Analysis Overview
SHA256
675e3c794e1cfe9faf4a2a8bb18f022a16e0c8d90d38d2bd540ddd711ec2b755
Threat Level: Shows suspicious behavior
The file minescepcviewmine327372.htm was found to be: Shows suspicious behavior.
Malicious Activity Summary
Looks up external IP address via web service
Detected potential entity reuse from brand microsoft.
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 17:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 17:11
Reported
2024-08-12 17:14
Platform
win7-20240708-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0efacd4daecda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429644589" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000fc65a136d6e98fa099e80772b19841775c03814ded03676605e18c2e74bffc8e000000000e8000000002000020000000f8386ee6f910861ab84e50ecd5705dc31396cd5b6370cb6855a97b828820d98e20000000301e273a5ed07434d334f2fcf4ece6a2fcfa42ed48b059915fd7f70ba91ec34340000000be491a4c513c9c41aa14adab862ad4c18921ecaa047567ae00b494d976e5636b818325a0c48df25b599e45a4cfe7b6e9f028e3c09920b7620c8110e7ba9f0771 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000007893edaecf6480e2653d716f0a5af0594ad90ca50d6e342a1d1e8806a08c64ab000000000e800000000200002000000043021b942697c29742a4e4e24ba2dbd9f2d19f16350777dc563460630eb7de90900000005f2f349eca1111dcc0cf4b5f66b5f1f9387add4ef6fe23741338199711389892cb709aa068ac47081143fdf74ae15a1cf1686d93742e990f44969eb9e305726d61a093e9ae79b1c0428875e9b02a08601ed917700d7bdcc548829e5f360a5e66116e0dc9862062cc6a6839429edaac125ebb0d84d45c69a47b935f2d672fb268fefd7fc2a44652514d07f16f06d2ca30400000001ccb2ee40c9d6f88b864ef1b6a8efed7cc40efeea97c7bb0c2d6a854a1c4691f6341b0ff3868c093a9f301f1e76c8bf5d0bb1acb5d361c0eaac92b44e597e126 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDE4C901-58CD-11EF-82DA-D2C9064578DD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2544 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\minescepcviewmine327372.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 7mw1xrlsij.capafreight.com | udp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 88.221.134.89:80 | e5.o.lencr.org | tcp |
| GB | 88.221.135.115:80 | e5.o.lencr.org | tcp |
| GB | 88.221.134.89:80 | e5.o.lencr.org | tcp |
| GB | 88.221.135.114:80 | e5.o.lencr.org | tcp |
| GB | 88.221.135.98:80 | e5.o.lencr.org | tcp |
| GB | 88.221.134.89:80 | e5.o.lencr.org | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BC02D30AF80A15D435D62A07FFC57BB
| MD5 | 79bec8172da9d184192e47c4664dda81 |
| SHA1 | db7f9c49f6377314bc09152c22ad0b88fb7d4add |
| SHA256 | e8784b0b66183362179c65207e678b560ceedca561e9bc886779644cb85441a1 |
| SHA512 | f68b2598a9bf448b68585ec782ca2abc6814fc12e465ce6d9a85505f7d4023a7dd7d3ad68ddf0c2196bc7aafa4ab54c652c013c9a1a35dc377576c510c39fe75 |
C:\Users\Admin\AppData\Local\Temp\TarB417.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabB415.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7769219ab8d7058f6b754115660cba48 |
| SHA1 | ed80ec4bf3bbf2dbcc49628aaa2e8fc9c43fc7bf |
| SHA256 | a02d6ee6baa846aa45157b411d860f41a63a9e863bf8a15e1968ac1a5bc8a13e |
| SHA512 | 1134c384737e3ae895c3524ec29fa4c5eafc70089c9eedc30dd527ce64c2cb0eb050b145345f73d1b2482e05266ff79c6f6bc80bfe6b8678669fd13484e0265a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d4bdbf33fa3a0c2d3b79de5c66edbd |
| SHA1 | a9417cf8bed9b71ea50350cca3687ca1d8d554a9 |
| SHA256 | 49f9feaf825071c141e866316da33692bad1dda50b4e4e250ef2f27add1233e2 |
| SHA512 | 52e32c3dd7f6fad4a60413a06f790b7ac3650b32e7e43c8eb10cd456894850e1814c4e5934b0fd11e05215a6291deec8974406f1d2f3f92674b0a27e193c6c06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b849ed155eaf3689783de4239e6775ef |
| SHA1 | bef0380d877d22b3ae83dbd875c7ec80ce8bcf6f |
| SHA256 | 7337297eeb180a198d8236ae3e308f08bda329445e6446872b3bf8b90efe58ca |
| SHA512 | b7bb2cc528e2c23ee2831370bb329a6dd6cdf375d87ae5b33e0775698addcafa4438074ec357444c4edfeb630e61dc631f2f86e0a131a39518e5156c6657bbf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e4b18b9a3247a15b59c90a30a500238 |
| SHA1 | 08c71aed5892062597a3850dab4dcfba36afc02a |
| SHA256 | 4655cb3dfcd7258caa36c29d67b3c91a20b7be124dad5ba5de12898d68d1d5fb |
| SHA512 | 8b6c7b22f75db49842e44f69c40b370e51a8c33c90a449ce6df9923c1aca65118c5f9e53a26863eccc76449343fdda2259626c302bc22af7475718e571e7f71b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0719c5f8a6cde786aaaeb227a0b39c3c |
| SHA1 | 5ba5c4134ef0d984c01734caed7c51af6176da6d |
| SHA256 | a268e5cc9c617043e3c3be0078f3e0d6cf22bee3b750b62c5fb4b7497cb0164b |
| SHA512 | 5af119669cb229cb676141277f6f2730f6f8f8157a9d9ef17be7056c7ddf82e5070b0736d747a3ac44cda611959cc7b159437941bdea0529caf87b222159a699 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 664139a6c52f06878a61f35158aa37b2 |
| SHA1 | 63c7add5b391078f978c064ca02729ff8e77ad12 |
| SHA256 | e2dd1afc39539fbbb4ae7b5f308d4deeeebccdc7932336b5961b9bfd927e4dde |
| SHA512 | 70ec66f22ff4f8425cb3e6f07aeecda2fa538e2dea54391f253c06359d3dd1a7e4337904f70ff6e533556da4a95863abbe74b5cbaa69b638d2b900bec73c36ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6079d6706b57e7ebe03af4f5f23df9e8 |
| SHA1 | c0756106ab448652754bd2bd4fde99e509fef2f6 |
| SHA256 | 7ab7188bc640afe8d4a7f89107f39b4ce2c2f8dadc702a006ab8a93b2b432ccf |
| SHA512 | 8c5ec38bead4885006e829060ee7e59b76c2d18f39c233e479a3b3d5d8de534739e701fdd3eafb09e19b2559c74101b89189312ac6d16cc7d86ee597e7b67b66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0de4c794b32c0eae635c0b76db5c519e |
| SHA1 | 4059abfc589b62c96d28b7a4b765537062ae7d1f |
| SHA256 | 31cc86fb9f8a9e2ac7adf0cc88141148adbcb1ca7e5ae620508a14674f92fb46 |
| SHA512 | 3782485ece42cae62d4f7834bf7fd2917aa63ced25441914fcfad08a38ecc4597ea5aa49b351d459b22b16f60fd3aedc3381f34ea3f5eacdd375f276bf3c5e75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0b0f087b1f6a14f1215b99ea89198db |
| SHA1 | a593fbac027fd7add750455886b8eefebe3bc2c7 |
| SHA256 | 587b5cab671d3742557113ad7158b3ad3211f590af597ca5a50e83fcacf67811 |
| SHA512 | 69fe6917fec34943b103cb1aad3dfe9ee0cc88a167377e4e3e5096773354696b83464e8d75a57f3554418ce6951210d85a7bfdd671992625c3e712aaa026b8dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 539843a44ad433209b6f0cbbed339f02 |
| SHA1 | fdf47dfa473697ee05c0987dfa8b63f146ab4c93 |
| SHA256 | e1313d749474fc779775b78f32861b1ad522b43a6b9a8785d6a8e42acc803204 |
| SHA512 | d8aff5029fbe10a136c2c7add90c27e421f018e40837cd79d6a80dbb77b59f1daf4fb9e4cdbef7b96ede0ab35a4be0d96664eb9b3ebed4c7f6fbff3222705856 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6afc44586daa72efc11c89f30224fd31 |
| SHA1 | ab713d89ad6ccf7269275f2317bc2a6804f33945 |
| SHA256 | 9c06da5fb8b753ce86a119b3bc9b76684c7fe1e937e2d8ae54754a6f9e0b3462 |
| SHA512 | 7dd9e1331e07a28c37b39f5cbb76781e0304c9f0c46476a5175e0179251571d24823e18f72648693791a12d1bbd7651a2b831933a57768db3d17d501b8a71a2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f17aa9af90e0346314a04654b1246e5 |
| SHA1 | fb0a8fc302468d2e847d1847b8c353f92a524179 |
| SHA256 | 29aacef92ff1a6286c3960f9343f3f188a2bb99e4343b9432baefd4fd582e80d |
| SHA512 | 0f702ec318c49d95c90df12bc935ed417cecd8efa6fb24c17f227a744ea1481b8ba666385fd566956ce7a5a5d500b1612815e8b7024da74096f9c2350240e430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | deda08abcb4c0aa4cf020f7f7dcfc107 |
| SHA1 | 2fbe2208ee92cb926d6e67f0c260ab73d1394cd4 |
| SHA256 | 181258056aff61a5b63c48aa915f5abd9f1ebe5602279c9d6e511b27429691d4 |
| SHA512 | e49445c5708009703b82323620b6a65f7ed0a9363362b87ff7351ee253954c006e0a355b58ed38a8545d9ffefa9251109174c1cbc55b497daef5ad9feb10fa54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e3c293334dc1c4fdf751639395275c3 |
| SHA1 | 4f47ffeb7d8dfcc07b218e374c110d08e38ac7e6 |
| SHA256 | 57eddf0c08213d677c68fdc1b101ed2d0153522d9f4af526e63382a76b0afb90 |
| SHA512 | 997cf09607ec421d79daf2102b2aa3aa5a9f442c2dc2d76593bb285cc25ff218aef5b547b0074420815a83aff33bb460186d9154a1c0ae6cabc74f0d188103e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad37e55ec082ef8d10a8f8fe4e0b905f |
| SHA1 | 4db92fd9deb3710e8b921660f7d014a2b5d8df7e |
| SHA256 | cda00f9b32c21aa5377d84f97edeb3695b43b31d5d263463a3732f609b14e9c8 |
| SHA512 | 38fede235ea43eb153464c75829d2830cd90130fe4cf0d2bcae003ce643e048cf994a7ab09b09fc4aabd1cdee496052b0423ecb4751482b2ec61e86fc9da68e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0a7abefdc3a90ad36370ddbff2382a |
| SHA1 | 0ca8e1c6b2813d296f582e0e6c25f3b30d4cbd88 |
| SHA256 | 28566ba3dfbd8adbbe44315e056927b409f37b9e4c981bfef855c79ec01e0c82 |
| SHA512 | a462e3921c440df4d91318a9ce0e432977e1b2073801ec71475181bbb82dd7519b53c42d122025d508fc31a68abbcda120b7db9d5ec9717c8a4a21171518c6fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c420d87a8100f0a3a469e586083a7b |
| SHA1 | b0036005c55a01adcc776679a65f472680deecaf |
| SHA256 | 729fd72c9c4ddeb2d4ae4b5326ad9c3c09a9261e84b20ce315138ecbc84a0ee7 |
| SHA512 | d9b7ed113ffae725f88b93103f5ffb30183aa106f478b31c82574f1674f254f175dcd7970dc174354f81f027e1482e51417d83aea2b3f8060d1b3a5809fa634e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70a16dfce342e01948961e96ffba1fb6 |
| SHA1 | bdbd38e94a3a074d22425044754fd5c5c5028bf1 |
| SHA256 | 9df5747a6648eb093309880775e5c05a5fb5aba01c1b1c19009869d00236243e |
| SHA512 | b0ae0651ef06f04a130b6b19e8a738ad787e1cfbb7c4564d7e5bc18028fe9f0bde4d1687fadf1ca8d6c41dd5e988c48c4e7e468682affa4741cb48a3a59465b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 752d4d1c04d31d19d72dff400d938d90 |
| SHA1 | e0e958868042fab4a1f3e9571e2d03d462263315 |
| SHA256 | f66aa7ddf66f3b313a8d5cdcd3829c59f6c12d9f83ff8c9c645e9d8d31487e2e |
| SHA512 | cf4988779d80b55321733e18aaddf70fb031f0e2448d10e07d3d97a43ec16bd3c29471d445f2058b9406f3c3319e0ea32dbd5d5e618e71f4f410d92985715abb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 05b20ee42fd52cb576fc856ff9c5e634 |
| SHA1 | a7599750436c96093af3ba5aba84277edf91d42d |
| SHA256 | b2fbbcb3b90374f8755f5c8f249b4af5678ea172f214bc3758bbe450fdde96f1 |
| SHA512 | e1f763392f607725cc426ea569d1390a59b5ed7cd5c5f0ff2e2954136924672fe2cdb1fe1de17453a62df71e9c5c8eff8aeb4f589c603945970de3f91ce960b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c159fda36f0a124eb7c142d368f8490 |
| SHA1 | 6be6d4a7285d021068192383e6cf644c5cc7290a |
| SHA256 | fffe33580f81919b730e93d11f54b8adc8f7eb4f4c502d59f6e7c69d608117b5 |
| SHA512 | 2744cc31c78a85e8c7b9604c7625a6393ca8c9f37ad9a880ac3cbca3b1e0db80f40fdd0da7ab67f8728893902159ed1f3aef9705590baf2b44dc362f24a655e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6adc218e3f59847b5e23c799baa89b0a |
| SHA1 | a5776eb456e219bc3a31dc9e1ba0566f156a5e70 |
| SHA256 | b04ab6215333ff68d5f631f48d72869c0adf7822a6797be228ed32993f56a12c |
| SHA512 | 68cb03d9b6d1df850accd685f6c58a1f5e0f7c14272b27d4029d07c98568fb25ac7f2d88caccf1ed77927b7c194dbd3c378dff1de8e69e2b7ae431760c07ed50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17523e194d4847a2d1bd32ff190416f8 |
| SHA1 | 0974c4d253e80022674b273c193a2a82050c739d |
| SHA256 | ddbecbaa5786c3b4d7da644a112f1789ad60fe6cf2454096be407164d4c4e4fc |
| SHA512 | d720d0c77d7da58ec1a9225356ad812631252cb9376ebddc10b2873ad62a1aa849ab6c1425b078cd21649b12ba5b005039eefa4472a044eda0ec2bd3033da27a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-12 17:11
Reported
2024-08-12 17:14
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
141s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\minescepcviewmine327372.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb12246f8,0x7ffdb1224708,0x7ffdb1224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2634276158108071604,2775008607198167610,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7mw1xrlsij.capafreight.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.110.116.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| FR | 89.116.110.38:443 | 7mw1xrlsij.capafreight.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_2904_MUSAWCMGRJPXSNSZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 339931c33d8ece13cd970e063d1440ee |
| SHA1 | 5efcb53f16d6e3c3953610aece0a389c72587cb6 |
| SHA256 | 870f38112cb7ad2f7108d93cee957c9ded05aea3c1d0821b710ff1ea4d7e6550 |
| SHA512 | e275571f22ccd5db0bccd5bf2f46da6a90b28ce0cd00b1213c3be0b681ecdf2848e9787816887fcaa1d63776285ae9ef564e2ca297f30565be1d849647f4f28e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87670e1844d190ad619db4ff0fc3b6a8 |
| SHA1 | 19522cb0932e943a02539c34470c3e1090a7d8c0 |
| SHA256 | 7d2c5830173799aaf2527299f901950e917e37c271ea3bcb5cbceff2a6e0c566 |
| SHA512 | 53ebff54a2f7f2a309a2384354156dad4a4c310826c7516b349affb8e48496ab9d4f8af0e664d06b2908d2dccfdfcc9db8fc274289cc6602cd991ed7fbcdbb1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3caa72b17d197ef9ebd0fdb0fb510e29 |
| SHA1 | 3b41ffe1ba3f9e1736ec11ae7c4bd319f96d646a |
| SHA256 | a494618b46ae70e4db3b0970f4f525d069a75868aecdeed4aa612fab7fe7844f |
| SHA512 | 14a6f0c09963893717e0e4945789564eba4435b4a88dbe9c88939703546bc0e527d7dde964bf586fd926057acbb282b15c55a2d2cbac89c89af09f4d2f077a41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cd4c5d28b0bcf1032c027c4c714b8635 |
| SHA1 | da71b25f06024115e8e57d5f883703d2c4c1214b |
| SHA256 | 1338792af8f266fc409631cfeff4022ffb9deae2c180dd0c05a7c094628ee8dc |
| SHA512 | 108b4e55f1749486fc79ad0b85a4e667e5a13066d3f37e96ef7837b53c43b79a374b1ce0fe58a1ba96a394ef54649da38e3b17912f3aca927dcfce668674dadf |