Analysis Overview
SHA256
c547042b1957e28ae64ea7cf23875180c916dccb5c269c464318d40297861fd5
Threat Level: Likely benign
The file phish_alert_sp2_2.0.0.0 (11) 3rd may.eml was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
NTFS ADS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 10:27
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 10:27
Reported
2024-05-03 10:32
Platform
win10v2004-20240426-en
Max time kernel
296s
Max time network
299s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| US | 8.8.8.8:53 | eu.action.azurecomm.net | udp |
| NL | 104.97.15.49:80 | img-prod-cms-rt-microsoft-com.akamaized.net | tcp |
| NL | 104.97.15.49:80 | img-prod-cms-rt-microsoft-com.akamaized.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 20.101.254.209:443 | eu.action.azurecomm.net | tcp |
| US | 8.8.8.8:53 | 209.254.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.21.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | assets.onestore.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| NL | 88.221.70.210:443 | assets.onestore.ms | tcp |
| US | 8.8.8.8:53 | microsoftwindows.112.2o7.net | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| IE | 66.235.152.221:443 | microsoftwindows.112.2o7.net | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | prod-video-cms-rt-microsoft-com.akamaized.net | udp |
| US | 23.53.113.225:443 | c.s-microsoft.com | tcp |
| NL | 104.97.14.211:443 | prod-video-cms-rt-microsoft-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.70.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | amp.azure.net | udp |
| PL | 93.184.221.200:443 | amp.azure.net | tcp |
| US | 8.8.8.8:53 | 211.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.168.117.171:443 | browser.events.data.microsoft.com | tcp |
| US | 52.168.117.171:443 | browser.events.data.microsoft.com | tcp |
| US | 52.168.117.171:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | techcommunity.microsoft.com | udp |
| BE | 104.68.75.132:443 | techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | 132.75.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | cdn.techcommunity.microsoft.com | udp |
| US | 8.8.8.8:53 | static2.sharepointonline.com | udp |
| US | 8.8.8.8:53 | gxcuf89792.i.lithium.com | udp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | uhf.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| NL | 88.221.70.210:443 | assets.onestore.ms | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| NL | 2.16.43.238:443 | static2.sharepointonline.com | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.43.16.2.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| BE | 2.21.16.124:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 124.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | eu.action.azurecomm.net | udp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 23.53.113.225:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | accdn.lpsnmedia.net | udp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 8.8.8.8:53 | d.impactradius-event.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lpcdn.lpsnmedia.net | udp |
| US | 8.8.8.8:53 | lptag.liveperson.net | udp |
| US | 8.8.8.8:53 | publisher.liveperson.net | udp |
| GB | 178.249.97.23:443 | lptag.liveperson.net | tcp |
| US | 34.120.154.120:443 | lpcdn.lpsnmedia.net | tcp |
| GB | 178.249.97.99:443 | accdn.lpsnmedia.net | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 35.186.249.72:443 | d.impactradius-event.com | tcp |
| US | 18.239.208.99:443 | cdnssl.clicktale.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| NL | 23.62.61.98:443 | analytics.tiktok.com | tcp |
| US | 151.101.1.192:443 | publisher.liveperson.net | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 23.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.97.249.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.249.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consentreceiverfd-prod.azurefd.net | udp |
| US | 13.107.253.64:443 | consentreceiverfd-prod.azurefd.net | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.129:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.98:443 | analytics.tiktok.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | techcommunity.microsoft.com | udp |
| BE | 104.68.75.132:443 | techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.techcommunity.microsoft.com | udp |
| US | 13.107.246.64:443 | cdn.techcommunity.microsoft.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_336_PJXOCYMVUBPDJTBS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7edc2b05b5a6ba659a6d60b1801ae025 |
| SHA1 | 4fe8349c6de24068a6d1a18bb5030e19a59e890e |
| SHA256 | 3cea9dcbe4f7fb41bc4d54026fd48680ff95d1154d8226659a6d9288fe52097e |
| SHA512 | 66a9ff0681bbf58b5743b37e3b62e7a113ec1b0254a9fb9694b44cd76ff6886051b5f79ba22a009c0353db61e26ae366c93176857bc8bc6f977681200ee0ae59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a531a23c0274c9295b95781826858734 |
| SHA1 | 6bab238cf7557a5f2f834e30ea6ffbe936f901c5 |
| SHA256 | 5507015319744474b9f3c6ee95380f36bfec943a568a0481a821aaf3eaa5de1d |
| SHA512 | adf93547078be13d56f01f1649e2bb7272362d1ae667fcda3b03004cf109e267033dec362ebcdec95436b4242ed06e45006692020883ddb38d28b47350cd475e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc7ed8dffaf525319e04ee17ff51e3c0 |
| SHA1 | c228ef462dd8d104023c5b28b7e8acf7b610254c |
| SHA256 | b66dd2bcca400f2ef9af3b5900748375bfaf87fb5300b2ac2e601b8ca2822fa6 |
| SHA512 | ec0c797cdc9db69a01c822b256cca5307e0307416d0d8c72afaa10b7e9d92241bd95042f061dda680ea3467a1a31fd3d43215b42955682c0ed351f5dcf79648c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c98ece8aaa381b4062d57cd8a0096981 |
| SHA1 | e1f5ed71feedb02704c60c8d6d7fee2d7fa9a448 |
| SHA256 | e48234e641208e04daa95b46894d63c95d2fab5ed1e546e2695877aeb333dac0 |
| SHA512 | 1450f81282b763503c4b78bb11230a6625008031455cd04955832d9f2bcb3bbeb3977a2b241199969240593026107eb7a49cf9de31afcdbbb53781e1dfec6187 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 922253c8b5761e16721e6e43b6853b13 |
| SHA1 | 6020d9d8a1d1e337eb3b5130eb4eafd8fd1355d5 |
| SHA256 | f6b277d2c02a420b1f759bfd7a9c29aeeb18ead20619ff9b16e7a950f76ff942 |
| SHA512 | ff9c842bf33e4e7fbd78fb96340fef8951b39c3f74dadd0a918f826987c8dfc05541013ff018e58abd1f6325d314c38b7031aaea82c2e2294b92b9f8805aff01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e407.TMP
| MD5 | e35d03bb93d5740ebe9f91f93bdcbc07 |
| SHA1 | 5dd5ec35a7188764ea27719fccecfa29f7991aa7 |
| SHA256 | bcbed179261e5867eb473c1f4ffc885dc44d246a40b63a22c1eb4c63c6b5cd96 |
| SHA512 | 4742a010048203b4d20db6a289a0a8faeb994b86fa0e1e8cbf44f763b89f77c2e5f069695eaf16ad68e24d5e1e06a89592b77e9d3bd3730b0e5e0722ef57d844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09c02c2b44fedb6fde903180437424b0 |
| SHA1 | d157fbf7bcb2f0411f3f401c4abbe972c02f683f |
| SHA256 | 1534cf86ca4f6d8401bd59bf1765ac6f83ef47b2cbb6d6c61f671bb88e815571 |
| SHA512 | cea77f6777d28b29861b2fea412e0236ddb8e5ac50e8467e9985abce00d1d8a09c6c054692fff780cb27a1bb9bed0a751fef510fae28dae3df2d6d699677d3e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf551e9d78af9d426fd6807a0434d618 |
| SHA1 | 5e54f1f9b188f80b510a5a7e411ac80d039ca709 |
| SHA256 | 87d6e029a748ae9cd86d865720abf3e69d19f62d58d60258ed187cf3e0cf7d65 |
| SHA512 | 201f8b92fdff16bfc0fdb621a0ff67aeebf0e5a8f20cb5bb6ee942f1299a0b6ca1309e80171e9b7f684449c54ef152c2a0c74f49cd08a478906ac365cf991a43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bc8ce56-c44f-47ad-9de2-a5d23f506781.tmp
| MD5 | dfe2a3be29aa50d91e211f61c0ef0059 |
| SHA1 | f56d85926ac0465d28bfe9a94fd87dace928461a |
| SHA256 | a19bf9793c80c26252ebb1b5dddaf186b7371ffa58bf03966837142d9a428ea0 |
| SHA512 | 3976ecbcc7cf6abaaaa8319d7e6fc73eb03b1d2a4aa9c48a761b18c32abf5eca0100d03792c28edc56ad5fffe83f81cac0e625c9926fea7bed0db4f105399804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | 9196e81f8ed7f223d765423c1f9bc8a7 |
| SHA1 | 88f9d5c2a6908cf36b8daae803578ca9e1fd2929 |
| SHA256 | a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe |
| SHA512 | e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 5009982b60a0f93eac4c1728e5ca17e2 |
| SHA1 | c0f932d333b91a4b971a52ce88bc96320745064f |
| SHA256 | 2ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8 |
| SHA512 | 401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | d0263dc03be4c393a90bda733c57d6db |
| SHA1 | 8a032b6deab53a33234c735133b48518f8643b92 |
| SHA256 | 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12 |
| SHA512 | 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f55e6fb92126f8c8f94e5b3372345d51 |
| SHA1 | f8a8dd53091d388fd0e962818c0fc7dc733682ab |
| SHA256 | c92f3e4cd89dd7696da4e9763e7fd5a9ea9a8f30cc98f96273f5210525ab0a31 |
| SHA512 | 7e3672bb1e9ae2dc8b266ab0dc98a47f8d6bb3b1b01d47117aea27f6f3d5f01722eec5012a18f456af04c4373d1c704ed9b94624ab740fda5e996d8da7053870 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc1af711db0b72e66a4b8a1488753a0b |
| SHA1 | 687a042aad94d407647c93af4d4e100593d30215 |
| SHA256 | b0c2d5422a3e801ac3e84041cdad4f259ded643cd4a87a4165fd27b55c568a0f |
| SHA512 | 013c927e04634d31057a2ddea8dbe540a810aa02379193cc1eef4f2ccb333b822b36558d0f95b1d238ac3cd3d69f7c6c0c8b59d7cf1cdad710481cfae5a2ca33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e7f9bf6c3819eee850305a77a0f493f |
| SHA1 | 1901d8a067d534e5ccaa3bddffe1e782d48b94cd |
| SHA256 | 90a30b34ee903a4a23fd6749d8a3c5b5285ee28fabab59ffefd489109889fa46 |
| SHA512 | 6a7705a8afd70ca986faa7999ac2ce3a2908d8c9a150aa97b796facab8f0fd3429d59265ce2d43b31ccbc4963271fc532ec25e8a0661d6ab95ab5a6b3519bfaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 844e7a5d5d67ae3e88e704d96889af1f |
| SHA1 | 076ab9a1bcb90433586f37982cd70c1d941e5f64 |
| SHA256 | 99d6c201895116db74e851c53ca0e44ad96ecad4b331807f243708a4ca021729 |
| SHA512 | bc4066a181872825e85bbea6621e67797c437e00ad70dd3a2e3a6ecb56ced01b0267655ff4903c323d5470bc58cfc5275cd1a2695127eb60fb8f445d9254e10a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d100d69cf16a0254669789ecee3bed3 |
| SHA1 | 448273363874b1248c5b1077d53be2e2fca87f2b |
| SHA256 | 4111a4baced680e2592c9b75615db5e57e7f1a3e77ca16debaeb716044d53970 |
| SHA512 | 345667d9d07e6fadda75e72173f40995eed24b1e127389fb7c057346b74bb461820eba61eafbd22110524827854fbbf80c57da7eb7095556a38dd1f02041b3bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b24adabcbc842e53af59a955609d376 |
| SHA1 | b2f1fe9414fe576b4470647fb553ca3fc9eef1aa |
| SHA256 | f051e62d62055a67f5a6ba2ac458ca095ade438c7dc329e9a0a968c8346dd651 |
| SHA512 | 1c0a477a23ef6fc9de04fe334a0bc45528de5c146760335307b0ab57a0e67bf511112dba6f392668768ccef1dc94ceaabbdc8aff68080c360ab8130a81c2aa27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e20824859c483d12e5505fce610c12c |
| SHA1 | 07518027a9f82b03d27548e84b5ffe35c6904d30 |
| SHA256 | 8114a559fd9a8d5961f8130f6ad06a7c96ced502c3dc70b7f5572667d73f56b2 |
| SHA512 | 8e577ac61832b63bfaf0671a84a29671b79de7409f306c7ce22881346422d7753436c34297318d74dbc6a5ea9c42e47c3d414647f9eb42521123af271f675d42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5aa440950996d667802e9afcf363ccb1 |
| SHA1 | 1845dbc20f78a40e8aa2808e50a388aac7742351 |
| SHA256 | 5c014a501a1e61f91bd5dee20831140ef1fe8482fe26b6abae9a96387bf80e78 |
| SHA512 | 4697d94726b21f6a55950df363faec28b480493b24d106a008f5f9f10c4b8a78161e2b35b19e0a325a1033beb432e7d9bd9d557db4b9ad1e347dd5d98c9a06b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | fa57a86d87208fc496cf314fbebcd6a5 |
| SHA1 | 12f496d18cd81099f946e2a6c917abad4011a6f2 |
| SHA256 | 6c85a158f35e06d19b7cefd5ea34e28d1d31ba781c3fdf690fbe714a23f96309 |
| SHA512 | ecfbb8ebcc42b2c93484c677529b6eb3d70b96ec895e9576d31c525feb6fa5a1eb7fd1f058f26fc29a027156c0d6d9d0049992a4f38bc38351168d4af95bbc2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae540529207b0b13b71f99a5654d5bd1 |
| SHA1 | 3de89c68be0dfc7169204923749b87cac66f144e |
| SHA256 | 5f58b158e65c0cf207e5401c4c3b6c7f9d3c94fe9bbe5dd6032397dc2785d57c |
| SHA512 | 19c8f9dbae9fef6691de5e688d0f1b17499845f3990f1ee9416b9d8c579da21859ca8df087792edcc487272903c1c3b9138a0bf6b09fdfb7aa5f3116503841eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 545badec6317ace04d058cd0746b5f88 |
| SHA1 | 5da9b9bf0c3a8d5ae3f963df533577f2f2ceb040 |
| SHA256 | 7a9aee8b4ff34f845c635560ed540d260ee3c03ca1b19aae2c9be0b736c7dd44 |
| SHA512 | 15abb0d0a2ef49aa0273a073db2a92a751f57b6be35024cd88070b29472a21da46e291d218340a5d67caec12595b616933bfc5ceab127a8f0750d7dd39ce530b |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 10:27
Reported
2024-05-03 10:32
Platform
win10v2004-20240426-en
Max time kernel
120s
Max time network
205s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (11) 3rd may.eml:OECustomProperty | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (11) 3rd may.eml"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |