Analysis Overview
SHA256
e8336e435cc6fd4696bd3905f76cf77d2fed977b14eb04ff6266bac95a495e48
Threat Level: Known bad
The file 14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 06:55
Signatures
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 06:55
Reported
2024-06-09 06:58
Platform
win7-20240508-en
Max time kernel
121s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000003e125211e04810d1e4791bc7df73856f0cef4a6c2c34040b302ff8163297949000000000e8000000002000020000000d05de36ef76d37825e1d7046cabeb2da5c10bc58ed8bf515611a7891cc1f8e71900000003d3bb829a7c893c278c1eaba82c3858d84d1444e768ae125029cc2d9b98bb5d2ecd53d888edfdb8893c1d769e3353e8ea25c8f4e37ebc215158aa77f6c3e3a474df8a7c122963acbe309b3a46a7b1b855089e504019351c51251ae8cbdeaee06101c5efc4c83b58af5f9713fbf63fbb56400a3af994bad9ea8091b232e9faefbb558dd44ba0c5d4e2e80231c94ad040b4000000069407403144e8811af29f514fb9de8f341b4302a1d938d0b877bfb0b7b10fd92f40eb087f42b15524dfee888eed37f08f01322d27969097dddba503af0b91cd0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50F29E21-262D-11EF-931A-4205ACB4EED4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b262273abada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a4195dc8ac4de2a5efb130a3e3949d1692fadce02061865ef717468ce1825c1d000000000e8000000002000020000000a39edab29766f4da638c0b75d2af56d343a37bf7fe8ab95963cc5c9fc6da8ed4200000001d35d79835bf1acb9a6853b8b22ce6c605ca9cfd87fcc4e7968cc8601f803034400000000a856ac202fa35c69eb7254b1707dcd34099176f3821f1ba88b2145115ccde7f519c0145b9fe125fb3e8ad2648a4fc6419a793ea8783fa9d182d1a17b9eb096a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424078022" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C09.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3CAC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35b0e7dc551368e8d4b16a8bab6c2df |
| SHA1 | dd44f2820f998e11ffa8735ede8276cf3fabc697 |
| SHA256 | 51334a3adfebb97b132d2f5a6449f7578eddc6c5727d4ac4cd7a96de65bf4245 |
| SHA512 | a24fbf14e443656a2174e7e31051b5d6961c795dbf5aa6226b010e30dba768b315c3309003663e0b46576b2ac87fcca1956e10ff1fcf8748447d4689e3a602fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fd4d3c2c34cf1ef6ddc5b872292cef7 |
| SHA1 | 1da3857e29c115fda551317f7983c05d376a37a5 |
| SHA256 | 96c607193d431684493387258e1572acfc114834b5fe307da7c7a9b38322e6b2 |
| SHA512 | d7a9c0d9e0b3c0a6ad9b801dd6678d69c9fb5b81d05264fb1fc7b0607439bc5af1f95ed81ec512e52054603a469d52fd03e2831580fb135c6693024b641e53e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc1fbbc4d43407718b5338453ca6e1e |
| SHA1 | a3ee2a554a9969c943d48294b11f4e6d95b872ba |
| SHA256 | b019cf7b2daa2daf510ca2b388084157be9bff8323a7c19670fb3fd0af15d251 |
| SHA512 | 6fcdd226d9172f47757082124706a37d8fb68df938fab05e79907f2ee7e094edea283a516f8e1a940c773f6e09b8d2618948b6f3f91a9892a8d063104093e432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1772d1c1505629e0f8269f72da29b5a6 |
| SHA1 | 9303b16938597e3a8c819f95236a04878c2c5a62 |
| SHA256 | 768edaf73f2df651ab9d4d5b7bf40a29245ed48cd90508d3bf859b3a3703120b |
| SHA512 | 599c23edacce02f8e27bdf8a1436ad34a0efc1a476095fad22e11e7b160bd1cfd9ed163451594d0d733d83647bbda29f76c250295ee74c7b9fb16e1c1ee888ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e776c9e53b2cc377c8862249db03b53 |
| SHA1 | 163e1f3bcb99788ee6b48861a2cf4a4145d5ddda |
| SHA256 | 996db2972611052a42bcf0580f1b5f3b32128f744f624777797c108e4b9f4fbc |
| SHA512 | f1f5e81aa86b9a0fad3ec088e6aca04667377ca8d90cd940c730bf557a89c9b8489a77b038f932a9aeafc8e6306651ddf1a08c3e5cd564c346319ca8689046bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aea899b929f39cd65ff5dd9109dd7da |
| SHA1 | 8e29bae71a083280510f8f98d6ffb1945f6a2f44 |
| SHA256 | 0317228506a2e763b67d86aab909dd88f788db7d88aad1280b6b41386e4961be |
| SHA512 | 164c7e6de9100738616da5466db2973fd4b06a314d83c725f2f4b82f6f9538ee75ae174ccc9c971d8d04b6a96114035ccf61172fd07b56a59427ef1dda80296b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a23c6b46d01559f9b701762758195c91 |
| SHA1 | 81408ef401263585884c8df5814c17e933ba24b3 |
| SHA256 | 21b432cdfce9a167e15fbeda725223f78449b24fa8c452b55c5d7caf8467baf4 |
| SHA512 | 30f94eeb7d9ef0553d97408aac0ad495bb73e8bea95bd800d317eb5e22b0afe2af277325dde25aed572773ced2ce3b06d0873090a476e0437239436b88ebead5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | a96895e6f289f868442ba543d2837dab |
| SHA1 | f4bf12dc4a37032dd4a4a4ae2e95a83ad5cb9c5c |
| SHA256 | 304d942177c071a997d9102a335ff7ffe7e77333786bc784633ad541eafa6dbb |
| SHA512 | aca080c6748cde983e075421d29f1dc989aa820566ed006e2e249064341d3dd9b0dda635727d93dd39953abe6e2dcb9506c80296f265f53b7cd65c789289d36c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7e10409370143b439486b6d0f820956 |
| SHA1 | f42eb8b4feba61267d9e59ec53a2f15b1e01c7d9 |
| SHA256 | 591ca3d605dfba51b4f59e2db035313170071563217094e682fc96c5c9692051 |
| SHA512 | 7d1381f45481281cf098e0c9d40f80febcd59dc0c01918f2e32b354e0da9141388df9426a5080a5405656a6f1302ca968dc49c57b55d76f08a86f5470148791e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a63ff65dc28f752e56bcd0e0701c96 |
| SHA1 | 7ac64a7b98a1b30269ec38c8fbff51c505d9ee22 |
| SHA256 | d660fe1188172ec6b5fb76ed1f16375fa14b9fc318165f99da3772d91f451960 |
| SHA512 | cd62084be17ad2a50d1ea6dc83a428623cecffdb92d1e43078643e31b2ff031ff26a5a1209d4cbecb08c7a25439daa50d80e154b9bdec8281c715d8741a41916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c307dfc1e2d9989ef7f5a5ac175dbe9e |
| SHA1 | bfb391a2c25062357c9e541b240fe8d7e976f9ba |
| SHA256 | 78b65453830d0ee9220624edfc5e6e615ff9a7dfcb38d0e77468f023544b63d6 |
| SHA512 | 896b0077fd4640f160db9941c92733333e27b31c87ad93df706982c0c24909e696f861c640f8e4c91491f6d662ff38ca977e4779d92e591776a04ec028e1f2ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d86d733fdcd113592d6fddb78b90140 |
| SHA1 | 9e061651bc6608bdb8421c973a9a8cafe0c2c4b2 |
| SHA256 | 3c90992ffa886f1ec876e5ca022191251f6d383b9aed68ab5344d9211a64c968 |
| SHA512 | f68431763f5d86dd7a8e232882478f19c0819822098ef38e3720a4a457a6deebabde1b2b303b3654d2d235ba6bc913e9a05b56801afac507b0fde4136505a66d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea45c1868a1d952a96a2b8cfe973082f |
| SHA1 | 756bc56ab69deab3580b5a0c986509f81cbdac0f |
| SHA256 | 3fd9c38d9266dc5a3fdba1b084d97566ec4558617f4d5f0f37324a876272f931 |
| SHA512 | e739b46f91570f9d91eeb743008bc836463c942899df730871dfef4e311db44ff6a043afbb1bae816122ad8c93bbb152714a07f1b385f27c9a58b978bad8f71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 646fe0e2503c610aa363e100afb13bc7 |
| SHA1 | eec01a1e7b4cd01255157c9e2bba5ff3b6c3d24d |
| SHA256 | 0f492f00f53661ef5dcfd4cfb8d6be6bef6e678afdda652c9236391a53180fc4 |
| SHA512 | 3278c3c2963a1395896eb480ce6834743a53e78fec9da851312ff65afe98d2f15425695268761d8c54a11db1a3f061d74c5079979666f37064f149c5466fd3af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c4c8015755059f4a9ce7c7d0279db1c |
| SHA1 | c75e0870be6cefb6414ff998cd79e1611442677c |
| SHA256 | e0ed5efbea9e5c2f46a8003ca24585992f85c50e902700ff3af3d1c6b8ef5cd8 |
| SHA512 | 0a9496bcfc10564f565180b5c4fbfb4281c92e563858b4dbd1b552b102e4fed632c37e764f8b573c51ad7d7c1533bd82e680a3ebf7d8cae0c80ea1b152de7628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ef17bbce61148a573dba6e1f0851e8 |
| SHA1 | 55090b72ad49adad4552ac63f676740423811c2a |
| SHA256 | 911e389e1a684fc3176187c69ec40b3dbeddf5a55376fe9a508d1024cdf30be5 |
| SHA512 | 3e1f1ae1d764e566cf2023faf3b32fac809779ff226b6b697362095030276d985ca605aac7460c0aa3e21d266348813e0560fa4e30b9229d4dab476e03618daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae81651e6cf91c6c13e5a04bdd1fef41 |
| SHA1 | fb5fba4e2c8cafa2c3757f360dba3b52b0b3147b |
| SHA256 | f6b55c6ef73a41ff03323faedd61a18991e0f3aedc5d901fb078dfadc6f450cc |
| SHA512 | 6ffd65b8137e61ad937dfa47b88dfbcfc920f133f5eb9a6fba14f26f5fce3d920ee56c2dbdbcd7900ec4c6d5df7cabdd23c03b06550e693d3b2b6d8a46f5a74b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dca3b0e47b9fdb4cbdca05156706182 |
| SHA1 | 5bbceb0dd6f9b744ff6b057b3681b469bf17d232 |
| SHA256 | b95b29a2b2e2714b2027f8e29d45ea5d605152bdad9e4475366c7fa752ebd428 |
| SHA512 | e3ea074377a28f52eea835a684948a60cf1fe9b082523763df9d1e536bbfd369087b84ccaa29b663e495f2f06defde6cf7dcbc96ca2ed67695ca3b74992d1370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a050b29937310ce6e064eadcd4e28568 |
| SHA1 | 7969a9e7cc8237b87e6f40edc311a9c48b3f61b7 |
| SHA256 | 3d8004fdc6d63c42459e30e4ae4484b20fdc01495cfad62f2af2abc71d141e44 |
| SHA512 | 88e6dc412d26f6aef292ad076eae3170d5c76a7eeda7aee42a0881966081ef7341ae0501d13c03703736c67a3c8474668ba8655d4c5df0a579e87bb45dbfcf6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b46cf3b97cdb3e0e6aed68c9c916ce4d |
| SHA1 | 672e9e867cacaab0d9aa8c6d548962f3655cd88f |
| SHA256 | c0b61612997755a79cd3ac09320cd05718a2abfdc6f8f085afacfe6f3e570601 |
| SHA512 | d9bfcd5b9a55e9d6271cb95306ad06822dbefa82d06d45e3df960838bc2d876c187344e11f066b81b313166e5d15a2628ceb8bf5146f8134fd612220a84fb5d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf587c87a53201063eb0bcb7da9c81bc |
| SHA1 | cb33a1657dfab06236b0c52305dcc2e8104463e9 |
| SHA256 | 1a46f2cf0acad7600bcf2eaee7679eb00002421a05252fee55552d20102c96a5 |
| SHA512 | 6b13e82b1f54c8b7e9bb43ad80074df4027a321231bc9af45223df7481eb36fc67082e1951a9eb9324ce712ff448723a1f177d00d6602c3d2b3b732b4786b24b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a730a65cb115c9eb82976d16caac95c |
| SHA1 | 24af5c2f3ae2f1b3317b032bc801ec027cf79ae1 |
| SHA256 | 37b05e7f3c2db9d7601d1ee074895e7b2ecde74e739ec68c6108453f4249c963 |
| SHA512 | d780370a7296ed879c5ab75712ce4e5bbbf2819b47e86137877a2e6bf9fc8a9f65b78126deb155209e6b6bfe6c960564d77ed98a00ceaa331527c5614979bc93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fef5f75c51dbf8cf111cbf67c810c454 |
| SHA1 | 3d8f4700c52df6a7019b3595abd4a01ecedc39f9 |
| SHA256 | 1d5555a88c4e4529b8838d1de2e9ca45aafcd347fa083f0e4c34e8e5c924a718 |
| SHA512 | 2534ae4bcbad532c99a67ba4604890c19ef34aabb50674aeeecbf2974457c9eb68478487fa81f5fbab1eb8875b2e3bf081ca904d8e7a5be4daa0f306dbb1decd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43d98fd9711c885f1e0e31d366151408 |
| SHA1 | 92576709790d4a1e2b17cd8146f42f99ce4be2e7 |
| SHA256 | 1f7e841c558f4d66440eb398dde61b54a31bfa266e5efbdd05d2740e5b67d2f6 |
| SHA512 | 3ab385f8b96762f84b01870a03bdf5d9a34fa5d0aeeadb7aac1372585f2c0149ef062cb4fd2405498b9a08d260998d91bcf36b3488b23eb6b29508137f6d927c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0046c7e6be71823e00aa661889f02c8 |
| SHA1 | 301970b635917fff6737e8a729e9b97debef80c8 |
| SHA256 | 1f6f748737971f82c495d66c271e6a60dd09fb8919df5399b5b52a1562bc8a34 |
| SHA512 | 55850eea7eb10610a832081fbf19101550085d46ecb183fc9b9f3c9dbe92549bc4c74d6ad605fd5541e1910f90d25c709cc6baccdad20de2150656a1cca4c1c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f503fce1871eef3a7b8c60676aebf7c |
| SHA1 | 8d263ca0d6e2eeb660ed3aee8fcf5218ef5d7585 |
| SHA256 | decee5e0d8c91fb09e605564c52237c2dba9cc3b0b921592d35bf1cda3f5e7e5 |
| SHA512 | ad754af575076307941c9d4dbce5740d989b26536c587a46cb5ff42561f94c3607448732aa08024e275067a23bf93e9ccba4fc0e00f12300dfb65bfe29587cbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45470d6df34ba675e258b01d099a96a7 |
| SHA1 | 87274977ef3192bf68e5be442fd4693beb1f42ea |
| SHA256 | 5bffe5218d07b48bd4f0abb079dd10928c3f386789f0966101d090be11b24ead |
| SHA512 | dd0124816fc4673443bc3f830dd93e99657dfe0f74b83e3755580f9ed3bcd3e151dc35b6c4c301c2d789dce66c7ddd5be21c32beca3eeba1310a200f10e16567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35fcb9f6ad198fc239db3792eea4464b |
| SHA1 | c281e034ed84782a32ea23fedf18fc0cf52ea7e6 |
| SHA256 | 9213f817783bd778cfb0dee6371e2d3edeac9f037e8538a56d165f7b29099a6a |
| SHA512 | 25eba21c547007d2a3fa409b5c7c830c40377e0c82a84f2c617045faab61d4c92fc07fba11ba0f70d0e2387fcae79234718af287a443d53798ddd1689d492755 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 06:55
Reported
2024-06-09 06:58
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
151s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x104,0x100,0x7ffa3a9146f8,0x7ffa3a914708,0x7ffa3a914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=14a152a6f900338867bb2b57046309d0_NeikiAnalytics.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a9146f8,0x7ffa3a914708,0x7ffa3a914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,128445609605547848,17014767796913353063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| BE | 23.55.98.77:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mdec.nelreports.net | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| GB | 23.73.139.11:443 | mdec.nelreports.net | tcp |
| US | 8.8.8.8:53 | 57.234.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| NL | 52.178.17.234:443 | browser.events.data.microsoft.com | tcp |
| NL | 52.178.17.234:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 234.17.178.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1612_QSHSPKHGMGMNRTZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd2df6840e3407909abaeac5b3db7e69 |
| SHA1 | c0e35077a529b090caf6deefa0104654b6996059 |
| SHA256 | b7ede7253e333f5c9833aca893608235e15b2e394d87d16d74d72a0a1db63900 |
| SHA512 | 5ed953bb18530c4c1dfa35a4f6e51f8254821cdb87640a207ba10fed7a0f503031d285de29a2c1003ffcb6e7eb11e72549ae0c7ec963210c2073708a9c9497ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 607bcca3b3dff5d7e8383dbcfd596667 |
| SHA1 | a2ca14a2db4ca13aee0cb356e0ff0ea6e15a40ef |
| SHA256 | 0e2e9c2c5cefde36b8ccc96c40dd8c9ebf1188a09b4d15f18882359b2f660468 |
| SHA512 | ea693899ee40f9b5c48aaf8b85b0d7914a78195333e5612955b1c6051470d8a700dff7b41e4f0bb1679ffa11b6d3dca8fdf91883345b40b5220136fbb1e9fc2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e9dbabd18c6216bacc1d306923f272d |
| SHA1 | 8da2efff0dba8cea6044c0576edbbddb7f48bfda |
| SHA256 | eadc18292046c1667760c16f94a9522db93256c480b7b56c75b2aa510082af72 |
| SHA512 | ef93d01a6f2b7df86431bc771c1492b2eb019f95cefefb7717733d24ddb048d425bab7f5be9316806bd532ad5a6913e7aa79b3cf9e7d5724bc48853d8a66f72f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84d7207c559b19ae069c01561e73da13 |
| SHA1 | 562360b378710bbf30a05a7744421f5bd0e3c084 |
| SHA256 | 61994d9cabe51899238d93a7bb5fb86f23d18dce579548fa139b1038e4622b88 |
| SHA512 | be557003d4cdd115a529dff13f213bd98e95a095413b0f99a7f647d7bc038c7ed7ead856d28f930582ef284003f7fe78878f51bd671d784a7da666aa32fb6aa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 346435543567483f5f3a169fe027b4d6 |
| SHA1 | 0762ca907c623e46a96b48c5a3402e512b113bd3 |
| SHA256 | 701bb78c4ae05b22e1525cc6e71658157155648edd8a50f42563789575276350 |
| SHA512 | b1a8a5b4f8233c1589eb2a172249d3c3dd264fbcf28b5c39471964b1158b4b76d1b4b22b376be083b55ea5c8a1cc484afb639be96793e11003ad54493c750fda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbde.TMP
| MD5 | 78a26cbe150925da971eb57b87891954 |
| SHA1 | 940a45c8be320d54e6b90b9763fd4a9a035f7cd2 |
| SHA256 | 6f6abe244db5e59d703b1f34adacdb96baf2c76d1c50f990b2b7a7875e870939 |
| SHA512 | 438d4ccc1c497aa87bd26b8b610f0fca96ba7605f862906ecd14b710b481dbc06b77f69fef6d2f7d08edb5ec7a9b2c87c3cf31b7c86ce92713ee5e22de4aef3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b19b3d8c7d9803d7f110036704ef0377 |
| SHA1 | 7d2fee656b6fc1efa16243219f715092a50199b8 |
| SHA256 | 92457cb49991b25ea96d0d5b6787cc8544e60638d6c6c0e1ac699d94560f125e |
| SHA512 | 7b61ec0b4152e3ab1239b8c67320d15485e7361820383a48b3c1e1efe7a80f85a466a4961773ed735fc574a640413cbea976e9656c5e3364a0e4a9c7205db582 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |