Analysis Overview
SHA256
c2e626faa8d31956b63351c409ec893a43c92629edd89ed66b363a61dd821cb8
Threat Level: Shows suspicious behavior
The file Arivis ACH Confirmation.html was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Drops file in Program Files directory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-01 10:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-01 10:41
Reported
2022-11-01 10:46
Platform
win10v2004-20220812-en
Max time kernel
272s
Max time network
273s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221101114242.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b0acec20-5173-4d71-bb6e-94bfa1efd547.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993895" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "224495218" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ff8b13e7edd801 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "224504976" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000303a9c7d5d9e042305a71da28fd18cf84a6a300de888869f07b536d377787bb2000000000e80000000020000200000005d442b6297f7a4f623abffe917bcc82cc5e5c2c39ed76ceb89282db05d9c30c2200000003b728cea4cbea3a1c5c68332c620b21a0df990ae9fc28ace6d16cf428872b1224000000037a950981822fcffdebb6ce1119cefab82c29de23028b3a6916c2af30bca78187772361d47b22e88053586ef577e66dab13a4c7e967655a8ea97ca89d8684a8e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "240564810" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374067907" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993895" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2042ba10e7edd801 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3827472A-59DA-11ED-89AC-E62BBF623C53} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993895" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000c1d12f944b94e2bd78405e1d906043392b562694d7eee0ad3f8a7e934ca6bb56000000000e8000000002000020000000c024e97aa929d55b3662bbfcb2c21a32d89e1b20746a5f48c80851007fdafb032000000074b8d1222fae8eb0d404288d5928b8f63cbc5188bcc918e67bf01f15d877c0544000000043606d92cc06de55a54663fcd6b36b8ba7cadb94e95729d8a1149ac80ca59e7a89c806ad9ee198162cad890f962c7e5b3da90518172417d8b2c4d6aa15294656 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Arivis ACH Confirmation.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x9c,0x104,0x7ff8925846f8,0x7ff892584708,0x7ff892584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7cfeb5460,0x7ff7cfeb5470,0x7ff7cfeb5480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x500
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,781389132016014745,218321174579114311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.251.39.106:443 | ajax.googleapis.com | tcp |
| NL | 142.251.39.106:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 1efb5e993676f659fcd0cb29fa33da1f.clo.footprintdns.com | udp |
| US | 52.161.157.233:443 | 1efb5e993676f659fcd0cb29fa33da1f.clo.footprintdns.com | tcp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | fp-vp-nocache.azureedge.net | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 131.253.33.203:443 | ntp.msn.com | tcp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| NL | 65.9.86.26:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| IE | 20.234.93.27:443 | c.msn.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| NL | 104.109.143.75:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| NL | 52.178.17.3:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 104.109.143.22:443 | deff.nelreports.net | tcp |
| US | 20.189.173.11:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| NL | 104.80.225.205:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 20.189.173.11:443 | tcp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 20.189.173.11:443 | tcp | |
| US | 204.79.197.219:443 | tcp | |
| US | 204.79.197.219:443 | tcp | |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 151.101.1.44:443 | images.archive-digger.com | tcp |
| US | 20.189.173.11:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| GB | 87.248.116.12:443 | s.yimg.com | tcp |
| NL | 23.51.68.110:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| IE | 13.69.239.73:443 | tcp | |
| US | 20.189.173.11:443 | tcp | |
| US | 104.18.41.98:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 52.162.107.30:443 | tcp | |
| US | 104.18.41.98:443 | privacyportal.onetrust.com | tcp |
| US | 13.107.246.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| FR | 13.36.218.177:443 | target.microsoft.com | tcp |
| US | 13.107.219.67:443 | tcp | |
| US | 52.168.112.67:443 | tcp | |
| US | 52.168.112.67:443 | tcp | |
| US | 52.184.204.244:443 | tcp | |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| NL | 142.251.39.106:443 | ajax.googleapis.com | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| DE | 77.73.133.65:443 | moiresjacques.com | tcp |
| US | 152.199.23.72:443 | tcp | |
| US | 152.199.23.72:443 | tcp | |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 72.21.81.200:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 13.107.22.239:443 | edge.microsoft.com | tcp |
| DE | 77.73.133.65:443 | moiresjacques.com | tcp |
| DE | 77.73.133.65:443 | moiresjacques.com | tcp |
| DE | 77.73.133.65:443 | moiresjacques.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 40.71.11.169:443 | tcp | |
| US | 40.71.11.169:443 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 104.85.1.163:443 | www.microsoft.com | tcp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 104.126.126.66:443 | tcp | |
| NL | 104.109.143.84:443 | tcp | |
| US | 152.199.4.33:443 | tcp | |
| NL | 104.126.126.66:443 | tcp | |
| NL | 104.126.126.66:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| NL | 96.16.53.200:443 | cdn-dynmedia-1.microsoft.com | tcp |
| NL | 96.16.53.200:443 | tcp | |
| NL | 96.16.53.200:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 52.167.30.171:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| US | 13.107.219.67:443 | tcp | |
| NL | 104.81.141.56:443 | assets.adobedtm.com | tcp |
| US | 20.189.173.14:443 | tcp | |
| US | 20.189.173.14:443 | tcp | |
| US | 152.199.21.175:443 | tcp | |
| US | 152.195.19.97:443 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| US | 20.189.173.14:443 | tcp | |
| US | 20.189.173.14:443 | tcp | |
| US | 13.107.219.67:443 | tcp | |
| DE | 77.73.133.65:443 | moiresjacques.com | tcp |
Files
memory/688-132-0x0000000000000000-mapping.dmp
memory/2580-134-0x0000000000000000-mapping.dmp
memory/2308-135-0x0000000000000000-mapping.dmp
\??\pipe\LOCAL\crashpad_5084_RIJARNYQAUVJRZBU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1392-138-0x0000000000000000-mapping.dmp
memory/3052-140-0x0000000000000000-mapping.dmp
memory/3528-142-0x0000000000000000-mapping.dmp
memory/2220-144-0x0000000000000000-mapping.dmp
memory/5240-146-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f569e1d183b84e8078dc456192127536 |
| SHA1 | 30c537463eed902925300dd07a87d820a713753f |
| SHA256 | 287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413 |
| SHA512 | 49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e9b2937aa177a2badae39603eb3525f3 |
| SHA1 | a8d34e101791821e8fb071febf9c2bc7c576e2c8 |
| SHA256 | 98ce0c95c488f0d9d1c04a80da4f35754757e9e42a3a60a54921c89868c949d3 |
| SHA512 | 84500a660d82960ed44fa343c464cd093a8770eca6de73095ddbbc28371c65c85055cd037dfa80757fa1c6656126866d2453a334ce4412eb7650f7714a1291b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 849f0a555dcd14cf756b11fb91786e3f |
| SHA1 | 0ca9f85cf6058eff7c1c1e9b513a4806bb5775a2 |
| SHA256 | 27cbb1f3e7cb06e87db01c5bce04b1a8e2c78d3de170f45db3565026b8c657cd |
| SHA512 | b6d1cfeab08e6d3a4d77674a18d66b693004989676ed529d46c73f9adf8dd52046cc398c465665ac3394bd4513c958f3660cfa0e1417573acbdfce966e0abd28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 669ff41a57769160e9769c435fbc2c78 |
| SHA1 | 148fc474fd26e512f2e8ee8b1b5c5ccf7c6ee95d |
| SHA256 | fb72cd8545a4cb119f366fcd1ce8c45d607d3957ea8a54aa7f4756ce00cd1d87 |
| SHA512 | e1785fbba0ce992827fbdfb1a52c04c705d75a61ccffba1a958a056bb37fcffe1c5bf187cfc916aa0fa1f428e60c1e0a5aa75fbcbb205874f1a6599d3d3e5b9c |
memory/5436-152-0x0000000000000000-mapping.dmp
memory/5636-153-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | f96f5cc4fe29e16e576a10f0d731f764 |
| SHA1 | a24f0e59653b954741bebe8a1612ccacf59c1efc |
| SHA256 | d36259b892a35873c19e5b65172a5f37e7df9bf4d1c614f862d76ff3617eef57 |
| SHA512 | 12c82768aa942c2b8a803971fe8fb2355262df94fb12db1b8c4d8b550a028c3ae7a34dbdd29817803dcd88f5f915594e43b95c474e3295412227e97deb2edd5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | c08a996e7c5c2c03a92c85374ea02661 |
| SHA1 | 20f8ff466691aab09ef6d2749732f51d1cd2346d |
| SHA256 | 3cef07edca9311bad3f325bd1a16c85bece5533066d0b4e96f69e217f8ef7592 |
| SHA512 | 0723cf0306a4acc032e28f677de874a278a77e932857384b26c7d2c938bfeb84667f7f1f2781cc7d16760fbc458f01c9baca012fc283fd89d47050a1477a8057 |
memory/5712-156-0x0000000000000000-mapping.dmp
memory/5856-157-0x0000000000000000-mapping.dmp
memory/5868-159-0x0000000000000000-mapping.dmp
memory/6120-161-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | a13faf6c420a344eb9814fc1f20ad302 |
| SHA1 | cea0c91faee0b8c858e660453996e135039c054d |
| SHA256 | 60d41429d84dbe425e693dde243bfb5466ed15e8fca968705b9451c9445ab03b |
| SHA512 | 1c2d38f28c157c72adc27726358c84d555d0c5ea8971a6e41745ee67badafc6ef1704e1116d1a5220efdb68fae2e6dca91f53d911ab7453c199b3e2d545c9655 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 3e86f416609cf2416532df1f97d83d43 |
| SHA1 | 81887dc1c34b48b5f52492b261e24544b948da24 |
| SHA256 | d00cf5e374d223726276be4fc6c2892b87d6854501cdea651e5b3405efa78041 |
| SHA512 | fb054d07ac341036ddd9de564734bbab34b8437c36ef9aac12923ecaf923e9df13acb1c89415431c1594cbd7c8966581e66b730af0a9eca08df8bf222e8b0ffa |
memory/5340-165-0x0000000000000000-mapping.dmp
memory/5724-167-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_A49E2928C282F3D7B74BA1083F81B152
| MD5 | 9c02f8cfeb5d8ec938bde86a8966f00d |
| SHA1 | 7dc55d144bfbb789a8c7e5bf584697c2f2cd4e4f |
| SHA256 | 55d5e19dccdd576ff492990021977abae84ee9acc24914f802880010c909f509 |
| SHA512 | 28761983f99c0e51bab76e6b275a89ce0cc2f17cc2a01052cb19f77ac2f917a9801605ac44f7acea4dbe38556d962408283f354052bbdc777bd977afdcade6e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_A49E2928C282F3D7B74BA1083F81B152
| MD5 | 99f4c3b1e19c3797eb4f9ee3bd5761d2 |
| SHA1 | 5b61bdaf017a3325d544a4a49a0a5b9965b094b8 |
| SHA256 | d381f014808fbb0abf9ea2ac187a1aa1ff25fe0648680b7b4ef266a9b2d1b7c4 |
| SHA512 | 46bf1bec81ec27866342767ed9e486fa2314353e91ee51c9569b2bcefc5d1482182e8b4567e36d67ba1c67d822082e3a2f675289e64bb2633a86e9993725e6e8 |
memory/5884-171-0x0000000000000000-mapping.dmp
memory/5420-173-0x0000000000000000-mapping.dmp
memory/6028-175-0x0000000000000000-mapping.dmp
memory/2344-176-0x0000000000000000-mapping.dmp
memory/4668-178-0x0000000000000000-mapping.dmp
memory/1080-180-0x0000000000000000-mapping.dmp
memory/5100-182-0x0000000000000000-mapping.dmp
memory/5540-184-0x0000000000000000-mapping.dmp
memory/1928-186-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Advertising
| MD5 | 4e9962558e74db5038d8073a5b3431aa |
| SHA1 | 3cd097d9dd4b16a69efbb0fd1efe862867822146 |
| SHA256 | 6f81212bd841eca89aa6f291818b4ad2582d7cdb4e488adea98261494bdcd279 |
| SHA512 | fcd76bca998afc517c87de0db6ee54e45aa2263fa7b91653ac3adb34c41f3681fbe19d673ae9b24fdf3d53f5af4e4968e603a1eb557207f8860ac51372026b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\CompatExceptions
| MD5 | 900263477e1368869fbf1be99990c878 |
| SHA1 | e56e199aa4119f3cc4c4d46f96daea89bbf9685a |
| SHA256 | 7f660d9db521646e9c6510d844b6c6ea26716b620c46f34edaf7ce318a9473e4 |
| SHA512 | 1035b388b4b00c744824d13c5ef48118d88abbb53e9d76896a2d96a2a127a7739c119e781d7d5f0b8d910e10539c0c502c9f937fc2487747c65e7285f4b1e6d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Entities
| MD5 | 643a118f249a643d00a0e0ba251c2558 |
| SHA1 | 5dbb890960534df2fb083bec1f5a5d3dbc83e47e |
| SHA256 | 5dac8767cc89776637ba4888bd39b57044f6c12d35ed8ed8ecf717e3d1b39d66 |
| SHA512 | a7f854a091540a83dccf4acf138c3443ce74025a3c3f24cb38bc41752b49924ddf4377afbfc901f38d7da395e2e83a0dce50fc45e8a6eb6a2a3f87163a183d6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Entities
| MD5 | d976a6a2df47aff5f7b6c91f8b11f0e8 |
| SHA1 | 332c9e8cf5b61aa1025372fdbe6fa282ee9604a2 |
| SHA256 | cf839583b2b0430edd947eb02210e6a29dbdd3024bc94157f02a201308a91972 |
| SHA512 | ef05f3d1b984563055f773a7458178c13e26af799e96d1eb26ecfe44ff4ef2adc8eb8aa3be926167cafe116a7eb1e189ef899a88d4c48a9093f90460a28128df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Staging
| MD5 | 2e020f44ed4f057648d549c24ec82b15 |
| SHA1 | d8e0bd6a321e1700c90a54f79dec6d26af7df438 |
| SHA256 | c33bcaf2f4ff8a8da96d4b6d7493751c5bbbefaacb6a9737b77e3395f5007dfe |
| SHA512 | 13748044eb4c2eb11011a2967451cabb97a56363b106abf3bf4e6b8ec9c6e71134b5610ba4d1f722c02b9f9d275bbff22468c64d27a6fcf2c9d8980d001ab79f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Other
| MD5 | c6c7f3ee1e17acbff6ac22aa89b02e4e |
| SHA1 | bdbd0220e54b80b3d2ffbbddadc89bfbb8e64a8b |
| SHA256 | a2f9f27d6938a74979d34484bced535412969c2533dc694bfa667fe81d66d7d4 |
| SHA512 | 86ed28ffdd00b4a397a20968792fcd30dd4a891a187a7789c00c88b64689b334a11fa087eb54ccee813c181cf891b43184dde7af9a6f33caed2a71e2c445a7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Analytics
| MD5 | 196d785ebbb4c59a4581a688cf89f25a |
| SHA1 | 5764ba17b0f0eff3b3ee2feaa16254c7558ea231 |
| SHA256 | 785f870959e083ea25f61ed88d3a6e87467a25449c5c34bac6da9e6aeec4ae40 |
| SHA512 | b53262aa2986cb523b26fda77efa921d394826068a9a66e60d3ca6de58b7f14b5f5451bb8e85809539fbd04ce420e8ee374509023835788b8ab9f95ae5df1ee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Social
| MD5 | 37a70ee6ab90aa2fd3dd7416e76675a6 |
| SHA1 | e57ff483f1085d428ec6e22159c1547a2b3d2718 |
| SHA256 | c73e3c71829a98d11e48924e4df126e0c265f21b62b1aa7ac27033f7554abcb8 |
| SHA512 | e335f6c350ed839911ef1b3cb9b2d12744b37a5bdfd5e7c1535c473d2383b2a5f1dacb5b341474732e9fbb46cc59db5bd371e6bc5dd785b1015d5aa42dcb3f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Fingerprinting
| MD5 | 96fd20998ace419a0c394dc95ad4318c |
| SHA1 | 53a0a2818989c3472b29cdb803ee97bb2104ce54 |
| SHA256 | 282a71ac3395f934ba446a3836c1f1466743f523a85186e74c44c1aef1b596c1 |
| SHA512 | d59ed718eea906fc25f27e0efe0bfe45fa807ef7050b9c7065c076996885890837eb51579aa79d0121586aa9cecc292d4e1b1e6a7236dbafe90c5601d5401545 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Cryptomining
| MD5 | 4ec1eda0e8a06238ff5bf88569964d59 |
| SHA1 | a2e78944fcac34d89385487ccbbfa4d8f078d612 |
| SHA256 | 696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5 |
| SHA512 | c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Content
| MD5 | 7f077f40c2d1ce8e95faa8fdb23ed8b4 |
| SHA1 | 2c329e3e20ea559974ddcaabc2c7c22de81e7ad2 |
| SHA256 | bda08f8b53c121bbc03da1f5c870c016b06fa620a2c02375988555dd12889cdf |
| SHA512 | c1fb5d40491ae22a155a9bd115c32cbe9dbcba615545af2f1a252475f9d59844763cd7c177f08277d8ef59e873b7d885fda17f2a504d9ec2c181d0f793cb542b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Analytics
| MD5 | 70e7fb4d4f0bfd58022da440f4ff670b |
| SHA1 | 1e3aeb8d627db63aa31f19a1d6ec1e33571f297e |
| SHA256 | e7be4221cf5029e817e664829ecb5e6d2d2fe785505214a8c00c75f86ac59808 |
| SHA512 | 6751d4a176a2e2394364f12c28506e6568b928d76f35c27529b7e0c8b0bff5941c2ead5036393a3b24846f5293b6e2a920505da7d125a1f374f9a68cce1318d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Sigma\Advertising
| MD5 | 1f3b083260019eef6691121d5099d3e8 |
| SHA1 | 44ffccd3293b17344816b76be4ede5a58ac7c9a5 |
| SHA256 | ecdfa6251eab1b8928ca8d9cd8842f137c1ce241c7e9bbbc53474286b46d9600 |
| SHA512 | ab5d9097fe90d596d69c33e0e51c155624027e05bb9c85eb0388b2acd86debbffcd2c1c58496875906c97ff3e8a7547040799a35f5277a12bfc4f60597c52c4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Other
| MD5 | cd0395742b85e2b669eaec1d5f15b65b |
| SHA1 | 43c81d1c62fc7ff94f9364639c9a46a0747d122e |
| SHA256 | 2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707 |
| SHA512 | 4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Social
| MD5 | ec39f54d3e06add038f88fa50834f5cd |
| SHA1 | d75e83855e29d1bc776c0fe96dd2a0726bf6d3c4 |
| SHA256 | 0a48c92dcb63ddaf421f916fe6bb1c62813f256a4a06a4fe9f6df81e2a43e95b |
| SHA512 | 91548200f6556f9872f87b8a244c03c98f8fc26be0c861127fcebaa504f31b7d72ef543d84db1ff7d3400bbd4500a1cb92d1b0b3a925378b8c56d526511d0d9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Fingerprinting
| MD5 | 9c7457097ea03210bdf62a42709d09d7 |
| SHA1 | 1f71e668d7d82d6e07a0a4c5a5e236929fc181fc |
| SHA256 | 9555aa7dc9216c969baf96676de9182692816d257cec8f49c5620225357c4967 |
| SHA512 | e00b3b66e0999dd4b035183adf9f741ff14087085c5d2a240a16e5f25abf18c93454824cd3473c2f122914dab9920dec8163aafd9e3db19a27301d7f58a38b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Cryptomining
| MD5 | 8c31feb9c3faaa9794aa22ce9f48bfbd |
| SHA1 | f5411608a15e803afc97961b310bb21a6a8bd5b6 |
| SHA256 | 6016fd3685046b33c7a2b1e785ac757df20e7c760abe0c27e1b8b0294222421d |
| SHA512 | ba4b5886c04ba8f7a7dbb87e96d639783a5969a245de181cf620b8f536e3ac95bbd910cd2f1f6aae6c3cd70fc1ef6209dc10d2b083ec51861b51d83f95811baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.23\Mu\Content
| MD5 | 94c183b842784d0ae69f8aa57c8ac015 |
| SHA1 | c5b1ebc2b5c140ccbb21cd377ca18f3c5d0b80cd |
| SHA256 | aa5c4d50684aa478d5982e509cbf1f8347fbc9cc75cb847d54915c16c3a33d25 |
| SHA512 | 5808ddb81657acf4712fa845c95aacbab32a414ffda3b9d1218637e2d53bd3e0d6b95c872779ead6eaa13b4d2d563494ad5587337958bd17f1e791fad5d822fb |
memory/1036-206-0x0000000000000000-mapping.dmp
memory/3124-208-0x0000000000000000-mapping.dmp
memory/5852-210-0x0000000000000000-mapping.dmp
memory/5380-212-0x0000000000000000-mapping.dmp
memory/4816-214-0x0000000000000000-mapping.dmp
memory/3528-216-0x0000000000000000-mapping.dmp
memory/5436-218-0x0000000000000000-mapping.dmp