268b1ad2a629dafb2e526305507aab4a779b5d9bab683731310e8749efce374cf947432f14a3f1228162e279ebfde11b7468e82809c215b5570bb5c6d0456304

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c9ea51807b3eb5d1f2d6884bed16201
SHA1 ab26a9e36fd747a36fcc804dbdacf68c5221bc63
SHA256 7c2765e0e5427e91ded21c7bf3d319ddcdf188416d40ffec6006e8094a8afff1
SHA512 3c1d72227cbebe9163518c24d3ba34d43e37212a145d02ef724048ce69d16d4d0b0250fcbcfe745c0e94821549bb038008ddfc4fa39cb713f9e2596eb9e0ff09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d916a79c0a655ec94eb81dcfd138578
SHA1 4f7050dd58bf8ae61f229343708e116d2d409870
SHA256 1f5e9f632d1b3bbac36d9d748139a8dc7751bdd37c4b9ecd80a6fc9376c17c31
SHA512 a747198b145f80a5fe8398ce90822572eea94808953a473b5cc2fe10be7d01d5f2535485238603f3c278eb59872b2a739299ec34354a3ad06ce33559a719765a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ffa8d14284bf9cd4e88f0035f466d1e
SHA1 42e797c6016137a8718aeb545c6c781041731fec
SHA256 351d84b3cc8a2b7a2701cf3b5435340cc96cad1708122fd587b67bd9795e5b5d
SHA512 ccee3d9c63ced255529c2d1e1e814c973f528b44605b2fd66c2f556a4268b31ae8a064eec67d2763f1e0b60219c512443b704414582d0292ed18f5273c9f115a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03f624ffa3e7605e8216e6b564813aa0
SHA1 6e98f6529c4249c9b5aeec1bbc2df772755d46f8
SHA256 bfe365cb112aa09e56c982afad6f5576615a6873e3228427de89c6191b7ef614
SHA512 afcd3b00748b94f8a49dbbb0e1fa35525f5d66a10dd59a03a02868c14bdcb78fd4a5d02eb24511a8233507cc0e92ce9bdcac5c4ae42a4cb220d6474a00a2d3cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73e39609b9c8bc1f59c19b1507541be9
SHA1 00911dd8cd8db0d98b036020ec43e9422d6431c3
SHA256 ddb38cd7fb48f3e61eaa91b2ac057cfa1fb5e11687c4189c7f565cbe49bb110a
SHA512 3e943a1131603d8a20fda900a0d8eb3809cbcc6cc3ecd37bcd5e93072f1d946b54c3275f065be105f1116cb395f19422333b0875ff5a710da31a4f6aebce27d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4ad71747b4349a389c46d969f2f6026
SHA1 20cd119269566f65e172012e896b7c1e4592277a
SHA256 69ff1fed040ddb30d8fbd3bb35a77e26421dbbd0e9f9f0177e83567dfdd8bb2d
SHA512 708d78fa93a7a610b462c4447eb7a48547193d9d5fb2c3ece208df28b68d831950a64a5309fecddb68014ffe7a5bc03ed7997141dc589a0761b77c76a8d14ee9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d150954bd5f56e54fb4b77589336ae6
SHA1 19d75654c1b1829e32e26dbae93f67ae386a49aa
SHA256 6591b8951a0153065c0ec4331ef25611499473074e04852ad505ab2873173b21
SHA512 86e9b6189d90eefb6b1fefffd9f557cd91302de83ca927b061ea36de11955a4600b9b69d2134d38d47d5b5e140a026958289d70863707cc4bd3413aa03e7f1a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e93419c6a922c8ff1ac0b78a15b1e57
SHA1 4d013bac4ef27ed81b0f2e08d63f2ee18be7182f
SHA256 94c98f7e232a8fd84fda86671b5ebf244021fb2e43eaf31d07887b498a20bc90
SHA512 f959c038fe6075c5b27888240a23ac31c50991e9cdef6bc55ef27883b6045cf8a7dd20ed37aaa90e47cfd830a36ac965efbdb08b1ded724011ddeb807396f0ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6865bb2bf84626f7bbccd10cc8590488
SHA1 679c8441de50e3aba9fd3955374747f5f9029afd
SHA256 dc8b9eb8bd16afba0e386dc1909500a8a295f8de389b627a2aa51f710c497337
SHA512 43bb7878cfe1dbcba6ead68714e995b898da4d2ed03dccd7913fee70c4841e775f6aa981e57b43bb34dc142911cca4e7f7ed1b70dcce073b7244ac2725be1398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c02a6f60fe1265713beb216d8f355d16
SHA1 41e01f7624296f58afff33998013b4356a52a4d7
SHA256 ed44ab25a107589b6611bb4086606a4715d68f3d65cfa74642258fa5a91f7310
SHA512 48dc71e361ef8393b6705be35ec1d0f984ca7034d229ab212531644c0e121c63fce7b4a93cf711e3d7a53fb24702cd863f3aa3eba908151663a201f61e7a3f15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd09e948860a798d87ecfea88c8c10b1
SHA1 515e4a65f18022c7be7c95e48707dab52c71c3ad
SHA256 ef52ebfca753390301bb20968de962aa6227544cc46da5bae8b8671fad828a25
SHA512 36b3fc0c88e55ce30aa7cceb4cbf694287ff5e3b3d97e708835312e45892843b1c7a16b368da3bc58396f166e34c93082a55f41f0fa91936353607db9f1bdbec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db97ecc9798198bb5a98d608b44ad6ed
SHA1 25d461a2768fc81e6bbdb54a14d540411057ce9b
SHA256 0baaacf2a7949562bcfd370b8248981253f0ba4f6766fe2495ff3d0e22cb1a26
SHA512 d5423463b3ef15d7cd0d9a79be83ea153e279a0e06c5b5d922679fccae2eb9b4b7160a31eac29b622c7658f00fe66313e988d800062d4f2f0b5d067b5817d4b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3552dc6e2c5638f561396216dd81a07
SHA1 1937d8e1c403738a68d9681a92c666e3f73572f0
SHA256 e0ff8822302980456a8d9de2d27b7ccbd364781bc66ebe45e26818c4554e36af
SHA512 cb88d590589cbfff58263842e3b4b0eda47e0b629114fe0c7712aa656bf0af8e49a356e6e4a017b540a67f71c8acd961e363863f0c6095cfd67dfeb4fb4e18f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e7385e941e6909a51cfad833c17c15c
SHA1 d4b1dafbda6cb235ce543027695b7d273488f623
SHA256 098ba17d656365067d8ecf6f143f047a2cefdea70fa1047137c803b349522f25
SHA512 1930b4d3af9a221b70609c4da3d26de1dba88dc8fcbef75e935484e8d176d3c812aa7e2f502ed0cac25e1d2c4b726f1d944bf2117f2d5edf60250a1a79694c2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 92091aa656beb3366ac54b1079d2b0e1
SHA1 ff45fef2f9a9f39a21be4a0032714f197b10a9a3
SHA256 fdb64a604eaceccfa4c0494f86652625f3a0fb347acc00f7e75badce4adbd10e
SHA512 57b4c149b725f29d913eab92ddbf2962ac345398d89b81bda6267aa2292ba937e2353f09e2dd3df4aaef625ee0164f4106f3aaca4cf3c61dc94ec7d12cb964ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50667c927c0e155512d8e03f75bf1b46
SHA1 9f2fa33b5e7889e54881d0527094cbf997261ec8
SHA256 0d1f2629b429532bd526e6e06e0478a2c78039793bbae5714e90dabff87d6e10
SHA512 c34461f1d919e6472321a838399036365884d7e02a9d971e21e116e8bb528afae2e3a24054c3889f4709216f89f7a6200fd9b6838e4f77f81a6306e765fdedb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 761065ced06fb27ea7c7b51dd42a24d4
SHA1 b2010508c3d2a8cc6a540f4f5844c49f82929881
SHA256 beaa74d2bedcb1eabe9c0ad383854fa60791618a24793d6fb6049badad181da6
SHA512 65c61c0d142a86d64e72b8b94f0b5fb749e1b353e789b978a821ce53063bd95e7cb15a289ea3ca786aae64672b12e0358a4a111d8ea3ee70bced3d6bf7b66d8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d53f117a04334769ca88f5a7fc043303
SHA1 35f3ab6e1558662a82585e0512f4e5c9d7ff0bc7
SHA256 b2d845b174dbd8075b3d81b68cfe94d1f912ac0b3cdec1dc491c322f36f31885
SHA512 2d23de0b9e18ce310fdff01800d06c666e308e055e8aa4a30de77b6f3fa2dc42c218fe77db8fa62645ac24acf6d46bf12aebab253b90045130639aaa8f0ea271

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 178750ee37b7d9536a77d41975895a9d
SHA1 107a034e9e9781a62a01d96c8630da21108cf03c
SHA256 3bb6b5a6bf994cb9a230d6d3622f986a4cc5ed1e7b3a82296a955cf2bf7e5b0e
SHA512 59acbb782bfb4c932ef3b74f3eaf6915b466f852871b9f2de76c177a82bc530263cb0f88ed72e4e5805659c6a798d6d9f6479ab4ace1ae0e71e0e04386a782ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee4f340ab5d682d2d5cd1066459a06d2
SHA1 f5f924eff441416bf45e07ef7b61d6a1c332d647
SHA256 4861eceff7afca6495cb3b429c2e781f920b8084ddef6d2a4638775e172de3a4
SHA512 1f8233ffc311bf4162c27fe889f27656547f16b563274432e130376f900cc8f6646be24df1e3c3b8bac0c07f3c29ce08952c7f64698bd34ecd722280b7889488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 726a9122730c910e8dcab2e2bba7b52d
SHA1 2152b2f6ab6d487059df00664d02ae8543f34a37
SHA256 60fa466dda1e337ef5b02661e03a72737449bcc30a8f0040f2ae07598ecdd003
SHA512 ccd0031a1548bbf6f9871aca1fecd297a4fd7adf05000c47e7033ff23275d2426268642a21a5a101917d4c12b337e9cfed2194d618a129954af393beaa285c7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf0a9944c5e70da6853c0e4bb8005b9b
SHA1 5db55440fd6573cbbc0164fa19dc49e192470d59
SHA256 1e42de4153172bec34fc01af04f195bb959c7bf7b340ec3fd04cdd2034ec95e1
SHA512 e2182a42ebc0e3361be15b9b5131a9e0b7b410903799de69cdf26f9a1c300564a37a43717bd9363757530d108e8efaa80143d44183c43d79482a9c1ae1daa6fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8887cc611c86d05097ac6dacf6f4eaff
SHA1 db56f40b5dbf95e201854e38c0dfcadbee255aa8
SHA256 fae92467440aacb0854b0d8e9d9e60d65d07c372402d7fed8ea21e80671c266f
SHA512 0f28c11b9f3930a55f665d326f07b3bcfcb8338a863158ce059c848e038b015d60cef6f4c3128de087699498a988c4fcb9867fc43a81312d238c6b8db3707870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05313b1d0947b4288dd1b38a922e933a
SHA1 5140f74d27e3f610406d9e95b337f27da6e73ab7
SHA256 c8b9489eb12f5be82c7d6675e4d8904801fc4a65e4117249b7fb013741d6dc88
SHA512 7816cffc103593366b05ec1d66d5caa644b30e555a3be8d59ff435c333de7207dd4f321d1c0f98ddd80aa3bbe835adf8261805b072f80e2053eebd1c1d0b281d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 571b03a6e09cc2ef5a86b15a0116aebc
SHA1 a713a829bff7abd237881a43ea181708730116ef
SHA256 a152ed81670423658867c916d9291d69f4b17ade4357ddfd4c1181039097ce92
SHA512 0131f7d3f78efd95923b99fb0d48e9328fe2535e3cc6d03ae7bcf242b4a8cf4d8477e3348a25634051ff1da1018782121e5f568157d23476ec7db9dbe95a5cb0

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 01:18

Reported

2024-11-10 01:20

Platform

win10v2004-20241007-en

Max time kernel

116s

Max time network

96s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3024 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3024 wrote to memory of 1996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d34a3bda0808900eadc90731d2dcc72a5434fda6fe73e3f6ee2400b2d15001b2N.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3fda46f8,0x7ffe3fda4708,0x7ffe3fda4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,4723006933953257231,17292222319774854510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 scontent-sea1-1.cdninstagram.com udp
US 8.8.8.8:53 cdn2.editmysite.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 157.240.3.63:443 scontent-sea1-1.cdninstagram.com tcp
US 151.101.129.46:445 cdn2.editmysite.com tcp
US 8.8.8.8:53 i.ebayimg.com udp
US 151.101.130.206:443 i.ebayimg.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.193.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 www.wireless-driver.com udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 63.3.240.157.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 206.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 alok.joseacb.info udp
US 45.33.39.196:80 www.wireless-driver.com tcp
US 151.101.65.46:445 cdn2.editmysite.com tcp
US 151.101.193.46:445 cdn2.editmysite.com tcp
US 151.101.1.46:445 cdn2.editmysite.com tcp
US 8.8.8.8:53 cdn2.editmysite.com udp
US 151.101.65.46:139 cdn2.editmysite.com tcp
US 8.8.8.8:53 beamteam.co udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 196.39.33.45.in-addr.arpa udp
US 8.8.8.8:53 images-na.ssl-images-amazon.com udp
US 8.8.8.8:53 s-media-cache-ak0.pinimg.com udp
US 151.101.128.84:443 s-media-cache-ak0.pinimg.com tcp
NL 18.239.62.180:443 images-na.ssl-images-amazon.com tcp
US 8.8.8.8:53 i.pinimg.com udp
US 8.8.8.8:53 www.wikihow.com udp
US 151.101.1.91:443 www.wikihow.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 thepcgames.net udp
US 172.66.40.202:443 thepcgames.net tcp
US 8.8.8.8:53 dlc1.irdevelopers.com udp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
US 8.8.8.8:53 www.webapps.me.uk udp
US 8.8.8.8:53 180.62.239.18.in-addr.arpa udp
US 8.8.8.8:53 84.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 202.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 213.4.232.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.shopify.com udp
CA 23.227.60.200:443 cdn.shopify.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 ecx.images-amazon.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 18.239.54.45:80 ecx.images-amazon.com tcp
US 8.8.8.8:53 djislam.ru udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 200.60.227.23.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 45.54.239.18.in-addr.arpa udp
US 172.232.4.213:443 dlc1.irdevelopers.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 142.250.178.10:445 fonts.googleapis.com tcp
GB 142.250.178.10:139 fonts.googleapis.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.187.238:80 www.google-analytics.com tcp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_3024_CNBONEASBBCHGMKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81e312ec63055f90dacc09c56f6ef44f
SHA1 82203f1cd948c69d761d5d2a87d89b4f6a0d8765
SHA256 7a33123a07b87b3cffc1c1d0c520eadf334b7f51f764d0ca8592571a0621292b
SHA512 50980c7686d0bfd956df0d88bef731158b6e68a9dd54f005367e596c4bd6add729688d6ad90b274781dcf6c21abfa9a3b6aa05161844bbd332254766ba06982c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac53bf098c98f32d258ece9af20ecf25
SHA1 245ddf3c5dd7d81ad01167828cdde633e2273f76
SHA256 160857334bf0b8c842b9faaab6377bdcb57e422b37c5878f62f0185e6d72ef84
SHA512 d0bc687c411f73791c5093d79a6abe9d69d731a1fe649e7b446e67c7ddb8639682b4fff5cdb27d385d9a5059c7b2de30d2a43aa1fd5032ed209d697720810bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 699fb9bd38936ae6580ea2ea8b257afe
SHA1 d5e8fc9e0176aa5187fee27b0a5a6f466f55fb20
SHA256 b0e9ffe2e59d638255eec9b748b53050f785b6c71e6ef4c2ad9008f246cde5b6
SHA512 82eb0f746653412b24b2f5c254376437ad7d1d0baf443cf06e262c1a50532480f065c39216a262f895a66a4c448450347efbd26385e69ee12ffabc984e095c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e3abdaddb841c3fad9e98817cb57a99
SHA1 b452dbe18f93fa58b1c0936ecccd10eb094e5153
SHA256 2442edf32b88c1b92adbff96707b9fdd75e44673dbc9b877d69037b805ce0ac4
SHA512 460b86ab88cab1ad7a0458f77dcb3d997dfd358783e2fb678ad035e0c2cf01f9f694410163238093c309d0c7e1578587bfb8fa627ec71ba0f798ade6f963688b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c6ba029397587c3e6dbab8323efb6f94
SHA1 0d610ce847aacb680d9701e345fc6e6d49f7334c
SHA256 33c1f618554cf8c09ccbc9ced851dee8d9207899213f53c032aea371b1ae166b
SHA512 c0ecafbd0fa88d357e1e0ef7dbc13436d3bae34bc93c18e21b8949f02b140d8f14437b630603953ee299607c1751e8fc22b106786206eaf9ee374ba0265f36b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389