Analysis Overview
SHA256
0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805
Threat Level: Known bad
The file 0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805 was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:06
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:06
Reported
2024-05-27 01:09
Platform
win7-20240221-en
Max time kernel
121s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9016873cd2afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d4c6b6dd259f4387b62a9938a27e1c00000000020000000000106600000001000020000000163c7f9ce40f1a9bf87d558c60dd1a653da6388a76558c231146c05d3c488954000000000e8000000002000020000000f38e3969c0ff449bfd4f58a048211d1c80182e381061678c2846f00954f891cc20000000dce932cfc8ef980d2a187911de5717585d9e8f7a464c0d211458a038d40793b340000000ae76a18c0d3552c8a2281641b025c0119077fa2f00e591d00b8639cec3dc6c4e066e7cb270c78c4f686ab2b2f6648a1cfbc36f0dd7de92dac754c17052f8fc49 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4d4c6b6dd259f4387b62a9938a27e1c000000000200000000001066000000010000200000005f88abdf1ab9acdd31cd4b3214a1ec713d8e2eda10c617d2a3d9821b45a349ac000000000e8000000002000020000000b829248fcfb9ad4c057056ad3fb9661378a89221e5fc4c4d7e4e8ef32c6031a59000000069a1bad9891bdb2b78cf26750ff5188c9a6682263dab4204bb964e463d5d0d375e670fce9ac625fd83fe65682153f7ada1b5922e6c6212cc9dfec2e759b41d028c29ef0eadfedc5b100f654cfa96c23beb91afdb70ab385dbaa4a0bde78f1ded5c8e4f55d8f90b28c53bee4c6934b2d3b095b4b32387c63b7d6db10240bee1505219df4f7c4eba484aee6fa0783c65d640000000557f64716f2a1903b3a38b0b14b0d59d7d4716af57cc04b7474a89c89baf2912da1befa336c0331e7e75ed3f2656fb0f6ce4ec355e0208bc50837661cf3049bb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422933879" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{668DFF81-1BC5-11EF-B826-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe
"C:\Users\Admin\AppData\Local\Temp\0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3EF6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3FD7.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74e05839cb05b3cf7918a064d949b23c |
| SHA1 | 47680bb51fb614cc66f18d7ffb5effeed3e3ba29 |
| SHA256 | 48cb385854dc8fb54a6b8c708efe7bc14d778ee3bb11c109a09d5ff928c40837 |
| SHA512 | c38cd2902daf37e5d80c7194be0a19766910cd547779a37613d88a296c469affefeacf122f72411e1bd0fff7d1b4329b96a83de8da9d28608f1f009361b2aaee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1110dc2c6b3ed60073ec9cb7b3f251 |
| SHA1 | 1fe4ae4366a4b0e5b294244a2fe2e4c72f26d6ba |
| SHA256 | 57e6304dbb63ac6452acf4cc0865afbc43a448fc71d1fb2e98033ebaef26eaa3 |
| SHA512 | 1e399cfbf092e773e4b58cea22dd3241ead558d6260e28930edc3da85e90562e8ae44b09f59a83790e796ea42cb6c26bdcddbe046d954c673f024be502772435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 894fca7d2c8d085b11970f2b9d91960a |
| SHA1 | e1fa8a3767c23d85e95f20c533ff7296e7945f08 |
| SHA256 | 59a847cb26573821a89d3450039418dc582820ef43aee5fce8b14af0cdbed015 |
| SHA512 | 7dcd7da4cfdfb016000e2f4e777a1f10b5a9d1f48be62da1b7075e0e91394766792b50f6a6e97eeb2ce9d66e977165830836fddf854ef45ea34d58a204e7a563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef480a9ef312e830684a64af8c441c1 |
| SHA1 | 42486e8693073221c66fa95637cb809e603f726f |
| SHA256 | d10650af8c4e35ca0c4b995fec22d6e897214d169d1820b31f3953b5c775c6eb |
| SHA512 | f28d318242497f168ec637db89c0ffe7f52393737c268f0040a9a42c030b936b30158e8e738fc96255554ae92502b1e03831f8370514d200e56c2423d58da421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 0c637923bda8acbcf5589824d13ed591 |
| SHA1 | 906f6b20939b558cc6f0b3272a4a5c8c6aeaf838 |
| SHA256 | 4b8f644026891932eeb80e3b9f90a041c6d86072b3149ef9ae3e3da48f1e3056 |
| SHA512 | 80d5cdf102e8fec7863f650fd7289a6d7757343d26b6380e08177bb33ceb3d2d992b6b0167bfc5e9418324dad0d565e2aba84befdf3e0c353d433771d05dc002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 673cc64c4f435a8a995398c402f86f14 |
| SHA1 | 7ab55d155153322500e4a2dfa0171078808cbacd |
| SHA256 | 0de36e9e993250775fc264b0c6e5b90f56292da50ff3c6868288755d77e07396 |
| SHA512 | 4dfb18203b5c961723568c2048bd49119252d2640aaf3276bb35191bca1adc1785bda56ae96a2e19ac33189398ae4828f38f35c71f6b2bd9f7d5cee6299de039 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 233dd5ea4e2e1977d7f62eb9a4f0bf93 |
| SHA1 | 12680e3345dd7def29246195dbd625d161056d91 |
| SHA256 | 4182e0357b3d4a8cedbe7689c5393de66c08c9549f1bb5ebeedb22623b2faeca |
| SHA512 | ed1e249e13da5c47785a4eef1982ff5ad50cb57bb286ca37a9566d244aef0947984ba5552d18f6a17a4696dc1b3fac4171d168322b9e8a3c7debf6b7a73f5e61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f89fada3f0b84da573011133d894e2a |
| SHA1 | d90d52721d2c2a901537cb619862a12c2d329b9d |
| SHA256 | 0a7eee9ac7c3d1642ecab472a96f8a7f958c2150e8dd8970401c217a23fb6c50 |
| SHA512 | f8ed109b296c54357d7ebfa8cdd8cea0869fe3841f6bd0b4ff2316634ef6481a4c5efbcfbaaf05e307261a06d179cd270639ec1a7b9149cc23490e7cddc49995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e326d78f946cb888432b51bd02635fa |
| SHA1 | 8f7e41762b58ce46f609470e014c3d785562a4f1 |
| SHA256 | 1886ec790630c73ebbefed71c6c5a469965008183963fba3e3d1c8774a534bda |
| SHA512 | d2abaaa0937de3b4c2564ecea362d10345ba96c6db84c4ab45db35c677f502f7eb4732e5bcd18f01a4371f0fbb7fc546bdad7c0539194aef5e6df2f58cd33052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6c93ace7a7e00aae003647c8b8fbb54 |
| SHA1 | c61341cec9869ac0b59fc710cab618d27910e1aa |
| SHA256 | 3f57635e695a7d7929de6f35274b8395a0e3e0ba9a53583a011db4d0f10a2d7f |
| SHA512 | 944fbdf8a3e7c67f3b1e42f324185d3c5b133f552a1b7f38f2ca78ee99bd84d5c7e67be5f635ce9dcd41625370b8872f73d804b578ae669d53cde6f62442571e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 975d24fb7f026ff6c8a211748aea91f0 |
| SHA1 | 4448dd6d4fb842d2b3a4bd06b12dabb2531684b3 |
| SHA256 | 0ff1405d35bb731469e6dba4a2f2bbffea50ada5b60b2875fa5aa5bc83387294 |
| SHA512 | fa0269108086eb572ef316aa23b04b7dfc7df10502f1ac524e87ec896ed46f43bceb93eb6376459f21001bf30e9633309cbdaf487783a544f2edeb89d542234e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cfb8bd6205a462d7b65eca5ce6df3d0 |
| SHA1 | 6783d27a30e4123e19d3d5272d949d71cf6d3f75 |
| SHA256 | 135b51f3091bee0395b85e36df39138a67468710bd438a71cb325e08ba7d0db2 |
| SHA512 | d729a9940f01ce2db13af2935cae88e556331ecf790c846f4f2b980f1323ce1bec0e01a9b81b015f87b9951fafa696db2e9e36751667176310ca50ab8bfd1b4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a3eb52369260de212b8d3a787704a33 |
| SHA1 | 60d9879351eed6dc04512b3db97f8d6f5a060ea1 |
| SHA256 | ba7826dc66977d24f46db975ce35e051d7fae4c2de476cbbd0ef047ecb4102c9 |
| SHA512 | 231965a68d3f990b06ee9e22038802149b9eafafed1bb766fc3dc64c3dcfbe5ef1a54fbd17e84b00e72023bc3de5ae6305e12ef84093c5437707bdcfae7369ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee045879201e34b1afc6e086346cbb17 |
| SHA1 | cabcda8e533ecf01452e80172e044aa630cfd4c4 |
| SHA256 | cc4d6f35b06eb9449b785ed33ef59c50ed7108506f533b7e098b0a11480cc5f1 |
| SHA512 | a42871ded7d0b5d3ada36efc66d73bbf204e420ca4e63d07416a0f50e87d0a2d1b5275ea5a21a4288e8078f084a0fd9d1a94c893138cd989cd7d7dd9c83bbda9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ca6ce74dfc30481b20334939c91c261 |
| SHA1 | 3cc8533f92449a87fad43796cf25ad3e8c4fb14a |
| SHA256 | 09d4be0d1d003994433748888f34f6b923a65fda66a5c566de6da25877720364 |
| SHA512 | 0d283335f1834726665d603fee65e71f8046b69e096725223c5f954b9ae72139ec4c5772591001f6eb5cf73b06aa79e105b6419cd2fe3a3ed60f980b160f12a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c6f96e41fb58ef4fcd14b1b86fe4a0 |
| SHA1 | e2f8f2024bc9234caa986321e1a5595b027e815d |
| SHA256 | 103a906c8bfed8d66cbbc1f9f03857de43095f9135fbf0290c9d120d2f25326a |
| SHA512 | dd1e1ff91c1f6c7f69632153a02dcb2f82be68c05f6dd6b2c69651a60016def4dd5cbb9f5dbdfa0e2acc1c6e92e5bbc31a135f3bf446586d2b06728199a7f338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9faa30faea626d63349d7a4dc0c9b1e9 |
| SHA1 | 5c8e9a3908b6cea719d280bfab03c8ca28bf1664 |
| SHA256 | 4da60ba59978597c78323d16bc6220ef8d731fff0df6d9ea2c535e2833b640a7 |
| SHA512 | 55614dc7899c34723135c2aab95368884e92a709bb0f2014393cf09a07421eba246218e088259175a8487e65e468b494871574174efdc1c1243eaf7b981cebb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c52ff62892da6281e00a1ade3bcbaabd |
| SHA1 | 9622fd10d1e0c0eb9f32a28f96c236b7fc3a30fb |
| SHA256 | c9d06e61646ff9285df721f8e6da5fd1dcd12dff02102b1c92fd95b2eed7e7e1 |
| SHA512 | af31e4072f5dcd67e220533535bd809921efd7b15291da4932d32c69694ae58e501ed2e3b3e90ebfa8c2ce4890ebeedc0402966674d053779e935ecb705b2576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ee6dc5ecf8b5600c10dd95a2f11e67b |
| SHA1 | 44c8f09e349b2158e829c178e626a429fbdabb59 |
| SHA256 | 85262f48fd13f069c30d6660d8faeb179183f29ae7e20d9bd1542ebfb5b02ccb |
| SHA512 | ef58097a0f474e7d615826861fd560d6318a5c7ee4a0dbebc6673e8f42a23fb0684e77f34f1939a54e73c115feb35f23e23419d97d3efd3fd02d2aba1712a678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2379449a199c2a353a814c3e753929a |
| SHA1 | 3b59f35972bbdfd3263f78b70a4193cfaa748eb4 |
| SHA256 | 3ee6826fdfa89800de9d04db943a01ac5cc70d65119098382f548036c23a0cbb |
| SHA512 | 07a2305bb9ea0f815540c7427b5c579207538fd324ea05a3c464316645f71a407150af840d9ed695429a5ca755dcb4fa3fafb4a91e40ecb4f7c7462c85f27bc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a555047119499aa6e52fbc78ba5a30b |
| SHA1 | 2517a7220ae01b37b6449335ec6142b576aba0f4 |
| SHA256 | 669f357339b6f111438d1703c8ed300ae4c6e8249c00039b88991dd6ec6ee61c |
| SHA512 | 905d5cb7b41692d365ce672af43255cc9097d3685255b378530fb88b7a9ac367765c5d9f1441fcad9a789fdea40a6d25a39f82969bf1f50a6a38c91ec85c8517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3652a91458cba6816f49745adea78d0b |
| SHA1 | cea932588551ae27e269f30f7498af057ed5a60b |
| SHA256 | 9a05e4649a0f6d8b769c3851950942d2bd704e383b30a543c1de28e3f1413588 |
| SHA512 | 5770a3d159a519098fba7c63fed518b8de1927a2375eeddecfa634428a24ec6ed45e7b03dc588f71ad35afece183da68cc0f30bca280f19888326a460b67d8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed53400eef911dec6cdd687628725c5 |
| SHA1 | 01cb46f3666a718659e3305058fd47ea9dc1f351 |
| SHA256 | e0ba5e42b2aee3124e817cc5f4bdae8a09a83473fb84486a64780ba27b831a07 |
| SHA512 | b3840151a40df7d0f473621f1362ffe99c49bc11549c3a65381e2c69202c2dc5a87e019416511a3dc35fe3ecb2df9df6211c4d0544e94196d130b0f4a08bd785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6967eeb3d998cdaa01663a9a29b52c |
| SHA1 | 3ea42fa93e08f395a13c6b5ce13154c5e3d4dca1 |
| SHA256 | 3b272c2702e9b1240488525cd70a5a4b06ff28b7421b9eea7078aff44678efaf |
| SHA512 | 9ea5ca67a628b375629d52f1a3cfa4945bea950bf3af7f5c13cbcf6d7753f1d51d6099dc9c4e8f696a90d2dd4259eb963105ad31533da6c43df26b3f8733e71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f68b6041b0004af08f816b1fd08bff83 |
| SHA1 | 82287947393d82339ed0092d1b136fea0df732b2 |
| SHA256 | 2ebf3c7973e3d61e28f6bbafd77e97ebf642cd5cda537ecd3d1d42242babf286 |
| SHA512 | 4f196dc1d4933a90eddde47900546284a59f9fb76f8ab9f27aa54cadff736514cc1cbae87e4315ba67c643c74607fd67f9d6720061f02d34590b908334b8d3f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3268695bcdf94bf4c81c3e8257e38d87 |
| SHA1 | 4a4fab4919ee5a7fa4c2bd26c9a828bb4f504e02 |
| SHA256 | eacc4a83b00bdb6cdc5fef190bf5b3424cc5087c7f624e70c8a40f2183b88203 |
| SHA512 | d6b419ed30356f261e9b0d540f34a0ffde9970046bc6d93166e47db06eba44a13723eedd5d0898055ac4cda7f06a41d82f4c85eba38a5708f7cae885cc3421e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e435732f4948f6b9aee15d2a29a111a |
| SHA1 | bc0e5ea50acc6218ed19e7adff94233036ba8855 |
| SHA256 | 3ac9221f996724c85fde77cae7fcfdd779c4e5ca08d31ca01c3ea0dc97ae028d |
| SHA512 | 61927dfaddba4c361d6e9f9eec6fab9b7d4f2f7e4de210ac28aa1b8325234c937fe37fe89083850a4ffd82f665a293836eac8b0854c3aa601abe6f164afbde35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fdfab384da7232f12c7cc9e94e14014 |
| SHA1 | e20ba90fc59c15dbab064dd46d4dd6176a376b00 |
| SHA256 | a9932fc9afa628347cf6c8dea7313f6643338fa70db464f7719bde80fe9aa85f |
| SHA512 | fdd20e004675331bea61cb0db652095b766140f0ebbd19c44c361566cc50d542007170bf120dc9c5777a704b61364e2d69efc003b1a54680ade58eced659e36c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6fd591e802ff81ee8160b4bb1293c39 |
| SHA1 | baef90802f95b1c0c34adc8bdacabe2ddc014813 |
| SHA256 | ab47f04e9789d25fe0597599495e120986d0d30911de2bd812d1faef81f3b14d |
| SHA512 | f3b1d0d6fd4fca75156c4c317d23306069d513bf139a01aa833a39821cbec5f1ef168789d9cd52f936daf9a3c98f876372fbd4473264062cb9b0cb20ea3f7a39 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:06
Reported
2024-05-27 01:09
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe
"C:\Users\Admin\AppData\Local\Temp\0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5b7946f8,0x7ffa5b794708,0x7ffa5b794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0b92bf81cdd04b930b131b377d526f7be5b2fe9c777dfd454e968b6c3c82f805.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5b7946f8,0x7ffa5b794708,0x7ffa5b794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7572645648598741622,7195532022734943251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| IE | 20.50.80.209:443 | browser.events.data.microsoft.com | tcp |
| IE | 20.50.80.209:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3852_HGTUQQUTJVBGFUCE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e996794aec7cbb744bb985005a47af4 |
| SHA1 | a00bcb7bbf904d6dc90156fba34242082f36cacb |
| SHA256 | 22a38c1e476a5e6d4406aa9ae082d8de4c5689d64fd77ab3fdbdc4b5cc2348d7 |
| SHA512 | 42ceeff8d25aeeec7091bd2b709ae4f7dbd0bffa27d9ff3e9dbae95e9e1d0ae6f51a856b6aec62990b28ebb9dc312906c32e9583484deaa29f5800d88593a5ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00bfcd3f39a4211618c08e585ef8668d |
| SHA1 | 3677390784393aaf17ef5cf9db71292fbd1c8a2c |
| SHA256 | 57d0b7255b0ef5bb63e237e9100e0735e4982f00cb98b6425c378e9bc317f80d |
| SHA512 | 324e7a7c4df6f83da271423bbb3ae68bfe56d74512c1cae1da9e8201059fbb6fd1fedd1b2959be8aa80aa99b3a804e2c6918d635341c1d58f1c9b60afbd4fbca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b16dd4d8ce19b979a2ea42e14f5ebd46 |
| SHA1 | eda5284cfdc4cfe35ddc3eb8c42483698fece621 |
| SHA256 | 83d283e7a2bf3633fd503f36f3301533fe140e7e58c8df6dcf26a4e9181b8d13 |
| SHA512 | 05f0bf2c1034793442155d0a187ccdd9558cf70c1383b21539c3a36587ba295516d133c1aeac447a6550bef9828a8fadae1c0fb658acff1fec47d3b0631fcec4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3072c760972f98b12e3d9715e2cae7e |
| SHA1 | fbb6faf79ba51d261043866ddf85e1d0e096fe1a |
| SHA256 | a473bec8a1a1d15b2f7904a1e3a09081803e1a2b1674362b05a1352e63a1ac4a |
| SHA512 | 9f1460459925e3aa0ae38d9d835be49c330367b4000c976d039e51601ae7f5deddf077d4b60423a71688ba8e925d137c5bddf8926776920039d1aa85ddf6ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53016b3c85aad317ef1d64f12978a5b8 |
| SHA1 | a6bed918a7245fbbda9b8f5b0c2e5b4d30b9917f |
| SHA256 | dbe857511c1b97db370a168f6740f4dd0684fe012d3a55414530d5d7f91e04d0 |
| SHA512 | a058f24a141de8bc9feacc2ad355d257f3e00e24cb8302324d1e80a9197289cf0371eec60029632567d2296cb66c9fd47a84d81f80eafdfac27dafd40fee29da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57beac.TMP
| MD5 | 1ec82d40af24618be5a7483ca1c3f5a7 |
| SHA1 | e50e7acef24c584779a42fccb83136ec209da8a2 |
| SHA256 | 49062ebea4fa30f219a80942b64ebb44b8762aac4c481a39cd737ec03d523628 |
| SHA512 | 31b9cd861a50612a2468428fbc9a79211ec694c17580725e4cbcf07cc09d86aaa3cb896b0c583c230ed382936377f5250b56769cf4d56282972e6aa84b4b69f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aeb9bf743b61b8a1d22be691f06b594e |
| SHA1 | b62339854a927fa4a119c04273cef5dd9f34cdc0 |
| SHA256 | ea80bbd3f616de8b2becdd5c05f125052b9adfb2bdfc7c6d23ad6656cd9704b7 |
| SHA512 | 42563d2642abf97ec014729b30d9c64ba132cf99889088c7222de13e9266f817b53fc6659c005964b9abea92abc20d5944ea1cdfbbbb975b795336db6e149bbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |