Analysis Overview
SHA256
96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed
Threat Level: Likely benign
The file 96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:15
Reported
2024-05-27 01:17
Platform
win7-20231129-en
Max time kernel
120s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F6024A1-1BC6-11EF-9E06-5628A0CAC84B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a004af65d3afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e7f5d61bb7372f4aba0fbc0a5f6bba250000000002000000000010660000000100002000000010fa00866d27994d7fba03851eeda73a8d814c10116e297edc84007ce3cb09df000000000e80000000020000200000008a41775502db6d61ed387266f9aa8bd256c69595d3a086e0db9f1df6649540bd90000000b0f3e780399751420a3d57d62b6b3d00be9fceef7b85fc0acb3aa17179c4ec338900c0216ba953222659d3d50a31e0d8f743296cdd84e7f613ffaec3cfc122651bdb5e5971e39aa12f31e030f7046c4fc5938a96d7c60c249e5bc5757b060d82dfdf8202c37633aad284cb911380e5aca26c5116ccb4b70625ea1facf74ab09ff9d74d2ed19dd8aa78ddec3a10cdccf7400000001d9c64de24a5b220fc46d69ebd497b647422032ebd29a5ae151fc601cc873a097d031f63f0ed621a723535257a5a6bd45f6dc88218f4d164900c5f8deedcc772 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e7f5d61bb7372f4aba0fbc0a5f6bba250000000002000000000010660000000100002000000001dd39e84dc73a36434ca28f237d6f331f7c916211144d1ba6907997d86701af000000000e80000000020000200000004a85b0143fb010051ddde332bfd2218313681d02d9e87e6ac471d19d904edc6320000000c1ab211dd5db489fe3dead034ed0ed7e71f34da3b9145e8ff3b280e9bad7567b40000000d1465e2dee207d7a51ee47af5300b8db6be515bcaa319b1621abde5c506335c398b945204862d45847a936a7bd8c7054c7da5f99a200d2d205ffa368e7ba8ad6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422934377" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe
"C:\Users\Admin\AppData\Local\Temp\96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2607.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2773.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c04fcd0cbe12bf99da42f249322cf5d5 |
| SHA1 | bcc8ef00236461c7e116f691adbdf0bd7b024f2a |
| SHA256 | 126ce1307cf031760a453581e688dd2cd1918d31248b5174b2387e4c4da04e89 |
| SHA512 | 7880a5b1eb7da16b5cc91ad17be629a4608d630fbbba5de8fff953bfc9f58aa8d6493019faa6d6066dabea85bf49176b75224912999914e93dc6498d03233ac1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a45a507ffc0b89297a05b3a028c1ea |
| SHA1 | ee0940743cfad5b9fc425529457348d3a4e56cf0 |
| SHA256 | 07af3be2cb888254aa32e82c2408aa6f4f94feeb9b0b05b9478b2ed016f45cd9 |
| SHA512 | 325d90bd016016b1618bfefb4320faefcff39fb1d524a5cd0e847edc1670a681c45f9b950223a1e2340aef0bb1d8bbf5e2938c9305efe62039fc04c947bbe737 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 88c7dd71f6d6ed01be71d4c87d4fdc88 |
| SHA1 | eb601a2b48c94e2cd66ee06215aa3ab87493f3b2 |
| SHA256 | 1bf1eb1f199b867e39a92066afae036b29991200e24ee32fcbb10a9bcc9dc179 |
| SHA512 | ef5bf987914a2c87fea01d7728c13610c5323f014e239f21becf6dbe7a003171d26d08c51abc4b34ecf705f4beaa251ed55245aa7fbe2dc09f16b1b3ceca92f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8f4902595cd75744dca24b632381702 |
| SHA1 | bbf1c7152ad916461e8ebacf905102160f6fe94d |
| SHA256 | 131fc6f58bb91f4f1880a3d667aaf5e48ffd345f8463a483d18338a258308e6b |
| SHA512 | 9f785e0163c3b1e421384c6940bc6c4661a8c10c878a9739417b7f71450859b817c1306b264cc70416a02fc3709d48e4fb0e36ca6c0a1d259984183ecad1e9bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87203780b1d6525d6296f49c0c5fc161 |
| SHA1 | 5068eacb8cd7bdff39a4f21c84a7e54b1f1ce995 |
| SHA256 | 9a49fbd3940ffab522a5ed047a121d3d0fc2835cfa1412c1b95becf183e55e3c |
| SHA512 | ff82d994f57c02fbc74d752031ab7c42016993e9325ba5c2a2e284ebd9ce8132072531d46336043c84c4423902e58f17cb8f1ee4cd0d16388ebedfbd075a8a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8315d772655124841cf12839e5bc2b13 |
| SHA1 | 30e8f8812b7ab1f4a107621b9dc115e0cb4d6882 |
| SHA256 | 6feba785309c0062402bf6e52e619b0ed024168ddcf3bf14e2c138422d2ed5e4 |
| SHA512 | 12cc6d3a2da5b9add6de5abed2ab771c9934b22f62812d6519f47aea450f68521fb793b575fba57cb81b869a911f164be368b66e65e4902fc8819906b0c55de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | e387566bdf90eb71612db2be12b3b376 |
| SHA1 | a9b5085398498a68cf9310de7a326ebbb8ff8b97 |
| SHA256 | 52c75a3ef0b79f50b9088fc3971d37d90480c9c2740ca341fa0af56ed4dcce0c |
| SHA512 | 977d7c9859c753a098d80cc3693a63cb44d9a8c29298071ea070978d0d72876ac0bdb4079393d8bd8809d592b740484e2a60ef1599294fde1f030439cfe16f60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7e0b03993165ff82293d0828e83bc6d |
| SHA1 | f20ff6647e58218859b568e66f0eda0bc2b4d774 |
| SHA256 | 098092995b5318f7b6bf4b5330bde63700394eab891ccd980fe9678dd2180e52 |
| SHA512 | cb277cf6629a8f91cf70976721de31c8cfa313b3eca07c2fe2dcec0599c466d9ea88ad15c4e42149d7550622b7736fe08ef923feb2091327030ef55ff8ac3a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82267b4e0a04c3d207c45b32bba546ee |
| SHA1 | 577fa9ab0ffd85e8d27d587dd58f879b847fefd5 |
| SHA256 | f2716a5722402578e12fbc71c5d27e3edeee68f94a7c8980b1d25af01b6431cc |
| SHA512 | 43cc09cb64609c40d63cbcb3fa1db3144f3a529c2bfb2d76894a1c1dd858b1f015fbd7e29fb084789c8416fbca3c419fd387798f9c7813552ea071c256e39f0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfb85b97759b4e619840f37f32f6f58e |
| SHA1 | e5f4d816b0a6ffa4d1d117ea7374f0c0c7d548de |
| SHA256 | 4a1a92b60eba78b266cf610d58522da0e73e2f9e88e2f3cf4f751a7ce1ed6e42 |
| SHA512 | bee683bce9f874967da6be8eba3564d0d8a74f51443c0014f09ec61462087cbd32bec362b08765bff4d9335f822eb0e11fb46d85cd46110ebe6637e5e15d5ef8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f71280ab09e868605ba843d6a18e48c4 |
| SHA1 | 9431d0a8d44c213ec941cb8672e05e937033c802 |
| SHA256 | 1b54ab74c62c71f8111679fbeb370b1ea5d3d40db61903046bb2a2acc2127ba2 |
| SHA512 | 0a81e5b9d108e6074f14c7af702ae8d287efbf71b737d175267b34f978b47f2476cad9bfa861d1fe2b5254b0060eaed6ebf3a2ad793248eb2d0e8fcf93dc49ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef52dcc1d9c69541cdac755f54676116 |
| SHA1 | 1746dd5679e8e4f9648f358ddee1b2b45457392b |
| SHA256 | 7235c2636c89987dd9a71f4a0bf8fc370ec68f5d5743e175cb3636f540fc09b6 |
| SHA512 | c0e3bba5ea21703bda401e54faf44af40e69fa2886d99bebf3443f9f6c76ebbfe38f0228246d0d302ec839bd9d59e8eb1601b901c6a0d70e1d97da5bb7b2f41c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e86836d97379fa6775ce9acf3bf27207 |
| SHA1 | 64bde02d2f995c7bd0afb7e0050c81dcb881af62 |
| SHA256 | d7d69e81ccd6bb3f6da4a7519d8723061626d922d479e9b0b46ce0e11d078eed |
| SHA512 | abd39c3bea69209511ce5cfabfc35ea8d994c70d9f78f0d18004ab86a915c861cb6d28b056dfd21d88e4ecb21058bdc9502394a249cc7498fcfd8f97c92dd5bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8524b07aeb3c68cd350cad20c0b97b3d |
| SHA1 | aee0d7b70bb68a6007c3e9d740a51e7eb9306256 |
| SHA256 | 4329ea6c99c15ff9a29561c6505925978bda7d4fbc26811a66b68cd6147c52d2 |
| SHA512 | 16cc25c792467a0e64e4c9cebef8f18c236c37470afa605807f8e316b62bae61e72cfa08ade98cccd493eaa9f4761332d2b71c0af3c05acbbd3d251052f44ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37097863d22592e6a217c3ab083361d0 |
| SHA1 | 855b47ad15516f100e5287c35de26cce7030c5b9 |
| SHA256 | 5f122e4ae61baed0b24af3d923e62e3c4986bfca4eae4be7a09d3ccdf4d7ed13 |
| SHA512 | 82fca1b09018fb4a2b7784d41e501f55b70fd692c565b111a4d64bd65282bb42cfb837733624f7fe6d79930772955e5f643beb1d43e1473e9c382dcbd0f65706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef9c5d1b57664485b500e113f43df601 |
| SHA1 | c2826ef9bfc9575cf46ea071d779335872e1bf58 |
| SHA256 | 19766c0b4abed9e201b723442b1fa55053563cc8b72ca4abb65969091b66c610 |
| SHA512 | 1c6ffbd6335a370fd09f728f7f67f1d78a2b8625d7a23ad02432a2487d2a1b8e7f6f95395a11ff7d54f9d4c936f34c5bb502d2547ebbd477592fe1789bf33798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a58f8419e54516997bd77981fee97667 |
| SHA1 | 9dd384dd65225635ad538c963e78230f3912049c |
| SHA256 | d09a126d139e4661a75dc660194d1c0807ef925228240311ce25ef7790a10bef |
| SHA512 | 3c96a554fbda4e7d0a17cb36b77ac9b552f14b2eb7974cf9fcddcfa244ce05685f65b6701d53a5a8c6b31fc580e1d1c773c85a113696e31c9088aebca4cff84b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dda92e1ba2bac65751828a590a61fdf |
| SHA1 | 13931b8ed7805f466837cc06020ef4e45e45583f |
| SHA256 | fb4a9b67f8389ed5ffac140da37a7803291c78b3d43cfbec62bc51a9ff12be1f |
| SHA512 | fa7e641760b397af86ed2939e1b1ec719a7482f4abf7b67de6b3c8c14cd00fedcb454bd1fddbe643a2336047be55a7b179da2f6fc143469de1071a974b2d70de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0a73bbbf40faf90d481e8b7ca3f6a9f9 |
| SHA1 | 9ae04b886a56374176d2a7ab5729cdf8c42f7bc4 |
| SHA256 | 9dab85012687f6374fd7fdc1d03a0c43ec18780366db6e98572c294e52aaa3e6 |
| SHA512 | a0a927a8c74792077aa6091430a52cee24fd091b141b509db1641702111cb20f4b62cc8a2c25d45d468338dbfed4ceab848e6f90600fad29aea7e7a220d804fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89515e35ccab167b5349f7d6769e5076 |
| SHA1 | 3fbb5fd73cc5d5af06e291d64417a9df99da4648 |
| SHA256 | f7c5db4adc584db9d3d3d28cdaf8c1287a163f30f67c19303b11ef67a23e744e |
| SHA512 | dec7d508faf45bda155cdd39d9ea945901bca6fa2a4674a0deb91cf53e4bd0ad5b21daea74438f034e465211d22b6b4895e43d66258e2dce3bbe7c55943bea03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5ab9b077b5e76fecc9e48ace77d5f6b |
| SHA1 | 886af6786d018dd6d02a6019cab81500c687aa75 |
| SHA256 | 464520a1dbd4bf70d317f6d6453fd7711fcaf8a7708c5f23f2793afd853b0757 |
| SHA512 | 84397694b34cd141d0e4bfbac2eb3b6877639e25021aac328a290eb706c734f515a30a92199b811e8f6ba841f6d9075cbc3c5755afc9728b0725a047b09c02d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9adb70db205b9eb97409e281275bb781 |
| SHA1 | a3ccd4cf53942f97eaec83ad173508fc57996357 |
| SHA256 | b861c97ab4077ade1b75c0c23b6668a21bf08490c94afd1ee5414bfb727ca1a2 |
| SHA512 | 0e88c65774cd9490b981f11198fd14146e30b79f375d3d43330966491c125e49e14c731905c155c8dbc4dcd51c0586db81c659425db44c9300a66c5e813b0fa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b116776c1a8a10af575f2574f7443c5 |
| SHA1 | 5a740b5f1a04e2ba0199c517a0b1e2c44a365fa3 |
| SHA256 | 9cf2a55b507e0c34f474a02ef768816355ba2b78ad1be432fffd3f5eb0a79cc0 |
| SHA512 | b364194bf8326345c2a3483d82edf16d93fb7463964c3d04081cb6a85144e5215097d1631ffe80a4588ac491bc142edffad40521ab09487221e928ecc85e34fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21f135886d4a9487914363772eaaec87 |
| SHA1 | 9a0480db71d6a57f7ce575ca56f71725eb1534a9 |
| SHA256 | 6a227b1346dffaf3bdcce9f3ad1658ec79c7fdd27918de837737ef40537484b9 |
| SHA512 | 30b3a6a48d0aa526b8b02942d2f3a8f89473de740b86f60393a7881379fcbbd8533bbaa2914ed47b87bc17092654d87117b3d71940c54efef9f44456e465e6a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c2b595ca1a87bd4e27d5f0b0374decd |
| SHA1 | 4fc7f9216b38dea9e403bf9ddacd6f4847359599 |
| SHA256 | b7edab9d2874646fccc88153017f3c754cb972474f3f24d034ee5d198454e37e |
| SHA512 | 218c3311077222ae6f13cd8491e97e6da99d7c406d95b9bf36135ce93f6c6e95755d3e19f4d83caa7932f01e3e79bb11f3b7c462ca60405cf33a1eaaf5ca7494 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd594c2a9d0c95d8bbca6dbdc801b18f |
| SHA1 | 2dd571bcca9ecf3f20127a8b7ead0edd98f93b37 |
| SHA256 | 03b778d80a5fa25da031770d9f63993b46f52b048544647b6391db8228d1a2d4 |
| SHA512 | 12c84eb5fa158df24ee57116095a1e4a506165cfc89004ac6bdaa2a4a73e7222524a39b4adc7af1a65e60027822addacf3bcb3ae90ce9f315ac5056ae9437a62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea0805a9a747c81640f43d6d24e9a0c1 |
| SHA1 | eee4450e43edaf4cf22511ee57ea174a88c80f36 |
| SHA256 | 36c537ad4a53dbec24a2aeb891f607c6c8b9fe0dc473efb6ae128d7ae47e96e0 |
| SHA512 | 7f6765c5cd99935d57dd448bcc35f65f633253c49d345a0884bb255f6094ba8ab70be59a61a4369b0ebcfddf18dd95c10e2b10e0b1e000041d4b346535d4a3b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88b82933207d04ae57f26113b6165731 |
| SHA1 | cbb5404480b126c7a53f091c61a80cc719cc6387 |
| SHA256 | 3d496781f144469def06057113870e75f041a3ee3fac5cfb47a40838d02107e5 |
| SHA512 | e034c02936b6ccf0bae3985dddd300b0a75b80e695ae62eb82eb4fba2f19fb2d5fde5abeda53a52ce09334c5f689ade7b5a2d9aabd6fcd9d3ac3551bb20f6be3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e77e1b5805238b94710f04393cf9c305 |
| SHA1 | 53db7d5ff66beef2a87ccd8eaea46ea4aadd88e7 |
| SHA256 | dac9aea586afcaf25735a760549cb23ca8512778b51ce58f623b1d34ba18703f |
| SHA512 | a61357fd30ff2ef82a6736d641b88f88f0d39fddcb89f7c51a4c4ad5de614729150919e9442d9157ab5f41d88c1d6c61a9f94566377ae0d92eeeb38f03bcf9cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48dabfc8ed3c999664f53b9c8979e872 |
| SHA1 | 1bfb9478db39a18e3fadffdca1eabeececb64096 |
| SHA256 | ab90c3a024e1c78e836a97a56e5ceac530c728669a41e85645441319352470ec |
| SHA512 | e2494efed481cb63af0a9a5a284023fc657ec19a02e4e81e8c184f6c6f551ea07c163508716dc8ffb841d4cc528f9d45f123a567df40ea946880fb5e35ec4bb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 246fba7db4d83b7182de7b7fee572207 |
| SHA1 | c0f3744317a6d3af73830effa8870e01e59fe3b0 |
| SHA256 | 4fd33bf08d05444834fa2dbd39db123547479e923d19af8b148f9f93b52fa172 |
| SHA512 | 8e9117f86a2ce155907b1379c23bc45bf0a964cd5806c48ca003ee406a77276b1153c0b185cb8596f9e44149ccf1788e6a85c908f03864fe02e8623e7553ea2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b478e408e996a6f9af94fdbe6fa5ddb |
| SHA1 | 053a8fc65396f242f5361b5e7709ddf0e1a77b35 |
| SHA256 | 2119f04ddc4632734ca08c68b4ca8caad20370bc46f1dfe71c90c4be4fa4f286 |
| SHA512 | eb08d336ac7947895459d7a0f3e9d2a4c2b38fab36f3934af4388e03de94116c89538501104ce8659512598e70616ebb48007b4315743a2fa942d4a6fec13301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2929aa37dba196f02c851359df9b4be |
| SHA1 | 6563830f9e42c6b0d30157d82d840c160e40086d |
| SHA256 | 28ecfd5ad55a1eefdeab41be86dc755cc4b9ef5c14e7af1525a7fc63f1350744 |
| SHA512 | c1495f7b86414bfa6741985efdba9d3d103e2a71e2ca8ecf5454ad5b9e10397707c8ec8eccc6750a18f809bbc18cd93319ce1d6e801548f8b59160c442f6b550 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:15
Reported
2024-05-27 01:17
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe
"C:\Users\Admin\AppData\Local\Temp\96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffccc1e46f8,0x7ffccc1e4708,0x7ffccc1e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=96ac77a0deb05b35a0ff23cd0e7660fce3c4f3073bc6c4f2dd546b839f9cdfed.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccc1e46f8,0x7ffccc1e4708,0x7ffccc1e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9018555240068302704,11785293233670923456,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_712_IHRKEZTHXIJFUOVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6a6b322c1430e7327643eb175f19f9b |
| SHA1 | eb74189eb854049980bbe7deffb7f1813541062c |
| SHA256 | e6adf2c6040afbd90896601b572130982b6858b635e0bb458df0741b1b5e9848 |
| SHA512 | fbdd27d69cc46da3553d6dd8958ffd392b5d024c7fcfb412412f6e4ed995d74fdb1b60c38488f2c5e14c8ab3cdd8911029675ab85ba2dc96c56677b07819253d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 78b1eec8e5b87a7c6b6893373a126ff1 |
| SHA1 | fd2ce3ca9aa6f7e9b67578891dfc19af173c412d |
| SHA256 | 474698f5e5de8d92e7af1fd5b73fe9f92b7d2881488efe38ea201e02cf996361 |
| SHA512 | 863fe0edd91c7cc8fc13c9c8eafca525ed34edca4c25fdcf8afac28e8bd6db96e57bce8a470938a063ac058e10892bab8f313ba80cc94c8c521a7aa43bac6d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 639b2d0ce846e9d4e9b5a94781a7cc4f |
| SHA1 | c6897ab74b38eea450b5f55be1e5cab1aec7365e |
| SHA256 | 2a84de335936424e7bbdcfb3798fbe426cd5fb0b4a85b5fb30b28d47a1f5c2b3 |
| SHA512 | 9f80447c1562318f261a684c59fb94c47f9fb0787a61d5b7dbe9276399a67508e02655d295ad2337ce243c153fbb5766e18a8ca70bff0b84ee1ec1ee84f9e7c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c7fec8c57b475182e3295c49a775c93 |
| SHA1 | 4c7807bf53a335029a9180d4e61ddeb5379ed1d8 |
| SHA256 | 870da03f8c2da86fede42d571d24a13b135048ac248f825180abe9ad4f41dd92 |
| SHA512 | d3ff73c424db5633e22459a59f7fdb42e282311b97f8eaf72f57b797b1155bc0b5b1fb7d813440592920579dc116baf2bd613c9500afb6cf3553324068fa2939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78e8a0c89c674996c2716d7553d4b426 |
| SHA1 | 9b32d7b28f8141666dbdd8df6f0b90b578cabb50 |
| SHA256 | 30f915933eafae3a6cdba93d7abf5ccd9c3de35b1e4e8f567e54f23cde274b57 |
| SHA512 | 1d4c1add380e4a4b10694b5d6a05e137168eeeea5ea136f674deda58fc644656a750bbbe2733d6393609f05c237a0adc621e2ac53392423af5af9fb78ffe1c0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c65d.TMP
| MD5 | b6d20978106f191f518a2dfb7690464e |
| SHA1 | 3381b408daa53b051fa594e6878a4994933896fe |
| SHA256 | c6f65d6800720f1848e690916b104a44993ee6abbe23919e60a63d6aca2317a4 |
| SHA512 | 679b6b7ff0f9c7da0bb048323ee98acebd868ffc0ae855d95d2304fa29633eeb79c85726934f991fde9281b414cae6ae02dd1d4163638e88f59b1b5d9651e24f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0ddc1b38584060a94c3233133444d096 |
| SHA1 | a2844857102fa694955a3345f6322deee847d85d |
| SHA256 | 80f7664e67aeb35bf275956cec5b1bfdfc7aacd9b733a221eb26d12c44343203 |
| SHA512 | 8777eb271cb4e5cc97ec81dff2db65d443c3c980880b71fe254faf194c6ad04fac99cc09d2d691b5b3e0ff668c676d57b5c8c10a48ac710a59a13bb225f542b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |