Analysis Overview
SHA256
40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3
Threat Level: Known bad
The file 40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3 was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:23
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:23
Reported
2024-05-27 01:26
Platform
win7-20240508-en
Max time kernel
140s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422934897" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000009a5a2dd951164da04969dc56fc4461af9bbd9a026e6d6d1dd17195673be632c000000000e8000000002000020000000053d9fa5617b689bab3efd3c5c2017b8d54f273f4c6eaf533037c10ed27da6b09000000093645e71d604a4b3197524910884ca41267131dbbb2b2dd2e6cafb5a2eee7f857b220b9e1c684dda4b6cc9d50de2da0012361def941f91f3c22eae694207134a359df666c1c23009699a2be53a70312013de56caf272d27421a79aff5c55744d6c1d0692593dbcb9439bb4b92b7e18ad56e2ea8a6ceaf1370a59bc7fd7ba6b8e1aebbe98b0aa6d788681124b24a854444000000011eccaff99db121498006d9e5a58df8f8db5ec758883d85d4c6d9bdf3c8e8483eed5fecbe25929c6aed4860ed8521c73041ae5830b9cbc58ccfc9b617592810d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0dd4d9bd4afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C55255A1-1BC7-11EF-91CF-DEECE6B0C1A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000019debcf1d9a434812765863f49d57d858fa3c2b34e0032e4ee941ccdd2633bec000000000e80000000020000200000007d69ce2b638ddee0ae711e3addd21a7d22d4880c4f96c1f676d5d257ebd79da020000000f035fe8e061b910aef11227d87d5b621904b3756b184d98268a7cd9ae97626a04000000049b87c39d4d6648517ee9c59ce77732d87df8639e33cbadff7235ccdd870e981cef86919530b3b89f271e3d9b5e06b075ef4f8cb5f917e7017a21bfee90e05df | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe
"C:\Users\Admin\AppData\Local\Temp\40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3562.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar35C5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1a5cd3a0e5b64bc58f3b40e8a3bd34 |
| SHA1 | 1c58197cfcda9a35000bd1011c5aad2b1530f6e5 |
| SHA256 | f0da5d9ea39ebb01995193e1d28743ff3bb56bc1dd6b4ab08fc525878ee69712 |
| SHA512 | 05bb08135906d1c518d930455590980e8159162b7803dee9ff38fda1e5a03bc79da1974bdf00eaebfa909fa446a43fe7eb67ec7d1ba8a1d6934c18ef5f62e2fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4060496ab7c38c2115a41366857325b |
| SHA1 | 484a0a7ec4f30ba6cf73af4552365f65c10ab59b |
| SHA256 | 31c77f8ee28e2bda7c282072c13be088f2834e095fd31d4ad000ce180eccd1a3 |
| SHA512 | 2de90d99c26fc4dc2ac8599e931617f0e5f8d0919f312492459d4489aaedc9485375d359edefe16b220adf8c9f58f0a31c5349004eb9608ceaaee1e9ba00b23c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb5317f3c1490adfc474e7f5b45da150 |
| SHA1 | cc9e3e01f7b8f187c711b0b8a837fbcf57038c5a |
| SHA256 | 0039f7265cfcc3bc39bb8d7d138d766cbde160e0e9dea0ca333cd1dae366ef56 |
| SHA512 | c61e8f97cf5ced24e6a0c4d566fedee85c1ab4ac9682f4df023bf9986d4b2d9a6944fab3f522dde6157f03bf07e8cfc01a7bbdd17c9f61bb78e5211b47e30b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f7eb4008ac0516b7ca0d97ff034d5e5 |
| SHA1 | 9b95652e34fe36b956aae0564eddb14af24aa147 |
| SHA256 | 33d3afe8341bbcc3281204c3338ddea39acb66ff063554250b8f46ea465e426a |
| SHA512 | 92297ecd0917a3a183bef7d8bc585c0351a7aa614134e3efab76dcc0c1646cdf8ad2a376283334dca7d1a82bacebec0732dd11742d4c3299377313236bd30b07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a61adceb9a9f6c08b40b3aad369d4042 |
| SHA1 | bcf4e3da70abc915b7a14de64357e4c8707111fe |
| SHA256 | 638d714af763b286b713791c6da246bc7861f8bf22c78379804efc64acc53240 |
| SHA512 | 9b6010d5e639f91661ca3c6bc494505eba18a7ba5423a2a0c72c79cc16c66056589e704fc8150247fd2682feb79f2fca3d20166fd40b0027d8a19dc4106ba9cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 3c697a10e1f552f81e0d7dee2dd3e8b4 |
| SHA1 | f39dd4b8e786f5d280aff2358d5a403c9f7964a6 |
| SHA256 | fdf4418f752f6486768d39dbe9343082fc02f8083bd476039752abf6dfc6afd7 |
| SHA512 | c39b26cc81f2ef09a45bedce30035a2351cfbc4fb2b7d62c0788550d567160b037a6c1f3bb7d77b9818765292eb94a7f765525efc4187fbbbc7567642fe90352 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91fffcf037b470a0bb4de9b0af0fce50 |
| SHA1 | 2fa0ff98c0350cc19c47195faf2498368634f148 |
| SHA256 | 38861c1c6588cfc37f8809514db02d4226e752f731f3c395af7babd29f8e2936 |
| SHA512 | a81f15d6d92e13858d47c8b2176386978ef8945e6933f5100fffd9e761e9b4e209313cd77b6e773456f1debf848850c07ce1dec06a4d91f3e2cc93e942025dfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68900f1d45ce9cd36e485431ecafcf91 |
| SHA1 | e3f6db474786101742f6799e9c8fea272d2955df |
| SHA256 | 2cab34a16dd1ece0507990e776e99b84e186120d3bcab3a6257c78e00cee2937 |
| SHA512 | 2df5e4399f23284f935c912450f4d7ca2ea6c2029d0dde0d8702841f57df6e47221d063989b465cfde1be37327f95c2133438e33f9dc767ffeb42aa5b89cefcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65a56e1a258c26fd00ea68c3141a2f85 |
| SHA1 | 5f89cf64b9c99a6225fe059824cb6ebf2b4d63e8 |
| SHA256 | 6e7f0813528e3280cc506d234c8b4012ea644e275f14864ce6dc16f86405e5d6 |
| SHA512 | b48ea7b4c3bc3d1a31a56c3cf7a32d14c092c176205cf520da885f3d6e8f50bdcd605391a72bb017b22db8d9e290046ff88e085194ae7351cfe3160da0fca723 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5434ff9367a8582b7cfccc0e55c75b9 |
| SHA1 | 8ceb75359bcad70db7f9e07edceb7908a3fc02bc |
| SHA256 | 5bce359ec3916eff5ae8bed13efbdab5098f9bd55abfca51e2a4508aee2aa3b5 |
| SHA512 | 8d99c6cb833c9d8b85f653f927d3013ca96991f605d5c181fff1ab17e20514c636a29e235897d0718514c3a0a4ccd4ae4d8419c5fe0ec43b6b5ef3175ab57304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eaea669cb0b0aabdd4493f69c37249c |
| SHA1 | f0b24d9019bad0def9ee67f04c1f834667c9df7d |
| SHA256 | 6d4066f557decf26a172982bce77728d0318e78e2678c525abfbfdad50535bc3 |
| SHA512 | e681dd6a66f2e10e2ccd556a518720cf52527134de613aa758529f0485489f69c1001730dd2723ea7a77c84f4a9b05683ec211fb04773673d8b5cedf57252a21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1179c9d6b9b87cf217f14560e10fb6e |
| SHA1 | fd1032e3a84e09bf7f7d127edc5fcc6d59f20fc5 |
| SHA256 | 0d50aa703b7e9187b903266cf8824f0f1d9e1a6ed9a2027fb16a3cfbacfe2415 |
| SHA512 | c1976fb7269dde527ee872f6d3cc6924f095f80474dfb7f4cd78aaf070842ff47ceb2f320730941045e9b87758a55903b07262127d39bda38e4556af428ce5b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b25090ec8269e96a99f392bd2f7bb3a3 |
| SHA1 | dd2030bac3a15b542bdb98782c21683e1c8fbee5 |
| SHA256 | f726ac52e9036a5b260d719c58773da6c131abf500bbec876682948a0f272c50 |
| SHA512 | 516422e2548e74aee7f841924a02c6ec83de1196c4e593620c2c8ddd7ef251c84ba46e6c715e2613ad730eac998630486183868aa02054e80d63a749b6237371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1f27c916ce66c31fb86e2ef2c272948 |
| SHA1 | c2a23bfaee0879293fd1d6a4d1f8fcf6af2f5556 |
| SHA256 | ac590a80dcd52b571d40be5b0a53a817fd642fb7bca53556d4001e47ef96aa30 |
| SHA512 | d295d86f05355f65e22a062cd5d9a7126c4478f38c3c164261515052cc7a32ff39c310027fefaedf2b53685d6161783bcc87c9605573c3f564c17c45346d6310 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 259e961c5e0c1179bfef7bc6ec26edb6 |
| SHA1 | 97c1481660af1cff755b5febea86105490197d45 |
| SHA256 | bd37d21d38b91c3c9fc13eb3bd13cc28f77acf3ebdee8f3429de69be6f3ddf46 |
| SHA512 | c010b725b67863fef89c08bc99340c5a311bc784f424ce5cd4caa5bc5c0365e5691d0da4dbe8de060d3f85a03ace508431d536bf5f0af63678c8babd6e0cc2e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad2613b049d9734ea75837c81574c29 |
| SHA1 | 9c9558d18c67e3cdf17bf9eb599d36866b1a255f |
| SHA256 | 6690efa766bfc96949d304375ef9399a048eac0c488e970fe9550e4a24b91f88 |
| SHA512 | ca4c4015f801b45e1f0db98e2ad8931b88b22508937be58f3f4e85713dd6bc69134cf4eca31c1aab1e75b4996835034a824015c3cc1a99075cf8c460bef202d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee318f2c00e6c69f722c757577d7d04f |
| SHA1 | 3be43a28529b7a503a7cc8d6f2059c77a1cf97e2 |
| SHA256 | 500cd96aafdd089d3a6a759359cba767ec10b537c6429549a0f8611378cfddaf |
| SHA512 | eefb36b7d0fd6c61f3d3a6c32d0d57924d41cf6a2f87d39872eea26c05849e98c57b1afb990744135c34575acb992fed6a326ea8ffc23e95d530e3687c8e37ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0dd12a8fd7019fef48afde92b3ee100 |
| SHA1 | 64f4e3e7217cff82b3063e4c1d0c49ca4556689b |
| SHA256 | 362c71c36fd6cd149d94f0e08fe3031469cd20201e8a22bdc16fb8bff6f3e97d |
| SHA512 | d3f11a02f2b8b8a3117689f5dc08c42f7f21b7644a0fcda6f201b75c54955172360b0cbaf734dca0a8e72b6d2b889a92520fad5b93bdcf39a0d4f77a0ff03272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7894d1e0543ceb91fe5c471b884d824 |
| SHA1 | 1897f49efafc8e1dfc82fc2b79b6839fae3cbee1 |
| SHA256 | cd08afa059468e828fd9d3160daf7e2bb60539741af98d1844181ed1102a5aa5 |
| SHA512 | 9ebeb102387c603b0c93b7cc870e820c2a721080cf34835ceb33e4fb443eca5de23f614befa5f8abf7b349977d01e4da3782b752edb3a5313c675c8bd44b5d07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f18202094f5ba22cc684c6b22540e524 |
| SHA1 | 8b8e413660e99fc0520bd6cbea8c86ab10149742 |
| SHA256 | a6a3e4c8d232b5773c4850078656564e444bdf2dd338f69b3cd388becf947c27 |
| SHA512 | 856e5500f9c429c8ba90780958a1bdafd46c7b0a3afa45bb47288cdee1844c9564593147b1e97389fab0366d92c00a34bb082d23d0defb0d15595fea8f6d489a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e897467bfe07f13037518ce19d02b04 |
| SHA1 | 8dbc26aceea783a6dc5226440833957eebe453c5 |
| SHA256 | f15ce35fd59594c61c1140175880b5a36407a55036ad0450f8e51fea2a67a3c5 |
| SHA512 | 64b197fbeb904b7f421a6db1a714ce90b28c9c39fb1298200badbb1b06e8660425fd50ad98bb490d899cd9a00fbb10c14131201236234dd12bd91d2575172415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba5b86268a24d04abb2e3bf8221e6548 |
| SHA1 | 180ff532d54d747bc5f7d9f01b426675aad7fa23 |
| SHA256 | 1accd3bf1819991df50f8b44f3e3ba0f059a4cea70133dd42d45ccdbcf706c04 |
| SHA512 | a9f5ffeab3a694e1f6663962568168384f51aa7af12a7d836c4aa60726617ce5387ffd2dc68416dd6f60bc57a9713adf15d3fb7d9d53d7e961a9737e207dda99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491ed6d99920c8c808ad669708b52e60 |
| SHA1 | d527cbec2159da2ba4c7c2a5e6015fcb4a5803a1 |
| SHA256 | 9748a3e4a6752f11c82b17ef54490d549d822d5e0688a5e4df750ce439fc245a |
| SHA512 | 538ef0de515b7c6d92a8eb0d0193f78eb663eb479ceadbd52f11c1e55113ba5fee0b3305667c481d30ce6bdb9ac0d429715e8e8b56a8c04055688314e168b498 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9498df1b3087732a3d1de9b8a0d9bf78 |
| SHA1 | 4982d23818c368b9c33c63a71474ba77432f32bc |
| SHA256 | 1b5e34682e8edf1327e37db9b54c6e47041e3b60033b12294898d89d69b92ff6 |
| SHA512 | 5c0a10f9a3453d6d009ac337aefe49d932cf3fb0daa150e62b2e74891e2f69fbad54251aaa6d422b80a2494753dac1e8d0fb67c425daae39f6fa937065828b88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06873983eb6122c6d8a10331f7bba7a4 |
| SHA1 | 35f517673dda94dd4b26d22c4afb409cb9c1d187 |
| SHA256 | 4f7d3b82d5cdb6c940ba3c54e31768abdb0814bb316cadf572bdc4f9a14ee616 |
| SHA512 | 96fdfbfbf36f24e5880ddf30b9b528d17e5886e17f0cbb2c3428bed83fc6f74ab54141092abc8204b0c6649c6c5be9a25fe0bcab6e8a88a43bb3d4e0bc50db11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d277eb5188c1bbe16eb499b3256d93e3 |
| SHA1 | 1742a0d2b1a7761595e26977162016a544ba8ea8 |
| SHA256 | d0fc2f371362c1e4b98675b876bcdd12052940cf5701567feb5ae4feecf34f0c |
| SHA512 | 3bda78002f409e5f139c64f627a9ead32ce080a9881b99dae9aaec0bf15022db95d4b5945e19c14f37c5ecb22dd8faa7373ae2ea7a0a10ae4f3c50328d4c32c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935b5111d9637cb8e31c59086e18432b |
| SHA1 | fe575acc1bc9c2335f578b135410571fb5342e0d |
| SHA256 | 3607009b64e57ad1a6451e457b4fbf1af8534b3ca2d89a53642266a536d8b61b |
| SHA512 | ab532222174c2d4e70279fb23faf68634460ae3fb756856bb6c9770de8d62ee92415964b618252f9377adcd73feb4c8cdbb1bf4a87efcc829c8f0ad1c4a2e123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6578a1d834557a295aabfc9dedf080a |
| SHA1 | 6b58b8f1a5df5b7c341c368372d7540b3f0b3b88 |
| SHA256 | ac71baf17ea56d0a2ad097f412367676b6a19bf2664ca4e15356b48e3f8e220b |
| SHA512 | c43a823897a0cd1983199ec1e6919e9bfaa9436a9eb801d07ecb0ed3f6635ac40adc25092fa0da721a40af898b440ca4c7b24120a0f9aa618bad24f564cbbd3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea0e1b0b18ca449227918a3f2e14a40e |
| SHA1 | 4403b5fbae5f485faedf44460f605733457d947a |
| SHA256 | ed89598702a492b68e3671da32339991c4850e70010c62301ed50ee4637ee75f |
| SHA512 | a7ec84b3e52aca0492203208924cfd2ee6f777b0f3db3459a196bb5fd651ae31d750288976c923fe4ce7da412bd8f1912df2b58974f25e803051edba3f6f24de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f606070c9fe366d105c479f01a83ec5 |
| SHA1 | d4690864d188962ce2094b192ea757c72c1542d7 |
| SHA256 | e09f9fea0582fbeb92f8862908ee6af17256e0983bf5aaa92668bc2a14fd6f7a |
| SHA512 | 7b3e587fbbfc353c690cae113e4aa94cd867ace6419c6fa6c4e2fe8e7d57a8b86b98a29d66f75fd16de9e3404d512261ba40d30e01444b376ca25c2b120b1885 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:23
Reported
2024-05-27 01:26
Platform
win10v2004-20240508-en
Max time kernel
138s
Max time network
146s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe
"C:\Users\Admin\AppData\Local\Temp\40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa121846f8,0x7ffa12184708,0x7ffa12184718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=40aaa3f4e784022302a8146595145a4a271c19a2fc70fc97060f0d247c8b20f3.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa121846f8,0x7ffa12184708,0x7ffa12184718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3158605473339573027,5413585099633644448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mdec.nelreports.net | udp |
| US | 2.17.251.20:443 | mdec.nelreports.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.182.143.209:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 52.182.143.209:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4548_EESXGEFTFBHPKGYB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 564c5d42ff0e4cf61890f694f833c654 |
| SHA1 | ab16b0e4a279da970427e4797fa3e5db4f999923 |
| SHA256 | 3dde7257478a2176f9209104138ceab2c8e3a716b24c8623c7bae708f0e14a95 |
| SHA512 | 852d525eca4194a76feab2d72cb4746e2b773340f76783422bfd0882dd05e53ae851fe72a6699a40bf4c5c2cc3fd724ada1c91d2e3eddd1a04aac710bccd1e88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5227edae77134491dd0de53b572a6d4 |
| SHA1 | 941a3b3427106881ed6cb99de8a67a8a032146b5 |
| SHA256 | ac4d4b5fa96edde894ce33531b0da6750754f6e4e8e1ba73f9e0d4f889fcdeb5 |
| SHA512 | 0d8c467ea8090ef867c314aa6b858ebe284e7fd83737e34463de23a7c935a8e7532b18abd436066f0c8f696932e9e6de43d68c32aed4655cf41f43890b7e67ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11ab6e6f99392787f259e3f1daed5a83 |
| SHA1 | 645f8b0d7f8b771cc07429f77700dc66893da6a6 |
| SHA256 | e389a291b2fdf7b168410e98db469f6ac7d075e11a84d15398bb507f9f3899ec |
| SHA512 | 024520fad463d2fbaedeefa9ffb2cd4fadce665715e407273d0f59f83f6bd0a568c6ab19424861fb6d00e7499b618f29f8e5add8e7d15fa9d937137dd12718cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b246f001fb305178e2a678607c5a325e |
| SHA1 | 6cd2099ea6740de2add0cdc6ea9ecc63bf019bfb |
| SHA256 | d53a162fc6f45a918c5f10827e606fee76ad11e8279c8d560f3dca182919038c |
| SHA512 | 074335e965d7f730892e8500ec8b8ba994cec43ec341b5c8cee27f436d1bc0153607cfc5b4ca34a4d19325f9deb95c8b48423aa0ade9445d70b2ed8d0d8b67d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3a5d16e08252888db1be3d1f89b923e |
| SHA1 | 41c2d5c450caf8e8292b9985ee41f42e85849c5f |
| SHA256 | f0b113ba5f0e36026cc7cbc3cf0782901a980926586e5dc218d21e0aa3ff3bda |
| SHA512 | c124a9b9dfe092baece3bdc20915f54b11fdeed150000a8404d94a2e0e36010c90850c6a771ca4b0ddd301f60a7fdf9819f05ef9d8da63e622bd8902f9cad6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a1b948ecdc0320a401f9de4d499f6bc |
| SHA1 | 0ba8a9a08b5b28a49adc9ae71ec85fd0a5819d17 |
| SHA256 | 2cc70c406854a03e4e1b467503aa04f56946400ab3008469d925c5233ebeca48 |
| SHA512 | 7e65061c1f94aa6386c32692e732d81b371f18e27fcaed2d5448eb380ab7b1094568f7d06c49a152aa68a118b6f62d755eba3156106724988833ec7f871fbca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c40f39c161d66debd1d630683b36099 |
| SHA1 | 5d25b58e9bd4f11a79271180a9eed557759c5f16 |
| SHA256 | f8b76ab521532459cc63f7e5f06eb6d6bf2cd9b61b8b4a31143dcdd4225fbb20 |
| SHA512 | 52ac51f0dc70a17ca0888684b02a2eb657ad38e9048b5364a9cf29c3fd0c041bc411fd62310dcf6d31f7411f05e8369c60b0abdba02d14f1d7f0dd1752014cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |