Malware Analysis Report

2024-10-19 11:32

Sample ID 240527-bgr94sbf95
Target 77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf
SHA256 77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf
Tags
agenttesla microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf

Threat Level: Known bad

The file 77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf was found to be: Known bad.

Malicious Activity Summary

agenttesla microsoft phishing

Agenttesla family

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 01:07

Signatures

Agenttesla family

agenttesla

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 01:07

Reported

2024-05-27 01:09

Platform

win7-20240221-en

Max time kernel

119s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b29611d62d305249bca38cee108b287a0000000002000000000010660000000100002000000006924aa0b80ff33c206fcbfd989841b5e3f1f0883317679dda364411c0cf18aa000000000e8000000002000020000000ea31b67b83278e8c35b7de5785a883a71933a9df6ba5709bd070da0843caf0a7200000001ec835bd0e77a4f7c1ab8f7171497e3f8adf56ae0c5d92039b71b107f99e1d6140000000970e2bf09f396a7b90139af94bc024dd482c39dc0786b02d0e2ee5d7c7f6fc9ff87b97a4299ba05cd1e2c5ccac00075280ebd5ff12a37962a02389d7baa21af9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b29611d62d305249bca38cee108b287a00000000020000000000106600000001000020000000812e5055b7e016eaacb54ac5bd63f3119996b171119bb15166900adb0aceb4d1000000000e8000000002000020000000ad5d3b0b0e2e9b7a3e7aa43ee5235a65368fa9dc38c6b46909634e513e34ef2190000000ead11447ed884ccf62b1b9c9a247e565b9766244ff9507150dde25d8b14a8455cb132f204208229450ce3aefc90194029a5a1eb306707f909283b4f1b70b51bf51a8281a785505edaccb87a1ce2da88dfb231a15d898b976d346e9ebcf620e211912aba06388fd1204104be584ed7725fde70e26b90e7daae655f07a8851bcd00b94de77cadbc6d62f8e8a82613d3981400000007072051986dba984fa7088b8109ba7c4cb1fcafe57fac0a606b7906cb6732978a9889dd925b77cd4024883c675cba0cdf4b20c9dbfd1301f175b26b5bf4769a8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422933914" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f46551d2afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B6A8361-1BC5-11EF-8E71-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe

"C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2858.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar295B.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cca35992ff8909919e82129eec5e881
SHA1 d1692a1ea20107f0f69568d00c13620667ae882c
SHA256 6ee262a5a9e0ea0a446ae4cdedf5d36e692bda8bb74b9464ac03a66a208b7745
SHA512 f5121ba53a7f6af7a74c94ff51207f2182d4d41c58f90f52f95257f3637b8e44c3d0f10a12abd5131858e68840e66612fc5464ca3432fc46e8863b042a25be47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f18bfbcc5dec1e31fa669794d5210e10
SHA1 883feea120c9eb7bc9052f17290154b2485c03db
SHA256 4ae94cf7e846bfaebc71b19c5ab5c45888f354549356c88385e7a387049c16fc
SHA512 882a406d1b3cb49222bbea8d1a934415046109324540cc9e0a49a63598f3735e6f95de15e5a79dd73cde3826f1d01e614ed2c90957ef6f1d2fb329617cd0f397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd0440b9ba54a14c91b0887a669bd3de
SHA1 17fd235c29bbecdae8c6cbc6abe2428a9a871711
SHA256 0569c0ff2d5ae7ac8b9369d68e75d2d87998c7eded29f0b5de23138b9f6244a9
SHA512 a196494db02550424f8a33a607d966dc751f131e7bb941bf2f6ab53df4322bdec4f00f14ded2dd16d716dd7d70e0e612e049d1ccbbd418b2a764e78437cf21f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbfc074319d7570649b9c01dad4313fe
SHA1 761e00b6398bb0b0e3dc96716c8637f129a9538c
SHA256 351ffa360c900404854cdc33bf048806239393dc7a940c78109f901b124dc0a2
SHA512 ef3afebfc785517ddd964550deb030af56f83fe8bfe5bcfb875febfcc929727adc4bdaf61b59df3a193eef6ef0b191019809d36beba692b9ca605dca681b07e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50fded27c6c02ac32790e0918c2653a7
SHA1 690bf2e842a0d787c040f1ba82775f2d0329754f
SHA256 e6c6f186fef1f69f08374df3e515fa6c970b351cc4929f433d8d3e0764aae375
SHA512 063dc96fde08c0f5aaf8aca3ed82bf76eb068b6ac2cbdbcd688e4190b12497415482ae82314612f16966001467ff83cdf96c323592d38e8644176d74bc64c0d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84acdccc54342d1e0c84a69bec50dec4
SHA1 f7c47bb700e269eb6b83c399e8faf3aee4210449
SHA256 734011077eebccf346b1a1ae2cc59b3a9d21178ed8b2e8bdae6a5bb4f86a8ec2
SHA512 09f1d70c52448cb7cca93a6fc16a59126c7a214f75b91e331723c7ae590a61a73af8e5b7906755c95ea909f750d81c3dafd7f63aa04189bc22e71a9fab82e50e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 7bd1f700b7ba9530e85f62d1d3eac33e
SHA1 9db4c4b8bd51594c7d1b884c735f694f97dd56bc
SHA256 007b4e8bf024b7a415126f4a284dd13893e6bb1030d7c0122833d733f69c0220
SHA512 d38e31d5a22910f465247ec21fdb5afb535abb99026a3e5739dafda311bba34b390ae75864ef81a47c3f0261bb8e9b97cafe484e9d3900652ae881a32283398b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4564c9bb7559c180ae08d62bab372ce
SHA1 cd4418876aaef68ea078040242a4c686bd6b0ef1
SHA256 57f9e86e36de25345cff4ac25a49409d7dae29b438e165057ddbdd76936a04c7
SHA512 e42d0bc52363c2a3909e00d009d5fa504fed816626c43ea4346c8ed7ce35ad23d401e945ebe364bf2c6b8a91609433c8d3bf0272f097cc4220217efc04ca7a80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8f6af54cbcdd94192327bb6ee7d9331
SHA1 a657d1bb32343b41adfb52f120f29180e7240d44
SHA256 b190d6cc0f1cf7d16698202ecd18b24fa5ef5d614a3b6cae3d4a687716846284
SHA512 66c3b3e67ebabe6f84fb824ddea58d9f96456f79436bf99409eef701a671c2b787cbe9d3ce0fdf20a539cdb0e7ad05cf7633167e0354dbdcbd3952a51eda5bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d3f5f43379a3ebbdd7ef03878640bbf
SHA1 37a28ef24f57729381434ebb0857c8f57a4a4932
SHA256 31407b0a211980cf3b46d3382eb70771a1e13af7648791f36754e10023c93b81
SHA512 9615de98e636e9d55d4d1a988e4f1d68d3ad60821be3d00ecb80f51a404d152ba842fe6fa783c388d21f70e51cd3165ca60fbef2e92e4556716d65a9d99be8ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b255e045ae7a014b3f301c4927c181f
SHA1 d6f0788d27df52eb12397e6d3e44bff61b9810c8
SHA256 3da050d583598248942e6b379bab7bd3bc5bfd4045bb5a1e34c47c2cc76e4c0e
SHA512 7b665c2f5a8b38b4f5b04f856dc0d920d80ee41dac8908e51cf35720efac4e415de060d786e0b4caab1f182f95f9d378d16827b439f651cbd61c6a6b0d8a76b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54e4ce2974d278a684d0108b23b23ee0
SHA1 b48084a780deeab336da70be7b1772d1e288df8c
SHA256 40f3171b9a60100c848c2af5d97c11f74a5cebb31122f5dfe8867a515efc288b
SHA512 9ea53e0c57b185ab46598cfdcb3816ca63d659061d8bc32f57fc439a6770e804843d5cc66e4289b8ed71476f0d904e0c7b33aed9af7099c2e2062cbc58bf4236

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7191f73a1e76e0db10338039a129671
SHA1 89e3953d09b466acd20a56722f4d156a72399011
SHA256 78c7fa21eaeaae64084d8270f9c347f303767a4ffbb2e57d3e09a3e12339514f
SHA512 a05ee00e3537f5d805dfc94e176f7284f36be689dd8ac8b140a2193a55d6057209692deb7572b88281b0860c7191eafc5fc0a0399e6158f55a6bef6a9b96d8f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a69eedc20ebbd728bbe3861d6d22c64
SHA1 3f79ca16bdbfe3db0741bdac7095abd74bc4ae96
SHA256 6f1f6d7b6a8ca62d5492a2ee6c671b5a5560b26c9f06311bdb74b796e916a017
SHA512 7bb06d59499031eeb82b4238285edecc4eda742a7a8e6a5a5d5db900de2bebf039df0198a1ea0ecd4e2996afd1f7dc17f1bab0275119edcec9237021fa33feb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efc33b1d735119b25aa7168b50379cd2
SHA1 d431be4a146d3b472139138744d31ffbf7a63030
SHA256 4f6f25ec0c78dbbf520e03464e2d50e724250e65b95d39ab31373bb36edeaf61
SHA512 7bd4cd2ffcae4b4736db6a824457ca86800b2d4c939fb56ef6179e6d435f0e1a32645d97fb4645e128b94721dbc5432d47fd6788fcb53d7338a4c9c8c75f9c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90dd38bfc9712ed0b6ab415dda698447
SHA1 94608787a9593c8210f907c35801518b55cb4313
SHA256 edc76c9aa272f05b2f9f24c7c535c71de936c2c1984ae1c453f19a099ece2114
SHA512 05f1c56898b270286baaab1e548b0e29f37a6a1c3de9d69ca5964046665d0c0b1363d7b425c409af947b9284e841468033456657edac17d9306127b1a4953f43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9be9304ac91b94e6b8cb0610623442c8
SHA1 91d4122fa70d32055f9f118bead7a6225bdf0843
SHA256 ac11d77ecd7ef1e50de124b43e764efc593a49b52f9baad7937badafa28e803c
SHA512 3afcd82effed8c339bb071b0ae353c5093512b2dffa251df9e9d67abac064810cfe714ae58e02f7a3bffb5a198a32c2b90cb7166a1a466e0a2c55e47ec503674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 106177c13aec28ed00d27a69363fb48f
SHA1 985afc6cf4dfa54930754dfd61cc0b981258bf84
SHA256 05ec726a59d720d555409b081b71b1bd19be48d652f6af7a9cf1968e5887b500
SHA512 2f7c05267510ad3983497487927f48c8d2c4e529965a0dd516044015f705b4a9a53c89bd0532e1e5717524f14b8a245e5408adc3cad98b8ae06ffb69d635c8c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bf3cd9c59de12aa30e0d6a534aeb8f3
SHA1 71cd6526f243dd1d42714cbbb06c5e01522a11c3
SHA256 86d0cdb842cb36f4c40c3dd3f4813b2f19373b911151fe9241bdfd0517aa0f81
SHA512 80adae97bb9d2517b4efaf529d407b1fa26317c59a206d7aa97d76beedda836a586e575ab142c6b20554b071d12c108871022549d2214ec5e504932c4481c147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b483be339619bfa98a96a853e311fe5
SHA1 2258a7ee91d7cc1d301e8b1425969e9a2634e3f7
SHA256 2561eafd3529c9f9b254f8c31ad441ce9180ef31393311257f2d07993336e100
SHA512 c41fecfb5b012ab3d5f822df042dc565eae0bcec2703607fce3c0f3409d3e1aef8dbda40e9c52668da45c9b358811f373d6a2d54895c4fca6c1f2084a8c9203a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 828b1c1b6ef6e28fd6f532e0e073586e
SHA1 368f673dfbf8f5c24604668a3f589a92792f9081
SHA256 9d05cb3e8e991ff41e97f48f4b07d9045e82df46ede108f6f91280d01c5cd340
SHA512 4089c16a8dc08bc6d948b3b6d77b7c15ff3a895e947f9a82a7fde34f92aff48ef2f0993dd24c27f7ce6d7836c90397f675e0d3ed890526309e32d8dda5d70d38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e22fc4a1dcf15e3663b4463c9dcd696
SHA1 40161a1c5c92647df1fd518807ec0a234d35453b
SHA256 eaa8e72566fe99100420cda290aface6672ab9689388b9946078072c313b08b5
SHA512 2feba088f97224f1c3b8e32540cabbc7b7c1127e92b40d058eea40247d85ef99bc14c0d09046cd53ee097fbd4df59af94966d955a6e71f6414286ae382582ceb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29d7a6452377fd3c01fd1828dcd55f72
SHA1 bbb8e83ffe55948de65e30f469b660bed28664d3
SHA256 c33176146c254a8c56dd816ba8a6170f6133645d25dd2c162b5b6d2f8f04cbda
SHA512 a71e310bc4b328a39725fdf52417f0c46199e9dca13eb9ddfee3af439580868d093efb62ecf5a526893a18478b700302dbac75afc63790d6c0cd4d7075d9b5ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e85475a4439625615d56db22bd2e8b1b
SHA1 66a88f3d4909388cb5fe5afdb4dcc9124b918fe3
SHA256 5a529cd0bf444b86d404ca8d4079ca145f1d400eb93d33615e71548a042181e2
SHA512 fa3c060b4b6421804f82359fe040f958593f25149e87881600a360da181acc4ff0d294260165ae3b33057e79a5eb472e29bb1e8a504ca60e4a5f112221074386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caad41b455ea2e26ff69e910eeb66a7c
SHA1 5c4b673ae085e8b4cc1e725f8148b327f5b16080
SHA256 ee92c76d726fd5d078ca509535c9c48334c645118cea6d36e061074c4aec1fbe
SHA512 03035c20dc57aa0781c0a00e69310dcb6372fa53f0e0848216d0b857748792febd4b058a22e14d7105ad79055fc02a7269c6139be96c64028e3a73d30bfa6c94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c51182249a0012080f6c3f146925934
SHA1 11abeb2718c8f6ec779384fecb088e973e8020a9
SHA256 d8b9ac326068b9e5afe3f0a001b76eed0d89494fd135af9d1241197e2737cc84
SHA512 1034dcc440aa2d89670f9d128d4e41a59d3984ffaf473119f10c39dcc63385a30341932fdc0d68d67e41b24ccae92fb15e5090df592068c47685685ca0fbc67e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a24d4c4f147b8fcf0e3476bbdd7850bc
SHA1 2add2196fd86275d13eb17c8d51a64d68338b195
SHA256 6a71df19392ffaf244fb26fc54a99036ca212cc662fb0eeb25f7e21708a1c9d8
SHA512 027d1984dd379d941a2db1c644b94621d8d2ad75f3bc37ce1f76e6a424fbb9dfb5d16a23e4a090a7bc8a612d11ae4f7b7ad1cf669acd07e23e6fc5dbcf4c4cf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0243744089c14cdec9b4586f276c5f44
SHA1 76a770e818ded57547d574e14dc2315c2eef7337
SHA256 5ec0b400a831b99fcba82185cd13dcabc23cb747f5d6c1b1bb72e1489cf124a4
SHA512 151082bfb157e83c32103d5a5a1a1a702de5a2dcb7ec8ad2038d9a2359daca7fa54e86dbfb305365b112bf0a782cbd918a23bbea0a1fa8c57a64acbb164f12b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d9aaed297f696e239cb4df448e568a6
SHA1 4f993aa1aa30594365139baa018284395ea66ebc
SHA256 1932d426c51a21d71c84b78ff30520b3191117f151c125ed0b1ad0f90b456a52
SHA512 52578b96b34cfd0e71c503ae5cbc9a11c3dcb200176d38ad1c82090b4b36b06910e55d93fe6cb2ab0ee731817b25a9b9f9bef8559166e7dad110b8b9d8d41cd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d0566eb8b36a327772ad74bd567211e
SHA1 0a072c4ac68eed4fa4196be6e152fbee11bc4348
SHA256 c6eb24b97f608e45c7912f0afc1e6b9b2f0c6a1e93e4c9e46bd56a54b81c03a4
SHA512 720c0df69e449d050d32130ec0592b413867df4b8b2c563625850891655f4c7fba8134f41e1d9e31cb6e78d69edf6d96bcb19799620b967d073410413974ee93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cc2013055c28302eb7ec6a797f6e478
SHA1 62f4094835db9f77429ba270db52d524e855ac4a
SHA256 03ca56bf18c7551dba5eaf2278449fc63fd09cfe7fed5600f295615fc0624c19
SHA512 21efc3e373c5909112d101fcac9f968a2bccd2ddac86aba70720e15f1fde54433a0de9efe44b62a0d80e95793ad3fdb241750d4dead3692e8d2c7778736f358a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac3758523920686f9809212687bfb024
SHA1 00e206d9a1b933b2074d9d4f5e407ee74cbd4d33
SHA256 7ef321007eea253836500640b98d5d2cf4213daab494fd5330706575b829a2ee
SHA512 672f729c786da19bcbfa30f4c4be2d716ebbffc26320a2308518c07ddc3cc162fae915dd35b3bc385ad99e235e9c2a1be533de8c92e9ccc36ee052e2fee13491

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 01:07

Reported

2024-05-27 01:09

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe"

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3252 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe

"C:\Users\Admin\AppData\Local\Temp\77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eef46f8,0x7ffd9eef4708,0x7ffd9eef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=77e99907d9342948771cf54b07311cbb4a19ffeb9c57d39732a47ebb578c3fdf.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eef46f8,0x7ffd9eef4708,0x7ffd9eef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6694340513234411470,11786285419272437406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 77.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 52.182.143.214:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 52.182.143.214:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_1720_NROLPGBBVZPZAUMX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\798bc305-53c5-4377-9139-a9d2f45760f7.tmp

MD5 c40b50a7232d77f6a813401e34577002
SHA1 c9f4617aa5ed19bf48fd607e7d85e506916faf64
SHA256 474623dc020ff7b3b3c5177770dbf755c70b37eeeb1fa86ada3e52074cb7221b
SHA512 5a29f829264cd3201e1d7d685b482e226adb468e31d7e59ea1f4f3552dda6efab04f4cfe42ccc07640c392cb19f06f01c206430152d6ec4ff7fb8b396d8fb890

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 52b412747dbef4004aa556c73c5efd61
SHA1 9494f2e246e9c81e3b5c857fa35cc4eb20972236
SHA256 4c54d449c141b9943017f08bcc03a96af04c67eab5c65330cc5bc2e27cbedbc2
SHA512 3dcf6c96b28888473f9ffa87b7b6d740bb9396c4209a1dd62c2d78c34f86e48a2ea2c113038616896fb5dcaee544e44e637857fa63001834ea9451088ef61e72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 816eb80a2d6b80ccf27a982675ddf454
SHA1 d6c27d93d1b53c30b1c94b81f2a11a0a26ac320c
SHA256 8cdd08e8bc2d1eb2a772e6774e85cf2cadfdc3486b6edea5e1c851df8163c6ce
SHA512 57e5db2dbed432678fe197fefd08a44f8e2dd01159b8ba6850e511d7a80c5312d0717dbf52d0f638f4ffd12589ca7a79db6ddfc2e217268298b8c39e0647e3ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4be29c9002628fd88909862124e67b0f
SHA1 a56e5d9077cb49ff8cf9758be0def9374d05f27c
SHA256 0d6fba1ac8f54bb28e0099a45f6de8e81fce75c394a829de722a59d7acc87fe7
SHA512 838db1539e6e9af16e1cb16278559fd51574b17667ae71166e85d32703042bdb512a1092102a75a6bb46be1f4534d73589adbf6aaf0de1c80c0bb60f0067a8e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70b4c7ac27a1f2643405ca8a30dbae64
SHA1 324da644220a4b512032150f2bd2f3f9b1101160
SHA256 7a58612c01ec247dc782ca8f17ebc0359a53ee3031c593fb2efac3b13c4dc788
SHA512 2a2380a3daf96b49957afb3d8943ea8e26dbc157cf6501ff4aa6021b682f2475962154620b454418da2344ec68fa6c26ad4c35dc59f30859e66462b4314bb4a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b98c.TMP

MD5 902912711211a996f2cbbe688124741b
SHA1 dc086ec35174e4850729c346c26064829ece5e2b
SHA256 61c33e56ef302bba3a8d792314c3f090c7c01c07e000a4a087312c2f041ce7c4
SHA512 5d866848bc5cdeadcf599d9313e1c009d8820c858cc3264784d060fb3b2e78c4d07df9ffdbe1987e1cc5f80a26c5d6ae77398fe27d9f88db024dc9beee43c6e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ecf1386efdc63a11ea4fee6b80c5a4c
SHA1 ca7f1574298ffddbf9cf5fa95055c553e59049a0
SHA256 cb611433cf1f252d39e4fe7ae3d07691d89582e6cbbf9a1611377e1b78477eb0
SHA512 dc366a18d784fe5ef013665a5dbbe00474a8a7952714d9eaf57a57314dc60cc76706bf258ce972055206f2ab8581699eeeaf8e37723f6c1fd86623dd66559f59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa