Analysis Overview
SHA256
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53
Threat Level: Likely benign
The file bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53 was found to be: Likely benign.
Malicious Activity Summary
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 04:50
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 04:50
Reported
2024-06-02 04:52
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
"C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11731136030447141900,15322200801100173806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | video.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | video-lhr6-2.xx.fbcdn.net | udp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | video-lhr8-2.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | video-lhr6-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | video-lhr8-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-lhr6-2.xx.fbcdn.net | udp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.221.240.157.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
\??\pipe\LOCAL\crashpad_3656_TQTNPBMTFTXBSBJQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b9aafb4ff03a5b45e7d3dfeb84fda0a |
| SHA1 | f85c5cc2b0a5d297c7e1100438d1ecab15452d42 |
| SHA256 | 4c5b20ac3724c3ced21a27c22a1f649576fda87e3f78311679e2cd12425569cf |
| SHA512 | b0bb6cc5edb6522e1e8114436c4dc3e680c4727d67e5e08ebb6cbfe31b90f69886cb304cc7b72869c35c52e5d6190c187a729125c961aea816cef8bf9e371c2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2186df6954e312b3967e703af4ac75d |
| SHA1 | cda195f58ab447d18dc24a318468720ed40b7741 |
| SHA256 | 668778bc01e5004a19f7a487f45928541867e5c6b94c32e11d718d8381c745f2 |
| SHA512 | 0ae988ff8a4478fc47ecd7dffa8acf6d72ed7fa3fefa3fb5870f646e2b0ff554d819b07a158da4673fc9c718cd362b08d6da3a39c142e060dd71ebac5f1a2e3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0d884089b004a104a60dba8fd7062957 |
| SHA1 | 0c697ff67b8621eaddf7cdb70dc4bd2b5879765b |
| SHA256 | 1fba1986d193714fc7ef015303070f5c895173aef4c1a745efdf92136fac6822 |
| SHA512 | 8e88218c87fdf64d48380faa134cbe77306f0af1d60693a4bdbb82c65adec4e0af47daca872626202fe61069be15a2fcd481ec2d6826b22acf26bd3da0e3c781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 090f995e1788f65f74a19ff55bfca4e5 |
| SHA1 | e3bc3995b63531443098beead2ce29c823e41fce |
| SHA256 | d09348de08dcd10992499d03c041d3b1f3b8222019ebbe78b45466ed5e44de5b |
| SHA512 | 1708a7f92cae563ab625b6667cf261cee421d56639c463454d438c4b8f148ab78dc12849c1a81eec04e5aaa0bbc075f819ceac52fe27de0247afe8e0e31d5609 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5dadcb1628f6aa7dc2ca6ea32657aaa |
| SHA1 | ee1f851139256ff7f1f934ff8c763c4059a93a40 |
| SHA256 | 507daba945aa91f17f994b3d119131d7a64fedfb3d28159af3c1e2a20dc32ffa |
| SHA512 | e5c74f84efe1c389f1e9cda46f02158ea73cdd5e90e811cfef7ff6187eeccfc1e979c974668f6e3a8f8e8716020ab531a573058419b184f2cf3f855cff50f2a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7fac6a3636c4cc6ed243eb4cbb19f22 |
| SHA1 | 6c94b755d941e6c72d8cfb60c4c3c0d263073472 |
| SHA256 | 06d87192b60b3899275373966c04ab7c4865f3af4d8320a94d86e1d8b3d3e41e |
| SHA512 | 87ea7779cbefc5534edbd1c4ce971c227d74eb4231f95c0e42814f80eadb552319bff754f5bf9e92926f7fb4ee1e1de078162ac518d3f5be2a8a36fa8f32ab43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579616.TMP
| MD5 | 5f60a51bf9d9cc02400cf44def83ce78 |
| SHA1 | efedce7a929c5f3ab738a16e1f6ff28659805be3 |
| SHA256 | 72ccb79cef5e783d702d3f009f08b039f6f01450c9ce8dd595b002c3fb2539bd |
| SHA512 | 62e0b0c1b72c02862a3313480abb7204e6651bdedb637de1aa52c3b8bc98cc6b9b7ef9eef90d919dfcc5b4695a3ae4704a3d6f04a83932accdcee003adb472d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d1cb9b51a52745e3e3e22842c7876e5 |
| SHA1 | 5072a36abfec3c6c47fdc28adf4ec3eaecbd1bb1 |
| SHA256 | 1a0952c8095177dc39b63eb8c0b05c206489e4da52d4c1075148cb5f49e23f7c |
| SHA512 | 690189a878f987d83a2d85a4b04d20dbf4f13686124161b2fa6e04b3966473985c3c80c271d214d21b9a7b92ac7afd0cd1010604f9eb3202748a09f1c764ec14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aabf47882f6b678d1c1057950786036f |
| SHA1 | 50705fc7b025329f9a9f37ddb667341cd0a65229 |
| SHA256 | aafba7cecaf45a7dcdc56cd634e18c671b0ce48b17f0112694b1bd92c68c0fc4 |
| SHA512 | f0a2cdbb35a955fb90b1054b1b0969c2bba6ec2e0bbbfa3db0d6a8ddc215ecb4a49bcbdeb26c0d62397e28a2083dcf772d1313d6d948a3d05ca1e598f4de70f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e14a1e0a8d98acf06d8b006a8a83a6f4 |
| SHA1 | 43eb757077086dd02815ca4cdd552efdc4870a95 |
| SHA256 | a164885543076531155bf77ecb434a028d4dbd6c460243bf6b7190af26a3403a |
| SHA512 | c31ebcf821d1def26ae3fd62ea5359eed6eb813e6cc2d9a2975e86e552865c1b31037a216bb73922b3e97dc5865ce04651fbb95a856120c601e36b9aab0bde93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83d785ee96094c812655fc63754114ce |
| SHA1 | d591dd8479bd80b1f088e26df1ae8e4ea27c1b5c |
| SHA256 | 5648be14f0f234581f06134061f3c9c0fc2df0d3de9f0b2718c000631aeeff7b |
| SHA512 | 4960ef923875ac1139d0c7437cc1880c2b7ac70c0dbbbb08022badc740baacb954b9ba1d4c8043d6922af2e49ff066625bb579f965f8b788ef0479d6a1a8e054 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e732cba7534f449ce3f0bd5adb1b4bae |
| SHA1 | 82bad36b5cb00ecfc7f1b3285873ef9e60a06c42 |
| SHA256 | 941a430f96e500033ae2a56ce71bff1ddd3c37458a17e64d2d232fe042e0bd71 |
| SHA512 | d869e4d7ec14328d0338694be0f74dd87deb2f4f96bb951a0d56aae467ebe26dbcdc13d9a828dc28f5ddf4d40fbe0da0a12f78183d78b0074a2364a91a6848b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca26950389bc7c33c1165ae44fa2aa6f |
| SHA1 | e03815a12102f0929b7f8e4beb1a87d5ca9a7634 |
| SHA256 | 246030c3fd48c9e6c7edee208643bc61218f446a4e5b1b34a2ab016e5357e1d5 |
| SHA512 | b5af7d9b3a6cf7851db9cf54df2d25e619eadf7ad090321482ec1ab46f575b12941bc910b7797d327d0d855501df37dffa09cbb031ee2ff14e0a2fb5952456f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7185d155db691415210aa46fd9da38d7 |
| SHA1 | e9c43d39ffd4f2fa245b428ce567f0e5394590c1 |
| SHA256 | a0d330569c2d6273a6766cca127e44c6e54023d737b1e5144f69fff41b43eb21 |
| SHA512 | 73d2c4514e0a6b7927769e0993421557415e3a3d3ca90e354d953b833a33b0e015fb90bb9fd0d5833d2ef839187124ecf3b73239693f132b8917a02cd9178f79 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 04:50
Reported
2024-06-02 04:52
Platform
win11-20240426-en
Max time kernel
146s
Max time network
155s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
"C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1704,8231810911251357103,3230122687743806804,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1704,8231810911251357103,3230122687743806804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,2073908602875690781,17273584648787605715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5828 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | video.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| IE | 52.111.236.21:443 | tcp | |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0c5042350ee7871ccbfdc856bde96f3f |
| SHA1 | 90222f176bc96ec17d1bdad2d31bc994c000900c |
| SHA256 | b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b |
| SHA512 | 2efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e027def9b55f3d49cde9fb82beba238 |
| SHA1 | 64baabd8454c210162cbc3a90d6a2daaf87d856a |
| SHA256 | 9816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83 |
| SHA512 | a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e |
\??\pipe\LOCAL\crashpad_2424_BTLQNZROONYJLXUL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 416270b9f867893ce85f0bfce6aa41f4 |
| SHA1 | f2f4c12ab74283ccbaf90ea9dfeb6029be9cb404 |
| SHA256 | b1fda6e3521ba4bc62c0d78d59f691920d4238d5e57c2935635cac23d6953100 |
| SHA512 | 147b40aa7d4a95f4e6d54fbf69ad203560f62d5c32f88ffa1d11132d605253f9814a45a1206399d8925cbba1c17de4fe413b7c15e1c29df0d41b970289cd4d97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f2e5f63f73af664e64741a83b96d34b |
| SHA1 | 5246203657c5f1011df7c827035a7dbb72f65704 |
| SHA256 | f69ca45b32dbe572c82594d99dd8421b37625eac56443a050724da1047bfc1b8 |
| SHA512 | 6f3704ae3d5281c8a62a6c6ea771886ab283084d2f85d7116706847127cc7a717c7555d069778008b25a932e84615ec713d2560f100cdb5e21be6e3e94c50cba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa896862a4d0e105a4b7af867bf2129a |
| SHA1 | d38c00a40e3ba2cafbab42692656f85abbd2f29a |
| SHA256 | d22f3adee38556853c3d8310121bdf9ffdd6658a1fe2b03e8d40fe2e206c08c5 |
| SHA512 | aac07259156412a623e8157109eb9671ee04b9b58ac769f391243889b7a6aacdba80bb0ecc655b4ad8dd9e67ae42c1865f4d521e22b103852757a47d624cd778 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e99fea84ac416acf1aae5d5683f61e3a |
| SHA1 | b9fc2e36f5dc453dcf3ba52b68e9075d5065861d |
| SHA256 | dff25122c047bb4a4cdfc977406da8b93dbbafa8a29e72e812382ef3f3371822 |
| SHA512 | b5f820eb12f2a5f9e7226449bc376182316840ecf0371ccfd49b692580cda1d4255a7e0c118d93f17d6cf2c3b9c100a1264939462f7aca0072747e16dad2004e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8366db076d52bcfd7c54e1e35286664 |
| SHA1 | 819e344e3a3df93cfd40fc36134fb8928b3c8c5b |
| SHA256 | 86a5590a079f12daef1a3b53c7e61e495e9e08b030d0662776147cb55fb1a5e8 |
| SHA512 | 409ec2258636f3ba7c8097874b3453708465a825d89030a2f088275a5e59e54991dd78dcbc51a2ca289a04cfe67a01f5faf5fa6654835f5a4ca0ea7ce04b9e08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e035689ba833d9efe42e77eddad31e6e |
| SHA1 | 2623494b1ce4bf8bcff009607e04a49668b0edde |
| SHA256 | 1eca50f467926f5c59c7652c474f14279fc56ec86b664732834e02ce38be2c8e |
| SHA512 | 405519fe9bf3cbc3012e3823d47200b7a930912aef0b3f6f8493e98812060e5e6541c4a2bd6d2f3c7bdc9f9b78b941abff36473b415417d0376711bae8df21eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8b529d194cd3083ac6b8a3977e1255a |
| SHA1 | 85f7effa0f3fb14961f8ae04376747d9a9142ca2 |
| SHA256 | 66565451be4c4fc4498c7bafbbfcd8b6f77548435d92e58846cd1b7deed578c9 |
| SHA512 | 84e6bdfcebb68f371446820f97185fd78370523ea14cfdb37ceb657159e9599e9b505dbdec3841c16f998f39dd59a7dddeb198610011e06a8b26cd2d2c7352a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd45.TMP
| MD5 | 20ef3e09ac4b1cc5ac6b8a194212b118 |
| SHA1 | 32b0abfb22ff6fcccb731f59b958e355a7d2d8a0 |
| SHA256 | 9836a545df10aae1779356d4cb24d41b51ca382bb977bc0610e2ff7ab6b058d9 |
| SHA512 | be6308fe94df8847c0aede210492a5851ed01d5afe22bfdf1ff69fd6641af370027484c0af767dd1cb363cf357207b1492eb3f118a7c91117cbfd1ecfe419797 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f0ee674410c475b5d9c4273abeadc1a |
| SHA1 | 598c77cb041f849e35df2240c94baf88684f5ef0 |
| SHA256 | 7fefcd2baa277c88310d6265b179daabda2a6c09a6bb2afb9b856a6ddaf6f70f |
| SHA512 | 31daaafed6659c1e50b825babe5df4fcf19204dfc2678c3edd4f37ec0ee01c5b9c1f5f899a65b797c238f90db539e4fd8924a9ef1601c36f6d81cd0b031b16b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 36da9b0dcbc6b22c7437c6a7a5e976b6 |
| SHA1 | eb73144c9c5edf3cb5cded23c8bdcc7198c05ff6 |
| SHA256 | 71a6a8ccb57f74bfe497f87493d48875ce3c464d7f2ca989c942337683cc73c9 |
| SHA512 | 38c42532483551dc0bc45d2fa830d3dc031f1e8e183f3940b01cac0de13e219ed4233be1cf5d01827b65f41a781cd2c133b748db3bd1a8e1a67b2fa2d8d82097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2bc1c536739e3cc7e832a33c71fbce7b |
| SHA1 | fca50f59e25e23fe89a76570a595bbf44c82f39d |
| SHA256 | 3ac22de7bc9d0d267cb49e5e97920628598578c2491fdf715d0f495e561185f1 |
| SHA512 | 4666ec7b6c3f7e54bf4f5da5995e50caa0deb20e217fa08132d2c0c7cb01fe215db1aafcbb8846032cfafc453b38d6abb54aff0759e81290fdb5eebe727e5317 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64bb26a1f16dddfd99f3425959384268 |
| SHA1 | 80191910c16b1308880df5a55557e5d30ecb9ccd |
| SHA256 | 793e388692bcbb96d77f84bf556f2d82f08e188328225c2adc6142716b1d3c36 |
| SHA512 | d8ebc5f5093c62a9b55001eeffeeb803a10710d58d50782ff0b48b963e33618a5b4df2e55ae3fb2f54cbfdad3c9f773cf81f9e526d691d249e43a45dcbe09093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1333d502037c7d1a6c69b26c79a7c3cb |
| SHA1 | 6c955e3874a14217f9853c4696333e03b58d9ab7 |
| SHA256 | 36244419299fdfae43dbec6cd677ecfc3a64c9094fb579892688a980e7baec49 |
| SHA512 | 0100a8fc1956c87cf42fa7e2b889b1b316d001dfe6d89219a0cd35a30e9f99bff4381819651ae0e0b3733082e3f193393204565e99124e5004d9a67f361165b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | edcf10b445a7783512917fef64e3689f |
| SHA1 | ee42640ff2acab0ba455ccf25d09bf454f8aca93 |
| SHA256 | c8c1b92e1bb24341851b674da16690b970df5833329f0146960f0a45a75ceff4 |
| SHA512 | a6673ad4df9c85885a5c4d3b5b82f14dba2102662257c870267abe1915abcbc9448558aa3b718afdfc213685ac76070088d0110564d4500012ed3f1bf06cc73e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88aa320380676585d78703997ed83b66 |
| SHA1 | 47f4aa16420a08c4731d508b809289846c73cd38 |
| SHA256 | a112ac9e2028e3733e7c13ac1242ef346625dfaa09dbfeab67d0ffd8f054aaf1 |
| SHA512 | cd06595844be69094138236e3f6b0146e5609cac99f8493ab5fb4784031f90004b4fd43407bd4a7c57ae370e393b9d17b1d5b07232302c7d3dc2c8b98c209b01 |