Malware Analysis Report

2025-01-19 00:38

Sample ID 240503-mg8gwace2z
Target phish_alert_sp2_2.0.0.0 (11) 3rd may.eml
SHA256 c547042b1957e28ae64ea7cf23875180c916dccb5c269c464318d40297861fd5
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

c547042b1957e28ae64ea7cf23875180c916dccb5c269c464318d40297861fd5

Threat Level: Likely benign

The file phish_alert_sp2_2.0.0.0 (11) 3rd may.eml was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

NTFS ADS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 10:27

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 10:27

Reported

2024-05-03 10:32

Platform

win10v2004-20240426-en

Max time kernel

296s

Max time network

299s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 336 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 336 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 support.content.office.net udp
US 8.8.8.8:53 eu.action.azurecomm.net udp
NL 104.97.15.49:80 img-prod-cms-rt-microsoft-com.akamaized.net tcp
NL 104.97.15.49:80 img-prod-cms-rt-microsoft-com.akamaized.net tcp
NL 23.38.21.64:443 support.content.office.net tcp
NL 23.38.21.64:443 support.content.office.net tcp
NL 23.38.21.64:443 support.content.office.net tcp
NL 23.38.21.64:443 support.content.office.net tcp
NL 23.38.21.64:443 support.content.office.net tcp
NL 20.101.254.209:443 eu.action.azurecomm.net tcp
US 8.8.8.8:53 209.254.101.20.in-addr.arpa udp
US 8.8.8.8:53 49.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 64.21.38.23.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 assets.onestore.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
NL 88.221.70.210:443 assets.onestore.ms tcp
US 8.8.8.8:53 microsoftwindows.112.2o7.net udp
US 13.107.253.64:443 mem.gfx.ms tcp
IE 66.235.152.221:443 microsoftwindows.112.2o7.net tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 prod-video-cms-rt-microsoft-com.akamaized.net udp
US 23.53.113.225:443 c.s-microsoft.com tcp
NL 104.97.14.211:443 prod-video-cms-rt-microsoft-com.akamaized.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 210.70.221.88.in-addr.arpa udp
US 8.8.8.8:53 amp.azure.net udp
PL 93.184.221.200:443 amp.azure.net tcp
US 8.8.8.8:53 211.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 225.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 200.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.168.117.171:443 browser.events.data.microsoft.com tcp
US 52.168.117.171:443 browser.events.data.microsoft.com tcp
US 52.168.117.171:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 techcommunity.microsoft.com udp
BE 104.68.75.132:443 techcommunity.microsoft.com tcp
US 8.8.8.8:53 132.75.68.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 cdn.techcommunity.microsoft.com udp
US 8.8.8.8:53 static2.sharepointonline.com udp
US 8.8.8.8:53 gxcuf89792.i.lithium.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 uhf.microsoft.com udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
NL 88.221.70.210:443 assets.onestore.ms tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
NL 2.16.43.238:443 static2.sharepointonline.com tcp
NL 2.16.43.238:443 static2.sharepointonline.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 238.43.16.2.in-addr.arpa udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.253.64:443 www.clarity.ms tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
BE 2.21.16.124:443 support.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 124.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.253.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 eu.action.azurecomm.net udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 23.53.113.225:443 c.s-microsoft.com tcp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 d.impactradius-event.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 lptag.liveperson.net udp
US 8.8.8.8:53 publisher.liveperson.net udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 35.186.249.72:443 d.impactradius-event.com tcp
US 18.239.208.99:443 cdnssl.clicktale.net tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 23.62.61.98:443 analytics.tiktok.com tcp
US 151.101.1.192:443 publisher.liveperson.net tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 23.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 99.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 98.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 99.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 192.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 110.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 consentreceiverfd-prod.azurefd.net udp
US 13.107.253.64:443 consentreceiverfd-prod.azurefd.net tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.129:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.98:443 analytics.tiktok.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 51.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 techcommunity.microsoft.com udp
BE 104.68.75.132:443 techcommunity.microsoft.com tcp
US 8.8.8.8:53 cdn.techcommunity.microsoft.com udp
US 13.107.246.64:443 cdn.techcommunity.microsoft.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_336_PJXOCYMVUBPDJTBS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7edc2b05b5a6ba659a6d60b1801ae025
SHA1 4fe8349c6de24068a6d1a18bb5030e19a59e890e
SHA256 3cea9dcbe4f7fb41bc4d54026fd48680ff95d1154d8226659a6d9288fe52097e
SHA512 66a9ff0681bbf58b5743b37e3b62e7a113ec1b0254a9fb9694b44cd76ff6886051b5f79ba22a009c0353db61e26ae366c93176857bc8bc6f977681200ee0ae59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a531a23c0274c9295b95781826858734
SHA1 6bab238cf7557a5f2f834e30ea6ffbe936f901c5
SHA256 5507015319744474b9f3c6ee95380f36bfec943a568a0481a821aaf3eaa5de1d
SHA512 adf93547078be13d56f01f1649e2bb7272362d1ae667fcda3b03004cf109e267033dec362ebcdec95436b4242ed06e45006692020883ddb38d28b47350cd475e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc7ed8dffaf525319e04ee17ff51e3c0
SHA1 c228ef462dd8d104023c5b28b7e8acf7b610254c
SHA256 b66dd2bcca400f2ef9af3b5900748375bfaf87fb5300b2ac2e601b8ca2822fa6
SHA512 ec0c797cdc9db69a01c822b256cca5307e0307416d0d8c72afaa10b7e9d92241bd95042f061dda680ea3467a1a31fd3d43215b42955682c0ed351f5dcf79648c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c98ece8aaa381b4062d57cd8a0096981
SHA1 e1f5ed71feedb02704c60c8d6d7fee2d7fa9a448
SHA256 e48234e641208e04daa95b46894d63c95d2fab5ed1e546e2695877aeb333dac0
SHA512 1450f81282b763503c4b78bb11230a6625008031455cd04955832d9f2bcb3bbeb3977a2b241199969240593026107eb7a49cf9de31afcdbbb53781e1dfec6187

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 922253c8b5761e16721e6e43b6853b13
SHA1 6020d9d8a1d1e337eb3b5130eb4eafd8fd1355d5
SHA256 f6b277d2c02a420b1f759bfd7a9c29aeeb18ead20619ff9b16e7a950f76ff942
SHA512 ff9c842bf33e4e7fbd78fb96340fef8951b39c3f74dadd0a918f826987c8dfc05541013ff018e58abd1f6325d314c38b7031aaea82c2e2294b92b9f8805aff01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e407.TMP

MD5 e35d03bb93d5740ebe9f91f93bdcbc07
SHA1 5dd5ec35a7188764ea27719fccecfa29f7991aa7
SHA256 bcbed179261e5867eb473c1f4ffc885dc44d246a40b63a22c1eb4c63c6b5cd96
SHA512 4742a010048203b4d20db6a289a0a8faeb994b86fa0e1e8cbf44f763b89f77c2e5f069695eaf16ad68e24d5e1e06a89592b77e9d3bd3730b0e5e0722ef57d844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09c02c2b44fedb6fde903180437424b0
SHA1 d157fbf7bcb2f0411f3f401c4abbe972c02f683f
SHA256 1534cf86ca4f6d8401bd59bf1765ac6f83ef47b2cbb6d6c61f671bb88e815571
SHA512 cea77f6777d28b29861b2fea412e0236ddb8e5ac50e8467e9985abce00d1d8a09c6c054692fff780cb27a1bb9bed0a751fef510fae28dae3df2d6d699677d3e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf551e9d78af9d426fd6807a0434d618
SHA1 5e54f1f9b188f80b510a5a7e411ac80d039ca709
SHA256 87d6e029a748ae9cd86d865720abf3e69d19f62d58d60258ed187cf3e0cf7d65
SHA512 201f8b92fdff16bfc0fdb621a0ff67aeebf0e5a8f20cb5bb6ee942f1299a0b6ca1309e80171e9b7f684449c54ef152c2a0c74f49cd08a478906ac365cf991a43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 e51f388b62281af5b4a9193cce419941
SHA1 364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA512 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bc8ce56-c44f-47ad-9de2-a5d23f506781.tmp

MD5 dfe2a3be29aa50d91e211f61c0ef0059
SHA1 f56d85926ac0465d28bfe9a94fd87dace928461a
SHA256 a19bf9793c80c26252ebb1b5dddaf186b7371ffa58bf03966837142d9a428ea0
SHA512 3976ecbcc7cf6abaaaa8319d7e6fc73eb03b1d2a4aa9c48a761b18c32abf5eca0100d03792c28edc56ad5fffe83f81cac0e625c9926fea7bed0db4f105399804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

MD5 9196e81f8ed7f223d765423c1f9bc8a7
SHA1 88f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256 a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512 e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 5009982b60a0f93eac4c1728e5ca17e2
SHA1 c0f932d333b91a4b971a52ce88bc96320745064f
SHA256 2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8
SHA512 401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f55e6fb92126f8c8f94e5b3372345d51
SHA1 f8a8dd53091d388fd0e962818c0fc7dc733682ab
SHA256 c92f3e4cd89dd7696da4e9763e7fd5a9ea9a8f30cc98f96273f5210525ab0a31
SHA512 7e3672bb1e9ae2dc8b266ab0dc98a47f8d6bb3b1b01d47117aea27f6f3d5f01722eec5012a18f456af04c4373d1c704ed9b94624ab740fda5e996d8da7053870

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cc1af711db0b72e66a4b8a1488753a0b
SHA1 687a042aad94d407647c93af4d4e100593d30215
SHA256 b0c2d5422a3e801ac3e84041cdad4f259ded643cd4a87a4165fd27b55c568a0f
SHA512 013c927e04634d31057a2ddea8dbe540a810aa02379193cc1eef4f2ccb333b822b36558d0f95b1d238ac3cd3d69f7c6c0c8b59d7cf1cdad710481cfae5a2ca33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e7f9bf6c3819eee850305a77a0f493f
SHA1 1901d8a067d534e5ccaa3bddffe1e782d48b94cd
SHA256 90a30b34ee903a4a23fd6749d8a3c5b5285ee28fabab59ffefd489109889fa46
SHA512 6a7705a8afd70ca986faa7999ac2ce3a2908d8c9a150aa97b796facab8f0fd3429d59265ce2d43b31ccbc4963271fc532ec25e8a0661d6ab95ab5a6b3519bfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 844e7a5d5d67ae3e88e704d96889af1f
SHA1 076ab9a1bcb90433586f37982cd70c1d941e5f64
SHA256 99d6c201895116db74e851c53ca0e44ad96ecad4b331807f243708a4ca021729
SHA512 bc4066a181872825e85bbea6621e67797c437e00ad70dd3a2e3a6ecb56ced01b0267655ff4903c323d5470bc58cfc5275cd1a2695127eb60fb8f445d9254e10a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d100d69cf16a0254669789ecee3bed3
SHA1 448273363874b1248c5b1077d53be2e2fca87f2b
SHA256 4111a4baced680e2592c9b75615db5e57e7f1a3e77ca16debaeb716044d53970
SHA512 345667d9d07e6fadda75e72173f40995eed24b1e127389fb7c057346b74bb461820eba61eafbd22110524827854fbbf80c57da7eb7095556a38dd1f02041b3bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b24adabcbc842e53af59a955609d376
SHA1 b2f1fe9414fe576b4470647fb553ca3fc9eef1aa
SHA256 f051e62d62055a67f5a6ba2ac458ca095ade438c7dc329e9a0a968c8346dd651
SHA512 1c0a477a23ef6fc9de04fe334a0bc45528de5c146760335307b0ab57a0e67bf511112dba6f392668768ccef1dc94ceaabbdc8aff68080c360ab8130a81c2aa27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e20824859c483d12e5505fce610c12c
SHA1 07518027a9f82b03d27548e84b5ffe35c6904d30
SHA256 8114a559fd9a8d5961f8130f6ad06a7c96ced502c3dc70b7f5572667d73f56b2
SHA512 8e577ac61832b63bfaf0671a84a29671b79de7409f306c7ce22881346422d7753436c34297318d74dbc6a5ea9c42e47c3d414647f9eb42521123af271f675d42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5aa440950996d667802e9afcf363ccb1
SHA1 1845dbc20f78a40e8aa2808e50a388aac7742351
SHA256 5c014a501a1e61f91bd5dee20831140ef1fe8482fe26b6abae9a96387bf80e78
SHA512 4697d94726b21f6a55950df363faec28b480493b24d106a008f5f9f10c4b8a78161e2b35b19e0a325a1033beb432e7d9bd9d557db4b9ad1e347dd5d98c9a06b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 fa57a86d87208fc496cf314fbebcd6a5
SHA1 12f496d18cd81099f946e2a6c917abad4011a6f2
SHA256 6c85a158f35e06d19b7cefd5ea34e28d1d31ba781c3fdf690fbe714a23f96309
SHA512 ecfbb8ebcc42b2c93484c677529b6eb3d70b96ec895e9576d31c525feb6fa5a1eb7fd1f058f26fc29a027156c0d6d9d0049992a4f38bc38351168d4af95bbc2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae540529207b0b13b71f99a5654d5bd1
SHA1 3de89c68be0dfc7169204923749b87cac66f144e
SHA256 5f58b158e65c0cf207e5401c4c3b6c7f9d3c94fe9bbe5dd6032397dc2785d57c
SHA512 19c8f9dbae9fef6691de5e688d0f1b17499845f3990f1ee9416b9d8c579da21859ca8df087792edcc487272903c1c3b9138a0bf6b09fdfb7aa5f3116503841eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 545badec6317ace04d058cd0746b5f88
SHA1 5da9b9bf0c3a8d5ae3f963df533577f2f2ceb040
SHA256 7a9aee8b4ff34f845c635560ed540d260ee3c03ca1b19aae2c9be0b736c7dd44
SHA512 15abb0d0a2ef49aa0273a073db2a92a751f57b6be35024cd88070b29472a21da46e291d218340a5d67caec12595b616933bfc5ceab127a8f0750d7dd39ce530b

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 10:27

Reported

2024-05-03 10:32

Platform

win10v2004-20240426-en

Max time kernel

120s

Max time network

205s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (11) 3rd may.eml"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (11) 3rd may.eml:OECustomProperty C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (11) 3rd may.eml"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A