Analysis Overview
SHA256
e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807
Threat Level: Known bad
The file e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807 was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:03
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:03
Reported
2024-05-27 01:05
Platform
win7-20240221-en
Max time kernel
120s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f785bdd1afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004180590af344ce4db40e3d28c4199b99000000000200000000001066000000010000200000005a3b82def9dd3751e11781f2675dd46b5202b7839d469133601a2ce7b69a6a9f000000000e80000000020000200000004d2c4f984ff473302848a9b02b49b1d2eebaa11500c9781071a1313d011e768e20000000d4a738aa315552a24fbd96c8e35df7e1664315d90b1d598022e29731af41e22340000000d93ef09182f9ac06260fcc8d8110d108fcb7501977b3423fabe00886ccd364ffc679dea0690cf753c82d3538ef90a0adb828dcd15d317381507a742453ca78f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E63147C1-1BC4-11EF-B2DC-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004180590af344ce4db40e3d28c4199b99000000000200000000001066000000010000200000006e83813e524ec42d2aeb16a7d567fa72f212364750d00b18acb06e9d7f4fa801000000000e800000000200002000000003f9eee10aac4b13ae08d50b84e59a8fdc1780fe7f25ca87534e543b24dcdc309000000026ec05bb6dc7ed17fc64aa83f4261403fac1c272ca38c7f2d8ea73786c0f5546e38f6634fb14d337e4cdfadfe489992a490a83a10c01bdb10467beaf1d53dc02cb26a61f6f800ad5d9a889c15a9661cff0e550bcc55bc83e1ca58abfc2c384433d657a17b5607f51b1253f70814b0d81c9aab8b0fe14cb09e4fb36403a97191d43639fc30d1e3857ece2b1de3bd3b7da4000000025f8e60d4a1651bf8ad30af9ad802c5a2b3cbdc3c4090f3bf46c33dd406a0a8f4e70cde95edac5b0847bef8c9c1fd26a16e5c26d9bbcefcedc782f5a2cfa4817 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422933664" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe
"C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB33B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarB44B.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9c71ca3c30bb72bec06883c895f1588 |
| SHA1 | 832eb5427485918aa7e962f493c7165fe3b060db |
| SHA256 | 2643489bdbb509b7d78cfa85519ddf5b092f1087cd5038a368629b7f6eea9ae7 |
| SHA512 | f1766140b7b9fbbaf2444a32f309601fcdba6fede31d9e8ab15b8984a1cb3ebe9c01d07fe45c0466438de433955dbedc3997c748f86688218381fe409369ce2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91e9047c51e6fc40fc51bdca16ac59ee |
| SHA1 | dea56902ff15cbf2e3551d73dff710e7cf081ecf |
| SHA256 | 50873ed9d2d482db04875dff05d86c989ed7a12444d1aaa603cd5d5f7ec4a9f6 |
| SHA512 | e26dbfeccb04bfc370e94f295b96f29c6ebdd8c3423d7f9b4431d5de78d6984cb0abc77949da6ddc6acdf430e88b9501fda3e814ad2ad10c5544e4efeef10f55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bec7b68e43a1bc6f15aaac65ede58ff4 |
| SHA1 | 746f3e84050a70eb24e560a9b051012dc7987b8b |
| SHA256 | 5a246273b685357ab97242306ff3e51f1dae70148d512ec0a2c27099881a9f8e |
| SHA512 | 428febd4e19576019bf7546aa0d2c3dfca6ff90b9813e5b662e6d64d0d33bf99da0fd24c7635e0c9b327ca80ed89e37b7d6c028d6d4a7c6a2b413b92d231ca42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db3c12ba497ef5b433e99ac0573a4599 |
| SHA1 | ce369a58e0bd4412de803adc3a6d89d11b9576cc |
| SHA256 | 13d0b94e35f3a446a2cfc834881e46b48ae38e0df3c8fd77faeae68db6613741 |
| SHA512 | a8eb3a7d33e5a56c33ef7a9c88691dd8d8d81393f7ddb0a0cb42ecfd6e61d04289b26dcb6223431a823be29c43dd72b81f633cb7fea76b3c637fa7b97296df90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49f4f096562671e73eceadfd9ab235c1 |
| SHA1 | 167d268d1875a63bcd712aeafb434db076f83fdf |
| SHA256 | d67f5697692d7831b3428ffe091fed162175226dbe095cc65577f8cb09c1977c |
| SHA512 | 71ce2f4b2760baa60cfdb1cbb90a1b9b47edfea289e8328d6b8d718c4499ad36d38617959deeead4a73cf947c3ce9195cd8fc6758654df2bd35aedd361e134ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4fee093b20cb314fda1fbc8eac7a32c |
| SHA1 | 9735403f0d7b4d9a667a625e98d7474ca106a9c8 |
| SHA256 | 270ec1048288cbbc7f5f7a2375425ea51ca3cab97e75cfccc37b3e9aabc2fd6d |
| SHA512 | 7caba4e34b0e7f88a76ab4a02156506ead62b8a1aab0d5ab01369bdee6aba33b409ecd6e2c5ca3bbada02b63b6e5e2b7c5e7574d3e98ab4a515521ec922b8fbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c135831b10b6386d9d024b8845ada91 |
| SHA1 | fb84dd5192232e35176d567f1bc3f2b47afab1db |
| SHA256 | 13f9031af6cf60a20888bcb84fc8789b6d47678e528c08d133a4bb814e41a670 |
| SHA512 | 1e63459ae6c5415bc495d84c90ac8e5f173bf910428c86dc58b7deef6287ab236cafb830df748cdf06c07de8f532a7ff402ac54c1c5ce90d073517df41334e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | be53fa1d57b39a76ea24ee19eda6223e |
| SHA1 | 15d00af55caf0468f05c334214966e6c00290172 |
| SHA256 | b01294714c9e91afa8939162e9d070330f7ac7c61fd7182cb6634f83de85ff2a |
| SHA512 | 6d90b49f44f1f207ef32c98026a2b3609501cc9960cff36787576fb31ca24876bd9fbf8360102375216ae1b5d6f1fa6b506fcc0226f49eb6020eaf16cf43638b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93c52fd2a0915f5a525d85a667bdd135 |
| SHA1 | a48984de0216d40c24490b45857e253f70209d1b |
| SHA256 | 111640ca97f5c725852c68ad21c03d2de4fbf7e300706c1c0c1acff130b756ad |
| SHA512 | b26bcf3bd9bbe1b48bffdc2a261f7022c19085278ee52e0def1d8255f02978a63dac609eb37f6b942f5f2e2bbb5a65086a3ddd517b942441b99dc6b8d360dd2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f02a16055c0fd05c844e9a792f63e31 |
| SHA1 | 3ba1e98ad9a60d42c30624fb47450f8c573b5632 |
| SHA256 | 95d7362d6d33094a06dcb12ab4d191bcfcafc22ddf24c2d460de9f4aebe32d0e |
| SHA512 | 81fa056d2307e50318487280455c8022b572a22ebb0bd6ac856e9a0a31ff360c116898fb2d88674a84a2ff17bc68b3140afbfbcfd4e13534441a0107891c7a7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc76bd9b05a8c45f9db3491690a5ed9a |
| SHA1 | f2913793e560e8f002db21ba5334295005c70d1b |
| SHA256 | f1b3a95d1c8819250ed62a5f2572216500f8231c9d67fbf802b7a665992b6893 |
| SHA512 | 0fb1cb2dc29c5d7cbe108c7fe0e612753aaa9201d5c543632de30892b7e5d15e74fcb845425546bf479060a29857f21b55338e8ae6ee8fb0bb01db5e1899c1ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57e72fd5d7d7a5c34020de14cb4c51cb |
| SHA1 | 376560c1d8f35108e0635e46bd6b5180845252c5 |
| SHA256 | ab51e11c02007bf4cb1ecff77757e72fbb450b788b10166c4dd2d5248cf4259d |
| SHA512 | 98d460f1e85430723eec63af3710ecb005ccb578d6917d7996c67198de945481c1e63e43b56ba0e93a474d0f64925501be6d6a0f87fe5dc0619f8027fc6b3c02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b8212932b31abf2cc19bcebd23a40b |
| SHA1 | 66903fe207b9bb2a922f1bc9671f5ec8ba5fecca |
| SHA256 | 6deea68bd367b3cefbd636722ec89d62232f50c4bbd8f9c77988075054087c23 |
| SHA512 | 065a2d4272bdf84ae2c6b15e1ef3db1f1df6da58983d3d046ee7f1c3c7361941c505dba8808f2d886f62b8bb599b0e57dcb373ddf26285a0c0e6285cbd06635a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a743da793424106e3b25c1cfe5b387b |
| SHA1 | e4e0fb14c49a13c6e31871ca67a2dc8bfb26c195 |
| SHA256 | 2574c841952b82e2313bf5bd2f57ea72bab0cd51108057f6a8ba6bd4b90a6c51 |
| SHA512 | f2e7b718aefde431810a688f0c849d3113cc23567135450242ce7d27174d686bea654d2d011528ac01f5783bd58167adcc5d2f76f91ef7e41bdb5ad66745696e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9a56ae46d3a97645c8bac07d06cdcdd |
| SHA1 | 0f0ef28c2f12de11db56319dfe9654156f28b2c3 |
| SHA256 | f7bc58e6f92a204f3b6d1896fbec5771c7dfd8f684877c597b2556a0dc13ba2d |
| SHA512 | ab2d11ebdb34df05d17bc321b260f566913afaca856c5bc9d78a5d62c44617bc7ab1d89d2308c809576369e4e46bc7ace04292d954b1803daa9a421f90b590da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b4c0017928315b3d9d4052945e1e7d7 |
| SHA1 | 450c4764c43795a6aa545a0e3a4327f07c900bec |
| SHA256 | ce403f5e81288ab35d33b428b9edbf1b643010644f867c5a81593b66ef2c1a6d |
| SHA512 | 3fba852198c39cf6fdc5af92f6f2c951283ac288fbbc98d2e249649df3a773df247790fdb8c4d457cc0c8bd96e8de26728237b8dade6e90b814741590cea5131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0086928d18a3240abc625cfcc8e4a2ab |
| SHA1 | 0393a36e2a62551b2b8a5c3ff7d6210ef59724d5 |
| SHA256 | c758c879d0815be37011ac95be7e6c0302dfe494c4c1ab37ca84015b4f0e7b8c |
| SHA512 | d219d1df4328889175e3b266b361cab86e4041efba179df34f28077f78a6f6138a53087c614468cfe54b1de2c57f7a0c4b702f63bd7b24c8b7f57dc0036922a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 947be85e9577d51ef025adacbbc9574f |
| SHA1 | a28361327ad4649fb5640ccedf940cf2b9e37b97 |
| SHA256 | 93efeec37530b0165ba5cdb8e2376cc167e2ea42dac2670611c32412a15aa9f5 |
| SHA512 | c903e81dca2f375ac52775e44fa80a0b514046c68380b339203ae6244bf37a7a22e493c323fc626277d5f5589c6609a40bea8317d8c221ac86011bee15a2dbdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97793c98a8a07c72fa780db45987382b |
| SHA1 | 93055c1f8f9b358b4026a1351997639136125743 |
| SHA256 | 12d582fdd1b9d46038f72aa25ff3c7487ea555b932f50949336723415972dce5 |
| SHA512 | 70d916625bc5dddfa8811d02e18dee7630a6a8a7f9f06561a0c7e5326fc2ab496b5fdd4ebdb420b5db2043e279472d6919a9ec82ecd914fb275a2e3acffe98d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfab0155f5b615064146ae432f6ed890 |
| SHA1 | 760387b550f5369c38ae7ffeaf3728ae6c3eeb72 |
| SHA256 | 90c9ba0aa53191c1a0b948a9a5461560e5cda1c42ca3ea7eeb97edb958fcf160 |
| SHA512 | e208fa87ed54f1f94a2e72193d142c42f64384961dce38f56a37d1a4ab54db75625696d9f3aa7bf24f5603765f406f8cf7816926714005643b88984960ef93e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e68154fd4b2a3d2bbfbdca4f60f5305 |
| SHA1 | 40a89065ee0df7a36a62a261b928c5458be6b5f4 |
| SHA256 | 800dfd5ed6f471f58f75d8cf9c767c78d11c59e818ddc975ef874e8489657d38 |
| SHA512 | 23f7897e5e7cbeb218427293162928e7f5f118ae470319f9f1f12767ba43a7c2ef383f7f2cdc100529111209b2e22174d432ff794c41f35eb9ea4401939c6d93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb2fc46c670f0dd310831b853e7dba72 |
| SHA1 | cb4a9bea6d51fd070263be4c996f3d80df9b858d |
| SHA256 | afebac0483fa9c2779349cc309c9ef220bece3ec21c94603c3d6ed0e4ca9558c |
| SHA512 | dcb49b539025c8c8317d168b32e3bf1a2d92e2fa2e31fbe1b5f1943ecd40d8bf496c523e10cac00dea33b74d53256e3c11ed925849de02c67d8b1a39d24ac9f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8f8ad39afcb018b7c2c18f9593a868 |
| SHA1 | a03a1342ea93ed07140c5973c708fe0e058612f2 |
| SHA256 | 2c88adae42c810a7911f08ac12f45598a31ae6c59ac51b3ff7a1df4032d1092b |
| SHA512 | 314c84713baba97a3b18343124574db7d0a240d01d0ee76b9590e2f4b27dd97f55bc831c132f103b6507e8bfc6a7ab314dabfe2c3a5d8506c163b2b9403a42aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acbd4393627d92aab20473f7ddd006d4 |
| SHA1 | 043fdad16b741b7ed7e35ad5252b95d8cd5217d2 |
| SHA256 | b109db6aca595c92bd4dc71d90473c19587c018001dc1bdcc8b538529e14032b |
| SHA512 | 459ad40cc72da6fbf083c0141abd31b72712fc9611018f1beda1d777226c5ffb59e6157caa6070013787ae719e796cc7fce2ae49182f75ae7931be164e900b9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1c685cd50cf4653e9354e030eb951af |
| SHA1 | 4f943b6a3dd6fd3f277bcdc02a67393fda36d55e |
| SHA256 | 4473c01716809998ed8ea721f0c7a36efd01882261eff8f931cc62513152f427 |
| SHA512 | c67c2ac7b1fcab238097e32c10735789549f329736967071d8af7f5b33903239b4060315ce27785e20bc8ba16fb21991c25a3d06a52e5a21f2c8758fb3fa7209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7b925379b18c0c11ef87645ade9d983 |
| SHA1 | da91b796c97c00784ee7f65148acfacfe48ca368 |
| SHA256 | b0ed2973f4c45c0565c36c95d49a5f38ebde198890c3ae7b705af0e56526ea63 |
| SHA512 | dcc85ab5c9d9bd01dd8aa1cc047620e79d3bd5720ab5c6c8b51bd2ea87da9e9b780fe5c576810a5da7a55f6cedbddfe237fc0e7bc183b7c647ab8029f02636f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12c53cbae03aee22b1090b46a5ba3f38 |
| SHA1 | a9c51693f59474d602713e49ef18202262687deb |
| SHA256 | 871220b9c563df5407ebc228fc4e8677280693933650ad242f866fc63f4b49af |
| SHA512 | 10c7965f4ae9ead4e5d73fba26f3482044c9e30bee7ea5e454c9049b53810401d5e31848db62700968708d64dd7c022ed5d3383056ac35e7b15528917ecd55e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d1ea4ecd6e38ea408f4a73296c2797f |
| SHA1 | 256f978922211fe9e32b0b796a5ce655aab27d07 |
| SHA256 | aba0be83e4c04b788b0f5bcb13df6fa817a8016850209b9458babf11ffd1b769 |
| SHA512 | 6052d6f57d365054bfadad37f433fdffb8195e743f076d3152278fa3baeacea93ea0b1b2eb18746f89660644bfaba55c5286f20d81503ef60511c02670ac2463 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:03
Reported
2024-05-27 01:05
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
149s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe
"C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9e246f8,0x7ffae9e24708,0x7ffae9e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9e246f8,0x7ffae9e24708,0x7ffae9e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13657666032096419629,18097133561985159183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.226:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4116_ZDCNXVCOAXRFCCIO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d30e15cc201d3f3eb622ee8047ddde4f |
| SHA1 | 102c58cd351b89c3cad122d6d88d36302473f416 |
| SHA256 | 45b4ae1071e66c8cf96e7f630b6bcc77cbd54b9423727bbddd22f5d0cfe2e19f |
| SHA512 | a5ea12ac911cae1ae610c37a0743c466b96f52add151d1ba9435c2ca87152de6736a25e5b9b19efe7bd8104864b024d52c7e49ea204719e9c3139512234033c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81793d40ffad64c23393b79662864c50 |
| SHA1 | 60c4de11a4feae6cf809332e7836e6cd75879ce3 |
| SHA256 | 2ec4bd30de679e04a73123c4076ae5cfe7cee478a8af46202828a6c733114caf |
| SHA512 | 58b43a2f5ee93947c687c03102d62e6d2ff9a42e7bb307a691261c5b270d04a88c68dd50259482e13059ad1a5e1692572e1e9e92238ac1a0b014a7de1909c8b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b5561bb7595441ce93d130bffff3256 |
| SHA1 | a74f4b4bb8b0b379ac91c200e7586779ce2ada64 |
| SHA256 | 373e1231513a221f8769bac13fb883ec748088c7543361be162e93df4238bc83 |
| SHA512 | 576a00bf673a0d6624081cd7afa8747c271d75f92f947bba4267980ccd17c33a0ee9ca5002a33e92ddb6bf4bb75cb73d393b2b218e0fdee5224072d309decb26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7116e3ef9ca91c836b9de6b05855674 |
| SHA1 | bd05e0c645968bc727f2b2d49dacc24b6cb3c7b8 |
| SHA256 | 8d8cb3c6ff4d4fcdd27dd0cb11d4077d4253f744b48c1b4e6b61b6c5c1441d2e |
| SHA512 | e10dab0804c3faafe2739037d4412dae434e1a8e261b875aefc13310eedfb8b58625103df3a86566f3bf677e8ff34831a00318944eec2689f347464771428067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c6bb.TMP
| MD5 | 53f73c7388d9bae0c591e2d1713e2aee |
| SHA1 | 3af116cd53593dc21812dbaeebd139dc9d62af23 |
| SHA256 | e3a54f53c835d55f0d52a1acbe16b784b4a457279b90b520b3a07aa6a7956e97 |
| SHA512 | c149ed0fec73273bd44a6bd84bc5276ae5dca516ca7a1986747d747f86deddfc09e24537c4893cef0f392d49ced4f1e43ab4170b1924b985937145aa9364b5e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5424481c8ad162f0b283e397929683d |
| SHA1 | bf32f36e138245e5a2c5d890ecc9ba7e51ce92f5 |
| SHA256 | ce8d0eadae7570018c5d659ad62c2cc077ccf43fc75ad7a0d1cff667806be08a |
| SHA512 | 44d2ca33eade06de0b060d01728a6c2bd0424c1d3a425e7d1356ca9d89be9645f2133b862eabf3257bdd99e45a97f1d501143cd77937e0a5b4d5de9b6017b06c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b36ba9e71c266835de302763690355b |
| SHA1 | 16d62c409008d43bdb4d06e235074c5a84648be6 |
| SHA256 | 30ebc679d9adc5b0a3b8c3e5d4d61d44987917d61e5e8a13a772d0c30a949377 |
| SHA512 | bc1204498630c207be63b0cfc9907e1302843d4b4c7d28d45e66f7809b402b15949a52c632b7066055ce173ff6aed30ae6f71d0ed6af261d48e2b4d0ab0088d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |