Analysis Overview
SHA256
53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04
Threat Level: Known bad
The file 53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04 was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:23
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:23
Reported
2024-05-27 01:26
Platform
win7-20240221-en
Max time kernel
121s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422934919" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001948d47199b4e04abca0cdf61e14715300000000020000000000106600000001000020000000940992e189fb8b5ede5ff14c0d29659b4c69c16c94e9054f8bf511d49163a69e000000000e800000000200002000000054e9eaa9c985b568c955156b934262794f54ab5d7fb85481976080ae30a2e7b6900000000c3c4db2a48cd5639752fa50d6b71ee8bde59e90fea3abbfce647efadc1e0fcc82e7acf728c3fe725338f333ecd00267d91bfb3e13ac58aaa5894a4f2883154d7d0fc2cd1fdf0c084a57edf2cdb93579a2ab956a2cd3eab86e77bee44701d3f7d7d00740ef8f74572f20c7a174d81e0ae3e3d3cc553f39f02a42ddeec479d6f97833a8c80fad375c94459a99c52cb4e1400000006f81f20ef6c94ad0f5e526f5a383383f70c185d7c5fea231cf6403e660f54450a0e3b0638b4398027ae7c335a41cecaff7c0bfaf0c28263d528e4b9fc766ea27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001948d47199b4e04abca0cdf61e14715300000000020000000000106600000001000020000000670b136c9c4fd1443571f7fb23e5d1c2043490f3082e6f8da2bc184a5560ddf6000000000e800000000200002000000045c324b3e97ee506f3178254d6f67bc75d778f80c75937f63dba09203a1027292000000097131ffb8a4a384f0762be7a781eb952c5a2863bb28752ee7fe5c13cb2f9dcd140000000b864c4ed678e14be51f35bf9d91afb8e3131b4e8db1c37040e800f9abaa0f83da07a3d2dc331c52cb6dd61e6975119f0c3622586b8de756ca22849dbd2380c21 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1FFF871-1BC7-11EF-8D50-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708535abd4afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe
"C:\Users\Admin\AppData\Local\Temp\53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB04D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarB1AC.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ede187769fffdbad962006ecb987eece |
| SHA1 | 2e1782910483dac5a4ebefe73a53f79566061b6d |
| SHA256 | 647362b8136bede388b545cb7f862c52c69073f991cd16f391ca4f3332025838 |
| SHA512 | 3a656ef547b704e34f4b30ba72fdc5a6798d5592cec5f9c8954486b836b741d1789a69c362ba19a4e799aea725dfe7102e1b176fb8512c2d69e083e16b9e730a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90cb4308f11ee6afabd0f6ae7c516188 |
| SHA1 | ed8ac3015768a9bd4b1ff383f3c28dabac6e7123 |
| SHA256 | 331178c2d0cc1add68619b9d7cc6a1face7d8df2fb9d5d7561fe707b16959452 |
| SHA512 | bdf9e74a148fd597aed42fcd134fc8c0cff5decc0d1c13478c5a214106262439daf085c9b8bb29abccadc27cc661e58dcc66dcbd271ec9924a877beaf7023835 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac9611ec7902c33a2656a9e08065d82a |
| SHA1 | 9b57830cd1befc89d452273c3e506e47a5387fc6 |
| SHA256 | d5c26b56b3424628fef7016d5de7b6b31ccb51cf2c2771932d472e76ed74c160 |
| SHA512 | dac14aa9096b5c068bd77b14ba31269a91468c50e76407f583b044f3d93eba3672996a7cb4d8379dece29bd0ef697dc54b09a6c9923e4dbc37c60bd14be4741b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0631d3d1e75ee9d87fbb7246a2619f30 |
| SHA1 | d55c0e0c59356d553caa824b7527638bf9cbca32 |
| SHA256 | ed1ff64a2167da0bde784f832388b864f5e40e6cc310aa7f21df99811f96ebc8 |
| SHA512 | 4636f00dafaa814d4c26cd20a857394a886f413defa6a367195d2737543bc5b67b22050e9a03636dfd9be034d4b4e2a951fd518096cbce296924a72870f4c06a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24ca05ee1c60c62580c6d5cbaabbedab |
| SHA1 | 06314baafe5337e9dd56a70f54f26267e72dee21 |
| SHA256 | 5b79a790fee523f3dd2a3307899c30559899e17baaca25bdbcaff628e8955ae4 |
| SHA512 | a2a5f5518884ddc158f2a486739451cfccab0d0d265f45846557b4b500bc2a99526f868509bf7f1382fb8c68df0c670617ca10f34f2bf96031de7c36525669a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a59a566197a4fdfa9226f442186f931 |
| SHA1 | cf443411229dfaf3bfba2ecbc1000a2487fa4b9e |
| SHA256 | 1c13741e773754c7e9ffdc866abab8954348e2465331827bf56a5e3970c8e4a8 |
| SHA512 | 7a6c2fde9dc6262fce88b863fca1668768b938499708e02b66b4bdc1dd77cbfe5f1a17bf1325dcdedab52c261f54cddb503a32c31800bf2845f763a646d979a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f4556e3b1c623985b0f297338bdc478 |
| SHA1 | 28c2ac7ef2668ba367576900a905b7d4126fe3b0 |
| SHA256 | 3f3e5a2a0632137a143f19dc1d161cb5560e2da0a3a294e69ed04607f46bcaa3 |
| SHA512 | 5b71bf1f562d5681574a78bae445c8f894009029679ad88f960392114dc9b20413339ef29f0b2f3b00f73436be8632e38dfad7063e58694ac8867cea7e14f46c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 44c5e94fba947a1adb1ff0d011b35ae9 |
| SHA1 | 1ba291100e6b053a3d35d5a65fb115ed8c68027a |
| SHA256 | e744c381fdfaba9d87c943908b327e77090e571d466e264e957fcfb947e25f03 |
| SHA512 | 587b6ef5b7570513ea62cff0abfde91375c43e30adc88b11ec2ce8d1ec4285fb8ece1e3bec8a440544827de62b3d2c24c76b4e0c6f8cc17ed474d4eba8a6ccce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0735121941c0b9c095f65ed139cb5f31 |
| SHA1 | 692a98fb95465651350a326d4a98d1c8fcf40bc9 |
| SHA256 | b855419140cbe03a737999c7f2b737d0b059d3ad12f4fa902ad3d1162eae9fb7 |
| SHA512 | 3fcae618b5c3f4f7d31ee3e09bd5a62d9c27601d95f7a031b9cbb5b21b523d5143966fe1c9dfcb9c8b6cfc2e0b8d72420ae58879d2553634776063e79b0f3ec3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bc4fd32864562754484fcb82470fd2e |
| SHA1 | 13eeb300d12733f5dba852559e5b23fb594df8ab |
| SHA256 | 941d986f9f8b4ee92e02f40d5886cb451cc1b971693d104765b9397814501f15 |
| SHA512 | 920a8bc20c5af6e12445a9c2521bb174501c8b4ad78b55680f1ef619900ea7f1d21f7546892b14d5f60e9b60961ce7ffb1a665dc27cc72d5faa68fc0d2e3ec88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4777fe09d71b6af3c2a5c5b68e57f14 |
| SHA1 | b10c8317faa11c0325e8603ad996b9d8ef227ee0 |
| SHA256 | 49a696645aa6a21391974e5f24c8674e8ac8fd9885d82315f0d5ff5d475b9ca4 |
| SHA512 | dd1a2c6784ea158fbccd8309b8415da8e1ba8f418e6a6c9b7d1a0dde4eb3f894d6024aeca91b00d08945ef109098254c318391b4af8be73ade4698e6e389ebf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c64f0270763f03a5c63e6ab09b8ff6e |
| SHA1 | bbff92ee5c42e75e672b9c8e190072a3af6d98bd |
| SHA256 | 5b82fc8581fd5719d42987a52c6728f0a809a5eaec93095e19eb037d9dfa30f1 |
| SHA512 | 816f2ce5edd7984c6f1e34fb00b186c475b9dd66df0486ef3154f91222b5649af6fe3da0676065081e76b920ba2e8689543ea2165c3a0e2127371fdfab32b7d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d25ec114c2c97fce86e40a7565f0fd55 |
| SHA1 | 8b907d08b3cb01bf07bc2bd2a2d5e225802326e7 |
| SHA256 | e2d793ae6b5197f637f502e76a0b6240056ada451bc6ba58369ca3d180ee55e4 |
| SHA512 | 0618454c29a9c53bff50ae3f0c7a1aa79ca0529b91195db5a42ae178945bb659c43eaf834221efaeb90d540e4e9138fe5f388981f61bd4891eba3436429508a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc6713f85597431dcc3697ef0f847d9e |
| SHA1 | 25ea162289ceb5aa4f4d353054916e1f29267627 |
| SHA256 | acaf171d1cf2f2fd256b3ae48e9d2f28be703d65c8f58b9b5d78a3ef8484c7e4 |
| SHA512 | 3654244cbec86dc05148a08b4838b7eedd207aadf8b0af9146502d06b26cfd8da097a0f8531118995baa9cdb68328a66c06bbfe338709febdf56b5e5b1f48b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c05c2233857cf4f5181b13c747f9cfb |
| SHA1 | ea0bb94b021cfb025e5a181f903188195240f546 |
| SHA256 | 49b03d07c16edb186bbb7c3946c0ffc9494e9cb8d67a64a7fc7ae1b2bf7abd85 |
| SHA512 | 551c898a0d58a498e92fec43eb0042e13960b1f9ce2a518cd0e7202a3609e7257d94dcec5df94dac5a5befedb8f7be1dda53641b87a86123e1506fadb53943b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebec41e67d94f1238b38d1953de63a23 |
| SHA1 | e40eac4688fd61ec4fa3ea45580cdf2dedd8ac50 |
| SHA256 | b756faa11e9d4db17ab9eaed6fa458b53ac4c9af8fe2896f09c4fd6a76c3d592 |
| SHA512 | 968ddfd14742616b8940a73c8c4cfa76920db72aa4998148af1acdb39c82f82918e521be3f2aa6b339478762b2362839c171f45a67576b11a6bd7d3e90f68a66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52569dab1c300156d3a5b6ab73378c0a |
| SHA1 | ba76b8a4be6c1f77efb04d9cc48dd9b50fe49066 |
| SHA256 | a0bcf6274caa3257663ce434837745712584b0b4b625bbde36d931a2ef8e520d |
| SHA512 | e01473f57b792408a65677ea678d828dbaa66e9c8156616da31bc7f241a7868af7fe426e9e4ddf7a48865f7c55dacaa0f0f16cd3d7b5c203e38cd5dbfdcc4f2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 751fabe7e3445654029fef9544964291 |
| SHA1 | e225d97f477d9ddb0df4a6005c61302d5caea965 |
| SHA256 | 5dfabd66a7247653319e86ed250d640baad2cbc97eba4ddd57e81f41ac687246 |
| SHA512 | ce784477dd1d4af1298a7a8b050d558ceae6e8fa3098f1a70c66e2c7d262bcbda987cfa7d8188507694cb3f55583dec5fecec950827767bb65eff36ada706ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d8fa0a5de497a1bbb197cc73447ec73 |
| SHA1 | ff1c585d982a542b52dad92383fcce668036d7ef |
| SHA256 | bce7d0a1627d6f3fbab7c4a444db1d29d53e4bade737ecfa7a098718e684a29f |
| SHA512 | 9c3fec95d5216639cd8b2f3bec8244e9fab240638922f7c6daf653955f94124645c5fb028df071dd5a79f94c40a30a281e37bb62964042553d50d3e89c474a44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0380db7a947ae575ca1e7b947fc997aa |
| SHA1 | 864d0d344fc8c94d3f0f0da0d568c127f42e3b68 |
| SHA256 | d64e02baf20e2c344f4917c008d3ad5bc39d6de1ac2a0adc3dce19b03c04689b |
| SHA512 | b1750ccb52331a3b129c8ee69e56404b392942e78468e69b426fa2927fd97c781156fda575100d05aaf4f483c4469fc9b40a7603d62659189e9f8f6a90d8e9d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee28e235787f3def8aadbcaffa792d93 |
| SHA1 | 2567d97b247cfb556e9da4372684a3ab54694259 |
| SHA256 | a0a46a9f6179ecdd0c2a02854385f59dd4f96e38e5beda2152a179905e63b73c |
| SHA512 | a280fb3de2cc2dc9c55ac3f14a0cb2407618d94be52cdca81ccdd54b97893f8934f83b24ba3db2eeb4cb7431b94b290c288f6063a330fecad2b50e07e902f00a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ef691937c67766190d98aa4f99400bc |
| SHA1 | ec9db95bea426f9d0352251810b8793d9c7330ad |
| SHA256 | 28575c1ac0d205ae094ecfe0a7f7d1a27ea8aa498f30be31e145a7cb35356dd9 |
| SHA512 | 82a9da38a145ff0e42ee502ed687576e16b72e64dd65080faba2c322703a76a20590fcadb75813a0f608fb9d4812983a37fc68fc42c91ac6ca6b6117b2db81ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47c5aa5115523386a3f0d51f0bd77861 |
| SHA1 | 2c80b00404080c083736bf956217c37b7dc3d7d1 |
| SHA256 | bb978e6318d86b8315e0adc4cf3b95597c539e1e39c98b47c3682511d87c9d59 |
| SHA512 | 6ef21bb34676499f62ca581fd91598e699198be7100c1c214fcc3c616efb8c20fc272b778d8d837cdbb3ade57d885b22588bdfc2e3bb35aa530bd8e208564787 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c67e81eecb9aec832337e69ec623e6fc |
| SHA1 | 74cb977cbac2fd14eeb99e2e5c6eb498f8c88064 |
| SHA256 | 8cd81bfddb685ed7d9423c7dfb03ca1b12f67f53c05e560836ded97a6aae2f48 |
| SHA512 | f97c6014ff801d899599e59d3702d7afebdcfb42dc9d1bbe5f30b8d5900cc827568d514cdcad32bca55fc2ec522ff366f2987752da4fac3ae8264a7859da58e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33c91560ebda41370be1d2f085772e2c |
| SHA1 | f93e7a6a9425316dccbfa613ed569908d19365b2 |
| SHA256 | 4e343f87fdacb51ceb05c42aad5910ef4b534e710439e80c0e2508cbcca51db3 |
| SHA512 | 5ae437d2181e87fa21eb435b5c262144ea29f9017f8e1cdbd68a4e54ba89df884712e784aa0df5ebf0396656ff0dd3de291564a92ef5200cea7d69a0151c292d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cad6d63ebfbf8085dbc33918890d841 |
| SHA1 | 03d88a9ffbdf2633ea47fc169270f0f70344ebf9 |
| SHA256 | 947e5ad2c72bc50dbb0a21f98f26dd243c1c4528dc0ead557633deac03815fdc |
| SHA512 | 98f7de52e5c86255500454ad4a50a5d67238e8f99334b13bef7fd9a3a6b09cb9460dcf689280e76e8514f8f95a9029355b1501f44a74b3d706c6f427c52b98a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab30c0cfeb07b0825c029896a019dee2 |
| SHA1 | b279e39845591da0eca0abbad97c27d1053f15bf |
| SHA256 | 2106153750b9dbae0c12a131b9bfe4a96fbfcfaaceb405dcfd54a5a2ac7767c7 |
| SHA512 | 5777e09117e53e90c3a2bb7af839a78882b710099d20e5c796b5ded63a0dc843318bc69df902838cf3839d27a4e2ce12eafe464cd93d24436883812f2d32de68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3abbd56bd42ac3d7f8e112f5b7e4701e |
| SHA1 | 896d94927650065835621ac65f437e96669d292d |
| SHA256 | c2d783c2c4d99ecb48d208c2d725ef672a0503efa07f5d902fd17c0861d96c32 |
| SHA512 | e8d0843ca187f4ebacf205cdd3571d8d3b46021da3556c4d911e125174949c86f301a1567b102f957ce27ac42b566801ed916ba6597dbec0e113c627e1a4dc5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b29ba423715be41444f53ea66f46f6c6 |
| SHA1 | 8e11c9978b2567cf595832222f80d595fded51eb |
| SHA256 | f7d2955ec9394b0c44bff54c39557a7f6bd1e62b37c99263ef2b4b36debad0e0 |
| SHA512 | 20c848de24cb97cd78148590aade595578a507f844d1b439229d8c1248c31d38031907a6a5bfaf513a0ce4ee0eda6f4f227beaf0b71c805b0893b5eb53206ece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ca1f2f0449084a9152acbc80905119 |
| SHA1 | cffe24b0bab8b63653b08bbd42944073c155316c |
| SHA256 | ad0b454bbe4877246248163d4058bb7e583e15639c1f6146be9443d8a6360278 |
| SHA512 | 3dfea2959f810db590dfe3ce4c21116e3de395e3fb400795b8bb810a20a0828a470e719ce5ea9b7cd6ae2f2934f2ba5180936f7297bc45b1a561665b076e046b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:23
Reported
2024-05-27 01:26
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe
"C:\Users\Admin\AppData\Local\Temp\53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91d246f8,0x7ffb91d24708,0x7ffb91d24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=53e1a5b19a2e8f6350aa31ce7d0162841545d264bf4a29a9c9ad6fca7871ef04.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91d246f8,0x7ffb91d24708,0x7ffb91d24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3546645788800452986,15353627313409734068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3640 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1924_PXVEAZOSJCZKVNZZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96d1ce74f6c3e28b15a7559c3c13129d |
| SHA1 | e7884fd3988d1fd4ca0a5a5cd4d5b994879f3884 |
| SHA256 | 72a09ca543f2c609e0e4900a9f45869817fd94d3818c9a08d4c0a70f38b81a65 |
| SHA512 | 03a4edc7bb837c7eb830230342015d51e464cfe04e835510860f33c4ef943a8f73c9637cdc7752ef8445e381fed9595e602db5338e7e7153e1759e76c3e95846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef78d047d9467dfbc3e27a470e77a4ac |
| SHA1 | 98ce325c4a76ecb17687fdbd4e860ef06e8cac75 |
| SHA256 | 0cba96bb2221873d610529321fb921b4f262ecb69c4e676f3cf4427157c3e276 |
| SHA512 | 191bc64af3b10cbef7a0baf5f8c3f2a7f4b9f876bc09983b8eb703164fb1dee1d5708ccecf9761c9a0db41a670c1c364ba799cfb4cb2706f8d0c6b651ede8b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 268d76fa3becb228b2ec7a653225ef61 |
| SHA1 | 22af8dd2a8c713560595c6d550f2616f9c7edbe1 |
| SHA256 | 07a0306e4a002eff925ee1ddecc29b39c33f4c8376537114412378ad0196ff39 |
| SHA512 | 1ab635177f6dfb6bf8a2728b4e1860a3e59355c8d49a24151789e190fe60e7d46a059ba6208fb951ac9a6ac754085763bfd8be9617f5302ee19b7519ce1d3d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06b36e38783cbf4905086aa1978b79e8 |
| SHA1 | e71f45372608d8e6da78f9bc8c2d2d3c499d855b |
| SHA256 | ba24bc98136fc02e500c0372a70195263ccf5cdfedd8e6d8c0edfe1f40f33c02 |
| SHA512 | ec530cc684626723c836d0e71caf529a0e1f70447ac8a7a569475023dd503fbf11dd7b9d7a814806463fb95e4b97ca21332d7523a277e4f61830139e78c464ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6d8ed66cfcb31d53431952882e969a5 |
| SHA1 | 963b9d944b75005631eb6762c147c9877c447f29 |
| SHA256 | cd161248ba675ad38a74563ddad9ee89e31c4189c15f19b1102819647a08eaa0 |
| SHA512 | 6189e69fb161716f4a05c72b93e1494cedef7268abfc85bab3690e323ded80dda04be51d2dbe79dd69f480b20c6c50170d604ef8919a733fca8b319ca1941a3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b21a.TMP
| MD5 | e4f879985a2ba3ae74fe358872f27e76 |
| SHA1 | ab4fff6cb590d61b2eee2023b82b0a42cdc3b2ac |
| SHA256 | c9720c4b7627a063944a1f43780bc03fc5d0594b6962f920741f8ca825a7810c |
| SHA512 | ccb6b89f855d9060460a450fbd2e339c2a19943645eed4161d0cde448d41b32a370b57993cbf6e2bcc14206b768abd1d6f340fddcf8da9dc03f15d83f3628378 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 00d9317f3226af7ab41cc1652c881a06 |
| SHA1 | 8cb85eea63f3af2fb9068b6abb1014ddfde5d61d |
| SHA256 | 7497a46ebf6120a59047b5a14df6ca8cb06f0043ee9eca70a9ca0858eb0dc3a9 |
| SHA512 | a58cbc747b370fab7a1ca5ed636854f6e07260b2616e46dee334094caca25215973e2524b64f0e7962fee507d9126141bd0ff4f56976c06468ebcd8393a5e6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b55d5d502c3f729d30d6793a810ab472 |
| SHA1 | 0c33a958f476334a469bfb87f0fe6b9a7af5eeca |
| SHA256 | 78e84f05a71916559c9b2653523534b230a90902dcec4739db1e04d975973b2b |
| SHA512 | db1670f20dcc0ab1a1414c2ad2eec7152d6cfe47551c797cd2236197b83258bd5d7580c0db61790fd1bf4d1e2ce0712f52ca36158a848db5fb09d34091251ff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |