Malware Analysis Report

2024-08-06 14:57

Sample ID 240522-zmdwnsgb96
Target 3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a
SHA256 3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a
Tags
nanocore microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a

Threat Level: Known bad

The file 3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a was found to be: Known bad.

Malicious Activity Summary

nanocore microsoft phishing

Nanocore family

Detected potential entity reuse from brand microsoft.

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-22 20:49

Signatures

Nanocore family

nanocore

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 20:49

Reported

2024-05-22 20:52

Platform

win7-20240221-en

Max time kernel

122s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d74df17dd680f84399b7f162005552d2000000000200000000001066000000010000200000004d5fdba2c2df6d27c69d4cee405a2c87e031f590d8dba14b4ef2ac6d0c16c3ff000000000e8000000002000020000000ba5817698ecc0521ef34192e78a0f99687bb04a3af4c49c1b985377b96ded59920000000c95db8432eb2dc47b92fe9f536b96104b28a26f8f92f3777b8b18a6937bfc5d4400000003c7d1ced581b6f81be331f012ac970387de439f45d0d95067d509df48add93d1ccc07bc07c0b5ca67b3995808821e86b69951334fa0c49188a98f029c90d6214 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d74df17dd680f84399b7f162005552d2000000000200000000001066000000010000200000001b03538cfa06116dfa453207cc15bc8e88a2c6877bcfede98635daaa4a2a7239000000000e800000000200002000000095d1b194aef9333b316265b6362c35152b7a29d59bd5acf3a6094011e0099646900000006edc7fda3a8c63e8aeb02f15a331810390687f97964d98d1c895a05726f2a4c81d557894eeb424b6f35366e66272b66a4fb97e20587a1b2aa64c6662143d4ef1717d1d7a0864ec8813744974cb4fa714a2d0b43a20e38b8b1d9713fd77a3ea74e2fdbc10845b0e47835f30f32f978bf2424ecf31780759b8141014db7a3639736792524466ebf48cd87008cdbcc4dbfe40000000972c2cf4ab4802350712808692519a2957f045b61ed4863c67f01f159c15fc48a07374223b35ec9ae68a016dd3bb166d904f317590b4d451806e23bcffd76615 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422572862" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7A72EE1-187C-11EF-8804-E25BC60B6402} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600dd7ad89acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2840 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3040 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 2752 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe

"C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
BE 2.21.18.87:443 learn.microsoft.com tcp
BE 2.21.18.87:443 learn.microsoft.com tcp
BE 2.21.18.87:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab33EC.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab34DA.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar34EF.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b32f5b6dd439256a703c5a82647719d
SHA1 7d9a3257098e030b315f48c50ec9b7230059712a
SHA256 56526ab3d262b93ca6b44166d672537ccf58801df8e8ab3d22fa7f601b78f668
SHA512 62ca872fcac688bbce4251e42255295135cd33007024dba17d9597a93996040630d50b7526ff968e41beaf10a9c717f3e9ac54864f16c3a197d6a6f02c5fa0ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f776c46168f46898b8407e2df854af38
SHA1 7d36060ab0f375b4f5ca209f169603b2d4d015ff
SHA256 3783b32b98a4ed9ba4e0fbc346c8cf194a72739f1c0420bda5b90b7e7863ee98
SHA512 ed0c5b00574c4f6b07d34c3d1f0f3c712664a4e3c0f17b75799e098ae559c28c13f87ea5c9b331a8839de730080734161247e89a608efe875494de8c10a143df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b30d35f36ba4fea58a25a6b9cee6a5a
SHA1 ede6a7a4b810f28b345b99542c1888c39f0caba9
SHA256 e1b3f764c411b337c7803ea96315741f6ddf89c4dbaef05614778d24c9bb0dd4
SHA512 75fea07244f00ac80e3242e77194cd1366eb6980079bd28821d61c4e725b832891a99dcec26c928288528b0ae9f8795dadd8ad763c700c99366cf797b05ce972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d10b6aeae3db566757014c8def56c45b
SHA1 c08f6dfffc4a5a64690da7cd7ddb2e88dc5d47fb
SHA256 89a40fdc5d124f608da83e26c70013889264e65b73f8cc92b717460a232a7cde
SHA512 5f2020ad108c1f656d46403b0661914d348cc72155f4820559f8772c7797445e61a7a08a3306417198a05c8ebae78f0b47babedf683091620b509671ba0c95e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d348541b42d07a5e7be94ed664cb1ec5
SHA1 bba45a02f27f27816865e71d6cdfb6253d738ab8
SHA256 fab08c330b21525701df027836b4f8c9f935f0115ba3e9e4b8a8262a94a83408
SHA512 a45c0a4aaf0c39cfaa028d62853d4d4665892c2d38408f24f899537d46f5aa7b09d6a88f07e366109869598571f40221c38fb589fa269b0fae39fb4e50e1d733

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 9e613eadc91e9921677d5a337a9e2220
SHA1 fe2a84a9c245376e8d6eb35165b24529adba50b3
SHA256 303e1fe94fa4aa142b10fc3721be96f417fea3214123060246329b9ea6ccc9c2
SHA512 dd38a4aed6aedb98ab4a313ba0b7d8dd92346240e633e0f567bd28c8a60de940e30d9e93f6d7a5fc0a8597fd71a35110c04f35461a5cb706b13df09f3b17142f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c13220cbade9e1a5180bbad26fe12245
SHA1 48cb7f910c55bb351d503d5af651f1d83756180d
SHA256 d992948955c0376d1df106f05b18c70d17c88b012fd399a6c723e959d4530507
SHA512 d3855b7756375fc3b617fdd1e46f033cc9fa0120cd7f71a570b83d256ac54dc39094b81c28d81cdae74bf3d8efb9c6b1e6083ef47eb982a6e55b490312529619

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcb8fe4b953ff1d29642553672833f70
SHA1 697461cfdd95f82d237c2e3d5e6c586b72c785a2
SHA256 edaa56489055a8cc9c24929bbf5b4b4b2b1d89e64ba41d3da73de92541a6e28c
SHA512 99d4e6745a85a9c00135d29e08f7845e3edd97b6547d26941a8f653f294109062a40b78b5f86d58839a3ce1fc031902ab6a903e45e1c94551c14187ae46de759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a739245bf7b1a48a357a40bfa4d2861
SHA1 21d4a60142a733f60dad70ff14293950e48d5932
SHA256 a354f46491829c62e193dd2e74ca2a5ea922590a94260f9bbfe4cdcb732bf1cc
SHA512 3c59313a658529ee892b68440aa7f7b248fb087b83db92b0040ca1fe6aea15fa281e6881bec9519065ae58aa79e8c6fe5134b9dad341ed371a66baa838747f33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7714901195147a107b8c1d787dc0fa31
SHA1 3c2bb3d4e13daa7fede8a49154a52b2d53e56339
SHA256 dff9d7640060be991944ec4333adadadb2ee38918001424601ae3f5357fde23c
SHA512 6b3c1730902fbebedb7394d3006d848bcc46cd9110b3991528fe9e07e5168149779f85d205d17ed9e765d41471b26962cb1959666137e7b892360367bf973e7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75fe6401c83d4764633dbdfff3cbdaec
SHA1 55efba81d6c650dd27ccee4f9382b6a0c92911a0
SHA256 aaee69d27bb4110871b48124da190d382986cac4702c90ff8c6e986aa2f7a041
SHA512 fdd16b3722240bc35a340dd94e4bbdaea17b176a316ee57223dea891c9040b0b9a1d7f792fcc0092a4afceb39a632ebbf87d0af1bca34e147670e8212a18fc1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd93b09149d3ad8c10d1bbc66cd1581e
SHA1 3ce199dfa1ddd26951ae6c393eb97ac76233f0ab
SHA256 0f2d76730a37ada22a208f073cafdeb93abeaecb5972d900db9c92030a3d45f4
SHA512 11d282edc2ed698bf17bd070393713b00055e1b1530cc5a071d5976a8b2caf320c6b12f92570b9af9d55da9d398e0f3535f1e8be7eae5f290d56e6ff49e90a76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abeddf60e0a09cb50a0b72d2384c1929
SHA1 b32afc06244cef7af88ec04277f3a3a813573cd4
SHA256 846427029eeb9d2d7688be6cbad5ef0ff078d8d18654f77c45682000f476ca57
SHA512 d8877ebdf9f45ff1679e78619e746afaa42caf92d87591a129f9601da6c0bcd20fa913d2262f0a3f6d3a10a0aa5ac6d3444434457a63275447ec7fa88fa0b119

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e3e4a4b0a5d6d576b709f08a46451d6
SHA1 21994154d354cfc04dd1a8c9aeae1d89573808b0
SHA256 b71c8ccb01f028b1a296e945ac2aa617b0c7fa8a3d22c3761862c00dadcb4344
SHA512 34c9221de92e30b77cc0776e6d0a872340cd97762988b433410a869e39cd7f3fa8dd81cafd54b56e01fe21ab78d8b427bb6edd5cb200a9fc0ec92006f187eff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 773885aa1e5f9436946d3b8c49231632
SHA1 c0180581040e024e9b7ac9b52caadb4d2268efb3
SHA256 db09500c70ac7f336e5a35a6f7b107febc92dc8a431c8f4724296ee9ee7b1692
SHA512 72ae4078f66351916b3c28894d28996895af1e7aa56a7b6860717cb9c6f6d996a73caebf07cd8330c5ce953bdb93818206c57157c6e3dcc64207e72a3c80b373

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bea43bd2372080acd6b7fd57d1aa3966
SHA1 221354502cc9d357973e1e88023c41235bfac7a5
SHA256 45fc9b1bbfe9369db6fe2edaa9d74e3eafedd387363c820304d0269b6fb231cb
SHA512 fcbc9275ebb615481598a6afeb1feda8011a280b950355421d019e11ee54d5151ca900b863221b6ed67e53fb76d534e780acd021be0ba596bc8bb7844890267d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d1fc59d4fb531264cda5bb1c395b090
SHA1 153873f258ecc1cf7c4d8772caeb147db7ee8394
SHA256 c9504c38f91822d81bcff8823634fd82fffad0696fc1f832f71b9c19f6b67ef2
SHA512 0e54f19c35a4a694e9e0a3096352e1ac7d338b4b6ec909c47c413d8bf40c9549f7778a1b4f5ce808c4b55d2a7eefbc9a379b41c9e6e2f0c59af474c63f10a1e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afce2664837bd31e50459f35a62cccb0
SHA1 3842374f3b47ab6d4e23f5f540c9a3597d235146
SHA256 6bfe39363e436c3f86bc588ac369b7d7914e27494377bfa2f42713c63765d821
SHA512 ac13577ec77fb2537c60c23fe71667e283b7fc8a2d1d58d9c3475a885d26e41f945d82a35f69b7d0960c7866b3d1576b562963f17578d37f1fa62637ae905003

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f017fbdfa81bec2c3c361eb5c69ccc4
SHA1 37962c503b47a1b226bb9d113088b138958d5b20
SHA256 94b260975d178f36816f9ddb8a2bb302f2fa3cf4f62570e2863af2f5dbeb9438
SHA512 0f98df13792206f97976d3a2996516e8a25c693dd5a8c53b809036c2842c98af5efd86808fcb20ec2494f090ea54ace23e54ee1fd86e50b7d8ff59e69fe78dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a1a43c6187d0fad3545dffdd03008c2
SHA1 9774615598b86e241f631298ee8c2695d1186172
SHA256 02ff22297fcb98fc0dffa7763bdc5a8946248f99cfb2e6773a18fa4823ab6029
SHA512 667c32a25dac6436a1977cd46a73a6bd5d1be608a28c21a3dd4955d535c8b79da74d1bd780a4ecdb5a83d9722a48008aa0bf9e7585de5bf881ae58e2fed57db5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bafa21c8a3bede61be902ed7431b6e88
SHA1 611caf778da696f0a3a282e7965a97c048e7c89b
SHA256 beb5bda69b540bcc6de657d296bbd9b9cbb86e8aab091f1c0cab088ee4bf74ab
SHA512 1b331f9732f1cb1207c1692b4815a96c629de890ddb9e356fddb1c59ca33e8c2cf93f627f784d042effa6ff225b803da52c1572c5f7f9de7092537029e71e11a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0bcd2079b4eccafe897bbb95bf3b5d9
SHA1 ba8ec0687930e0e24730130204705858f33f2f3e
SHA256 f523206b12447d9a37ab3218d4d11fb1a0e3e8108aaf93e89aa98e1add7a9d1e
SHA512 f9fd32718c4b47f653f86d28025a58bb7b4ebb1f18d67b17df1b72a4c337cd40b68813d7f2163c33cd911c1cf51451240b2209cbb6147ccdfe89fb986de6ab27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79249582c016228515ca38d4bb42762d
SHA1 a50f7c0d56ad4cb09a5954483f079e1201488b11
SHA256 263b8ffe39956c7260832f79772b313620bafd25a5974cd8d367743f7b1df23d
SHA512 efd8e75cf105b2ddd31418af6642be17de3e32046aed953cd8e153410fd6659cf90e404dcf67d4e590dee400744d5244c99caf4e634079df1b078457db804ef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e749cbeae0b9e112be7dee10e5c1011
SHA1 526ba8ec536b21b02375e79fba6c31ea65052b0e
SHA256 f605a68998106fd25b1fd0f20de6beac660a9dd106067e2adbd9bfe9921d7146
SHA512 5cc5c5e397148d07fd583f262ec36d69794e33e361e9c1d949d92dc81cb53e400408c0de233b30e545edd0d91ad0da05c12d990211dd7ad0defdb772fdfc5589

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 395fe07e51ba128ddeff66f07d56a8ee
SHA1 d2cf6ca741afe8338860ff4877fcde04e585ac98
SHA256 3d4ccee22709fc1b26c5a44b21b8d2f29dc3701b160c21720d442a05efa16da4
SHA512 d89c7b62958f040edbdefdcd23b89607fccc8c2888a435c796d2de10628a96cedfd138fac4250604771cf973a8b548ac4d6baeb53d39005946675798c805a59a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd6bf55665bdace972a9dea1403fa0b
SHA1 38712ce979434c6dc9b18786bfbc81d9024960d7
SHA256 c6d1a7e4868bd900bdb0567a5dda87b1c12e9f1e78afa48db8e44e01f22b656b
SHA512 a2cdd0cb30c341bf1777dc9d4125b178b7bf22fae3dc68dda355dd608b85c9d957313d1240e3b6bc546dda9c99efad60b1cbdf810a3d05426fd79b3bf41d33ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a515b49a73e898ded24520a49352250d
SHA1 4a75245a7c6f911c073dfe0c66c2c768d8abe4e3
SHA256 74bfd1718d153268f4432a1e67634514bc55eb304f49a1b2c662c1a19d1958d0
SHA512 285a2f2adb291504eb30c207577fed1b655fe6267e7aef97611eedfd1741e83cfa5deec0bb1a10390ae71b84a232ab3e1f7c042f790631c36f582a8309cf4e3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d179d87ecce652601354b4b6d5b949e1
SHA1 d7b488352eb85cd110729d6fd46b18ee9a74367d
SHA256 3de0e1eae04793ce35140ec020f5bf03fda77e57bce81a41604e49cd82660121
SHA512 903f2902a7adf9057ee6206811e08714c9e385d425d4fc9d85d12543d1e27ced7c94e72e0bbe0a4ae60fe22d236f0235e5f00f7a7320678044ef7352405b8d44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 652abf39bdd7f6dccdc8fac4013c5899
SHA1 e885314554e15733884e14f5e15a1a5e878efcf9
SHA256 a5caff8a2a0a0261e35f6af12b996e82bfd1c3ddf8f60ec88e1251580c9c6c3e
SHA512 97c063b7e998871cbf5ecd93f091dd15e52783c91ed11c989a361cc6d6a8ca6402fe14ef126fedb6b2604c48849bd27284d01a9ace65eaed6d1c7b5c5625f059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d755a27005064cf8d8b4b488461a3f12
SHA1 bd888855f8801d9da1b8f13e5c83509ac9c00ec0
SHA256 ef3f4bcdecfa5994528667d00ce65652ae333dac3e4e7994c8ec9c8c3aeef237
SHA512 6fe583dcc7ec4703cfe5468afde97b8b4a528f95e2fcd14c9cc351da9b5e2bc014b05e9555435dd3fe16a74239960dd5b231577f2bf50c7cbc55878478bee368

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a97c4e3182e125d05a7a7c83135b5e37
SHA1 b57238f65b1f6588560c001a57c88d3aedb96c4d
SHA256 76aeb36aa60ddfa6330e7a5d92c150c79e6f8a079d08e34f95188572e8c0c7eb
SHA512 6dae69ff6dc0bd857b40a70dd02c066e61e1fe4d912d2b52f4725b24f5ad2390e7ed5b84690728559591d587c0670b2791af5c44add9014f50a0b3118263263d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6da20856d7d232ba10ef30dfe4739414
SHA1 00967bb6246957bedd87c60bbdb80c6f44e8610d
SHA256 090858230aa79030067877d9ae96d52308a6321b743bf4cf25aaa76d26249a34
SHA512 fa34bdd01ef8ea6120de65dd0fdc38ba60aa68fef6bc26d79cf0a6ecfbd3e31a8e9c668dab4e20c9b441e62e98707f8b81d28d38cbc73307e60704de71431c69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcd7c7e335560207e6f42ce82cc0dfce
SHA1 ec78824636b0dbb1596f4a8ae4b015377359b62d
SHA256 58f93936a2dfc094f8258307b0f41caaf7adbf16e786d97e51aeda8739803eb6
SHA512 e3f93ac7e2cbbb312cbb8bd46a219e14f4d4e62a0a93dead2c12733ab006d75f06cfcbb437a0470c851394aad3d8f805551aef523d15e96b94229844ef9d645c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff46e1e4873f384f85b03bbc866eaa1d
SHA1 0210f23e795d6333561a02c18ba9708c0705346c
SHA256 6754b3f7671ca823264c8f004afa2acaf085e7bd56e0414883009a3cb3488c46
SHA512 f0a8335f7258db1511a487fa8ea943722df0867edc47b40b7977b9ef39338f3e015604742c323983a3f57961c7a710e49f58cd731ed268feed1d72dcff906f31

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 20:49

Reported

2024-05-22 20:52

Platform

win10v2004-20240426-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4080 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe

"C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a17346f8,0x7ff9a1734708,0x7ff9a1734718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a17346f8,0x7ff9a1734708,0x7ff9a1734718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 learn.microsoft.com udp
BE 2.21.18.87:443 learn.microsoft.com tcp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 87.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.28:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp
US 20.189.173.28:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_4080_WMROOLNXZJEQIJAX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6085836dc1431f663d13db28d607b145
SHA1 3b1c9c2f8e43e76d69b63f4017bd68725f6c028e
SHA256 3ff6c8e2e590b505dee72130c66e957c53e042a86bf4475b477ac136d7297e2e
SHA512 e56e3fedeaabdce442f4deddfbd7481dea50e98689897b139350b08c7af6147ea7f59bd514f41ca7e33ca22cfb437a2c8c50ad8f0362b08c12c13b9b2a95ac39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5650ff499ec7d5b6305cb8a04b9b6200
SHA1 f579ec9606828405cea659e00630038875758c13
SHA256 cc97e833d25b626f6316b67fd1eafd6bc1af3d05dfd7f5c4a81d13714c6a5607
SHA512 f45bfbd9020799618ba0c76d2f26f335b80bc9b0902955d342d8353be9b7363efd8d9e7ae5eceeaf992933bc4c2c89636d5c9c90d7ec2c07ea1699515f2d319f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9eb18e304d271dfcc912a74d7d4b375
SHA1 5554448e82a90977d80fec0ce5fef32d282341c2
SHA256 c49b1e239f52a9ad05591c0e9bb25198a838207aa78078c5e86a0ab270beafde
SHA512 905e810576c645c74432e446aebca174a0c05acfa2c83a2e4a648c6f64e246414eb7eb4f4987dfb849771b267f7e89911a6b02f1b335fe9c48e564973aeda586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3b0d1c612989a002eefd7ad449233fe
SHA1 1aa251d744c2397f55f6419d6dd32093fccae978
SHA256 10db304df68c148e2790db1a52812d4d1bd596147b8e9da4d7370669fb131120
SHA512 79307e267a36b4ac9632efe6f9c88e5d8ad0b964f3d1572ce377a9f383e4381c238307bcacd5a0f8021b645a215889c3349543618eb4d9f7e1033eaad203289d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9503bdaef641d8bb6ccd66f8f757336e
SHA1 c7c230bded39464dd5ce8beb3063d7685dac5f68
SHA256 0eeeaed4d4e7fbcd28314df8c7a50dd8aaa06c0314151cfdb8c9cdf2e3722db7
SHA512 1ce98f0a996d38742cf707bafe5d26ac1dc76dacce0420afcba01d2271354b3420c91282bc36897ee9d3bbd3d58c40ab9edf617f6da3db8a6c669d9a7a149e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a1ed.TMP

MD5 f47ff2afcb5f0d52d86f0399eb50648f
SHA1 20f74f52c94adae9cdb848fefcc2b4b28351ff00
SHA256 0ab63f41516a7fc8fdc78f7cf93d215eba8caea9a7b3d5abe3af8542ebb5128c
SHA512 f01455e7a455c1d625184c5be7a868229cee7a4b0f65d34cdb8d3fe18b2cf6d1d7044975661fdb27184fa9f99b3abbed711f563f15ddac39e3a0fa313643f345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61854dd7c1814122fbe6409f2c16abed
SHA1 6c17e5830cc6ac1ac0ecd82cf5f3aa4c0d894e25
SHA256 c24716a464933c1bab3a630876ef0a4cc15e1353409db1065b2257f99ee81444
SHA512 40ff2b49ca93bb11e117be60366aac37624ca7fe762e12d0448e8aee572601c427d5d6775a635e8d1ceb794c14f95e131f0cf95a11872d56afad04765530988a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa