Malware Analysis Report

2025-04-03 11:59

Sample ID 241109-2n6zystfrc
Target sample
SHA256 e90cf3830299bf98c61895669b05120fb5b9d73be91453281fd34eabd2e8aa31
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

e90cf3830299bf98c61895669b05120fb5b9d73be91453281fd34eabd2e8aa31

Threat Level: Likely benign

The file sample was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:44

Reported

2024-11-09 22:47

Platform

win7-20241023-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11684" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11684" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437354157" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf0000000002000000000010660000000100002000000054e326d378e670c9f0055d3c6b91a6fbd3abf4d8a0969c8064aa4fcf7456b470000000000e8000000002000020000000d738031151316c95622970210cb8aa4b9debcc85c730f2e3c4adb29ca9153f2790000000b146118f66bde13f65f407fa2d67618da313f938c24749f393973e686984660d7b533feb8c1dfd8e75dd2087e516496f34117fe4ba5bbf8f1e62665acdb3c808fc3ede0524b9dabda7c140a66ba43fba7c24a443ceacc6a2870a0ddd07f10d045545f28d8ac1567ff6adbf0c632646d5330272ff3190de4303a5ac192597d8fe72be672ef35bddc72f8d329de1199b1540000000fdcacc9e5864a6e11257fd10774259293f0656c29817ba489f9a7083d18fc1faa183d89defa9703ae7c381a7d5f1c189fbc0e7606c5e8871628fd9d24778d3a3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39EEF1F1-9EEC-11EF-80DB-D213376773DD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11684" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_D9127F9BB4C9955D58AD28496EF9AD71

MD5 24af8a9e33ac97049206e79f33997ea4
SHA1 54107b9ae77ff376e604e2148f3c1d665c900acf
SHA256 d63a48620ed23d9ae16b89034bce05eb7629fae62979d543e642e1422b578b98
SHA512 c3b7bf1c6c498ecc479a92bde04db72548585af5b0b62055d76d44329b7fef2d5d1740233e214bc4e1d21914624c08af706407bbff61d4a3cd37db114266fd8f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\30HO26PR\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\30HO26PR\www.youtube[1].xml

MD5 210639a5dad34f82283fb76526dd2db4
SHA1 09d27b3157537fc6d5deff7d711e7e228fd5da3c
SHA256 d7004ee43387eb057e27243e764fa4e3909f76e6723a2744bfd3b5171e0db02f
SHA512 3d1126797a30b59b9aa084cfe41a6f798339aa450751ce05eee90324f50e50fdd51d236a82102bce136075afa2a2986df23e984629eae394348afac55ad48b59

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\30HO26PR\www.youtube[1].xml

MD5 4d6b46067f8ea7ee6d5693061a61dd80
SHA1 62d5b05a1d97f28a8354742a1365ea63251a7964
SHA256 4adc1d037072347ed12cec7d86658949ffbfe973818a2614e1964e98629f5561
SHA512 a4992e050b95861db4c7f2a6ce37e6ca3b9572470b64cbfda9db683aa16fb83fb4926e88cbe462edcdcfb9700a010a4d53e3f536c29c4327729bc991777fbc7c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\30HO26PR\www.youtube[1].xml

MD5 eab8f36d77d614b1ca34df54ebfbaca9
SHA1 90c8e30045a956cf69258f47265804f153836492
SHA256 3df9f3d50680deab32c67a3507e33dc57cc2305fa5c5efd8565bbb1fb49a2c91
SHA512 742009a201ef6b991b0d527df262d6cb1eae245e6312faebaccc3a0e28744e6e7c21dc8254880579ebac2d03c158f422156ee111bd64e073076a9f7a9a568252

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\30HO26PR\www.youtube[1].xml

MD5 d7e2fafb4dd93dea002a234c7e3d0db9
SHA1 23d52dfa1fc7dfecf17aa335082866d56f991bf6
SHA256 0e1cdb6e724a82e16ee588ff03684bed7a174c5c2ea37bec05af5d49edbd9990
SHA512 13b355c27fa803dfe7e67c2a4a38258ae4e86784f87006bad6cc56bcde60de53c6359a1d7417e82b0bac51ed74fc180b1bea68ba3975c148cc5f80bbc4d85c09

C:\Users\Admin\AppData\Local\Temp\CabF0A7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarF0AA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d867e93a056785607e624c503bba23c6
SHA1 3c4e4b4d6197ff98fd7e8eb8a0eacd3d3e602c9c
SHA256 6b388b2c6c76775aaaabff3562f1898a2b702f4c18cf76905fda36ee7c5ce7bc
SHA512 9b0a68c2e2d9a33d9001bc35bfa7751ccf8cc2a82874dc866255547a6830031c087b5d4541ea401423c6ee8ccfc0ef2999a331c99c0d2c5d73045e82c87110da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26b879873de0c3ce2e5b721601477b0e
SHA1 85614489b097580b5713c97152f42fd6c72821d2
SHA256 e9f041902c26e320bb15697591c3ba120ceb0f2fe3b45c61e64f33aa01eac132
SHA512 ab4afd2b33bdc7a1812acd93137ba662a9d09642fadeb45750116cf04e1f58a39089ae2526f94b3e93bbb0d593036f10259538dddd6ae2d32dffb44bdeddf118

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 061bf7473c976ac17e46e60d69e853ec
SHA1 db27c8f9adfeebb2da60150197c43f2c73a686b5
SHA256 d5942cd902cbccb97444ce2b1aabafaa35d0a366ec67c5cae41b0eb8d4c5b9eb
SHA512 bd1ff6aee4aca7fae93fed5c4983ff5b4775676518e22631bd880f60b8de9b37b1da9158c4380da152311345d3cb895210d1082fcc7c52e062df647ac08acf35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64ce956046dc87554ca99de7d9f05488
SHA1 59d130c8c5e95a60c95f9174444d44fa8fa91333
SHA256 2266a80aef8902a3bf08821f07534f9483a6897fc349332cc55f908de399face
SHA512 3d10da4ddb4f0270b32dcfa3c72bb0a428e88b9872bcab0089cc5e4a3b17edefa3b5b66409da0869a33dc763034593909ae1c68ef9f2c559c97526acc18901de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7efffb1c4ca10a0ae2f76b52e70012c
SHA1 bb5379d2de1e66d28d26e833b86c882e12820b27
SHA256 02b35b4c7a6f7f38fc5ea38be45384cd3bdbf0c921ad59ffc21979aa74e8af44
SHA512 eb0257127ebd6943ecb8d1f46dc089b96e1f17e2679cff38f700d01a058a1a600128bf3201e4b9a066aa493a948dbe7ad48f860cb8ee2f3ac42e30539c791bdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afc6dcb6d578a61689412862e1c7084d
SHA1 1199ca79b1969906024f4720beeaaadb922069ba
SHA256 34e8d220643eb86ab6bfb628b7d64fa7887492c9fc30f148451e5ab13dad0150
SHA512 b69f56cb0d8c790fbbe24b3f1cdc44063e903b5c2adb95e317f14be196835a179874802678a02dfe9c62b76ecfdc1af239e3cd6cfa01ad22fc8ec215d8abb031

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85cda63113f9e575b563654fc02c4fa4
SHA1 d6026494e489bcc89fbc52f5cd564bad8a9b85cb
SHA256 61729e965e8157fab70c699a76e35229ecdba592fc26126bb059878aa1193776
SHA512 12366fe8ccea49b4f876bef04c7a732d897d0126223c78d4d4d38c57554c296275b3528f1a1c3220f0341fb750fb2c62782dc45f592c95698b40cc7041221bdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 075925d07b8ba393530a4534b7865b27
SHA1 ebba2a841e66ed794c6d7c3aaf92345d7fbe4165
SHA256 9f1f03b1934bb0d72983f2e7319cc7008f99f3a85f9574f9fdf3347720974904
SHA512 15296f048bacffa42e34730d2c9df6111063884e08203e268a6fa2dd81bb4403eceab5b55100f7a3fa5160e0c6ae94d5b9be78213218af0b336e0b6648652710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51c2af9e93e8eba9a42e4e34513c9947
SHA1 fbed5eeb3620ca79da181878e9d7d1fc0db14930
SHA256 cf5c26747ef6000c1e45eea0253266b094dadd1cbf8153ae6fc90e9bb29d5231
SHA512 7a9f04efffd811f9d2312e9d2cb3d3e03b3d6f4dd802d03feae8fee411050bd9fcf411870685ad6d429864fc7ab09953aad976b69ecd3f5dc4b24f6635bc4394

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21c7bf719a32ba4ce86e420691dceaaa
SHA1 cf4dc010966171ba9b15aa99291915dd30861bd6
SHA256 3945c1f9e515c31ab586b73d2e334c26f96f86e9e827d348c23dac6c99542dcb
SHA512 7a79dd09a873e6a074db27ea588caab9797fd2a6b102f1838827aeeba559df808990357a16be58f77c471f325be85d4152aa221e07761c550b8f907ab6cef377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77acfb1008a5f840059ab0cf5b3be5a4
SHA1 c1d224c7adc75632e3642e323c1345b3d5bae232
SHA256 39c0f77974eabaed88ea4ef03167c93dc0fe28b5b1ff6a4a1657fb67c1c406b4
SHA512 e7505c1803017a25bbc58306dc4aa1f949d1007dd80f6b91f5d2d33ff80ea229c8e3019a06f557ead82cee406c8422190632b798e9dd30cddfedea97a4bc8fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9717525733a6d88ffd470e6462fa7c2
SHA1 f533d56ce0e60b88a926f5153e006394b0433b8b
SHA256 67d273df2555ad10cbd8ed9a1c5694a506bb82c66ece29c7ea4ecc3e3cecdaf6
SHA512 e982003d8f57d415307fd672bcecc3252ae6c87c2d76806126498b93d531fe1b856f059a27011ffdab472f399072800f713536f6b11c6231bbb07e4b369b7fca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74b8b717afe49e05522cd59e0adb13d
SHA1 874d70b981a1fff01f87a62d1a574fdd11e3ec81
SHA256 4b7ccc442d6b94f240ca81274a201966e9b12b71e38771aaa52d74983bf42b2c
SHA512 b69931a2d62335dfd3a0e5742035fc475cc0abf495d5e9110a6a87c8f956b8b5725bd9a4b0563d98b1fb7ac6f10ddb1bb754667ea96434262678041989723cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf8c6c1401d1bf0f83e6652efd415681
SHA1 23266539770628a23c5a0c574798f3b7ed579dc4
SHA256 f410efdc2a292265c1340a4430cfbd4891b867c16796361a6a4eaa3a3addddd7
SHA512 96bec36bfb459e2eaa56703b1dddff32a43543e3fa4586b2371b057b056eca7552b8cd4ec1f0c43883b83ceddfedc93eb021d4523105ebc82bd01d1a46507000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39c3612aa0bca7ce304e393328d67988
SHA1 fcf98905195e0403ab8a03adde5e0b04fd19e7ad
SHA256 929f8b50ff78b130a537e20dcf2c29a528c9910daae2bdcbb7e9fd775839102f
SHA512 d2a63b858862316713ea691cadfad7479daea44a7cddc61c12fe641a2284c32b1993df58a3cc7c8589af5ed6095c8067b96427ed24b6bb6336ad9cc384a400de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f12dc2b9b3ca3ed682c5c57f9819aa0f
SHA1 88c58f8af7a17798b2690f85bd3826c330864b74
SHA256 a89dea9322108b7b299a66a2acf69c4fa8d98ea8a56ba02d8ab46b775de01e5f
SHA512 421fff670d4b55cad14894b5053b71a4b9176dc7f6650f0c0cbc76b2bd0a695f5b2aa439c6a59e2b2d57c863550c3449726ebf3d4a07dc551eb00c2a9de7c78e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ab189a969bb88e1baa1254adf8b52ee
SHA1 5dc66f84c72787a268deb5ba2cc0ba7be7c2bbf1
SHA256 c336015ee2fb69beff053253bc1d79985fa1e318cd81fa4bc4018fb2df20a835
SHA512 092bab6c9779297a05eea075c7a7a7aace3d65740d52a9c9fc75e2b41b9020235d0d4ce69bf4d113470f94e28f450305279627a1228a5f5441b21512d3f0c723

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a7fe751913a53bb42a7c69fff3226f2
SHA1 8d10ccc081ef166b571da128e568e6d8e5b68021
SHA256 51d307002497256f2a50d8f49e4172dec284d98e315d9418810c025e326c8ed8
SHA512 98a74785537f5b9bf49be384ffb7f20727c48fe39009806169c79609286039c8abc053d6084aa2737d670d448e9245b972758fc9f15aa6d02a1410d3d8eddbc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6542c02b485b685762b20c2c617332bd
SHA1 f9ab2ef76e7168b32b0ebe692b58a67d5ddaf996
SHA256 0d715ac1ad6c282fb7ea9fdec30fb3e12452ea142cf4a4d33776703920cc72e3
SHA512 16b256e4a5bc52bf1f28833a97ac530fe6ab76365e0f9c6a7e0423e6f34ba744cbc482398bc2b1b21cb8cb5f59542c146e77544b538a66af0600361cda278fb8

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:44

Reported

2024-11-09 22:45

Platform

win10v2004-20241007-en

Max time kernel

45s

Max time network

47s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5068 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5068 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff6e146f8,0x7ffff6e14708,0x7ffff6e14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11108882990828024633,12518233354518273552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 142.250.180.22:443 i.ytimg.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 238.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 79.133.176.186:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 res.ldrescdn.com udp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 163.181.154.244:443 res.ldrescdn.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 6.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 186.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 244.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
GB 216.58.201.118:443 play-lh.googleusercontent.com tcp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
SG 8.222.254.73:443 usersdk.ldmnq.com tcp
GB 79.133.176.174:443 apien.ldplayer.net tcp
GB 79.133.176.174:443 apien.ldplayer.net tcp
GB 79.133.176.174:443 apien.ldplayer.net tcp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 174.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 73.254.222.8.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_5068_LKIMHGOEELDXJYDN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc6e73608cd64d7e2af7c6d265d9fcb2
SHA1 bef05b588d9d578c147bc0ba355635a3a4e4153c
SHA256 5224ff49aa9852eaf37dcdcfc46dd93abd1f861fa02f458e99d1b17d8469b2ee
SHA512 cf642a2590a61061492dc0115aa03f0f13f13c178fef3bc4511f736ae5359b8678122d37a58e4262b2d1cd53000b023d6540d2c57ae484e2b8a8e466b8cf02ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e6eb29957acb82c9ea58ce7e99b8c461
SHA1 cbe9336e83e2649d1b6c4bc4e7beb5ca3ba7f85f
SHA256 f0ff112a6ed6d3c39b115d05c04f12947ee5adf4a66e8f5799764acc9493d6fa
SHA512 d94a290b6c736c8d08e35c3c3555b00cd4daade52a3f10f9f12a959ce0e5cb0bb34e10e4e88009298170e4368c6c22d01c30ab3381c720eddc27bc675b2ca3b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 609a5e96816d3303fe282450b616f7f5
SHA1 fc3e263823f471b219b3b0cb28f61ce7f60f8bd6
SHA256 6bac0e4d8f1cb5080c86f1f3d2dcb1b1e5d33190df987f8a2cff94cfc385c2c3
SHA512 125a70de360ccc603ff300746b811e78a7778a882d51a36f490bbf0ab9b406f99ba6d2324b7fa6e6bed2843f4873ce40100443ec3628f70bf30234cc7286b880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 287ceb9cac144d6d00cac6d13b3abe4b
SHA1 d23faffb5246a0cae04c2288f64e17f5f3be8bf4
SHA256 9812e584e1c1b4c7d59533556e88520fa80dfa333e7663fa3c5a9a6865d8f6c7
SHA512 bfa1c74e29b33a2fafe5f88418770aae645e8f2a7f93cbccdc115f50df659e3c5297d9778435e6020fcaa763f1078d6805fc365efd39655842d8b6ff0ff603a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 18a64802714cd620582e3070cfe247b6
SHA1 8b07b5a18b9378816ad4ea50545aae6c28796262
SHA256 c920432f90cdfb91ca4074cf59d22871407e1d2ac429b95c5ca46690ea4314f2
SHA512 f8a66354bf3b6ac887994f48e84d5d35fa38684c0c621f90fc9c846074518ddec7e3f89ca6a924456c1f54f8323ed2d5649893bc2d62061724e281a9a9028ab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 eb77bc2800d9fc63ab6d008de39ba433
SHA1 e272c72645ea3f7881411a7447c09d1ce8223c5f
SHA256 4d896cdece4dd4e55114383fa239d45106f2be70ded3a20f7277bcd561737d92
SHA512 8a9e30e8a419b06114fd65c2e550ec3927fc6bafd98849c4ad79f8c3ba19f101d9cba7aa7c8f0bc06e9eeec851b4033917ffb0e906292b4f6bcc7bb4381ab00c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 8b7e7b8c23b3258a2797eff7ee34f466
SHA1 c14bcce1022711ea331bbe8f36934dd7a668b1e5
SHA256 1101c3511b7b6e02a37264660514fb7cb52983b3c878c83073cc62914a446aff
SHA512 868dba59ad30dee43d80dab8f0c73993157f94f34dcad866235b51e506af92a4344c601c3537dc13e2cf192671cb09eb1496550fc9c7b28593d176c7b6842dbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 d51156aefe1bb617bea2b80267421bf6
SHA1 21f5fb668da9d0a0b6b71f2c4f4c2b6ceada50d2
SHA256 add2bee75d3c9389bfe4ccafa5f08a9f1d3ab2f644c7ea02255070479d09bc72
SHA512 fdcf53ba59bc5e72954c6f13183e248354fbf6be8a51ee4bb7f4c9d01ca39c27c1eeed184572900caa4f48d279acd2b1c3ae0878285a46832f0724093898d8df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 1bb8006731edf9abe773404911f6a843
SHA1 8711ddcd8195d77c8b4e57e921ec7614ed9d9a22
SHA256 e35633561412bffc93efe0b1d5044265b1fa772220e2b2755cb953f1a5c17b7f
SHA512 1835efd137ccc2a318260b5107252e0d726feea395d7e9abcd688cc4a4a8927c41d72160dc967440bee996e0280133e630b6d5eed43230ae24cd06aeee760f19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c89f4a6fcb483602f3f851716a8be73
SHA1 f697526c6790bb5605817ce945fd0d32908d7716
SHA256 736eafe7389c8ae7951b444036c754aea9d9017cea173ee7ebb68945ba9771a9
SHA512 dd04c546a4e3aed171f94073aa91a6ab6a200cb49028a5e371baf60e442c2a9e7901041238b06d0373bdd05b5835ca474c882cf61359bd3f6f7ec09f8cb1aaf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8664963d45d3e7ad6eeaddf511023ff3
SHA1 33f9b83c261ae9da955dc63cccb4a8d07a82acf6
SHA256 d5c9197df70a5c5167017e57e91317ef457b97efe8c904fbb06e0f3572b1fec5
SHA512 e27b0a4915f1e57b1934bbe43ebb8e60f02a5162b8a685e442dbeec2597af18cf9508daadc3c1dc8d689b9760effbe6568277b23f2c7523b4d6bf7e9cefdf337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c9b.TMP

MD5 7a933c50b293c6157c5006957b7165ea
SHA1 59b7bbabd7004a6e743b36cf6db3548d2ca707bf
SHA256 13ee29719b7c29893da76b65b1cc5ffc7a6f1dd783a59d792e3dd790a350c156
SHA512 a225a917d489a786798fba843c872f15a44fa9d91e7ae490d4d1346c5bcd9acde1e405cc8052a6952002a2404aa437bf2679face2eb50d9c03aca6ce6b42e835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 e097423f1749fd6a3e21ff2df812947a
SHA1 23b26e1e7826cf458e154e9cdb0f1afa8d90bf9e
SHA256 3dadbb5d4e785122b1174ee12b248088e28fca6aaf78e4f8251c512469e35872
SHA512 65a4d58e729460c496d25703e41a7663b96d5bbcd48b3fe10d7078ae5f305814ca931d7df7b5a50251e6787344f9c23308a2f217f206919a670ea9d13e9de87c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4f49e7c2acb42c029bd9037070e15c7f
SHA1 bceb57372a444afc3986026b596fcf3319244b25
SHA256 9d5896c1027f2fdfe639056f8ec86b8afcd2d30752dfbfa1ed348de45a160a6e
SHA512 752540f240f72a0d88dc72e8b90926c92dd7643dd4c7971d1b3f73e84ea34f1b8f085b43ead379b1b90c24114aa18fafcb4f98996983a60fbf6fa3356ec85eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab6cc3a34c6212a314d9b96dfb32f7dc
SHA1 09c67fb89f0330dbf096d185ecca315c402095a5
SHA256 dc5b4389c85d290cd81694e1f15aa21dc4401b75fcac342ec8c528acb66b535f
SHA512 c45e8ee8a4e7dc78af52e5b3a1a4eb8f206054258758545f8b928a4bd2414c5500604cee1062e58121c2f1f50b0d47b2215fa5ef2ff6ea9086e8760c734f1c14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7004f6813349b2adcbbec1672cfdee36
SHA1 fb9f1db67956bc604db581b6ad86eb2a2d05c01d
SHA256 cb9f6f481716657c1cc0c77e5abc42f50f76b3eb9e39aa64118f204060f10657
SHA512 b3a5ae752823b9108763c65ce44420f0548729ca639e798eabe283c3bdef1a018ddf3db39d128b55fdf1ec1f9aeb2dfffa40e6ae434c07369248da865c1fa517

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9019ba042890e00abe92b7398a582ec4
SHA1 5665d0ab64c7634dc1e88b14eb63bff09c28c6bc
SHA256 e4b3439f1fc49d514c280b6678a64b103e0af054f4e14ee838a16597d4f2864d
SHA512 f6e9e3605352aa98809590d2750189bcf41431c5b0c65b9ebda7f78b2ff3d5c223db931d9c7c94e00a1a131593d967d8494532c3ab3c8478f599f3e0559545ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7976a8956f7b16f9041e6e32cdd218cc
SHA1 6ed356310e1f8a9456a11590b3783e70cdc1831b
SHA256 04b8d95459a29ea2c43b4b8ae61789144abbfa7ff82665b1491ea29d72711418
SHA512 e1447f70d9cbf34ff4b469711253cde1fa758a644c5e5b8c04ea7e1430022da9072c83fcd0d6f67d75d07fbaba8b10b4fa24770f86e6ece83d34daeed49dcbb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3dec2a51dec8051cad6c69e0398b4135
SHA1 94d6dc8fe643385b9fec0543125f44f47d71d43b
SHA256 a63acb2189039817886279044c61738c9fe7eb8c1c189c708e2f1a2c33209a25
SHA512 b9ff7f50ccbdc7cefc83aa168811db4c5fb23c92180ecf4e800816538b84a85c87af662e303d5c30fd67d8b665f36f827e3c3237d186afd1aa9b349de149688b