Analysis Overview
SHA256
047e62c2d5a8082722a48bfcfbe5ed53d71a20c11da36113c614800a8a925bfe
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-05 20:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-05 20:04
Reported
2024-08-05 20:07
Platform
win7-20240704-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF0990D1-5365-11EF-9629-7667FF076EE4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2356 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2356 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.131:80 | c.pki.goog | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.143.234:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8b37c879c434e701a46d3d1eddab3ae0 |
| SHA1 | b92aa393fd82ef40f97338767506839fa86c6fa6 |
| SHA256 | e6a15cb0279a2fc3d58bade6248e2239665f8209d279fc83d98e9ca5d9e1df72 |
| SHA512 | 85c961fae57671b36ac3968ef38bd12fc2c53e80ce29daa37b29f45cdfb4e28d009eddeea9fb378fba55018219aef7442a9159f73944973eec26b7f301585c83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e47977e1cc57ad83ffaa5f4683fff96b |
| SHA1 | 826a8fedd8c304005f9d223d389916b93e000a19 |
| SHA256 | 46e6bdfd52c0c2d007ca420c2f6440c63c81f2c18cb7f8e4ca0b500e4adcbe36 |
| SHA512 | b6fc9318e2034a217d26384a673c290bba5d436978a022e3d3e49d58832790705a2588b90b901961498f0486ad9ed99ddfc95e3b66154aad63996083617b3164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | d6d91ebc1d1bccfe0b9641052a8c2c18 |
| SHA1 | 82d1f17d81bd71cc39152e028cbc5216a70270e7 |
| SHA256 | e6dde528ece0bf210f5b32bc0ca76545450017593f4004f83095b20206cdb440 |
| SHA512 | abf334914d8699356e980692e944eb3a40250ee6d72e4c55364d544a7c9c48cc5faef741cc28d5c39b511797cfa2d8b7cde343e7e04acbd42620d3af9a816e07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552
| MD5 | 41d578539e2c0781bc583209b61a63ad |
| SHA1 | ff192e26a7a6abc3a9bf3346dbc917ff5d448523 |
| SHA256 | 44d377f23ccb643df0e85429e06ee6d30e6c00ba38db8d4ae36a0c51b509188a |
| SHA512 | a28b73e8df582b9c05d49630f28347f1780fdfb79a4a22e629bfba55a8be3e50393a6f7f20ba0548c216765125477dabfac5b78189bf4d27cce257595baf925f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552
| MD5 | 9e6cf26ba88811007de9168e6d127827 |
| SHA1 | 7eec05df6a32cf1f1e31c0ddf5a87464f1b06c62 |
| SHA256 | d47265f953f3b6c92ef5af5db368c07fc19d48f38eab8b62dc8f893e62dbfcf4 |
| SHA512 | 9279c7bf12fba7e8f6695413f3d73d16839a5dfdaa9ffd992adfa89cc01641bf49c917a6a0ba87359d4413b5997ad9cde50f97a4b9650ac110ecfc5330ee4043 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552
| MD5 | 702b6979b02f3c4e63d80dcaebef2bb9 |
| SHA1 | 0292c78e8eed55a520d413de73a8efebc77152ee |
| SHA256 | de5664dd0a86da82751473dad32623bb0ad48454bb907563a935bdc951d541dc |
| SHA512 | 532f652cef8c5cba08e2ab19ea8fcf4b7a5bbfdb9c08fa8c9149b56a64f2cdc03cfcf33b926a33ffd15fbbcf4213f6d1ba09b3b5d0bdc3009c280ed96e730691 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-05 20:04
Reported
2024-08-05 20:06
Platform
win10v2004-20240802-en
Max time kernel
62s
Max time network
63s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "91" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b22a46f8,0x7ff8b22a4708,0x7ff8b22a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,43388035912006595,8796452971318335967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,43388035912006595,8796452971318335967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,43388035912006595,8796452971318335967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,43388035912006595,8796452971318335967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,43388035912006595,8796452971318335967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3963855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 216.58.208.110:443 | www.youtube.com | tcp |
| NL | 216.58.208.110:443 | www.youtube.com | tcp |
| NL | 216.58.208.110:443 | www.youtube.com | tcp |
| NL | 216.58.208.110:443 | www.youtube.com | tcp |
| NL | 142.251.36.42:445 | fonts.googleapis.com | tcp |
| NL | 216.58.208.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.23.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 172.217.23.214:443 | i.ytimg.com | tcp |
| NL | 142.251.36.42:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 214.23.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_3936_UYBAWXIPCLHIVQFW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29bbd5850af2c4b0067d8ed3a2606e5d |
| SHA1 | 4b127dfa63dd8c652d8be4499703f9a70a4528dc |
| SHA256 | d5c2cd21dfe7ecc74931d84a794ab7ac598148b2d73e6f479b3c76f37c3034e9 |
| SHA512 | 02ed6218d959fe0739f359db716ecd560d96a66e57f801528597a4191aa388484f99a45818603581f498d8eca7b431cc556c2297ed321ba957b2096276b7265e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 47e0357edd1c1d301055f437fef24546 |
| SHA1 | 213542910a063ef155c45553f882d465eff8720d |
| SHA256 | 135662f9a04a351911288cfeec525eac96fa9889838c3a51a00f02683254dfde |
| SHA512 | 530a045905119383a58f7a38e90bebb8cc860355bf3fe1660346bcc2a33ac93e1bf1a090493a66ef77c1b7977667c80882e838b97ca51b323744c07d32e2a71d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd7bfee423fc43ceba7c94c658788313 |
| SHA1 | a3cf1e6718c83ec662bdf2fe90170ed56dad33de |
| SHA256 | 2fa8deaaf7ac67c8dfe4c59d222520e56409004c0a966a9210a138cd0329ac8e |
| SHA512 | e6118b23dab4b62a86acd236289861d066df8e61b315a98b790f10e5dd6124755393059fda7bc51aa4e57fb913e456fbc6859581ac89af649bf09cadc0c1325c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc7bc126e6c1635ad4e22da805625df9 |
| SHA1 | ff473b16479cc30bff7c383cb3c01b1be6573250 |
| SHA256 | 3514df8b50da3d03d9f3e895f2a02c24829223dd2ef20de3c44c0244a0777671 |
| SHA512 | c90bbaa8c2e605964a8f28e6d450ea44c20e363f1620526894b5f3d862b5d5a89965f434bb3588d7a5eaad15068bdf53663f011adf015feae92ee0fb77de3e92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef19b4f940f55de7b15bee119fa6622c |
| SHA1 | ec9f56bd6e5f36f1e1c6b20b25b0ea55457ce2af |
| SHA256 | 77c55374a6a17c641fc6693e5f3277cf7d6ac180e6fe0a7d7ffdf9f66a51c0d9 |
| SHA512 | 429b8b04f320ae8eb2daba158aeac735a1cefb35a11b4404a54f0fe4fae2c41b2957671ad6dfc2bf2aa7cbc7bf621942c9d78f9d750d11dcbe4fd67782141532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8016602fc5bde507ffb172ebf6eeaa0e |
| SHA1 | fc5c2185126f43bc39393a4e60efd2915a61d055 |
| SHA256 | 83508d08357d7999566dffee8bf6834b876a1196b7263d904b43171afc703549 |
| SHA512 | 0273224e412ccb27d7bad8bd840ecae272464cf386ca8139c1fd95fb617f70721eca892aae714cb91bddf7cd3e1bfbbe6862cb0fec397e6453eb182db819053b |