Analysis Overview
SHA256
7ad8db5246b89fa07c0dba8d229fc367b9d4389fec5d0b8fe7974419f1da0944
Threat Level: Likely benign
The file 7ad8db5246b89fa07c0dba8d229fc367b9d4389fec5d0b8fe7974419f1da0944N was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:00
Reported
2024-11-09 23:02
Platform
win7-20240903-en
Max time kernel
68s
Max time network
83s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437355113" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{733394A1-9EEE-11EF-91D0-C60424AAF5E1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1636 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ad8db5246b89fa07c0dba8d229fc367b9d4389fec5d0b8fe7974419f1da0944N.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | comprasostenible.unlugarmejor.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.195:80 | o.pki.goog | tcp |
| GB | 142.250.187.195:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.195:80 | o.pki.goog | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| US | 8.8.8.8:53 | jetpack.wordpress.com | udp |
| US | 192.0.78.32:443 | jetpack.wordpress.com | tcp |
| US | 192.0.78.32:443 | jetpack.wordpress.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TarAE5C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabAE6C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f66ca74652f6ce554b0950df64051234 |
| SHA1 | d12a2213f883a057b488c369119f225cb470bb29 |
| SHA256 | 2768006df947ed89c643933111326b63c95a7576fff5a6c953a8daa956445cb7 |
| SHA512 | bc1d109cd4a1ff960bb4b98d7a38005260cc289da92dd07dc95be998526231ef417f107947ed863a24f225ebe4918d913e728887f8baafbdc94b14a00a3d84cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a3e9a75ed557eabe830fea14019173 |
| SHA1 | 21f721aedfb970fbb110ef697f15bbaf79306833 |
| SHA256 | 38cf314f3683df2f805e21c4c73a2ac674970ea599a3c093e0f027b8358af154 |
| SHA512 | a9002a7a3d0b6f638d6573921b66a84f741be804d2171b694f7b81ebac20661f27c6a56a745389c00e460c4e9a80e2dba1d00eae4b3e97be4514a8eaf9e73629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e654592ae2e7ad7094c1caf0d2c3eb73 |
| SHA1 | ce58b737a3e017f1a09051acb7871608bbf41eb9 |
| SHA256 | 509f358f2bb85e4eeb89164241335692169744f9029c3c128e307b14d38ef9b4 |
| SHA512 | b37fc7a541a515f7cba4b38a256eb06e492dcbdcd2dc3521f0c4c95abee8c61559dd3c92bdc1796b641423cd3b1ca670ff212204b1ba5542b71ee1ff0a7c4356 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f29f1dba6c6a8a944e685a401a5b7f9 |
| SHA1 | 9a488a78ed6fda0766225a9f19d79bacef4669b0 |
| SHA256 | bf43a9d1ecc908c2f34b1bf7cd0a85eac878a05300a4f23923f9fc94c5a2e75e |
| SHA512 | 331db9ff5a5462448741635fc940034557e3fd800966d7fe1b975c237b0fb40e429e812b35978b703e51f6a8cec6741a2dda11b22d95b84b59d7f54c720fbb29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | c6011face72ac20b67e89b6920075ca7 |
| SHA1 | d32dd534d4d3a3fc277a0e9f187ae9ea4fd226fe |
| SHA256 | 3e803340351a1b7fe52c8b66d9026a615ad9ae04ceeb00a77ab40bddd5ea2591 |
| SHA512 | be83bde09cdd64420e892b86a718627fd91a5ef95c10744ae4fa98e728416099b92a0397fa1420216982bb71c4dff8aa1c67375844be9ddb2e42ce19beafcc96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 1f539c247fb70200e943084e6766a078 |
| SHA1 | f1a2bb73d47ed1e45deca36d3e125175d3273ba0 |
| SHA256 | 16bfdaf267db9b2b69bc1219d85623819eaedaf19efa8a772f886f499075dcc1 |
| SHA512 | d7bce6fc66795358dfb1d52c7a95de6984de33c247e75837d9cdde58ebe5bed28fc29a100c565872d2969d4d1ba19608efa2f0e38c4d9f16241c7c3da5bf05fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1091705ed2bbb0b52e931a627f0dce77 |
| SHA1 | fb5a1c8ea5eb8daee3a4f3f10bea49fa27d199dd |
| SHA256 | 3b2ae35c18995f249c781d59b5646b5fc89b54df816db5ce35d225c305b1cb6d |
| SHA512 | 3d817bcebb84829d4e6596cc4cb3ea8803e0de747f67ef6c237d667c290023fbcc8b1048dbb8e4b5c750ae5c4c38e44d9dc05cd77265b92f9b591cb8e990d8d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 203dd700b8ca996e7753bc3070a9b73e |
| SHA1 | f26a18f48cbecc127d0654d859cc2b4138c79c20 |
| SHA256 | 9cfefe5fc2e26e85c0b8ba9c231a93a82a23df706703db6577669c2b1d150f32 |
| SHA512 | 400909c61953b39e125f20e4dc6ce464721279bdcc5bd58c744f6678e5aa23ad0f77ee4158662987fa9dea243f12a7712d915a9d3baad0b827ec8c2b80714e35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 48961960b14a9f07fb78bb78b6d93ccd |
| SHA1 | ea608469c50194996e9dc1171b32daf221d56fb5 |
| SHA256 | 2b99b64114bf14df945021dd309c7709ee923c766bbd0bb91149d8f1cdc667ac |
| SHA512 | 53c27344a4d6dbf3352f36683c08e0eb6d05cf5cc8408e50c416443a5874888247c1a979f59cef9ee6cc1574db5ce9b56c4c28d2d4358b708e65905083b24e57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b9fa33e664b5394337ee01add90580 |
| SHA1 | f0aaf42e076e553d2895f47a37f7462d82f88c34 |
| SHA256 | 86750b35e7f8a6273cc3d3322f97ff5a26557cec743794573df3a122194a3c55 |
| SHA512 | 736b8f29a28f374387f573c2e9c71d298324c5edcd8731cda32e0aed5cdefbb6268b12cd35c221e912cacd40f6cf866e190f81589f9995685324f635605dd745 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 76365094adb8cd85db071177229def5d |
| SHA1 | b57470a8e134a971762b92a4cf4d4e9de2efe67b |
| SHA256 | 601ac698b7202e935472ed82d07ff55253484bcc27c421bb20cccd3b6a011227 |
| SHA512 | bc31e15adec5ec08705bee36bf79a61767fa2f1377d2f4e0805f80d24e7134d4c44f38c95cab3ad60d9c0b15de169646e5d822228a763936c87633ee91841ba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 04401e4239f2058ae8887328767321e1 |
| SHA1 | c3079a38574b024c27a7264013d5739079c33922 |
| SHA256 | fd7ef4b95aa51b28086ad3d97e619d5454ac5c63c48c01c876a2757e915fa6db |
| SHA512 | 57ef89da3910ed640b2e212f0a34b6b058be625d96ca30e436986722fb4459bb6dc34f854254d6f3447d3dfee1dbdc8b69860c808dd16d23fe49a11f643cc980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dce5795b4a432426119506057085edb9 |
| SHA1 | 221d1ac64f5380a8bdc1c53ced39d6c73c46d39c |
| SHA256 | 6c41fa39a9796ec1ae5448484fe6315ac778f58be0d2d804e70b08a064be0bfc |
| SHA512 | 464f7f55e7d805b6738a502b2b984e8fbc0837db2a244fa12dcdfc1bf47ff4ce348bb98937ccfafd3a69754236e8768161bc88d30b2e28a9c3ce83b425b39996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc7af5c8ae5fa680f2e37f769f70b6ab |
| SHA1 | 450856f20b8f946bfe2a5552f38b01afb8497bf6 |
| SHA256 | 7cc01f45f50ec9953f389ef20f0955f65ab0fff95f27d94d3df8de07153d910c |
| SHA512 | 335c5caa5320abfa3c4a1f064c5cec2d1758ff2a643840bc59fcf0d0f45768ff3f92c6fa8629df25682c5942632eabe1291e4d9e780d81d57ddd0dc91a916a42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c2e080b1411a4017e45998f3f56578a |
| SHA1 | 6cf04940579272e35964cea0d38e625447633002 |
| SHA256 | 3a50b81c5deae1928789ceb04e1a254264eaa1dab91a2df81b6a02d3c1cf603e |
| SHA512 | 05104c79ded4c8a3e60a17956d2f8ce067ba1ac1ee5a60e800b3f51e7efc98bf051f07023c7ce994503ee1640d1efec21caa8bd55384264dc27a5e3c3a668a12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ddf90450bf0e0523e593f7841f4c8e7 |
| SHA1 | 0b73f9c1e1aa01c2e28ba724e748ec6b20b789fe |
| SHA256 | bd59bc7fa9237043304a5830934b048ce4f28c97a8bc372c239bc8144b5a1096 |
| SHA512 | bc1f539dedc7af1bc768d68930cabea549fe2779873228d2d88c01f4846156d10839ae38ae82e4c46486ce270d6eda8127875da3b75f9210a02d05a6a461d620 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 080a86405bf57025c28fd263688c92a7 |
| SHA1 | 99f36486cf10b4fe33cb97c65e8f5001fdc948ab |
| SHA256 | d4a818dd7d04d189bdd87b90e41339313ff29323ab04978944d32e0f453d0d75 |
| SHA512 | cdb504d5ee81310391ec810a9c9ffaf029f19a3b49e6753681d35bf040471d1092de6620f55978253af85917baee367a5663e8261b10ceb916b577fbbfb94476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5665bee332c7724d472b68a204f9f0b8 |
| SHA1 | 89e022c7405ffa00e074a0d058a7688dc5500f31 |
| SHA256 | 4b332113735c362034d9f7d3056db7322d71981b61768bd9ca71db7b46b3df04 |
| SHA512 | 3e7796b227d512b2498f73e9a2a13754205ecd0b47e60d0ed809f6594c04237a1b621aeda38f0b67297b4d7c2d18aab9792fba3e5632d04a601ec3d82fe4f87d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5247413dd13de0758630d4b4c4b613a |
| SHA1 | fff0c0530f9051cd35277e2ce2cc47aad97a02c9 |
| SHA256 | 7669e64407c47f083f7198f2608585d0d49ef2d817ae38e13bbf6862a0f3e886 |
| SHA512 | 2e87f37e50da5ad55a9ac2e952d9edbedfba709087b52c33a27a4b3dd14849124fff2d2d289bc40e23d4dd3d44476a22b39c7cd67e4f8dd843ab43f3bd346721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7027852347c4db822b3d9efe19d9a2c7 |
| SHA1 | 50a8670d90613c3a4c993b261dcb894556778d06 |
| SHA256 | 8bf63ed7513a157491827eac6dbd8a6dc6b16ad1b1d02b6ed57a4a78f1ef7d10 |
| SHA512 | 2ae4a2e3a2b0d6bef8badf62ebb00487c00323dff5c0093724d192426fe764a2dd60ceec24d1b11d95d86a3db4c464d784eb0334b8dc5b995f8c3e565ada8314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57c222b2a90e9f5d7ce23e207a5d345e |
| SHA1 | e75ad454dc1f33a9812010944933545662426b68 |
| SHA256 | e076cae6d9fb084148a04f41fb3f310832b737d76137ec5580349090907fcf71 |
| SHA512 | cf8ff7cc4dfbb7e7e9c56d540a40897cf460fe716ab72116449f564bb5ae21f381c5a61b930613307a1ff659dd98fb6036d76e1dc01e5933199020145cd574d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d186a9faef1f788708eb2cb4e96c0cd |
| SHA1 | 8bbacf3c88aefc44296d72a37c740d0c6d1b2b50 |
| SHA256 | 7b9688c397538218212bd26e6b1408384acb63554366cdd4f568fa5898ea3ddc |
| SHA512 | ae14c47524ec370f51414f9710ab4522b3d9d3b8094090be4bc457a9407973600528f36b64050bba935517752ade0a3180bdf1a6ce4e57a98eb4182b18a82683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f46ff6507ba6d1252da174107d4409 |
| SHA1 | 9cad252dd747db68b9798473262b26ce0b0e048d |
| SHA256 | fdd12fbac0f7e6bb85c0cd0ffe8e34bab6f82ce01ef6b83b47bad307ad817e5c |
| SHA512 | 0e858684b9ab9c34d98f6c47a76576ef8ae7dbf9d1e6bddd4ba02e9b4f03652ae4fed32c4e88263ae99ddc719f3ddf5e843cb23975caf458d90e70086376773c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83ce2332b5a497d9fa46c61edfa4f7c5 |
| SHA1 | a0162edb1aa6633f7863decae2a8b4ea9c3e69dd |
| SHA256 | 978c8d1b012b05f9ff3c5c69f7fe19bf2ab9e7eea48d3fcac6520eb780dc0fbc |
| SHA512 | 71ef0d03c87a6de108f50cd1eb35d61e14aa0a1049318c480577daa08a3de484b5e2117ddf0038e45f8ff8ad2354246d27f2a44390f9ee3874e6edf78118a501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c04e7aaf9a2fe8223cc90a441ad327b5 |
| SHA1 | b2c75017fb730fa029f29747f6e123da8f7d4aba |
| SHA256 | 42892a416f0b411251088e4c62a7b7fbd2013dbae7a80b1c3ddc1e9ec0dfe53b |
| SHA512 | 4c0b025165d066b1dee6bd20211f5ef48cf5fb968a76b0e8f61738687eb744033b6a98b7ae1898cf58fe2c1005dc1c03af3f8481f857a41b9f040ad3bc5fbc25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40fdf1da84ec0c677c84b9288c54111e |
| SHA1 | b0d0cd79fcd90c8b536eca5bddc9526916d17b80 |
| SHA256 | cae381162a841ea5ed6bf61adc06bab21803f885fe2bebaf6a8cf922f19f1e07 |
| SHA512 | 40dbecff797d8216942ab98767a11e01077e008329972f8d3c66b81b7e42235e9d7ccde43274a200e1f62964e0ac72998df1c75c94aa44a16ad9fa048c2c25df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e16bd6f24aa41610b43f592b0e9fde8 |
| SHA1 | 6dc7bdfdfa0e8633c18e98358c653cbbf33d93f6 |
| SHA256 | b070759c66c702ab54950be23a7313aadbbdcdd849388eb9e4cc4e13fc8e1344 |
| SHA512 | b22fbf1ff9824e03211a4225ac882accbc587699d35fc77453782d98f334fd36e048af4006d18b792147cd1c3f2541bf00321c49da444567b321a9eeec939f26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae249720f38e07b918722724ab70d371 |
| SHA1 | f843035902b867f6c8241651597d4c69a0f1c270 |
| SHA256 | eaca7920c94ccb6ddd87f5cec208be8df506219a0090e4ec586fc4cca068d56d |
| SHA512 | e7ec7fc519c02874674592e7357861de3715aa72528267cede5b7b797664bdaf4bb86f706ca838bff2092eb55a10e072fc0ca8552f8c06625f672865226ec69e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e790aa2f9eefb5ffdb7888b69047e4 |
| SHA1 | 595013f4a3f5fbc2d58b7e0d7ecb7c2b202c8f89 |
| SHA256 | 56431933db5d1b36f22bef3cabb3a9be341032349164a0e5cfc7b5df54e8c157 |
| SHA512 | da6347f19e1c0cfd4e5f9d2d4dada4ba0fc0f449c14336601bd7d830ef4b186fdf0f38bd1ad00d1290dd5c1cd7922d1a16ef538760d52afd79b99bad096207bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 443af91806fbe83f299cfb9f0ddc0989 |
| SHA1 | ae634e8a851fccfdd146f8a0d8418c154c0f7696 |
| SHA256 | dadc7e433af5f95033d2dca663c21886600f21f8cd15edade4519754f872aef0 |
| SHA512 | 3e632511491841911c62cf1ba7d637d738b18c8a6a4501337aca6539329f40ea18974ed640cf78299a035459a6dbacf4918ec65688a8b80f2b2a42533fc9804b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 980ea9a765d2ee2d4192274d9580e5ef |
| SHA1 | a9673c5bb78430f779c70b6d5d857133fb5c6482 |
| SHA256 | 18286616fd4b2ce8bb212f56b412c0f7eab2807519a955a765eb00a443f260dd |
| SHA512 | 6716ad10b84eb7434a7275af66fc0484eb171e35e323a04034d55fbabb88be4f306b423e816d20f941dcfd64b58177ffda1140485c8b2beb2b0421d43814651e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5da039716676d860e3b16dc001eadbbf |
| SHA1 | b7fd699a416d149cfd2f6ffdb6e1ac5941e08cff |
| SHA256 | 2aed738b14fef8e2b2c80367bb32f5f10831cb6812e4c6068d3aeb61da343dde |
| SHA512 | 34879464b4b000d4803aba02adb63772f2f94f02a57b178bf2f4fd3ac65c7e6d27b98f5feb025556b2b7a0513f1a545894e1fd566a765ec897453cba45dd3c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7841cb5bfd4268eaa2cc73dac2c9335 |
| SHA1 | ce24a29e3324b9f2455885baea3b71adfc8ec616 |
| SHA256 | bb16f251ce086b3fd6e917a0b9be8e8241f92f5614a3aaf5c8fabc4a3b24e286 |
| SHA512 | 793a400f6c369cc54d686731521347fb35482605549005e192d543654a606e3b8368f5938b3c533e43f2a2b2d8e6f261518671893b28c62ceb0f359aecf8db72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8df2deb19b867e014f0c7639f768254f |
| SHA1 | 682673b6df35db6b49c255fb39d9f210f772624c |
| SHA256 | e3db18490a73f8434176c9ede4b65cf2ff52a268873fe7004c10dfb463755fd6 |
| SHA512 | a25647903d7a6a82c1d796565c5597b50894b4cf0c36e0d9874cb79600f3c5cc77cdefc19e1fce300ca6bb4c56a391993b9425c31c7d1efe02cc6c841dabe6b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8e7f7bfda03639f780addc54593fc04 |
| SHA1 | 1ce6457d60ca2e885d3d420ba9267a7024a57a5b |
| SHA256 | af89a0b1aaa7fd0fecbc2cb676e6ac22f4b5c32acce9120ac64fa1a467969fe2 |
| SHA512 | 4460ec7eb03ad70afe41c47240fd11157957c7891b24b06ca44500386a4c6ccc9872f0943bc707e067b3e6430bb0e608055500c4a33d2af3fb87b0a14cfa6d4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f814819bdd933c0626aebb7cd7a87b |
| SHA1 | ef8360ab9a04c4af0b121a77f239947244e754a5 |
| SHA256 | 9327c205ce398fab46cfa9b879652de5cb5c0e598f7311400f958f8900d7717a |
| SHA512 | d2a96b3b1b08d0af4fbbfc265cf4086f0019fbe0db95c5e76a999047ea797fcf879a7bf8d527208045baea30c22437680f34cc410c3e9ba85644a653ee0e969a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eb7c16fb8dfa9edf451df2be0ca9409 |
| SHA1 | e16793380ca3f18b4cc2e8511e06cf53f0781bbc |
| SHA256 | c4ac64ca353fba972299550effcb690ecdb8cb88d7ac58767fe1aa0fdb59e2c5 |
| SHA512 | 2977423f9ca13e1c3bd3e52aa05ca49593b3771da8e866c0e4e6ee53e6fc24abf505d818e25e0b8342b1827d38dc2de0de520dffeae0775b2fe5deca9612157d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7051a70f2e017d7e26c4a0408c771d9b |
| SHA1 | 2fde4d80a1a8ff0bca9c5b322ef1c37e8cb6e432 |
| SHA256 | 219c13e57dfd0e2cab2f2a74884528f4b72deeef162e04c91a10b0a23bf29ad9 |
| SHA512 | 8b54259bc409b2e3be48a731f06bcae5c002d41320fe6efa195bea0d11879d2c750b82a988a069fe594794c874b9a47f3f6d197b5c08b572520a7fa0c90824f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4db6773e04cc14b5960a54f063b072b4 |
| SHA1 | b951622bff69d3e529c6d849ce0dc19b2fda444c |
| SHA256 | 754aa8802bf5a03a73031f0438a42a2aa487bc937ab844c28ceb8f2e894e9dbc |
| SHA512 | 513138e5dce0f28994bea7113de14a81a1809f9ab1742a223dcf66d0d63189f9a1ed9cb502393fa92e6e30865bcdf320b2dafa2df511774e1442e408a49ee448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6abd2a22582d6157b4961abfa353a82b |
| SHA1 | 42cc2f89e69a536cdfe18a27e5315a3cd646ccba |
| SHA256 | 6b360d4f70c76223eca66089ab5161b04abcfb1359eebf0c87c5481a986191d4 |
| SHA512 | 367be3c5e6dbd18a6b78a6a64850b5595cdbacad8371e3187663f5c03a73e2c784591617a0db7cb3a1d584ddaa3757aae4c011c4a872909e8d6df132d038aee9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2edd88b117625e57e6071cefe5a452e8 |
| SHA1 | f39e57796d69b1860e477a869c3729d320fdecc4 |
| SHA256 | c0e7c9f2a2af986928cefd7138a32274e3cfa2307e3b6cdf3c4a5e28b9eaca4f |
| SHA512 | f2c53f5ec791def4974ddd415fa3e3e1f1437c3392dc7bd3d35cbb41e5ca77dfd8b13c19659779520e9f8fd7f71f5b9a0e3dbb1f8ad85f0d513358473dc2256e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d96415ea9b7fd35cf4750a6caf39ae1 |
| SHA1 | 2f1e2e775b749beb36fa22228dac87913deb1633 |
| SHA256 | 27be9e1e7b12b452313e5c5bd06a14b3a25d378ec0a35ef409181d27907f1a2c |
| SHA512 | ffb017a79f18b261c089b283d90e0c610de0b89bbfa64d8ca009b93e344b851174ba63fd5709285640530c81ff0a739adfccb3265b78c23ddae5e679152c8b89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434b00a8ab8ea5e0cd626a2576cb975c |
| SHA1 | 1fa3185f1111b6311dda8dc88e9cd1ac31fe4e1f |
| SHA256 | 22da281a8a0ef8d1bcec8324c940ec66b4aeec341633d67877aabf89aeb249c4 |
| SHA512 | c65dbcca31965c48a67110b3da872c2c924a54ed67e298b3110d1d893759194074debdb8796f632f0d40b65d954ac9e580f84cdfb2b37ac776621a933320e314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f5e96d63541d56da042d91b1b2b7d74 |
| SHA1 | 8e89b4f2c20e0b834b200dfa463bb4cdbf46e3f2 |
| SHA256 | 60f83a0680ab12811760c6761913b297a2a08fee34d0110fa1a0d3257db39109 |
| SHA512 | c790087995ec5dbc99f757f72873b8b4f86b88a5cac13ea72a42dcc0bfa74342c6b2a7965fcb48f702fc75b231af764d422ea7f13c5fa75031a3e50ce4e5e577 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 23:00
Reported
2024-11-09 23:02
Platform
win10v2004-20241007-en
Max time kernel
114s
Max time network
95s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7ad8db5246b89fa07c0dba8d229fc367b9d4389fec5d0b8fe7974419f1da0944N.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3f6d46f8,0x7ffe3f6d4708,0x7ffe3f6d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,13019584560065240147,6870472367867571425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,13019584560065240147,6870472367867571425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,13019584560065240147,6870472367867571425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13019584560065240147,6870472367867571425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,13019584560065240147,6870472367867571425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | comprasostenible.unlugarmejor.com | udp |
| US | 8.8.8.8:53 | jetpack.wordpress.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | public-api.wordpress.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:443 | comprasostenible.unlugarmejor.com | tcp |
| GB | 142.250.178.10:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | widgets.wp.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.0.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| GB | 142.250.178.10:139 | fonts.googleapis.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | comprasostenible.unlugarmejor.com | udp |
| DE | 217.160.0.251:445 | comprasostenible.unlugarmejor.com | tcp |
| DE | 217.160.0.251:139 | comprasostenible.unlugarmejor.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| GB | 142.250.187.238:445 | www.google-analytics.com | tcp |
| GB | 172.217.169.78:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_2028_ZAZGGODOQGAYJVMC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee9ad868a72d1e6b4ebaa98a9e02428c |
| SHA1 | 05534b299d81dc4aa756628a7dc51bde12655ab4 |
| SHA256 | f015f6aa44483a3ce48adc60f65c4e1b7e4a221e104dcc57c5a247a22773e060 |
| SHA512 | 85be530978b7dd2d9e54e49aa8c199a236aca79d2b12262130f0b5b0243e0a7fb4d6c975d8859153640c30cddc60e4dca2054f6494a5de1f497ca7962a3c3eaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9d05a676-544d-46df-81b5-694c896049e7.tmp
| MD5 | 160d9c0510d9b34c981a9796ede2619c |
| SHA1 | 6d6be7e8a0ab115136f31a49f2d9a69b2b0a00fc |
| SHA256 | e524a2cbce8ae158fd2f30a51b0d53a65008f016caf9daa3be40a896b506a950 |
| SHA512 | 6f91a6176f9e6991945a0105280ea5afbf46ef6fde9f34a3a3ae559ad355f001245b4545d62ee23ad65c4538541d55275b4eb9006979ede3a48250fff80bd068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 955882423f8274c6dba182de1215bfdd |
| SHA1 | 2a663c1a1a77947af0f31dd60f9f484a1e6b7756 |
| SHA256 | 844fd6775da6fc2a087531f112104e0324234a6eac714830e321db5cb4b188b0 |
| SHA512 | 63ad7edb1234839b2bd3b4f8f09753eb821b7215b7e48cbdb4e4508c676684363e5e19066a957ad2d7fd1bf3b61a28fc39f73674e09202e8a67806b94cd81bf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ee7b855ad4bddd1346a1af170044662 |
| SHA1 | 0893bf64f5cf3d60eb9fdd43079ea4ce0fbe3d02 |
| SHA256 | 3daa7de2af36dcb1f9b786552b39d55490226fec00e75ce4fbad6d4eb1bb57b9 |
| SHA512 | 0d80fc03700f86595304c70c3b6aae5aae153c0c4498ff7b702bf1cb8fd22f3f2b561f35dd3a7d834dd77830c6f4070dc374b428c1befe603e8b54d148335603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588a59.TMP
| MD5 | abb7792ae428788b01e00a5aa5712e25 |
| SHA1 | f75f63eb7b541b43a443bce77a96cca00654698c |
| SHA256 | 9b67133f0d677527e058a184ffbae9f0ba683d35560934606f106c9e529bc8b0 |
| SHA512 | dd2b6ee8a7dd21ebf74f6d914161b5023d042f58dc3126b77be4ec632b69610320d850d51dfb0055b7a6eedf88851e7029d88436bd5c714064c170bc87b219b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a87ba8c4175dfaee08d6e9a1c455f743 |
| SHA1 | d8992e26a25759069bba3573ac4dc4fd958324b6 |
| SHA256 | 89903984530bb1fcb651b5884c4984c06401c31c1450aa8acfbdc830f05a269d |
| SHA512 | c585cd2ed06b919ca235fe8a777479eef4bb19b0d85289b71ab02c6cf6711d97888bb5c37441b30d71308536f6f7154d30c29008912840981ca4834d2bb6cd46 |