Malware Analysis Report

2024-10-19 11:31

Sample ID 240527-bd6ckaaf4v
Target fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203
SHA256 fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203
Tags
agenttesla microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203

Threat Level: Known bad

The file fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203 was found to be: Known bad.

Malicious Activity Summary

agenttesla microsoft phishing

Agenttesla family

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 01:02

Signatures

Agenttesla family

agenttesla

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 01:02

Reported

2024-05-27 01:05

Platform

win7-20240508-en

Max time kernel

122s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000ee41500b6253e8b21f5301836749a6c3ead6b7e806e8c5f4230c7686caae2ac1000000000e800000000200002000000096c132289fb4f5d09e9403d63b473337c561bfb6398c660c6b4f26a569c5b4ef2000000029880c2283d1f97d3f1b6812af42177f13215353e9a15f2bcac0ae6fafbbd178400000007405ce4628bc8dd01be05c61aa99775c884b93ba1b18e733de6464b0dc965080950f19c6c989028237426ae55dcb225d44c780d94d2c8b9ea2bb82dae22002df C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422933641" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D951A811-1BC4-11EF-AB01-4E87F544447C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b4b4016316d08cd93d8d094f4a524fb7d8454800ae4e5460681039a0f2681091000000000e800000000200002000000067b12ae2411cae3861dea8946761c8e7ba67a44480c0ddbddc5ca354f4e6fc3d90000000a490c587e334a52ab88da6019f5bb188dd4fb680bb87df2ece1d0965b76b27514ffea5d0565f5acbd57dbc1b021f8a59d4016bbcd76fd7957a8ff7eaeda8d2e179d6bd18874af88044ba71921914b7354e22fd957819908dd7c077171373c2e0b7033b9ad4e0f0eaa0e55c3b751325165d707e1f55f90aaade00c15327ca762cae51410ec803d79e24c8f663cf03ab3740000000c4e8e68ea04019d3e6e20e2d74fb7fe03ac6b6439fb50d6db797fa6d8c83ec23e1541bed481fbfc70bb02cabcf4ba4179f75a653b1f8b3e0444a17fb720ff0d4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01808afd1afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe

"C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4626.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar4677.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 febafda6d23c5066e8915837d96586cc
SHA1 63484cc9d0fd700634053c228422842b22d0bf92
SHA256 80b84affbb22633254922e6d29e9f5828d4ac9d400e25653177423ecad4b5432
SHA512 63f841c24a9553b5bc99830e4db0794f3a6b03fc68622b8f842a5dc047ffde70281479e0dca6ee803851ab9da5e363e41ad8366fa41e03559f4cb85fde52d532

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02105e9ac1db3333a60b889b1e4183e3
SHA1 a0860b7d4a6d9ceea2d6b229cf43b620e972aa64
SHA256 0dce6e2c6b3270108496581b85993671fdb6f7447f029f55800932979e118cc4
SHA512 89fd2b02c59d72e1b10289aea952184bc80d88f8fadd81baf60e08ae3e744b7d833d99ed5113c40b46041c75f915a74aa628ea14074234a8f710f4471afbd536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88f78a64f0306aa0c34d6c33fc398c41
SHA1 77c762274897df626824ad733ed2e8dd3a3df6b8
SHA256 797fa4774cf34c5aea48dd6af065e0962eac15f3ebda8e720360c1e8879ef290
SHA512 53c8a5c4c4c5a81dc473981d5cf6332e460fcc0d48338cade730c3d532bb7b14846da1b5a1f2f164746cc4b9f87a9bef83bce63e272f7033a5a7675d90d763c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ae0bbe91aecf9229da2ae252dbb09b9
SHA1 3d4a7e73881959ee8415d3e819d28c8a91df430c
SHA256 620bb659d80cd3ecfdb762b4be9290f8b983760d145ea1c3815a3b63e082f872
SHA512 9128fd8a65b01221ecf4c48439c98375e9bad5681fc1d98a7c84d3f11f845bf73ab85d988cbfdb23aee49f109c4bfc62ebefa1bd7c4003f4f92b563d00661603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0efaa2f980ae76db76679625ec45acc4
SHA1 370b995cc7f071fe5875e9a9af9ed83c0fdc795c
SHA256 963931f06120b91dc47192a9bee8f3d82c4dfe1781ec6ec8e5b57be08fb94fef
SHA512 1c37bad01811969da53f0c2fec176a01928638855de858d8f3429f3841ca7d43e1e8ff1790a0d9c8dc269a77310d7a6fcef28af33ff5dab38c2ee918345a67d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80c2d2de1112a65a0eade5fb0033a876
SHA1 06c13f1e47b131a829c4da03998d59845c5e15e4
SHA256 46a02753e63afe50ca3008b18c612c0e8cd8a03e3d9e9c1dacda2c9aafcde048
SHA512 ddafb6be14bdb5155cf592d6244e1bbf59805f3c8a33e5e4a6b4392b57c7c93057ea39d2e3beac81d7d48d6fc2e424d3e7f0d25a81f54fd7903ceb6b4baaf129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 d23a1db430e375da2eb4418eea99149c
SHA1 ec2cfd5c81b89d212b972adc15542e67606eeada
SHA256 bb62afcdcacbe74863cf9ab404db66cba9e3c9cb41105c4e930860459f4113bb
SHA512 b8d7dde65744fc38b6a37360af641553984e3666c8298cf0caf71a5f39f86e3ce3202ee8eb06f756e54fa80c37773fbc954a3e36b94dc555929386ee2058bd2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e674ef6d81131e64842a8cf0e9017d2d
SHA1 1795fe59c64d113860a8e235d5f00f20ed4e377e
SHA256 e8f2092453fa6d0a2db96ff7536f8a26603ca41e64519caeb99910f263825ae8
SHA512 6f88740e9484ec66ccd95a33ca9d380dfd6a00a68d41737dca50c03b898eb0f41ac168de635af9185c897c4754885ba6b8bff89b42ec29531c84755f3b38eb76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f21a720768af74911bf6491ca2231372
SHA1 7885cdd69b3985aa9e0435dfd28945da7a0255b0
SHA256 9f13e0f1bc71e078e0f9e0ece54551347b87ec8d58a35d0a04826a300150f434
SHA512 8613147ca8e71eb9c48f0b1a39f30404ed15fbf19e5b8f0f3595bad013227eb422dbd28f5ffef0e463e1c695706495505fc7bce8419c89ba72395d7ea4127f2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 549ff14f0ffd1146ce31217d6bd075f1
SHA1 9046cc0eee4ac7e68cdf5f87d324c43ba1bbbf14
SHA256 567a7f0a711a7cb2a06865463db334a906b954b52b72992151171f115d8f82df
SHA512 cae6b2a3aa2183581aa6f8c93056fb611a74d368c8228b78679cb5a3695689f3f3ee3189111bcaf5adcad0422ad329a63a98915eb59a5c71cdab52831ead5346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed7e6ec02a4377631e861cab6c8e6eb5
SHA1 81ffe5732dd9e49d5dfc5e4cf3dfe3d536d8f680
SHA256 cb4d1c4cd8f2e4ee9c9eac06d274c9838590fc059f35853103cd4ed536c51568
SHA512 d7d305fb627bb6565e2df1ea02d64eee7edd96c22ff0c8b73bd9018964921dd352deeaad28d7ea69d66b9fa212ce5507b59fd2920b4d7851bfbb695563468bf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 569e6bbf9332e76edcc8a85a33374e03
SHA1 e808a6adceb4517af66df1232960010ca74f02e9
SHA256 0bceac312f45c5397d9cad381e7976e24ee7ac9117944e19c0254339a336bcf6
SHA512 f58c5f0f30f08ad4c732e6ba546d218ce284a359960ac068358f8bb664c3141eb654392a6d8145027e1ae390c4ebe9a8c71b53712a0970c8bb195d70e120d9cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8edea49260fc116d922a64f5a7b34641
SHA1 bf9011b955aabe948f4bad1937b93fece2f28be5
SHA256 35bc3f13a71d4fbdca621341c7c8fa1a21880f9447666b1c8ff7b35685527ebc
SHA512 bb086167dadc20ee295736a8dee7bab08e6055116abcd230706c0c7d532c58cf6681375392c45e256e2f8b1c3db3539f8a528e2917961151d75b6bb24ecdd227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45b2aaecea8ed8b5186e0bc710bb7aee
SHA1 c42c91326e53dafc840c9dfe4399f0ca2ca3666e
SHA256 e0d69a71a6d5a764265b4ff9a0b493161c4bee91f2d4f292ff18dfe7e31eafe5
SHA512 dcd562fd38d7521900791c733306264ea5426ea804ff79d1b0c06f54b9ab80fda7f858caa39b3139f7ff568a5d17fe1319fec85b69009e26294684bcbd0f0072

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2454b52cb59c3d3f33acc7910f51a1ac
SHA1 05587f582fcd34826cab282aa30a5b6c4fc80a35
SHA256 ee8d3a9a374bfe343c0acbc5a7123b2171bd4e88f79bedc986ca46c74cafb723
SHA512 f4811791e4a2226e3395fa3556fbfaf8f3a0d154a9e1cd91c45e86d0bc4891100a650bc485e5b00de71bf8640b21fbb5d79f1e2f025b6119a24a4f7df64e35a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 451f679977da588e6175d53f629dd335
SHA1 45a0c25af5813e5d758d329f464296afa1d44712
SHA256 156b41ee66c146a7db1e7e728e2993ef70787bef9686d05bbddcc14dcd760bf0
SHA512 ee4dc60aabd4e4611c51819235990c435b878689d04c836ef9db3fc6b018342957516717f748a7eb7d48a24da0c430d62c5eb7381dfd85abe7f17e3afb74afbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 054b26b81a2161130d4a69af48813971
SHA1 497662ff0f948c2e58207c5e74e00a197c28024c
SHA256 b6151f817897b998f74c922f45077718bd0137b8784ff3b053595f88e59869bc
SHA512 0e4e89260f48843efbd2573c7e6592594ba8a20d9dbbf3b86006a72f12aa3a4caffab931fe31e7c94e8f965f84db05b1e458bcbb3596ed1a13a74b6aed9c27a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa1b52886ccacc532d438015a16c958e
SHA1 31f4c6992e9267aef215d2670184e0367881cf95
SHA256 3fa9068187433b4280d85c9e4664e9ef50b5e2a69debd1c3a992f40d53d8ae8a
SHA512 003151dcc84768cf85c18406fdeb7cdd7b110745c4b0a6c34f8be8cb1992d5c5b0c045cee6614f4484ed873c6994e72bbf8baac8cc749ed9d547ec7e6421121f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f69ab7fe3e3bac467a4febf3e79b677d
SHA1 3bb900bf93d51cf0ab6c5e3c6923a38faf41b287
SHA256 e2f9b0c34bf2f4c3d676526af9d5282b1bad2fdbef265c0369c05027e6ce3b27
SHA512 77a5904b834124ab5b7cba020d3635a2885d62604358ab2e458d3ad422454952edc0d7a1466d075541803da768b0f02b1d74ed62e07b6e359053d261330586c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6d6b4bc39e7294f3175d47dd94373a5
SHA1 bf7ad19859f67c92e6dc151ff6aab7e8eefd4139
SHA256 0e3f5e9d1d5874140580e7b3a69891b375adbbee1e239e9657df7fd3f06328d8
SHA512 8d0bac1a8b37c3587ce23a80c4dcf4fc6b0fbd8df19a9a183462a3e68ae4b720f4df15ecdb91ff2913463523a188a324108b1209a46eb9774cc1dd09f1a4fec9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5569a6fa3663ea2436a882f06ef96666
SHA1 4fabb6ae89409c2460515729633de55f0ab580dc
SHA256 b755b683d3464021bc57ad665c0f365e1a192f7bf4000c6ee599a4e9c2308e3a
SHA512 ae9929d04f48e286721d0c31d768c4a384580d7c63c5ded82cc343d4cc07550b28d236073468b98bd0e3a4395feaddd9c31cab5286dbb797f0a8880d2afe5e2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40e7f3f426ffd7128ab6c3fb25e3e4b8
SHA1 5c7faf500a24e5d504a85135bd3ec8e666e16317
SHA256 031aa0826d487319391dcd6cc41b337e86efe5e0b1cd1f86adee720114331eb0
SHA512 15716e9a35f0b06cf613095616ebfaa4052727bf7f1fb891d199a71dd80f49ffa6eb0a7d9850c09bc1c8f6178f4d0a68bcdb6b64be7bf53f602f0828958698d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a4d8342ad60913b0d8b3bf08f5dc41d
SHA1 2cfbb513c357c4efe3583406dadc3e10149f387f
SHA256 5f5acd8e45f758a1b2d7d28fe33904cb9dd04b1da58f7a8d5d836e0fd925bdb0
SHA512 615711f70821e38407230a29521ca95177d86bc9101f6f0460e2a8f94477d56f3d15fb189852083439a44415673b7af037e7ecdfa32ff6e8e0fd2a28c59bb061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35fa99e3bd1d2543d8edfd7e72e3f428
SHA1 c5f6a4b43a367cd542db54532848cbbca62d121a
SHA256 44c7cf4a7a582fe4c07e320861cf49ff18acfe837f4884203d9c4cf0462f07af
SHA512 9892f1b09f6ffaac7ce943368253bb54666041e8f2f02a1d4966706823ea5cf7a517450f8eeb39e667117f257c6c979a88a6eb8097cf2a21bf8c0f3c87f072cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edfd9b929428c40dc5a9f62b1947de9e
SHA1 11eff0c966d2009e6df2b00eafa983c23e4febe4
SHA256 3dc045b91d1af2579d783439e4706c096ea46537a8d542686ca7d319269ce4a0
SHA512 90528db6ac789cc94fc1889c27008d240891db97d5b31f758272b1bec025a60763ff8cd858822ab9bf6becc32100e829c036f60e8b5a71a1099d449a13a02952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0afcd7220c12ebf236a2998028deda6f
SHA1 3cddd99b86b3196883a0d2d8f24c88ded35db9c1
SHA256 f5f6a8c83c3125724892dfeb2c0769d992f2823d9ae029b2781ea68980967a17
SHA512 968c21f10d0b6cfd845f34fa996d17ede944768bb23cd1e34ab99adbb11678b217a60eaefcbe0c2913cab09b8077f36ae71df24a0fa527daa656551ac47b530f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35ffb373422444fc7924b6cb4b71997c
SHA1 a9a43620f4b9de2e0e9af8c727eea42cfa531242
SHA256 d40f0a4929840c622f894b8b92432d9ddca0a0568bfc63ccac98d8a275505afe
SHA512 6c845f42fc80693e58b3d32d7ada0450e5b51cce349c4af8b697d0e08338700462e46857c1ede8527d686a4c166f041e11b28db0fc53334cc27fe95f2ce93363

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4030cb0e99bd298efb1684a389991e4
SHA1 c4d5c91ab06e261dd6bc5cb4e8f9900271dbe978
SHA256 b5a6b9c0a4f77d130a985e895a88e04d0911cb5c559ffe65de3b011407ce494d
SHA512 179834a885e6bf10c0eccbd496c35e83e712c3728861c0b7fa6b8791fa1f7d66d17f3a9c2dface46ec122da18d26c174ee273d998b67986d73b8c169833ae5b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a15016dba9ede62a3ce842b075af494
SHA1 deaaf54ef53e312f0b1460efe41f9b52d0943a91
SHA256 b2cafe9153b2bc2fbb850494b41fde70ad5018e18b3fd22f335105adfa65272e
SHA512 49ab52fb8544a6714a761c5c2de1b643806974acdb71e89493434d583f45b3d06b0c783e039434bac4fd68171338dc43b5f7a47437ec714879e7a506228b2707

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1949505d3682beef3fc39c48c73ca82
SHA1 0d1f1933cfe8dbd7028fb95e7fec3f80f544b0a5
SHA256 f4c0f62fb8ee86f62e3f508cb0282b7fc9d2a65c2a4812920aaa01d37a04fc36
SHA512 a620801c0b265d70de2c658f2d7f06c54af83e70c46ae2254ae43e3280ea193fd7eec4df14b8dfb80f322f28ac331e09ff1ceeb8cf870810d7cd3e4739f849f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aee7f464d098a3a8f98c604856b200fb
SHA1 f0664993d142905b31376d7a3ac8d7be4e44887e
SHA256 a5f368f287bc732322c36e4fe92b0911eeaf1c0ca751a9924611fc6a60dbc70d
SHA512 d97cece65deae0a11e39e19f632b2e1362b193d70da6aba1c76d287a99729eac815f3ad863ad9d79fa10a0459d61e9df68a39f30fb02b5e0a33420921c5f7cc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 793dc781325a0c4fc09760c50b557cff
SHA1 bf1e6007269b7273785c6cea59c327921ec8e171
SHA256 fe0259457ec1df1a6da74bf352b3aa0d93122942d22c0590178bca1f6a9ca019
SHA512 3a36c84ececa0550626e0687eed1dd096ecb810782e1cf4170689b22fe23ef1dd33f158bae7b6d6c6933989fa21303b9ec536f342c97b193bbfee6652815c86d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23062f972ce2eb77213cff90bfc6ee1f
SHA1 32a6bc94043905a4608dc61b73a31a2938447969
SHA256 22940c25af60c84f5036a37f55c408103fcb71bf1d8d2904d438a639f1f2b16c
SHA512 222f25876807629ba3f8786042a12f3a1f89ef56f82d4e4cdc42674c6c079f21d6e7738b45579d47a2c98080d3b384282c71b74be6e0d881a69ef212cf59c287

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 01:02

Reported

2024-05-27 01:05

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe"

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4592 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4592 wrote to memory of 3564 N/A C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3564 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe

"C:\Users\Admin\AppData\Local\Temp\fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffff5f46f8,0x7fffff5f4708,0x7fffff5f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf1bc70e92bd47de44ca6a45dbcd1ca949f1e8e08ef2d660c4275b48335c203.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffff5f46f8,0x7fffff5f4708,0x7fffff5f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13951070031262594496,6439345226878927589,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 mdec.nelreports.net udp
US 2.17.251.15:443 mdec.nelreports.net tcp
US 8.8.8.8:53 77.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 15.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.24:443 browser.events.data.microsoft.com tcp
US 20.42.73.24:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_3564_WNHKLDEUYQOGWVIP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 042036d7182979b3f45c56f8087af11b
SHA1 d41a5bd60a3fafb6a44a7ec5020e037ce059c443
SHA256 cb42dea05a9483c5d2f915b74a400242ddd9031cb0e97ba7b059d6d0a9882aee
SHA512 44933e31317b015417f520a58ffbc539d475ce5ed120f5216757f5633b3223ad56430be23dc2a7c31097f5cdd7ba47c2548733946ab360e3c30933750b94ecf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df1492abc43fcf908f422e33665f0f9a
SHA1 9bdfee2581ad6206ffa78cb4199b9592c09c4c29
SHA256 d30cdfcce0cc7b4b50cf8606c29f3649497134cb1031b3f07eb634a8fdb95a66
SHA512 9c860283beba36de588386f601f4fe7aaf265b063e27afcc47ca006ffa994ea201e52e882dda668605c69935caddfd3bf18e7f4494b08b4556be33709367fed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45ef35e206bab9cc2c6cce53c73af20b
SHA1 233c8f125d1d0be113a6fb0a4cdb1474120765c2
SHA256 4979b41203987bd777dcda8cc585e4c3382c1b7daf7b7383372854e55556b0d7
SHA512 643f8bcb984340f5a0a64da2f1c95728d2fc306a194866ae6bc56d17c82a549b0878732a0970c2f60d495d750ebb90966f06e14782ae738a031947be8c30f1c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e55aef7f2e846d0c4ece950bf2881d0e
SHA1 e9ae7a1d5bdd34cfcbf5c82d0f34bedacfe82984
SHA256 a4595d12c4a44cec7704ab346ef19b22ef4d6c1774a3688c0b2c3a7001169bd0
SHA512 b82dd935586f444948b5f0b7db9bee10ea61d479523389a2504a0e27dfe3a229baf88f3e88d9ba3bae766ad5eca86a600b77292d83d7cfeb3f35be5020732dfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15a7f5a88469ade470629f1c32338c74
SHA1 a74e1e46ba71e2edcd1d831a1f6ff8c39b909a7a
SHA256 c31c3c010a96ea6e6d0197aac9b1ff21ea280d8c92a4abd875aa2ae6850e9396
SHA512 e806568ab91468270e003c4b32a46d45b3a0dd5648b0aa315c7a889e8378388f0a1efd5d40c24879a50664fc08977018f36697942b37aa3e2e1a992d4ddcd675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf0a.TMP

MD5 ab5c664375ec064fe283e7b97cdd3951
SHA1 d7a7bb859e0ba741f008ee9a5f06de97351544d6
SHA256 dd7d3fad53e4817d0269a24b9ec332dbc72cb1d04cdd005a35cbc8ec1f248489
SHA512 e407e5fc2bf772636ed307d8607395fc3d58c223cb8a4d518852d8556356d4d3f074ec1c89c4c2a70114bca844797a69aced18abfd0e3cd86c7cab62f53202a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3392c305bb4fd637e66b438caeb44800
SHA1 a0812a0e91803ce49346cc78a8666e240b988e2b
SHA256 bd102dee19db0a3a832a01fa8fc7a74e760b365516015c045f53d37a993de15d
SHA512 827a61203b674d91f32742be2d1ba6075fa67decce4ce3513b523d687624ea5be82b43253f07fa9cb27deda7995c4771a20b3f959e92513d75b0cff94504af22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa