Analysis Overview
SHA256
3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d
Threat Level: Known bad
The file 3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-06 01:11
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-06 01:11
Reported
2024-05-06 01:13
Platform
win7-20240221-en
Max time kernel
142s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000007079b37b29905e30ead605b4f930817f40bbabed708cc2e5cfd66b673588c686000000000e8000000002000020000000ad88b48f2ee82f83f79c0dd34d0621863dd5a26c6d17f96cab78f772399411ac20000000885479622646e02272c15e68e2155212a456cc6801dc55cdb25ba72dffcd82ab4000000084f9937c20be6ea5281c8c136469f35823a9e647b30f8019746284429da13496f6d185c0011053b89408fa0fc80087feea42410f8219388f3a1ec96193b1d644 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108af560529fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B037FB1-0B45-11EF-8E7B-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421119747" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000d992420b47eb031f94389e79ef84601cc22e98d28a079404ee19be9493359766000000000e8000000002000020000000dd1fc91fa479718740c7c22d80d9ffc76a3e1bb4c4ed1a1114863fbfcf23295890000000c40e1c3f223d9f45ad2d0156f7c4f165811685fbe6dc9caaa28056f2716cef16c40ff2f8d1367c5c6fb97c37900c08ef5baf52d86c9d4e04566b8541feca1963e5d314ba684a47b62972cc3bf3c51a3a148b09e996adf1b711cecc42fdcd1c2e9168e1f56f98d59f7115d4b37366f349935531ef4fab56effe5f82ee7b315514ffebe2921541faee2db711d11ff9a299400000003d86e25279e58d38c7d10c61e644816fb9e30600f7518eaa906049dffdf182c84cee873a157ebd81b66d53a29cbe86a60122de1ebc8d37ab3046aa9d55534e38 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe
"C:\Users\Admin\AppData\Local\Temp\3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3554.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab3622.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3636.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c78db059c5a4fc6bb58c07def7d96f1 |
| SHA1 | 5b5a094f69e7cd22e5395102b4e23354fae8c2ee |
| SHA256 | 16f37e5983d7a825bfd5770f5653d37a8cf704dfc5af61fac78142b5f63a72b2 |
| SHA512 | 29e950b1473d0c2b18673d75014fd84087e004ab133205b1e869908d23ff322f86342187a2a4ee116773129b4574a14cb85b2973f91543d8ae31d24eb11545be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0967d2981a705ea194e0e7c2ae34130a |
| SHA1 | 989d499f6c752e76702eb968761aa04255f655a3 |
| SHA256 | b8f2ab8c5dd73f000be30d66915203c7f3e246a8eeb1477e4ccaf21d3df4bbc0 |
| SHA512 | fc370434ad6f70f9dc37a41e52c4e88984343943f0bf88d668c4faf07811d1c60fe087195bfc294c148984af9f2f876630933edf944dc43ccb5387c9d9cb6a9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2811d8d9145211a48dc436ac4122f0ed |
| SHA1 | 21c57fcd0480b24d9dd48503b4d2ad85784c370c |
| SHA256 | 6125a77b29cb6f9dd26fc9bceb6f17bc78dbd5e534a4dd1753af17982520a53c |
| SHA512 | 03561312cd2f1f4658cbece4fa71081869a42bbf4dc24b92949e02031be36e63f0b18a15abf5861a05161eeb6ca0a22fb07b95b935e941c01cc234206df94178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438f575b35ef5595b47781488731739f |
| SHA1 | 36e8d0e1009104f011f36f8a32dc38369a57fa5a |
| SHA256 | 5b07112e5426022105733e203c2d89073bf8656e66fa6fccbe7104c0aed64a8d |
| SHA512 | 112a13d1da7b56d823049c7df314692928c6b441a7fd60ebcb0b476df4a81f95d915240bdce00f34f2c06beb650f8388ad1257a0c52f9232fe31b516742fd89b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66fde1343355ac4e52a164e6746cf979 |
| SHA1 | 9fefaab768cdbe2123fb8ae4a589655ee86ffeec |
| SHA256 | 5e35734529c18f921883d8d96f228a67d215b0c1cabbd534bdd01d77a7b908fc |
| SHA512 | 61b7577de7d5062a5a68296f198dc2dbb5c5b8d5eb3947b79a0267873ad2b565ff83953be1d831d54c9f36031555d58c076f485ec2c29fa40b43f2487507161c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1802c51f725f78ee3663c2003e25c70 |
| SHA1 | 4b515f284f91bcee22dbcc8815ef9f10d6755f5f |
| SHA256 | 727526cdb5af9d4e763e83303af0c980b0a01fc911e4f9d97e179434b65cf4aa |
| SHA512 | 5534a27df8e2780629dcd2feff9f244d181005dba4df3e74fb5b2f53259a84e8ff268cad697dc67df80b05f67a0abeebf9c3a8332a8a6d30b874f76d221915e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 6163e0faac1406f79f3ea762e86bae2c |
| SHA1 | 14a9c62ff5a95373da27b7eb85d74cda847821e9 |
| SHA256 | 1ea323170675fcbd352ac6a31c0e2dd57f31dcb1fe5092168832ad4307d8846c |
| SHA512 | 66330ba007b47923c1093487532189f19b5c5496f6616b9541c5057545122a57f27a94a9e204c5ea459ee37acb17ae621830d0e93371c3ece008311af6266c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c71396bfb4b4e75a9629ad09cc1ad27 |
| SHA1 | 51b236984cf17c1d51f774e623f29e9b27eaa4a0 |
| SHA256 | 4ffabddcde59817341aab0175480ed627cbf02cab965f15c44af000e5aff6a0c |
| SHA512 | 6e07699cf2de9e816c761a44aad2c3dc4d7f27c1afc85674ed10234eb1f2fd82d33069cd4a1dad6e371a578b67c64ef15ea6607b63417960ae9007e99edfa668 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4cb35ff5d6f585f7bb8b120d96d18ab |
| SHA1 | d44a3cbe6d9ce6c70bc2333d9157212f6d49733c |
| SHA256 | 27ce7461cb4b7043e98ceee74a5bb6998dcb62f51eda2ef524e1012117e29ee6 |
| SHA512 | 993f6e65774618a42da9ae18c40386f4c7de6b437bde28ccaabd1b4a3fc2bff83b6163d9335218737279f41153e26dd93810aba2cf0b2181d7b35a86f27ca14a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cce62eaaa75ef8fe93375645a5940e1f |
| SHA1 | 59883f48a24249beca3d99e9dae09350221d1b96 |
| SHA256 | a27ddf6a2dd8fe462b3213e72e74f50b23182ea5ba23362d8ec9b574d27f0a53 |
| SHA512 | 6b752f5963e1890f85bf1b22eff07ec3c957bb7e08890b9539296b2083d4851eb6caa441f3a7d13b38cf6c3903bd9ee37f636055038f75aa410227947e02b2c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba976ed6a59c32c42b6f81904001c9ce |
| SHA1 | e627b4bea3dcea4f129c71cf92754a1b814353b3 |
| SHA256 | 89e6933dd5cf64e6a1885f42e30a88651a1c7866daf8481f9b3032053b2cf419 |
| SHA512 | aa45ba3d9ffd14039f58e7a7a7ae1c148dec480b6df8c42ecfd116b1c88b91a18a8c720805a25773bdbcc7e6d962bb6a0ce3eeaada2de5250a783017f74094c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9bf0d2a2082558f4f6a70807505e878 |
| SHA1 | bf4f48c08575bd3ab8aac60ec73b7c9061ec51ed |
| SHA256 | 3aed33d3c48e8e8465284842bacc4b113b943f804766a5314315927ce8bcd49c |
| SHA512 | 546551c8b8c854cb8f93b0c29acea3f6f01c8e87c2bc540c19c6da411895a2f08426cb61469f93eb4759fd8f96ff722799ded0dfb50131ebde0d638b94118c95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9da86c7aacfcce6ec7222504f16f9049 |
| SHA1 | 4d10f6691c8b23394ae66c6a593fef8eef8b2b9d |
| SHA256 | 9bb930b735b370e6328cda5447f0d0161cf9e8b7f555923f384538bb47b302fb |
| SHA512 | 5a8b9e008084962f1bb4c0b8147c4d0c6b4d775b02cbfd02c3852569b9c031aac34ded5b79bd40e639d6b53a0705247441f711f74a110461a5eb022f6b4e9c87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60c11f1b7d09306e188ab733e9546888 |
| SHA1 | 35cb2c44db2459442bb0a8b2a449eba75c1a11a8 |
| SHA256 | 3d4c6ffbaf49b131f704408d0cfb22bdd4a5d48743257946f56234c31a71fdde |
| SHA512 | a65dcf33a0e2b27f8433325ddde61ad2ff246a6e35765b9be29d30baec3eba3b94440732ec8cc363fd2ef0f1cff0fabf1c9edd946d41d61fe6b8f59ff3d362e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c19c91db3361806a797e1cc3d7837b4 |
| SHA1 | c9ca3a6c5c4b654a57acb0d3ff410bf1dc3cdf07 |
| SHA256 | 6e7ba77ab87bd3ebccec226c23bfcdb5fef9b57a6d737ad5a0400ea9adfc8368 |
| SHA512 | c9645e15d82b53d7dbbce1135fc509d248a2d22912ed8a4f21351324a83f173c57c310e00ed807d8f6ed469184e3c58a06a32a3c25b89cd61f7cac6e3b9c8d1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1084e4071e53eec2a8e5a277d7f41c2c |
| SHA1 | c41f9f946af67cfaca81e2a16e6d11b4c3f69303 |
| SHA256 | 0c81d96f9a835d79010b57e03f154f7a8e1b7a796cbeb94f4b7c8a1fad1fac41 |
| SHA512 | 7e2f58358e2877df557e69441f72119d7da24d1cef15a2d6f13104106606fcf0ad9048fe6141d07bdee602695f4d196169e2e70950ad8ad41641553f5e3b0152 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c36b7dd2345eb93b918ddcaeb362ff3a |
| SHA1 | be3a1bbc92ed838b8dbc60875202a512961339a9 |
| SHA256 | c2cd9d411b95ca195ff727cbff68bc56a5db0c69ec058e3c06356d6f2e472577 |
| SHA512 | 83ed01c925959e686f3b6e31a41d1e0af2420823ceba8b902a504927de9d27c598ca14ca4b193855c15cf3c8625f6da45ac2fbb127d02637f627d4e21220a6bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b83132ebc7aaf0efad5f19adf9863a23 |
| SHA1 | b71496badf495d3c4a21c49bae271e5beecb3488 |
| SHA256 | 87f9dfdaaadc12178fb7fa84816f5540a2cb0f407c37981f4c363b2888f7bc41 |
| SHA512 | 006404f23fab4cb06543034e343b089ad48bf76c9b9d72779cffdba12e186f02965776b072b36bf0474a767f81da6299f52e1cf028836a3f76fd8aa7ee32f1ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1cd900b8104548574272e209ad05b5e |
| SHA1 | 843624334c93964ae00889e70a027ee5c153ae6c |
| SHA256 | a363889beba3e5ad4cdfcbcd24a8f0a6d04dca48162be5723386cf714c41e5de |
| SHA512 | 9c6e2e853681544435956c1de739d992c8482e375b898f0823c60f6639824c6a80fabe81eaf380a624e04b43a5139d0cfab067ed8185f96057db2cf99c6af35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a81cebadb5bf7eba5906213638efeb3 |
| SHA1 | 8fc711d3d50f9ffa64acf1b20de1501486ae3795 |
| SHA256 | 184db4833b28c88534784eca7bb028b6b319536184fe93fb74f755646a3a8fa3 |
| SHA512 | 2c1066c2938d5eb5fe6acdde91c805412ee5856521b9f7c6f8037431700d3a16d41c15dcf0744d6b8415dfabb16f404a74d018b577092a771c4aad9d2f96c17c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58779b83cde49d15c6606a2d2fe4a6bc |
| SHA1 | 88a3c9f8e1928e3bb555172a82fbcc53a2f84fae |
| SHA256 | 0c6a37bf2bf0e30cb203b9043c5ed8e64868bea15d62fcc0f494f2123cd28b7a |
| SHA512 | 46e4eb32b110c947f8e715b8f6b4d6c4a77b2e61e2a22f518ec7523861a93e0010ea502841553c037ba7fea42604d35c89339f94d418ea0ac465b8be35c59504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7666bf3c33108ebd9d80d92331a3a6ab |
| SHA1 | 97852b24a903c83d11ca8abc6b8f9b853de2fc2e |
| SHA256 | 34ab89d02b3d63cac6e7def1b46d5aefb23ec57a6d3957ac541de1e0fd5c795e |
| SHA512 | 6c70346e13ea3ed32f802ef2516a4087c4946a8cfea5eaf6a87f0b0994c03eb8edba36a1e336232999f29c17118f6198383f2357b679bc9d09255e67b0ac7cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee852720c0604a7fed63497c2791bad8 |
| SHA1 | 4eb98fbfb37a89e86acbe58e15271b85c77d4dda |
| SHA256 | a75c5cfeafeb9779ada0daec309b42bdd0748b15d2b190549dff8cc6c687a864 |
| SHA512 | 6cd7d6e1a0004ebf6c9dd65b0fc74247eaac42d0448eef401b655b1f66ddc20dc6950cc30dd085be1690193da9f0dda2db1587083eac49c924527b63b9375456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ddf1620aae3fc69d99688165cc31c72 |
| SHA1 | 73975bd1d139b99315e72a2157f4b2e365cc4148 |
| SHA256 | 8e53b1bdd31843c1adbe90db96dc66e10a11c1f412b137d921dd067cb834c9b7 |
| SHA512 | 8d53ac8e1f86b58289b08a96b18b3bbb9674c6966702c469d18898b2ce79b033edfc1ff86ee035f846bff8d2be732a36fddc01fab92710179c7f081fa1ec5440 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-06 01:11
Reported
2024-05-06 01:13
Platform
win10v2004-20240419-en
Max time kernel
138s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe
"C:\Users\Admin\AppData\Local\Temp\3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e1ad358518743a12f33e75a801bd099cbfce36aa89ac00c6b8c6ffd70a7aa2d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15977712715990243418,16243253360519446897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| US | 54.82.211.88:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | 88.211.82.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.168.117.168:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 52.168.117.168:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cbd0e9a14155b7f5d4f542d09a83153 |
| SHA1 | 27a442a921921d69743a8e4b76ff0b66016c4b76 |
| SHA256 | 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c |
| SHA512 | 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d |
\??\pipe\LOCAL\crashpad_2720_TVBBBGLEREWWDDEY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e96ed67859d0bafd47d805a71041f49 |
| SHA1 | 7806c54ae29a6c8d01dcbc78e5525ddde321b16b |
| SHA256 | bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d |
| SHA512 | 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46d81da3d707800db1f5ad1476525926 |
| SHA1 | 8f3071ac17b0fc08e5801bac32b6696dc865825d |
| SHA256 | f9af542a4d139e79498deb4fffef5187316f0f1e1a8bdee40c8ee2bf529a4671 |
| SHA512 | b649317e47396b3a9dd961a6db43ac7e2814a81459a89f914152e2a1fba3eafc2bf56028c46e0b32f7593294c31eb6149802a6e4d5d991624fe277bd5c7022ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 828f69e4425145ff7ab5d79d4838d4ea |
| SHA1 | fc755a4f018467a09ff02ad8eb52914aa8f40842 |
| SHA256 | 03423191fecd4830466dc06dc905ee487ae4a7e39605c291a365b38a2d39a70c |
| SHA512 | c2c79a2cb924a378f7f396c00d2adade5a523dd7d42f1d31872bcd2c26d42f2f52d4c3a339cde9e6e1748e340715e3a9cf1a84a8a4686a19fd49b1195cb4e097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48bfdb1aeeba4d7f5d2cff5446e5c610 |
| SHA1 | 7ec8d9910aaad47aa470e26c41148576d070b4d2 |
| SHA256 | 0ef9063f102e0d5df2b1e4037fe4e44dd0cc04f2a37316511a243ae6260f7364 |
| SHA512 | 483440ce225b18a332831f010a5f5b861681574946dfb30da3a3c2d4c7dcd2bdae7f83ce37ecfa5a00db5d4d7e1488142c4521f6e5a24af0efe8d782acd969de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7195a958441fe915c071ad6df9f4ca7 |
| SHA1 | 0a153d254d6b98ca931e6a7231de4bb228a511db |
| SHA256 | 8f4b075bf970dba58f5922186a0964b6bc5d90ef416bb424877efd6aa0c1f885 |
| SHA512 | 281db7177c71dd4c343a7fc533968ec6f4e9bfe8ee1233f23fcf205342174bc44a6a390d1e6c6d61e074bae02912e5880fbdc647a0d38d694afc99af5ac7031c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d6ea2442e5de1b2ae082dc6373608bc4 |
| SHA1 | d9ebad76cafa8a110da9069748c7ac0d653f6aa0 |
| SHA256 | 457b075955f67ebc11c678cd9705ba1fc6930dc3e06e48c961e2996863bf9d45 |
| SHA512 | e71138141ac8882fcbb3745f59b6a22c32abab5157efd500dcaa5b8ae448a821602766761537eae9ae408e4b6f8b86474b6e0dfebb5dcdefd73f92d56313bb2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a940.TMP
| MD5 | 2a0dfadea739d9b17a7822d83b6d51ca |
| SHA1 | 370b35ee336808e2f06b6942874730c45e8704d3 |
| SHA256 | 3b9df74051828ecc2842021ee5b4fd0cf52ccd0a89ac092c05ae7b2fc2de84c7 |
| SHA512 | 7519725150eecdc14a102af4b21518a200eb9f90ccc09444d2cba38a15baee22ad731c57ec020b1953973dd8652d97ca40b667bcb7801ee5ae7ee1c61bf3601b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f39bc66378a6c1a8adb48f92dfa2592c |
| SHA1 | bcd1ffa8dda8c1de4a5089ad0932843858b1ea9c |
| SHA256 | 0e2309d5d9875260b547d07f067ca4a2daa3c40d139176064f5ad82a8800f806 |
| SHA512 | ffc3052055d6b28a83f9d778f6f5042c7dbc0b2810f3aec9acc712bc8f8c2dde8d94d5d0829badc8798d71dba4b4a508701942dd9ed9324d22eb199c2787abb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |