Analysis Overview
SHA256
04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa
Threat Level: Known bad
The file 04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 01:28
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 01:28
Reported
2024-05-27 01:30
Platform
win7-20240419-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fcaa3ad5afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422935163" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000040e553749b43442232be4334531e6d94832e34f678d61bd30740bdb065c2e873000000000e8000000002000020000000688e0d8098b0d8546f296b9983494b25c9fe6fbd3df4e34a92286826d05b599b2000000017809d81116cedcbb75418364e7c283f50a2fdb502a91f4f49a05728f0d3353a40000000897848f25d07b4830979a9bd2871dff88e878496d5496a87472ce6204019708272645f1382114604804ba33fcb06b995d45da95e2604a23a1e54f632c538e61b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{647D6F71-1BC8-11EF-BD6B-4E7248FDA7F2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000023588c5457cb4e580d05f512c32bb654a1e604266deadd9c4b70e9d5d64e107a000000000e8000000002000020000000c28d37f6e94c2b34db71f5d2bb806a12aa33e38ca368c7bc7e71bac36ebfe9fd900000000ae9601863e42bb721bd34557004376febc77c0af0a6c1c35e8088c1584693a982014ac222a2e931b0983f5c94cc82e6f44ed2ec873ed3380b8b6d99f46e472765a23c8d6620156eec217b9fd3bb7ee94f5fa9997a8dfd1e92b8cbd7ceec6d34ab9df51aa4308c6ab4163dcbe657a35def20c6994368dabf66cc2665a768a99b2d2680c5e644e75eacf93f2eedc1a97b40000000e6b67417342bef08210dce96c102ac2d73acacd943ea75f7c4617f1950fdd40e0aa66966f4900fe127d912d75a7987b9e3dd9debc362a05afcf7c7ab525ee9be | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe
"C:\Users\Admin\AppData\Local\Temp\04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab35A1.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3603.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5822f6de9d5a0eb16162b482bede52b |
| SHA1 | 55a32ecdd65545413005d4579fc07342a2ddbfb8 |
| SHA256 | 62420882c6469c8bc5cdeceddf7c8d92f506f3b606514fadc75a6619021533c7 |
| SHA512 | 6065642e031c060a2f580f818e605b010c37dfef60f00ebab2acc1c2e9fa87b11002d74d8e5589daa84bfea32c993146098e70177784a8b07ea203a7f859b376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c856ad7a07fff4f59c4335aac1b0f3b |
| SHA1 | b00bc5050cbe14df8549130e1362ee74b73f349c |
| SHA256 | 90df38b5db085f23a0f1bc36edfafab1a570e667feee1044e3ba46454d257252 |
| SHA512 | 175cd65a81cd9121ffea889a236bdd6209f5f5c95bb357deb5b58c30159daeaa19206f7ebac19a882f371fecd82d13400da4c621e6142174e29044aa31135158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdb46c206c0b36eedb1d1e899ed0e6ba |
| SHA1 | 8dc8a0dcfb4c5823cf82af416b96259dac198031 |
| SHA256 | 1c73f75fad2ddec22709b5c3631821cf1c7b88f2abb5ad7ef5fc7dcf60dc3904 |
| SHA512 | 10a0d5cd3b1cd5259af26be33d4bf50ec71d8556f3ca0e3c4231cfce398786787eba28a92609f80ec407893698d0e2effdd07ae02f85f9e090c5de58cba48487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b96b38b051fd872baa8fea135c8a817 |
| SHA1 | f32c71625b7a08dc3330f20da9fc138eb519d07d |
| SHA256 | ca4f4e46fe0af8bac186e24d0ac560c42317dd553d5881c20283a6d9bae95fc7 |
| SHA512 | 62911c852fabd0bf5b39e6c69a6281f3c467a67cb7aefb09809ce91c0c253310bde9d71f45d74a728c8dc0a631267c7d10f2f59184c7d6820aeca88303c79b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9471404bd1d41447a759aa84cb5ce0a5 |
| SHA1 | 7c63ec7dd3cb413d09b9eb7f95d8abf2d7461acd |
| SHA256 | addc8dd62490a62957182996bdf02dd744af4636b0e5ce5d095b7d3ec95a1fde |
| SHA512 | 6b8f28a3778358272daaf83a0f95cd569f094696cc7c714445c68c77bb8d30f71edf7d4887f3f87fa138e1b46b0eee84eeb6d3ddecaba753f2be9aa72c5aebcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a598a126ab0ca73b6a818d2d308e2d |
| SHA1 | 9d3493ee42eaf74daf023a769d3604de3b09e617 |
| SHA256 | 7979e9e45ce4ead40282a0bf9c4435599165c15451c1ae18bcb3324232371cc3 |
| SHA512 | 50fa80d8ac7a56fb94f634661b8cd9415dd15d06119c7b9e07220a778273c9b9c054abd84016722ece51f1e97121379ddf2f75eafad1a4a8df917b9a3ff72caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 52cfe30b735d52a5f7ca6a9cd6419646 |
| SHA1 | 413f97da5f82e3662e3256c6fcf9aa84d67f237a |
| SHA256 | e935210fdb9991e4c49abb0c4e0f8cb463c1e33404de4f983e84cabeae413c8f |
| SHA512 | 2e957dec3700a4e2711e8e75ae735a6e3341ecdb56b91e02054f28c281a9b9a35973261e24decf1a6771931274f07ef5cd602701249f1dc38b26aa5c3a575b42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84910902ab1120aa49dd8e37bb8887b4 |
| SHA1 | abdd97e5dceee1ac40390aae9f3fd93be926ecd0 |
| SHA256 | 9a9a6369b9f6c5e8d3f773115e124332654ca365c964565cbf48f61a518b5a06 |
| SHA512 | 16a47ae0f59e3d81262c72b6e65080d912e7527569b70c111db35e5191089316639d31abe3aaeabdd30ea9a3bc31ad6dcc9a86325a211c9d5c03e939b3a4bb14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e587edf1cb6b6d82b01454cbceb5c76 |
| SHA1 | 8c33b9b67994cff023e72a665f0774b682ace515 |
| SHA256 | d901ec90f1b46eb087c8d4c5a5b1fc772cb1fcec42c1f9a4adf6be2a1aca0e58 |
| SHA512 | d6b623a7f680b1fe8ee6f06a3aaa4df4857c5519e31d8660bec91b9349c535d6b22441fb5bda358177ace9681cfce33f9ed701fbe2ec4da0c0a363031e43aa80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9797893faee32443177d64bce4ce0ec7 |
| SHA1 | 2ec2d0c03ab73c5e416c3569341506e1587fa99a |
| SHA256 | 0d72400dfb8c91f3c14db74208a0d9d45e16cfe1cdb58542402de2cf73932183 |
| SHA512 | aa479f73c318d625c49bd02f1a39182efeb6019c18f50c223de604e0aa04f846c9184a4b2718a5b0f23a0af386b6348f93e7ca37db6e3f1c7b2b447376291719 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f1d8a92bdf5abdcb30d087fb1dd026e |
| SHA1 | 4809f6d22e8d485b9d46abbd7b0941dc9d7694ca |
| SHA256 | 5958129cd47d37bc58c679817197d6c8be1119db59b2acccb7aa10a061c16d6c |
| SHA512 | fd1ffd5eb88c5cada056e393a771c73ddde9dd60b2d77bc78ffc8b8e314075cca25f109e06479613abe570fe30ef9761fb8542111b2f87431d1327da705a7d5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 950a19551e1d0b8320901dd7ec3f348c |
| SHA1 | 75f2d6289b9b86603dfaf80f8e1f40ed6f8d866e |
| SHA256 | b15a3f933c7dcc1962369009ad2b14ebf0ed72f8432b287da5497687b7e37244 |
| SHA512 | c2cf01c419e49f495973f8c8a302e6f38f165f66cc5f86268387fb557ba667da5d562364988c31b4ef4a35d46ac4473e8537bb0c8427ce778816bb3de4af91f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c56ed96a8a35dccdc984e191691b6ff |
| SHA1 | 93a4c419b413bffeda4983ecc9bdbf1bc0209229 |
| SHA256 | e4526953677d09caa40ebfbd5eaa27c681565b65f43f4f85b9d3dac3f1a1c7e0 |
| SHA512 | 31da7fd3b78313df9a5ddc5e1faed94c7ffbe6d7b35d30e233e217df9023d7aab207fc649d6594d35d6aab80ecf5cdf0c4621d17e69fbf882122fa505c7edbed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5beff7e89089c9ef41c47c20b0d3d7 |
| SHA1 | f4ff1253cb717f0ef52d5a8495e6d1b0dc53897b |
| SHA256 | 52785611cf7030c1153a470d22d2f49fe0750415918fcba122fe572a9c663e42 |
| SHA512 | da396bb9d5cef7dfab8ad8a808df6685148d0cf662fb1071ba95d8c416f222c04f2a51c75ec09be1d14db74563d78538272ae2b7414b23e1f4d2356842f7a0eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ec9f6f63c48151cd1398efc6ff6381c |
| SHA1 | 4be84f8e83bd8c88c9dd70c4f2138ac50ed4905f |
| SHA256 | 21e442d7cbedc190dc0d2f7f240887ba7ec0ff167a3ca10dc636e3a9716326a3 |
| SHA512 | 397d0e568187d3a5a26ed5d7307db148c874ba2ad904424eba8b74e293ecb5b8261efeaa9ed4ced01b2f1de18e90c36f5d255164e17773fc1fb70a0ca2059d36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fbf13a48090bed8c769f55e327f96e3 |
| SHA1 | 369885a79b90feb621c851c98f5703c6665b78f3 |
| SHA256 | 47ad0b7b641ca4436730e73d413e6336bcca256966b662d47be322711187733a |
| SHA512 | 9ca15d995578783a7386f8332a3361f8ff6fb73f555c05bc22d50e8057a98452729c89bbe84a8f54718ffdbe04d7fdefc8016ab03778c9845e51ba0d8ac9472b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 106cc7a447bbaedbe57c988173b7d981 |
| SHA1 | b81c871d66d14f9341ac425c963b17dd664726d1 |
| SHA256 | c9b876cc404140332c61435c1e14550c605eaa7964c5c070ceb34d260f83bab8 |
| SHA512 | 17795322ef764c5a15d4ae6e56da4c109f31071b3a364853e399ad8213f846851d5dda8f7e3c888242c8e77b6e5c7a83b953455b0f4eb52d6acb67ade3bb081d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eea34808e154f79812210f4c38cbc3e |
| SHA1 | 4a4922b0bf7dc6a36dad5363f19c04ad8a648f48 |
| SHA256 | 420bb4b07874a1eaa61474dfa5fcf88ddb1e6e4081ae738dd73708eda4b7b372 |
| SHA512 | 6afd483e5e8e20067b5f5b0a15d4d86c4d15475c6dc7dd18ba023e2639d6c021e6167f76ff186a9d69ffb15abf760a1744b2e2e0ed25180d506ac0775423fd38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f00e85ae46f0a641188c93d8cc2246f4 |
| SHA1 | b2c25ad4f790e193af1852ab6024138b5ed8cd5b |
| SHA256 | b6745132d8505911f16eab5d0e638f209f1c1448c0a6ff84f501e331b1331991 |
| SHA512 | 4a8cb93112cc4bf25b0e219ad6689fc46e6b3af20a19a97c679fe6f37602208ff45dca2e7439c4e40151c15af96ef7fc1f80bf53821f85b26ddfafefc551300b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa97afb307804a9f26a98217bd099c1c |
| SHA1 | 041927da4f25d80c7b6a998cd2c31dfc4933c91a |
| SHA256 | e5c68175ae07053b8ab409fe3ddd0b5a959a25c0cf7c72b58e5e184ed8317ef1 |
| SHA512 | 7316a4489d82874a685180897b7394ed2c4a8bc4280d4707d7043aa45dc429b1290ad943627915a0df3a0382a6d01ff6db566e86963f5831ab1bcaeead6bd8ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08e6ed63dd5ef42f8b75575b490b7c4b |
| SHA1 | d6ecfcc4017510bc000a9e1e086a87012f80d5c1 |
| SHA256 | 66aef42b0b8d737e78da8eb4d93d45b5c03010cb2f2e455a549a2c5a5405f9b3 |
| SHA512 | a044ddac57fc3fc5dd5622743877fd78655393ccf2b69eab5c8f84f222f57949ec3e3cc6ae6b502ce7779353768263826d9f1f7bd72b2687844ee7c4f6b2d36b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e5b950a31e7d482c4e1c40d89f4ce70 |
| SHA1 | 786c449f44a9350fc56faeda5cfb570566d226f2 |
| SHA256 | 650911b532009c8cc44b92356c57d9b40f85b52164b8f44b8731e8c5ab2c900c |
| SHA512 | aef8b83c8f384c2cbcc4bc2b56c72a28c54890852e9575399da06772b51c2aee065c7c18db9e99d501838ef31c804c36febf82aed782476a1511d4476f9af4bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587d95d37c7f66306267094ccf6310d2 |
| SHA1 | 5b3c4ba17022bd3f14cf3f6bcbf234b191f86b85 |
| SHA256 | 664a544ed09026b8307e10b0065785b68a9302a924c43c26867bd4a5848d5884 |
| SHA512 | 3a35c688906c00f3216e35f7155aecc6a912a924adc4aeb393bfda3704fa2758260d301211f8173b5089934b37255d9933c4d91cf5338ea8996cfec1ce5039a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fbe18e5573e476b520abfeb27bba1dd |
| SHA1 | c66c15b27749facc4238afea900dc4c7cb91d238 |
| SHA256 | 6f398ff4dbb9fb64bffe3b42081ea5876c650194ce6270c20ab4c804c7db9016 |
| SHA512 | b652e5b58c51267badc243f374e960ba416c70d276fedef65117055526f2dbdf1c29494d0bef4480928410e217cce6b3c18f6d4a48c413b35439258e47923e58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b84dc314ba5cff5a2940227d3a7e1a27 |
| SHA1 | b9aea4d6eee58ddcba20d615ee3866a6c57f684c |
| SHA256 | 242e1997df0189d210ff35c27727490d2d0a98b48e6cec99d7f7ae7e089869ad |
| SHA512 | d44413c3c63928d7eaf02c01a0a5465fe3827f9addb9e6b9d2b4876f52fcf4df167d03587ca7c3fb8d59f802eaf1e67065b9cfdd20f25a56fd30d1ab8912413a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 335301b5cb0c704cc3348ef93a41023f |
| SHA1 | ba0fca26cabfda9bb6388b069df68814d9057508 |
| SHA256 | e5f2064dfd9a73acb2c76d2054a9a1a89347cd394b251daa45c81662a43cc497 |
| SHA512 | cbb4222afff42b5752614a2fc0619e0d74031dedfd2935fd02628f232a43dad06180f705cfc902b4fa02514056311829829ecc8e5af9ae2e836aa5d7fc4584ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4e812a0651017e96545e689a0b14858 |
| SHA1 | 87518cb0a7e0697e8eed4a1e62ae8e0db3b008f6 |
| SHA256 | f6f2527f2df8e8a5333cbe6a99ed6918a6aec8cca6050215320b204d7f7ee492 |
| SHA512 | dd4fce8910a30c9fcf7059ae90ef18c146fd855c5828b7c7708d5ebb9ecc3e79853a2e18a14bc92502a3bf90786663e530f36e1d8de583a3ad9e4283ddb5b984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcbcb70cdfdded144a4d9d9c988cd081 |
| SHA1 | adf359e51fe6d65a284c7ef2a35b81659d961836 |
| SHA256 | 1486bb1f98633467814719839ad3597613ce82e8fdd5bf1616e940c8636ad278 |
| SHA512 | 3eb2e67b1faa51e10f88ba65e8beb5366eeb9306ee74ad0dd559805b62ef151ba20843cff907c933c8594e5c79fe8236741fadae78202b79ed2ef0685fd9fff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59bae879098e44bd3a7ceac601d493a8 |
| SHA1 | ae4e01b0469ff81d4eb3f46d83bee15fb36090e8 |
| SHA256 | 03b267db0ba36b851f06a0803af0d6e6f152a4124ae3516f2cec04a5b0421ce2 |
| SHA512 | a72b6769e2075fdb4a0d443c948119931e8d7bc77d108f9f3b555a518b7982f4c956e3a98e96cb62c0ed4fc964b5f5cf0aa08e47090f5975c75efa58f457c985 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf4491b8af49b58be6dd9b881d6d1390 |
| SHA1 | e9fa46d7750889ce253d9d453e7da73569044cb9 |
| SHA256 | 0df7323b7e7193e5fd7e113909bc37346ba7d96665948cf3fff7bd87a15639f4 |
| SHA512 | f220a0f8115806bb198bf34e4703ea14cfbdd229b7b2b83928cafa22e952eb89e277266cf849451360cc0fb2e387defdbad0df469fef0d2347429a54efd701fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 116384db2c9649f3e82a5bfda2a5e5b8 |
| SHA1 | 55f1e9b54120079e857901e12177d44bb9166483 |
| SHA256 | c71ae0285b865923cd13d53a20db6a8064c4bc96f127f6621f684173b32aabb8 |
| SHA512 | 31ecca1636dde7a406acde497ab415c39e22cd4cdac7631970903cc4f777d3e75b440305a67d74b9336a7f8ea780627ac8d595b49102b9e819711ae17ba3573a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d4d0326b31ead71c96ad10ab8ecbb7d |
| SHA1 | 9f1452e45cb387fff818de12ca75519ab31aac97 |
| SHA256 | 11a2f5b85985721639c1d76b55011e6a6eae312c11fed8577d6f6aa95addfebe |
| SHA512 | 44e591a5e5634c0ae8817a10cc9aa46828db80551e6e8374c68f54ea98639b4421cbc4e8b998376c8faf746b5239a03fae4cff96780e88f33c2b485976399237 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 01:28
Reported
2024-05-27 01:30
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe
"C:\Users\Admin\AppData\Local\Temp\04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xe4,0x104,0x100,0x108,0x7ffc186d46f8,0x7ffc186d4708,0x7ffc186d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=04856a37a26d83555c8717412dd343b6f37ef0ecb0a904ad178c3a5d2a5ca6aa.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc186d46f8,0x7ffc186d4708,0x7ffc186d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3725633198766068536,17084224793205298114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.25:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 20.189.173.25:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2652_XXMBBFSXIEBHVOKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 419fba589e98d8ed55ed5460df5439c0 |
| SHA1 | cee618f577dbb4f477a6213e56ce1bb5cf49fba0 |
| SHA256 | f383b06dbc7c436ca6ab1d412f9aada31d59a456e09a0b7285702fb94450a482 |
| SHA512 | 24850c468bd383fcd3520df901e1e9e72d72a8c0ec2e2f9ea5da9dff8fb5fb906ffb60462db9167ee20adb6817f6f813fe3bfc74e609784bd8ef5d6a130af722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 648fba9b0d6038aa760b8e5a1364246a |
| SHA1 | a156c62c9c2f2fde3f61be23ab04f4928be2b11b |
| SHA256 | 177b40e5f9910f25b0175a3a819bd2249688f0a46eb4437a5b8119ed9c3fc0eb |
| SHA512 | a2ed75e28e7e49ee7b31f303f9570203b6c8f719e64449a6abbaec8bdf0fcd0511517f78b7b88ad8285f1768fb3aa63e60889e30bf5c3299d1cf6e879bbb0265 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0cee9bd9-4b08-4181-90b6-666098eb3ad1.tmp
| MD5 | b1cf5cc5d40fce1b7a768382b8c5113b |
| SHA1 | ba9e383fd3d7043c9ff8776a8b20d9bad03bfddd |
| SHA256 | c52631eaf59b8167c85d0e560ac9888f694fd2f735ae767cc164ac0740c9734e |
| SHA512 | 4cdc267030a36bb65f8b80b185c3a50c4edea4ee5af60614f848faa408f3e8b9136285b4ea4b143a52172a89c5e56acd3b9b6c07a440c4c3b7940ff87615b5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc6bba3aa9f8070d7aed385b9868ab99 |
| SHA1 | ee5292fd45b440d282cfad92819c540e9c250980 |
| SHA256 | 0b8fa072a9f5c44c646c373d449e97dbc7e0a3cbea0acb329ce689fcf96caf98 |
| SHA512 | b96305a055db187a4d79286bb6ecdaa11491f7a18ba2e2955f7c1d357fb5fb5862cdf90a4651ee80122bea02adf0c031c09d1d9ed675051088594b8a25c90ca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b68628c80f29760b7b1b0a9b8f7a6808 |
| SHA1 | cf32c15f201a3bb0090c58bc6c7b8d7f7faa90e4 |
| SHA256 | ae87441d25036861c2433700c93330190ae55b01cfa6d9026ec50905917d1a14 |
| SHA512 | b926b4d8aceb19b252589f8b2dd0c04b353f98c12da395503fff8a36554d7a50e794afb48f6d35e3a3abbe118504ca8e9e625170147145c731c54f65bc32857e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c004.TMP
| MD5 | a4310d2361869e4a2d71ac58dd327e9b |
| SHA1 | 3569a10f46d4c120a536556cc3873b78b1dc88e4 |
| SHA256 | 1466aa46a9bd7ccba235cd6beed618172dfe699802c0739954862277f53d1252 |
| SHA512 | 65e80741b1fa526aea96111776ea6ba20bda8882d84c68c940b11a9b8f48893684191752310cf1bdca1b2db356f40fa4fe5612c1f6ff5f0baa1e745d7e449d89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce5d8be52200c4b8075f4250751d1b39 |
| SHA1 | c82b84c4037d896492f393e5f8958756b1333d27 |
| SHA256 | ea2469a76ec938cd288ef2566951abbefa25626ae07666dcc2950b6007ed2fbf |
| SHA512 | 7238af6a16f293ae52df68b619d71998e0169c869bc80b8220067fe8451d87c44926d517963bf8c4fb692e1455a636d259140bcdbc4a658cf23ed301e2be5e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |