Analysis Overview
SHA256
aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e
Threat Level: Known bad
The file aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:15
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:15
Reported
2024-05-27 01:18
Platform
win7-20240221-en
Max time kernel
120s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0579678d3afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A27BE5B1-1BC6-11EF-922B-6E6327E9C5D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a072819fe4aed4cbd42a6f9fbd7a12200000000020000000000106600000001000020000000ef1c4f5a5f918e610c01ee35ec087de1ba844082b4aa53ab847f5cb4ad8ff2e3000000000e8000000002000020000000b29c5a0edeae88dd14a352bcccc154b1e9544f9c2a2e05150fa7ecc1215badee90000000ec8063e5de4182bfdc60ab517f0f1d453719baf584dc17b26777425266c03560174612a545a398c1828604a9d96a44148b712bafc01a9f714fd0f52c429ca48484ed33d8dee047544807a03c073034f70dd14758bce2f97a70ddb0dce5e8c021fc2bff2022207762c0bf42c2ced41dc5fd95895a27be753978586d4626bfc5629bdf1ba7e5d94569c7bc21e80439f63a4000000015efc23d3a8ccbbf00902837433128b22bdefc35d2c06554288717cf60abbf4877f25a5162a0886a05be743c88bf3a2c200ad0442e0152f527bcecfd2942f20c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422934412" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a072819fe4aed4cbd42a6f9fbd7a122000000000200000000001066000000010000200000003ca0e7383a4f65d021d41a9458ba424657e4bcb5c8fda815aefc2118c63ec777000000000e80000000020000200000001abb2a71887ebb5cfb87ef98bf9a4f86b0cd902195f69942814ea51dfcbc568b20000000b25ae545d1a7cf455a6da74638309a65988dfbf9702cd2f609f9b2bd2246a36c4000000051813a4dc9a1af4c2016ba792b7cda7ff9a101a988ae6d4311eff97fe5144b67accf362689a02771868b9f94da8c20b1fc76d0501c785c814aa859a0644cffbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe
"C:\Users\Admin\AppData\Local\Temp\aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2241.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2333.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33f88aeff1ccc2bd8b47ddc3edfe8653 |
| SHA1 | 53ab92608954b1897680cdc9348abde4ff15b7eb |
| SHA256 | cea5c3d14d5091d3b55ad6efe5bfe41eb46baf5faed58c7e7f1d2e150557f411 |
| SHA512 | d07c20e33214b6811ce484f3cf2002908669c222d2c9c1034897b3b01df61deb08688c7130ebe8efb5cf26edf60c8472449e76378a01769bddfa3f52138db843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e71546c12bb4828d70a8595719b6af62 |
| SHA1 | d082e03ba0242e16bab883bf592a8cff1876f220 |
| SHA256 | 2511b5381c24fc8f4e0cc3018fb2b014ff56a8aada0ee21e40327e1cd9cbe606 |
| SHA512 | 41ede67e5586f9b0a2f5e425f89ace308e9115bb0c565ed3cc0b4acc1c13e88d1e94d0de7e6c9297dfa685d8aeecfa8d6a6671bf48f58c2f89fc313e22d3f31a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbe23121995e499874205fdf01d2a121 |
| SHA1 | 59105a9a8ce59b10572157f1de1086963d4f6dd8 |
| SHA256 | c4861990f60141e3bcfe6029c0af23349cbdc5a36d8c8200104439c67376db89 |
| SHA512 | 5306cc745aa2bfd1398021e80daeffed5534b53c7fae710d22168e828939e71ad9a9320b59a79797f8910a3cddb309e886f5be6474b4c7139306438cdcce0bb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 081f5de2099605af83424cf318254ac3 |
| SHA1 | 2faf060862d87c6cf6ce5beaa9dfa68dc13e4c41 |
| SHA256 | 79727f49de2b8f9a061a17b56c52855b26965af8d0717df82708c69be55eebe6 |
| SHA512 | 7833d7e54c714b8dacd90bd6298f8a3971e4b270c2aa0cc7df93a96b29436df8846d42a70c5d359d4dab950665522611427f386e9621041e0d80267c62fa2bc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 532a540d57de9b7554f34f9c36996086 |
| SHA1 | 808eb62f4efeff73b965d3fea68a13a837b277b1 |
| SHA256 | 4fa528359f1d2e7b76a7977bc0bd7b4ba1b05119815d3a492e7c62da139bc927 |
| SHA512 | 07553c5135b03632b6b1f98994529f300d5f637fbb9fc436dbac5b7dbf5aafc8e93a369bc5c8c0665ffd02484b8ab2395ce54d5c99e3c35adb5d71ee7029d2f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 356c434f1f3f03623b651660efe96bfd |
| SHA1 | df5afc897798be7706e9e83efc2ce925626d93a6 |
| SHA256 | 17ea41e4316fd008c8d41144c46ed87eee5e4f33cd92e4e3e63b5d38783d2312 |
| SHA512 | 254515a36db680297e88d1f5e9c1e02ef14dc7031110daa634d27e5e333240cf67541d0b9e728c51821a80ab02596e28371906849f10ac4df992518e678e752c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afcae2e46665fa809d955322052ab26e |
| SHA1 | ce6c7b633aa65861c177999c9482128a0c3216fc |
| SHA256 | 0926245da5f851e8a15cc6a77d38ca165076a158f62d427865a2d7194fbc6921 |
| SHA512 | 3dfe10883bf52e147ef1d0ae0bc7820ee4f18b153c0c91e80d9dcf189c2a9800c9b7c6f260705e6fb7b693a57d89e4b9ac1d547b1628981cb8377ecc25f63a89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab17b3e2fb1aa769a8f5eaee1141d766 |
| SHA1 | 6a2602c7a5d6ffd9ed508de413081e0a19b928c4 |
| SHA256 | 641d741a30469e7dc00bdf4f57f03a409f8fa15bcc70a20be8be37fadd84b6de |
| SHA512 | 7dfa8fd027a830381094271caf8a7b88d1e678e1a479daa7537523ba445a8549dd80ebcd4776a10244bf250e557b46d3de3ba470c212e7116632de8b2c91397a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9df1ae659a01517ec4bc8f82385aab86 |
| SHA1 | 2e3d70a538e794db6c42998d3704780c392ca133 |
| SHA256 | 31e9032273e086a835a14d119a7211cb73b1e86e46e6405d10341c5b04db1c2a |
| SHA512 | a518dc5ab09ff037a97c735cc4707e09cc9ea5348b43649f921d0d64fc40ad4f07da043f785ee8bffb538ca69601918218fe8bddf4f9c1f9126c5bd26542b7ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16dd2caeddefa55a13c2507c992011ca |
| SHA1 | 4d90ecc4f6292288da524e84ebdfd1de4450899e |
| SHA256 | 6eecf36e329c784f8a93eb4bbbef286cb2f8716d20aaaecb8d2391cfa94e77a1 |
| SHA512 | 63f0e70d71906d16eedd2e6fb2bf69b3fae7537d9e2270077df31a3237fc05978a87341709f1e01c1bdb138cc00df82808be50144c3de7bd47ac13ebb5fa0574 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1179bfcc3784606a0835adb6c92ed4 |
| SHA1 | f3999e11168e37fa79db6a1ef5957c21a500d8b8 |
| SHA256 | 593b8e0f012da5c389be929d289e89b9f9b8a398c74c1cf67acfad3bdce92e4a |
| SHA512 | b75df4645bb04cb3c34edb1590ae7164edd1dda290f3afa55768f60e1675068c2e14bfa0e83c3c9ef8d0724fdc663c7e5afa74e3c84c0bcc787f1542e3652800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db307fdd568c67c7db08f7fba7f2d444 |
| SHA1 | 2cf8463f4137572a815303bd1bcde21be4f09f54 |
| SHA256 | 07795e12cf353c469a0f070e53321f392139fc1e6aa0f10ec59f9ca097cb7ed7 |
| SHA512 | b644660ca8d993027bde3c176694f708fa6e134a640684bfc093c6d2f19c7791d48548f377511c303cccd9b026b9e0f49c36b29cecfe01fb1cb3ee648eca6570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46ff1efda82198dc9d8f4cf45004e81f |
| SHA1 | ee65c41f6382551e00fe4b9c6b2526c8289bafc5 |
| SHA256 | 2d44fc282ed3ffa89864fb71b81966158587d1dd61fdff460faa992aabc9fac7 |
| SHA512 | ce7adc6860a175db6d9226d1caaa1012a17b08cee88fa7acee58d2064db38925817851a643b918d322b943e860bdbeb333ade4e60500c63f3952d5cfec0e717d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95dbca23939d2c3ff9f666e13b24c507 |
| SHA1 | 95f3b65387f2165063ba4aae25e74e407f734179 |
| SHA256 | 76053ff204253e9a3ef36d83496c4054fd2c576706d7ff2ad142ff6267bfec0f |
| SHA512 | 876fd0bb61af25ccdadc0f2710d1011ca358783eb0e84a0f2e84768ae094d9eef6edf8b236944f5b131c8daa13d26a367d526590717e9d8f8d741d2cf8762f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 847397076ed4a610999eb89180d49dce |
| SHA1 | 16ccac904f2ec380bff8047059e77a1ca6d4daac |
| SHA256 | fb0191773bed19b1a70af59ff8c68060c4945b520d2934457ab85ef516177038 |
| SHA512 | 83e3f1cbbb6274a59656ed33aab6ad54fe6382142cc2b714a9cf9853ad279b446c90d4602cfa60616123cf10f4433bd9cdf3e6448c02cd9616039d637e4bcffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36e51c790374c49be1b94e9310267504 |
| SHA1 | 8466f828423f9c1447d02d97e9801801cef9460d |
| SHA256 | 4070e9a13783f3cb9fc901a5d1fd0e6684091b869035e864a8f0329173a02bd8 |
| SHA512 | 95e930fd78d5bac560d1922efdab626010923d4d663c012e464fe664634c56b5bab55b367939c9eb3cb3c9099b6f25e73c175218b0108734a943a53c6c44ffff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8caa2c530094ac85e84b021d316b324b |
| SHA1 | dfd95cb380cbae92bb50c3e6350c0f720f2a63e2 |
| SHA256 | 90690587fbbb4459c0a024b9c926f4cb9cdec19d647ca28ff50cf17237c71b8e |
| SHA512 | dff015799a65e215d2aadf0a059541056a02434c33e1ebd9120faee148085a2ba036be978d0f3c0dc95ebb5dd50faabf7316f92d6ec6aa81f6657ba7606b5a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1864f3a41d5322a099a645664590d8e4 |
| SHA1 | 261cc6d599795dffeef6ccd347f23fa12a8676ee |
| SHA256 | e6c924cf29a698faaaf6183272f973fd5974fe02a8a38f943c455040cff49488 |
| SHA512 | 34986937728ec82dac251d4cacb967036f160e9dc1fab832a4d14d4f680fec9f294a0c06b4c0e5db0f047f3fe37ced9e8d85bbd073fd14bced60edc2cbb4425c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6751d12bbf7440f612c421288615cd9e |
| SHA1 | b7caeaca47d25d472c007b1dd1a12b5111610a6b |
| SHA256 | fb0ee39791f83cf1bc379f589c20400aa04c80f98403030ab5465a2e4e2329d3 |
| SHA512 | 8e711d8db226362a238a15d939c493a405158373658137345cde40969278e85db6ed5806d2426ae9a74921d0d5333b30d9256a903d107c25d332f7e7e9772d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fe63a0c3c7be52adb0c459529cdaacf |
| SHA1 | c065d36914ab0087d2fc90bf028f005cf217cba4 |
| SHA256 | 2d0075a7b7a2bc38f26f2131e6cb9a2a7c9a3fb7f71989a3863e44adf075f28e |
| SHA512 | 957e5f1f31df52889e610202995a5c6c62e18f30d0091f6040960ca1f4f7ec7d88cda14de7392476559cb3f388c6d3f7b61b2c0034d80e71a4d2037d803bffd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd7feea8b6f9b23e46ac51fbfebf30c9 |
| SHA1 | 0bf45cbb694b54012daa89f0ee8c11673ac9ce23 |
| SHA256 | eb0c3d0123f675a3f5f55682230bdd9b2490b98ec68b260907ee458190ec672e |
| SHA512 | f2f606e37899a0c05021ed8214671c6e2cbc106b1de00e01dd3c676036ea5c35d4546b594f68a5bfe83630267ec96f9a2fb59a7c35ae5d4d81b92c44fd89c6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ce96399ef0f605e47479ffe72998c8 |
| SHA1 | 272f868096aed445b926d58c0db618417af90eff |
| SHA256 | 88faebb0708bea109ecf8fc28a629191aea1f03e5f1e3655ccb98e89ec7032ef |
| SHA512 | 68059274bc7acc2cce8cdd3b121cfff3352f5263c9a5bd3960ddf25d16782f7e3d118ff25fd7907d9fdaab0ef1196ea572162938bf22a988c762acae44c0b2f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9ce214afb2d88ccb8365e4133fbe9c0 |
| SHA1 | 759d1f3b19ec2b41d35e76cbfb75967542110fb3 |
| SHA256 | 98bd71dab48d02a27eb0d3c1ffd69a496fdf9b02be04dfd8aca436b8eb189a19 |
| SHA512 | 5bed17e8907addd02efeb3c38a91252decf9e42ba7714492c07a869b5b601739df64ed7c904b91af436d62ae18dce1c9fecf7acaa33a6a7b8c3a46106dbbd463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cf4d9bb438d0587db7547e3632bc39b |
| SHA1 | fccccb12f77efe91f3d8d2d81279039ddaf25eae |
| SHA256 | 649e02bb9f30febcbd202207b62096d2eb48e2564c73b385cc97797c032e4408 |
| SHA512 | 0ac343ae965e1f3f1042456f63056a57f5c5733cb4ad82b4b98fcb7652f84819e4d39ebb2d328192e660c50f30bc25037e7af8a6bf7be34f6c673dc2db99ae3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83a8c4ad19e090301aaa9359e0e8b8aa |
| SHA1 | 2de76388eebe516f3976b25889e469ddd4bb234e |
| SHA256 | f7937b8151edbb46b8e0df3709b972ae90dcfec4d3aacb971d32ade418e4d274 |
| SHA512 | 290187c2be98bf594c328fe33ed7478f07420cc11049409877a899b36721605859785b537f6ebc6df2402b26810739ab991a999cdb95a4e70370485eaaf7a701 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2f4841587891d5cb14baf59e6b86bb3 |
| SHA1 | 47890e4fcab5a81a8697d1495868702f8833f030 |
| SHA256 | a42e954a04544cc63d720644abed1cc658c444bfe06cfe89f5deac9731ff708a |
| SHA512 | 77d13a17b155044aa249bd39c24222420dd8c781d0783660d789f2f3d1d54811bd44f4be45bcbca4d3abd831d68f07169dab3a1b9c11eddd76003a0c507046fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 377c2e8a1566317995b48890878128dc |
| SHA1 | a86332e9d60c576b5df58b767964b16dcc540772 |
| SHA256 | cf10705c6047617337a768a82accf3f9529a2c5928ab32199655730552c80479 |
| SHA512 | ab131d2782679af2b62cd1781ee3033e03e58aa71a93a011ae5fe2807840b02a35accb6234709eb8ff2aa314ca12a00a8a9821fef54740027d7da75c523d1fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dba605c688766adc87032bfa83c2676f |
| SHA1 | a4bf83517b4f9f638405f4a168f486e4a6ee0af6 |
| SHA256 | 3f797441844229fedaf435f3693de5f0cd56c0cdadca9ed4a5ee4b0d54eadbbc |
| SHA512 | 4afdb288fec844b69c77e117f793489397ed5a59084ddbe806b979506272e743b2ef18689fdbec395a6a2710c7d5454b07ffb4513eb5309afa38b1d38c08f7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12144dcd163f9bf6800c9a48e8368f0d |
| SHA1 | de07e433fea89a5d8d5547abb9fbd80199db9958 |
| SHA256 | b59dbdf54421dac470dbc91e4b094ac30cf8e8b9ec6d9873388d467f983062ad |
| SHA512 | 10dd4236c0d2b30bc13a3c6e68d6046005743522c0951c3c5f8df3498195234fdb21bff7bae0ae2ce7e61ab708b9101be69f03b10de743838a93244ffd05c2ca |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:15
Reported
2024-05-27 01:18
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe
"C:\Users\Admin\AppData\Local\Temp\aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8fb246f8,0x7ffd8fb24708,0x7ffd8fb24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aacbbe05699353dc27cca3df5b4b144081d4fe83069d5a3dd810cc0b35e9ac8e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8fb246f8,0x7ffd8fb24708,0x7ffd8fb24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15679128245591727934,17448971535721514332,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2640 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.189.173.5:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_2932_UPFUHVUUSSOEEPKV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbbed792d68dc67b2cdeb87a2453ba7c |
| SHA1 | 16c87f345e3a32527a5b951136ffe3e12bc59719 |
| SHA256 | 429ecd168f59b97e07fe311fa7bbad0e5d29e85e6a87228693e6a78dd471d4c4 |
| SHA512 | df8dce55da7a299da71cbf9330bf496c1b1732c2b5993cae912fde67ab4e49a22831cc4e0c483ea06b658a266393a0554f19272cafc5698af4251d3a42e5ec21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6f2567933f03fbb1985079300550fc22 |
| SHA1 | f7fb5595dfba87c86bacb31ce9320bc28bf27d61 |
| SHA256 | bc48a48c0d157270e0e7d1a2c7227e7a3a0cee0dc85bf4f459ec779a793fa34d |
| SHA512 | 6f3d10d4296b1f7412f77f5016a0b2e830a5b56da845d4a3b6d8cd84d464d053c1f96c90e5143e6ec004c7175550dd72856c0638e7c42f712b66012e5aedb412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16756b3001213b919032c4b32494f707 |
| SHA1 | b237d019047af9dc315fdd1e590172bc05b6dec4 |
| SHA256 | c75a47b3d06e5b27cfa6b3df81bd18ef9bb75d916855d74e0584e0864e900c97 |
| SHA512 | b95ae974769beb1b1b5fe7e4594636e7f8cb53f58a3674706c3e9dc7450984272d43f1dc5d308ca243726c7595f661d82adfb7dfb157313bd8c5bc0b0cb76caa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d46e35ede9e92af839d6555a1d73bb45 |
| SHA1 | 5e5c3507743b71adc7a9fd1ab08aa8279016c047 |
| SHA256 | d75ce8f2ec2b8b1798b8ec8c45d0e57e16246a74582873bc28259a92f66e2734 |
| SHA512 | 570b0dd4ebbb58ee7436bf3051663b3334a19e33008cf76d7cb225d87c19f17b06f5648a55ac927c84577bf4e0a0fb148e7a855a1b1357ff4f98a703c5d18cce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c227.TMP
| MD5 | c6e26d9c981625f933a2dfd55a66cc85 |
| SHA1 | f0bb473fe2ae43c3b87d3c6f791c685456fd2a30 |
| SHA256 | 1ecacad702c5dec7ee7f8cae0902113afa0e155cb31d33c6ca44cdebfb19e840 |
| SHA512 | cefd3d0ba0949dc12070ec84abf0f8520219359e28eb7fe1f0194d3005d985f6fa2372c993f1c197b85cfd09019560c8b2e504bd8cd4e54a3138a3c5f49f8934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e6e68db34dba8d71ff87682051787fc |
| SHA1 | 6cc163c6ecc4a00f829dffc7fc370a4c59d5a034 |
| SHA256 | 00a39530ca665c37782294d9a1f2637a6097cafeca000aad7ef0f0fea7c387a5 |
| SHA512 | 0f0a668e5c66e648e064654f543b9c8c98ca3311d9048d08486ee8e11fce6b9385d6f8ffd3c8243a6e29b76a25f4ea3faf177fae0842326ed1d3be25034dcd4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |