Malware Analysis Report

2024-10-19 11:32

Sample ID 240527-bj35dsah4z
Target 5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338
SHA256 5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338
Tags
agenttesla microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338

Threat Level: Known bad

The file 5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338 was found to be: Known bad.

Malicious Activity Summary

agenttesla microsoft phishing

AgentTesla payload

Agenttesla family

Detected potential entity reuse from brand microsoft.

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 01:11

Signatures

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Agenttesla family

agenttesla

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 01:11

Reported

2024-05-27 01:13

Platform

win7-20240221-en

Max time kernel

121s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C421A61-1BC6-11EF-B991-7EEA931DE775} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422934158" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207b23e2d2afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026bfdbc912e9e9479586b95acd6ed8190000000002000000000010660000000100002000000088e0ac750dc397fac468936afca4ab19e002ea651a2923669cef58523c929526000000000e800000000200002000000094c7312c7dfab3dc63d2da210ca80cc6ff3c56accda5c7717904d2a3776ae48e90000000d38da72ae9afe74cb7ffd01ecb000150079e275524560a0374a730ab5666451f58d2ada7a8535e3f1373498b3d740e974ed7a44f562d254acea758701f0ba09a26316f2125a5b5808c050f3a45e40fa16a911a897f6c32ce79822ea357946f4c06feb91ffb088b7607958b273cdc3e6f276881cedd1ff5e49b729e0af226787b66833ab962e1b76362b2a743e593c21f40000000eb8bfdb639e92ab0d12e3d61b4c74723db61ec2722575117362ca38ce9008c504707d5e0a6ba778f2ba58304d5e85821f74e0b1208001de51905a06097cc5277 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026bfdbc912e9e9479586b95acd6ed81900000000020000000000106600000001000020000000bbe7d26cee0e745b41d0fd3749999cd792ebffe1e9f1de0b399ad124fc01d191000000000e8000000002000020000000131b224edf3f70d4f878a5015dba8ed9d59bab5b6008fd9b61603ea87c4c47f52000000064c956ab58966fb5bb31ac8ce3b5a9b4e7bd2e5e35c2c92134ede52aa6c9ff0a40000000cf225b14d65c0a0c97a728b9477b481fd89b1b052eb31c47f73885447046050c88c5e923ca1a0eb74aec2319e7a75932ed8881e14198fdbd6ba15e0de7d44c79 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe

"C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2FCE.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f69cf8e5907073c392f2f770d46e8a5
SHA1 d6be54971a4daa5cea2d89b75d4d97adfcfb3bca
SHA256 b38e54507ce4d2f12820de88f680a3d8edfea1f12f949ba6c2ffd22f961ffe48
SHA512 86015093529fc49b1511c9b07c3dee2d9dfecc4795ffa66727922d872667acf1557bbf2e4bb3b7104e1e9fc6f37b1555ff5ad811ca3c9a37895cf29139328483

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e653c72633ba9dfde2a7205224d4e83f
SHA1 078ca233b391199d594b9681863cc27bf9ff72e9
SHA256 dadcd134e0da6cf8e30996e0ead9565f98e13ce2cf45a2e81a8f0921e28f069c
SHA512 1aebcca9e61d0dee62c5d92497401de5d4c8b157ec970a1c50d932d0d9260d4a054d5c5bb12a527ebc285b0f00711cae5bd7075707cfb5ed27f44f007a08afc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e312adebc307fefa512880654e164958
SHA1 fae50b545dd5327dc5496fffc2e4303eeafc19ac
SHA256 c13336c1d365765447543750a599d2b645f0284bb675bac7b9234615e542b1a1
SHA512 ad3cb933a6316d238326ac87d3f3443bd4d148814408e75f585b720cc3563cf24efeb48f25e3d5c66bf41a30438f6f4ce92e2abdd551083ef5946d8b61281095

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09c45fa3c698c3b4a1bd77519ea844c8
SHA1 2ac87b02994af2f468319beadd7cc1a7b1cae3cc
SHA256 fe35f4f48253cddbddaa076621999ad81d7abfab7b89901afb82aae9c81cbf5f
SHA512 a5f9d3e39721f8bd3ee3f6e016346d40b1b5651fa8214f9e90243d5a92823d3fbfdcbf2516cb1ee654712a2e5ad49260a3793dde6fb8084c4d016b243bf633e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64a0ea0e5463f39588ca5541870ebba8
SHA1 ae60b3352e5f696ed86af87de57c45d4b476bf3a
SHA256 6815a2e8df20fbdbf0ab4a4e25bcbb164fe8311b7dd3e45317eab7ab0d44fe80
SHA512 7a8ffecbceb253226bfba8555ec2fc229e960fa69c606d32bb2b4c2d2d5f85d0b5b5fcfb97ceb4fc877f292432ef586f8ebc5369f5197f8492ee19275c646e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c738f5ce60101deaaecbed08e4f1662e
SHA1 3ad37b3a9e4cb50097ccbc5b0607f70cca40ea8c
SHA256 2a8d4d024366b76541ceabd9358304dfc63c0b68407235eabf06d24dfb52c417
SHA512 ee11f0f92661dc56f6c4f2686f5890b3f8d742eabf3da636b2a9db96c66426b418692077a5e8288016f1c1c6775c5cb3531e3ea14f429b3005dcd225a318a94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 6327fe758c99f9385cfd81a1eddc8d4f
SHA1 8142664491e754825e9f2bc79d54c6bd9e353976
SHA256 d538db69247d51172f69b978a978d19bb5bf82537690df1bf095c63dbc2a473b
SHA512 a553dc35d0d558184f8b9c33cba20e46794f642ba5750b5b005efef74eaeb8337a01d59afad33ff0ab1ff22973a9162ee3319c60f213b25c8dfe6acaeea04074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2750e767d0e4eff5eb8cb253093431ba
SHA1 c1c018e5cc8e59f0e5c7b6c003bfa9e6ad299ea9
SHA256 fa724fa860f1c5c604e92935dce68a9455c28b8eef1fe9ec99ce2c3ef3bc5927
SHA512 3787b24567705e29796df427e25b8a98bd09edd07df88f5fb5ab1c02d55478a3e74ff6f7ca1fac4b59c455ce5e6b1c2bf88ab784ebbe92fea233b359d37382db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1739d12a078c6aeda6e1c2e1340d6b
SHA1 6b2a4475483668ccdd18fc354773ddce2bca7f4b
SHA256 3d7b29304ad81719116837d0016a77ecc7b8ea69d42d40702e3cd148fa458fd6
SHA512 097e876106ee6c3bd4c7f9bf9ff1c75a8a8b38a6ad770743decd4c3a55fde1dbd54cf962ce1a7015d9fbeafe3e17afb766111d862d3cd9a9825e67c59e7ac14e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e95a4d22bb3ff4ece93d5b634c9a1b34
SHA1 1d72fe38e45a2a47c0d329f9c2c06adba94e16dd
SHA256 8d7639c01053d7f27358862b7eec219ae9f10b4d0297843adb8531254e0f98e1
SHA512 7d541c6dff968fdf7db754de92ee5054c51eef17ccb9c9f6df7efc906c1f74b1e2e3f2eb9c7a05b7dbb81e01d8346951c21f8f3327ce98fa383466002bc1788f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b29b86f61801f9bbce53622e539957e0
SHA1 de84a7acbddc0c3b96adbc1c16c7be604dcce7b2
SHA256 431d6f0a49ff4fc8d9440151f2079032ada0aeec8b9ea5595f2764345c31c4c7
SHA512 75e1fb8d006afef39dc48bfa74989903be366fbf849f98850507d78af5504eb897dd55f0fdee7f393baac2a6249232c779909183a54ddf869ed23b8ed6103d5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4938c395a63a502c895853ec88a31901
SHA1 185deb0c0646f13684db5269697afd71ec7ff2f6
SHA256 82ee0609cc28e0273d7afe4960824ea5b5754d2794c330d51d66065f0b30da7c
SHA512 f26b6d111957f27d3ee2d611f649ec24d52eef1cf997e750e034b2a076a35a8a5435095e164bb485029777e85536f4419c57d6588140137d01c9143d20d4e860

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceb2e00d547dd29d38d5826dcbf1279f
SHA1 d4e0764c5baf183edc4718d806aa75101583b0f6
SHA256 8760c2333bcef43bc13bb7057e3891dfc440c89667c8ac81e3379645ecdba443
SHA512 9323a6c6040f0549fa2d524e117d09ccf9967d330a8513315383946cb2bace7d89c743a84e68ec1f6dbd150b43db70f0bedc09d5d829842a33dd23924b9f46d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bce822bc2b9d0ab13f7860dd868f4db
SHA1 7fc091c9b4f4f3252f489388ff55739fb55e5668
SHA256 4f6cf04cd27d01e8946dc95a054bba25de7e4cf3692d7bcc3607060045a9ef91
SHA512 750fcb97860f2657bb0e7b9a6cd7d4eb50cc6cfff5c43bec48c2946a8dc50b9d6be4cba4407c6072e68e189bdc8cb79ebf5f466e4954c70f8b6d0f666f182961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e58f426c69156dcaee4d44482b7b519c
SHA1 492dd1100a83f650eb2521e850abee0824b8dc8c
SHA256 e67cd3072dd441246b02189d61303c0c8001123d243f388822a14d153a2e81dc
SHA512 97e2eac3e8e123e4806a991d5e35156ffacf422e030cb3f92334f5fb42c4ed941aa0f9994de47d1fb8076e70970655e18190db0eb3b42155edb02be651a6f6f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10f2e484b92ece0b0b2afa88e69d1455
SHA1 b8d053d29e804cc535fd7156284abf631a6f8e37
SHA256 a5e9f2521e24260f3b5b0445d78ea81f6b35b8c8c3f5a142b473b9b300efd8da
SHA512 f58f8bd5480da73168fb92376ada733820af21387a2f48c07d2822f012ce847416c2fdb6da474b6d84eedc59077038df809b7f5635d4705692dc51dcd3f16a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f129d329b1ce156771084067a3766802
SHA1 cff11aef02c1853c11f6687480ff16a9eac0f5a1
SHA256 e9f99a0ec28633fd54b2777ab29be327e091975e4f67762e1e44e773b4db607e
SHA512 d11704eaf0ffe203323120fe258955d5f48f5798e6ff951de08957a040214a8e08d6b1c4ef915f4997b20274a32005ef1a38b13d0e89e72e9bb716a3298624de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4129c9d3bef8655b40615545e9c02c3
SHA1 9249751dbe232574c800f05e54969b1f7ded7da1
SHA256 3c9bcb81efd3e8b27a9ca5f49ed16977ed6e516311e06cc54be062613e6ae303
SHA512 ce33d41734b024adbd208fe79c7b883c7e64151ed585861bf7e9a3ff5ba3c45d49eb2d3926dece04ed7c78b22304853057620659ac8b9b4950506f6ef8720efc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 527487a1b1aa7f7b6223f1825abc9c6a
SHA1 b31682dd7bd87ab7475c9f1269a9550b1832545a
SHA256 450cccabe9bddac14917be08289e5d06f3ce5c7bef4e9d10a009438429cd5d64
SHA512 c7c453b0c6e4a8f5006956c5001aa2a560e1f5952725c9006e19030f40e11c9f0cf58684b4fc926ba7ee77db0f2031a1f1d0970f4cded4211eb5ffe403a4ea26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7523307b925bc61890f35e15e4eafc8a
SHA1 78cef2b651909a2e8cfa41af23856f466897bb64
SHA256 34bb2ac63f48ac3a1b626243316cc33eb67f94791280c9f197296b28483f2f58
SHA512 60be7a1b343f7c984dedb37e5523e75a6dfdc595cc90c7e92dc756a931c69a6ee8e7aa8f67fbd09e623c2122994984f63792c068b0231780b41b58636cdc9b9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3774eab49d9845a3f1d8a4c45570b17
SHA1 c25ee069f739ad8579fd83b426325438d572cb5a
SHA256 412d8d4bd4ee7ddd9b0b5c1c5876094f83769481495e62737bc3f0f7588206c2
SHA512 b7ccd201423241e623c77843f77e00d1db4fe7f94ef4d9529a61c95a058887188fea63666f9bb6f1ae8001fde98424e4ad7f5542bb717f7359a1b665214b5e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69c99b1e10441b022a64b8433f82e1ad
SHA1 c65923c665d289902d884d399b5324cb850e8ef5
SHA256 043bfdeaa7b6c825b3ac3e0625035569d832f9c1bf564df43c194423427d340b
SHA512 fd6cdd860cc94da8fb37e94fafc0d64b44c537699c3eea053c0ec935ea8dca8ceac0712d0c88256a8470b647778c46ef8dcb2101803b688b93efb688dcd9912d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be0748098ae45154e23967c5b947f945
SHA1 48a255ebfa69676161d69373887e167eb37be570
SHA256 998b3859c900545dc145e89798982bc2f08510a8f78a62a04b0dc1ecf107c2d2
SHA512 86a3396a636830523ad54bb59513615efc31e189cfab1d5bc2a41909c83ffc22d0b04fb5a0c10503810ac4a05b32f4f557337a669781125321f249bd99aa3afe

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 01:11

Reported

2024-05-27 01:13

Platform

win10v2004-20240508-en

Max time kernel

139s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe"

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 2376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe

"C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe14cb46f8,0x7ffe14cb4708,0x7ffe14cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe14cb46f8,0x7ffe14cb4708,0x7ffe14cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13513203243393751085,12280490753223635621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 8.8.8.8:53 77.98.55.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.1:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 20.189.173.1:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_5100_OAZCDJMIZMIMCPOV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22f8ff8c83c0014aa78acaf4a225eb9a
SHA1 63e6cf939d10ed8096ff57d371c2d1d9e038d9ea
SHA256 a75161d7ddffe7bdd758a5640bf1d416f0600108881043c41fce2fd80dbb3db7
SHA512 6932bb3376ba8cf323ebc5e9875db6312b3e6ae2ca73df3e88aa30176760b09b80aab8b44d15b5420ddecda342848bc2ba8579ec2008ecb83b9f7a6b1fc39d0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b71f507883047fc197523d93329f3130
SHA1 4f76fcf848e8d51db23a1e7555a2df6054bd410a
SHA256 4480c82ae6e739bb0d0fe7b5ab52608dda5b1d0aa9fca3145f3bd19b4da2564f
SHA512 d6a01f7e562085e1e1f0bfc98b870b8634fd64cc66b1f6755b81ff6bde83ebc8aa9f86579973ab8544a507bf3c7e06414ecb0a2251c49699704dc77037e5b300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd7127e42092d250a4f7c55896df5ca2
SHA1 b7dd4f172b85490a81f4fffc0281f69934565139
SHA256 2b0a8da6dd231b2737f2cf2925550de41e2110007e3bf61db43102f662212526
SHA512 8e2a0c01d7e7dd6603ddbd8e4ccee24bd1b1e8f533f743ea84958f2852a41605f90b806abd9040cc770996dcd4bb81007cbf4b49f4dc1f75e8a6d95ed546037d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5135c850be5c0f9d12126f43b99be3ba
SHA1 7399f7e37cb6276515bed633696b7ad5a8566b15
SHA256 da97a2464d6539dd08ccce5884294a3f7cbe5ae5bed0d3a0d09bd4e1bfef2f56
SHA512 aace69ce8c91fa203b5d313fd90b038bfbd24847389a5dd3f33352012f705d02a5c863995271c940e1863421f3dd521a00dc94aaad0a8e2812f7a0e593b251c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a03a644cc6ed7a534c1fd36e6767b2f
SHA1 9418224a465a8592ab325581876a554bde5df178
SHA256 363f9a6b7c9f3607846527f8a4a782f2aa6573696221a49b89a69ecdaadf6c6f
SHA512 dc6a574efc1323340bc22e979ca9e44e1f9c723a4b35d11d9ccd12a55c618698430777a0379f93e084a7ce2465f57f42bd658cc9a534a6b4786c17b426bd0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c719.TMP

MD5 9d685bf03eb029889a646b8e5bee32dc
SHA1 17794efa5935c0048d0e59c77a0ec5b418e2f40b
SHA256 0a0406c7068079e8c23eea8132ebe8c94a4353a1d589ae67860b56eb4d7c9695
SHA512 f07d72fd649fef68353b93a5471524d7f031ef9f1daaa12f3aaede404d4c0a08d0d7edf74ff41419d4a8d247b819ccacb65ce4394e49fc81f9f46422aa9d09fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b847505954cf97d3bbc1f1d4a3e6259b
SHA1 5e5e39b2a119d68ee7faafb22071f4d16a7cf579
SHA256 06553c3cb4ba6c11fdcf9ccc856ec4c7b671c16b8b0987e4147671b233ceb0aa
SHA512 28a99dc541624ff56391719a40c42e36c582c6c7e53c14c30ca5fbe05614a50847a891c8c25d0237d16275afa3a99cd1da6dfbdea0316f2f16af375095a8db57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa