Malware Analysis Report

2024-10-19 11:31

Sample ID 240527-bt9d6acc83
Target 14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d
SHA256 14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d
Tags
agenttesla microsoft phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d

Threat Level: Known bad

The file 14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d was found to be: Known bad.

Malicious Activity Summary

agenttesla microsoft phishing

Agenttesla family

Detected potential entity reuse from brand microsoft.

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 01:27

Signatures

Agenttesla family

agenttesla

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 01:27

Reported

2024-05-27 01:29

Platform

win7-20240221-en

Max time kernel

122s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073966487d8d69541b90e3162c4a3837e0000000002000000000010660000000100002000000029e340eca19d32bf6736a2a7a6414629d7f82431729512819d69adf5c02bc7c3000000000e80000000020000200000005a391a91fffb3bf5fce034d2b2adabca781ed12eb05a3a6e10560336a187e030900000004d62f8e29c05e54bd61e144b9bf95b24ede461bd5d32405b23dd376540dd5d7fc50c48612dfbe5f1856b679eb88262d0df1977b014e672bc1b6d18d3baa141ae82050152cf92f688722291df8cf0170d095d9dfdb9fef5b71e615c00e6849c3b8af08c898c5626f0abc358d73ec9528ef6bb06d9adc2165b7aed6864e72823dce9eb30ca047a718803547c828f99307b40000000ec9283b7578f25fbda69f8cc652c6b0fb74fa358840fb04d2d3f6719c17ae5d962addda0bcfe744b97c6065e35312f2235ea6527ff2516ba16cb83022bb7fdf2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422935123" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073966487d8d69541b90e3162c4a3837e000000000200000000001066000000010000200000008b9c9f2c793db927c5ae8a459f83b2dbd636e6bef2e06953971e7480c33db0a6000000000e80000000020000200000000b6d945e1ae4dfe354ed6916d6a51b0c78d52872145514c6e28c7f7dff7e64622000000042452ddca780c499158161278c6cdd46f962aa53a4561b69bfcf64b424e07177400000006ada69520e0315d2278459d5bebd84e4059d14d550beab6447e8fd9280a303f33ce2f90b0cb71e04024287e20067401abea52ecd0dbffa0189760c6fd1800de0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ffdd22d5afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B529841-1BC8-11EF-ACCC-D20227E6D795} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe

"C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8CA8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar8DA8.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bd7f32a8811f2b67b6acf985d35ef04
SHA1 bd16bb59e56ba0df85322e1fba74280f6aa6ef19
SHA256 e0b45fd8b52b2ebb8708d5dbcdb66c79f5564b4d8c0dda443eb287e4ad84da82
SHA512 8bacc407b4b027d0280e4d35f596bb0da6f63f292cce2838eaefebf9afae197a1161cf63de0315fba9bb85afcd0f51ee6c09b4c29519783330c7019e23b64e03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33ad4c702cd38309c765cbb74e113815
SHA1 34b169084b6d441925f60defae19c92b1c220e0a
SHA256 f853c0400a5c11dc9c00127c6e77cecff21d783f3f7901888e39a5c361fe6e51
SHA512 9b380c2cea0368ca32434b4eb7b191bdac89d5fb240545c7515c29d57f2beec999a7015719b03381a32d6d7b90521bda73442efa6d4ade6a7d2f51f055960aa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5d403cef1dcc3bee356989488b91a08
SHA1 8d88f3b237bc464771d082aead4a5b6951fde731
SHA256 a15a581c1337be90271bf876038c1d8ca465a9d5f6b6f749cd76af731e124147
SHA512 e75bfd5b3f70a1eb183b4b9c62b7b9b0ad4e323d21072b5d032314861218f6efff198b71350dcbc1e21d5d11a22958589af3d392b973073812845abb5832f2c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8dd8440805fe2d3f46bc90907167fd1
SHA1 40aca3feba17394e8a5d26fdd581d83ca59402d7
SHA256 04dea2a07b04d540667d610a58cf5e98c58bd8d934627bcd35e30ae2c78ee56f
SHA512 b7e9cb49084f62cd099213e452ab1371e73fb3ded38f63a23f31a5a54f1fd9db46411e0c580de83c2b0bbc9bf09be1ea0bb16c96e1ea1c5470b3563b5fb49096

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6a61899647be65fc17a3f25aa9dc024
SHA1 654d180126f08d2e102c2d92c5c523ca3be13262
SHA256 6c88fd04d3100b3e2d3ec55fdcab5ba68e5a35feaebb6f59ab21db0b6f167da7
SHA512 f1062c8dc092e33aed23b50afae968f495ab61e29f9ff62a4d836b9a4277f48beb3d3c55c58be3ef75e23f0b713a4b02f37101ceee9efd35d3daec69ea52f299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1787fde056e924ab0d279c4d604bc13b
SHA1 271bc16d1f19bdef4b2cc8d753790ff24ab339c0
SHA256 bf70b5aacf73d4d9b2811e4527b83efe6bf4f1f28b8989f41e7b83533e60c0e5
SHA512 98a85b6fef2e6d8f9dd5caee2b94817f5e0b4c8b002a5896e7182c7111b50c360b6dfd78aadce876a1affab498e1abdf41692608247d26316ed2c43a2c7be452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6098ec5fc64bfa559d110aa6581162d4
SHA1 48b2c79f1ee5a12369b67be578af857f0cb66ae1
SHA256 5604630197ebbc506050a57f8f2a28b25b8ab1de5660435a8719112b61085a30
SHA512 e3f03c47a21c8279d05460028065bdbe226750b2a22a8100f6a0afc76344a5cbc68269eb6cd4b28909f93ae5681bf85f75d7facea491d503381f9e2fff71e571

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 1171535aa1ccd963615d949f0af9ad37
SHA1 351c42a90efcab2e7d8c22bf0268e108bfedc076
SHA256 0ad3f4cd9826fc0438f73103380b9117131ad813a9b8bc6c7c2f68938271680c
SHA512 708f8b9d460bee3b861c5ada021e833c80ec8772f8897615de904a40a575e4919ffe20d351cbc12149fe16af4450e4bd9a8c683af14248714034dc5aeb2c7e9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e6a703aab5f4a388bac9ccbf671db36
SHA1 56de4d38858039b03358d3bbd27271f52fc66bc8
SHA256 dc2999c2e29d0ac9418645c3dd9f37bdf5ea4daa0dfaade58a00933e6761c9f2
SHA512 c78125ad6f5efb60d74bbbffd60e5efabe9f21ba9f2575b28e71c455173ed5aedd7a86b84e41f4c4d8034cf7a3e6f195a34804af926e4e6edd3b3f34f651cf53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c539409f7e8cf9645505cccc4d375cf
SHA1 efb8c7831845819e9291056f763fa4c3f573090f
SHA256 418f5ee694507cf28c3fd295cc52b9b2d2b56e3d0b1f375f5236a1324aa97c14
SHA512 1dea5055113c9c05923d054e1e46929f688a940868546cf968d79b39359bc32202ee8eae27deffa68e7bd45fc57b820c11a5685a78e02dc991448d6d4941bd66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e19ad023682be60b395b438e51f743cd
SHA1 93843fd25f5d4bb3d584731bb3b5834dc9100f00
SHA256 ee5da14e6627b6438b401be51240add9ef8bce1c54631c11b72bd4e1148095fd
SHA512 044a089e3ff71f7c282fcb8ca5d5c0e01278dc9bba06c008622fb006f1f8646d43f4b158d04403c49ee7ebbd8a0aade48198866d3a77eeb81d8fec3d4af9477d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0301e53fbf73e6b6a4e73ac8700bc4ef
SHA1 c2996187d31a2e47e19a5bd0288775a430e42717
SHA256 d2f237ca3b812b749a197618e45343d2ac222340beb5fd048335ad45e0294a5c
SHA512 28cfc4e4d2a82a43895f98730fc4c229f2c16fbffcf9c6d895d605a02cf1ac1efbe135122eb20973d49e2d23f8f7fc88245dbb61742c828654baa4198d5b6dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903719890bfd8d53ed90d2743a30fe07
SHA1 4383d4991582bcc63f078fc965c5da9312860b23
SHA256 24c363b6cfaaaf05f9539a3f3b47471be3717a619ad598e4f993f7683975c608
SHA512 ba56aaae2ecc6f3da6f99fbbfff8b650242a59f29bce2ad2e95f0b243f65f3766de15542753cae582fe6f5e06281bddf1fc1fdb90c12cbd66dfa055355f21fe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14c6621941a0367ef7cdefe2ed1d1684
SHA1 7ea415e3de08ed33db718173fcedb1084fecdae0
SHA256 13964e8f435bea7e167f77ed3283628af0d0b584b39516ebdc093555349d8889
SHA512 b247fd673380881b80377841cd8fd46f146cc6c6bef3c1237c94759afa745bf1d21a11dbd2501202a020699c5895e5e0115299f16c836af3906221a58dff0fe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e17ac884f61138447503fcbb36a1e0a8
SHA1 f0c1563bd8d21c9a89326c17bd00e3c1df21d361
SHA256 76d2a202f132e6d28faf04f28a861e60b1abe517d386cf804096c8ec98e29b72
SHA512 36600a8ea6e9fa69593531a2059e7b3218e369c79dc1b4040060c122aa6a372e422cd80336ed0f91cc73c5cc3eeec95b130ae9d4c559aaab1afffe5bbce639ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e51e9010ad6ca2cd15365198e2ff7b8e
SHA1 151e13b6e4bb5a7fbcc092b6a3b4961dd90b7611
SHA256 438626c9e9aa7a8e1eab35fab5cb58147fa855c29b5bba9b19051a5136573be1
SHA512 419b88ff1dc64f6afaeb33df07403b2774ff52dca0ce0f629c6059150c3257fbe5fc5083f6684f89d1b0c88ae3c9bc842aea3c162bfc78c7104a82f140807284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e43fe518df665e24e2f6ac2a42a65bbd
SHA1 e0dee7ac701433dc462d9734175ac5d55ddf8eb8
SHA256 aff02c3d92e6cc1ea82d46fcce3a43221b583505f23952cafa8edba414058b5e
SHA512 10b06634d20ab6ce7c0d344865aefa1f04d2f9b34fef09891982d96b7b612e039fa6bcce91aabe401a4039ce108432d61a12f17be296ebb6bbeec30e43a99fce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 225d12cd04e08f1f67bfed1e41d4fbc6
SHA1 176fa8ea9be9958d396f08c550a9aa5888564911
SHA256 b16b808d020d8c809f2d5282e13c7e0f7aa0e940062967d9da4981493e7baf72
SHA512 4bde8fcdafbd64d3d6e3acb69319ff891821a67f2c312a1fadc2a34daa85600d90268900ce60eaefd07197445601b9fa2d6e47f765bed0a94f04a8e42030d8a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60b96b66f4dc1105f27f434d11a25836
SHA1 e54afb774cc7697f527c186983de39cc2586ce8e
SHA256 4e951638bc3a0eb9f9ceb516a0735b5f81d4a78b9dc577a54ee653ea5150acdb
SHA512 201eab7c76ab3c8e55aaa390e168a010f49cb02e43fb380f8a05dc6da11ba8cdcefbe3877d6771114870ae116faaa2b4ddcbb5ba91063db4c9b57b2a00b5d091

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33fde7e94ffc0154e094d38d6ce06b9e
SHA1 95c7695254f5388a6d049f4caa87cc0d25d76409
SHA256 721c218be8f0920364af3be319c60a8404864bd6adb05d935b646cbad245c7d6
SHA512 62ff72b3e80dfeacbcf36410d773011d5ef67b96bc6e542b6fe5e613c3dfd049c230c3a38eea6afc76223471d5f993b790bef2b85f117d28da34d8a0931b26be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b08370fc63ed7e766da9e7d2c61519b
SHA1 89ba5b9ec20f0de16e2042ea9287a0961487b7b7
SHA256 4da7a8457857457e82eba45cd8d46c77bad330acbc0de2f6ac94057579ac10c4
SHA512 98b4a2e6f59eca970b90ef6a276fc3b55a064c1a9721bf5837995d1c6062b7f2a4f94e5b086a7094cb94c25a1d4abbf307c4a9ea44865a6d5577564e1a0c029d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b24458d4263e5caed64f0013919b263
SHA1 09ca34aa19291cef9e425d87745a5dea1e19f798
SHA256 828feb64c9fa3b3e93a889ac75f699517c38de4e6b1a19c077f458b4daf6cb4d
SHA512 3e160a91db6afbd670630c4859c47e6edf0966711e5628fc02a828ca68cce46022a5c6ff85263766cf7aa07aa418f4d940acdb7463f217a890931ebe36bd2747

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dff46e6ccb521381882fe8c8737b31e5
SHA1 ad5ec4cdc13294bbf4e2ad22ce2b21243d93943c
SHA256 9634bb0d916caa1bced4e612e392f46261c9c9702cbeec9ecf2fc8238ab64a59
SHA512 cf0feffac766e3907c49989e66e35f5fd6f62227dee483427ebb369a0e6aacd35a1789726bf591bd667d10b19fbfb5316b8359f2f23a06ce10134a3609745b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f89c2b0d9eecfee2c85446759b576e87
SHA1 2d3dc4e24e75e1cc1520bbfc73972bd2611faf9d
SHA256 ec9a8e82d82ff5a52ce054f8a892113f648c80290d3ee6c17cddc106f7d22142
SHA512 9b34bad99cc8670bf45376124f1ed5562834da979b5b88fde08518a5207405957573b3df40732a5bb4437aa63fc1c6b76f6587b2525aee88592073e96a776d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b22b73573620b7b3d9b54d8dcd44855
SHA1 87d71c3c35263ca2dfe32f25f59f47707553ff5b
SHA256 34c297bf96e8396005dda1afaba6058d9af69718cdf89d6577bf27c3c14ad667
SHA512 3f5d7d321df7a32ee8b000c14cd424825e1dd7cda5a2b7530192cdbfff9a7ac971e7eee457e13dcc834d30f94bbb516645fb6cf5bf5ca091b97fda63ee2f7a04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff9756a5defcebb451672fe9fc97bae6
SHA1 9a7cf671718230d15499dffb2504d9649ae2425e
SHA256 63cd7d31c741407b47c7c953fc3bf57d5f2ab58f8f1c709e30e7f9e21309ff04
SHA512 feb35c958d26748104060ca922f11f367607689d1887db2a70e4b6d0901c13e308e74e224e33e9334782df1a9524bbd1aa42f0bb5482582fe1ff4d7b3b4d799d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca087102910ce6697febefd869e44431
SHA1 0ffb613ac187bfabb2e400d635b095683afc5b5d
SHA256 70b3505bd5ff7084d4b081d3ea497912922fc8a3d4fd030c40c3c120fd9e2035
SHA512 c4d0b87c90a0a5c28a8fe5dda47bca3ce168f432abba55bd03649df104c875df4a5d9b3c45ea5e158f4be205813a57f8d853478b27b844581b3e6f565146007f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfc4123a7beaa6b17c715b87e760d28f
SHA1 80a7d93d44c730cfe251c017fac208b2ab135ad1
SHA256 ebcea8bb2d9a827133012c94a0c4ae18f760428e58213a4842938ad6c666d4b4
SHA512 c36d218c024fa8b73a1a4b968cf5be387517df45ffc508f9f5b9e628aea893211c8808b933663376d09fe1be450505117fcff9875082c2237e1970b86fcd7e25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fbba56387500a109c41ef5c9d8c007b
SHA1 3cadbd8ea8b456b490b2b93c908c314e7a39bf83
SHA256 c7fd717192b899151a27f4295ca3df832f04d4b40585a41579207dd6b7419107
SHA512 2a094e9b869afe70a6e5517c1fcbc71a0c653c3ab5d1434755fcfd1b73c5f7fa7e895cf59eae662545398cb23dc3c37548f355439850f54d7c1701d66cc9419c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2356b79f33ab8984dbdba392181d8c85
SHA1 275b64837b9b24f653b7c30d70d5f1553ba835c4
SHA256 5eb336c18afbb3197e6aba102c2cb7feb5eed25afab22161eb25e3df81346209
SHA512 d242d827b6228748ff92d6bdee861e73dd6be80506d68785b75c3fda4b24c205da1ed83d0d2150c43bc1ffbd94bfd45c9728edfd8538dfd0fc5a477ded47d854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4252c7b611239e9360fb8e06a422a7e4
SHA1 d1202fc28ecb7ab72bf2a0c152f379bad1a7a395
SHA256 f4ed2b5bc1e22c6c6c0a9cac7b79d902aad3952a7c84a54d1b5f749a18fbf48b
SHA512 8f7de81052d16b842eab4c166ded37c531ef0f33255427af2bce904cd6a63880fe1d8459bd2f160c3b87fd75bbb1df8ba70713432a5675ab4649a8884eb503aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81da3884c2e04cf95970c892e46b3827
SHA1 c4e76f87948c24b32e81be3d9ca9cf6472be20cc
SHA256 7c274c7d70dae541f71752dbfe68e7f36e10ffeb3a60993c2320599636e023a5
SHA512 8d64802aed0662a672fa2cb6c7efb9bb13c7b8c3ef7dba6f343c2f40e84b84cb50c8b1e93053872b07638e18284278381c6bf9af042078101e3ac374877022a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d34b041fbd39459747c196c8192f944
SHA1 be93762657f029cc64d2eafd8a7f7a72fff1a010
SHA256 0a33f020bee535c5b495d269fb6aa8364edc897601c65b78f867ccb512594e4a
SHA512 50f7c1f458d08daa7b572fb60e330b74153ee60cb41f01ec16519c2699b9455269136fd27b4787b2c64ac59cd192b27d1634e2c92d995cd46ea5625e9c6b77ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f201266f6769765aef61d4dd71ae3fa7
SHA1 4d26526621bd83b92e2156823ba38f96f35628ae
SHA256 b245dba71c74ae35fbd3a25355168ce53133839c31c3881b119b66272211dd53
SHA512 671d366041cda957f7d3e092c909f9ff847ff60bb05f5325be58cc7dbc57a924e6efedd6735fe5a63139b3161ce0b90ae676c916ebb3de4925a5440b1226c3d4

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 01:27

Reported

2024-05-27 01:29

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe"

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2552 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3436 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe

"C:\Users\Admin\AppData\Local\Temp\14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ff9813246f8,0x7ff981324708,0x7ff981324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14b59418593e4def07b6ba58cb362885337d9605d843448dc6b2037962a3b65d.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9813246f8,0x7ff981324708,0x7ff981324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7075280857067281432,10418958767673845841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
BE 23.55.98.77:443 learn.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 77.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.93:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
US 20.42.65.93:443 browser.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_3436_TJXRVHDJUDKUAAYH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c9692669a0f51051ccf55a9aefae9c7
SHA1 cadc3d7ecbdf6f65e6530caf1178b753c2a3ff3a
SHA256 3aaade42dc5d4d0c6dcb4cb2fcc19c20d125ea7f90b91a672a5e92bf6dbc043f
SHA512 4520a81b27d43c98c9b9336d50ad6bb38d852ac08d9c448ee3bf5797c73b64ced338a0cb2dd9b93d66b9553aed852c6e842d130090c28aa6b292415a49eb38ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b088aa042b186ece7d077b914517b789
SHA1 4e98db528a8a7dc7ebe536d18a3e22023367809a
SHA256 b1f0ba11f6cce7dbd40de16981f07d3167e53ff50f2a8b6fa2595d958c7f52c1
SHA512 d6d8ada47ca40e26306dadcffa1318f4a4cc79099e89e15c711e84033c91c4827c489b6f913b7790bd34d8501d444c43778c4939e6c4a882e8da7b03a7530c90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c077482e300efec453593369277822d
SHA1 0bce77d4eeddb962c9ebc8ee05b1051e8be5de81
SHA256 75e16873ab38350ece8b5be9de51bbc9d05a18d2108fc31d3f01639476bc2f9c
SHA512 c12a8c2270a9edf3b4c9b97f349b54148700a91d00d1d911fed12d3458ebb3e88230561f9fa50f3539d06448225b007cdaba26322aa6a7fcf7ef19e33d33ecec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b79324d-3af8-40c5-bfa2-ab0ca6547e13.tmp

MD5 d2e9d970d4811a416e63ec0e80a3c3fa
SHA1 9d9736efe18068bfbbae1c263dd7dde1723fdf17
SHA256 5a7d6c5111cd16aee5c38fc03e2c72e68db62969b09f4b90b8ee557b34b7e674
SHA512 8a84c939319453abe5da63aa24f188c55b19182c97325e0668f6594f0dc294d58a2bf261c191251338e445765b9c41c88d6892557c844793e7c6f9faa465a675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 423487f4a3af05a0ee3aaccb6f8e442b
SHA1 a953bc4947a5e19e4d3b69e7f4d0d6695b243ba3
SHA256 98dc734df45d0a6d686582210503101749c423ad855102f3d8ca27e6a2382915
SHA512 285f4acede46eefbc26025c0f6d4b42991b66511ef890c314a31f3f17d033329d7204cc8f8b30a7badb5d51c59bd8c471db90e85d88cc9084b9d04cf0bbaf52e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b4e8.TMP

MD5 9eadd9d98bc8e111ac6e52a4342f23e5
SHA1 b5dabb7df814da5523ff6cd7773d83c54d07abdd
SHA256 72f0ab9aa10a51d2cb137b06c14bd16da317c5d766374fbd045f520f85c0fac8
SHA512 1cd36b7f7bfb2101e3acbadbf4c27ee96eb6d3f89614af62454864c30bc8a4c65d9a7ccf6b7339effeb0933a340e95b172bf13f23ac278930ff4b3ffb87e8cfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39de48a1f33fd6fd758bfbf58db5f8b3
SHA1 36bb82a78c5775f6678f93c1ee0f770f6dfc84b1
SHA256 a6664503602284a8f3ed30b46ef9964b8790ebad77bfd0c22f08b0123da9f61f
SHA512 7216d52f36769f50d3fde13ed49abfc204e67fb7e5f575baaa1e9ced07869a8bb24a3cd93aa6808abddeae1bd7545abe2e5290f73da3c723d5dc6fafea24da76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05592d6b429a6209d372dba7629ce97c
SHA1 b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA256 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512 caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa