Analysis Overview
Threat Level: Known bad
The file https://www.bing.com/ck/a?!&&p=4196f1836626b980JmltdHM9MTY5NDU2MzIwMCZpZ3VpZD0xZTU0MTUzNy1iMzJhLTYyZDAtMmRkZi0wNTE1YjIxMjYzMjcmaW5zaWQ9NTE3Mg&ptn=3&hsh=3&fclid=1e541537-b32a-62d0-2ddf-0515b2126327&psq=flisacademy.org&u=a1aHR0cHM6Ly9mbGlzYWNhZGVteS5vcmcvaG9tZS0zLw&ntb#bWFyay5oYXJkbWFuMkB0ZWxlZm9uaWNhLmNvbQ== was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-25 15:39
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-25 15:39
Reported
2023-09-25 15:42
Platform
win10v2004-20230915-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-919254492-3979293997-764407192-1000\{BFF85F7B-CD54-4A73-B4F7-DFAEA562572A} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=4196f1836626b980JmltdHM9MTY5NDU2MzIwMCZpZ3VpZD0xZTU0MTUzNy1iMzJhLTYyZDAtMmRkZi0wNTE1YjIxMjYzMjcmaW5zaWQ9NTE3Mg&ptn=3&hsh=3&fclid=1e541537-b32a-62d0-2ddf-0515b2126327&psq=flisacademy.org&u=a1aHR0cHM6Ly9mbGlzYWNhZGVteS5vcmcvaG9tZS0zLw&ntb#bWFyay5oYXJkbWFuMkB0ZWxlZm9uaWNhLmNvbQ==
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7a546f8,0x7ffcc7a54708,0x7ffcc7a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3258363362772305289,16186064682708438463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 23.72.254.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.254.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flisacademy.org | udp |
| US | 162.213.255.48:443 | flisacademy.org | tcp |
| US | 8.8.8.8:53 | cloudflare-ipfs.com | udp |
| US | 104.17.96.13:443 | cloudflare-ipfs.com | tcp |
| US | 104.17.96.13:443 | cloudflare-ipfs.com | tcp |
| US | 8.8.8.8:53 | 48.255.213.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.96.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ik.imagekit.io | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 18.65.39.116:443 | ik.imagekit.io | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| GB | 216.58.208.106:443 | firebasestorage.googleapis.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 3.226.233.44:443 | image.thum.io | tcp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.114.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.233.226.3.in-addr.arpa | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | alphatrade-options.com | udp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 88.221.24.33:443 | th.bing.com | tcp |
| NL | 88.221.24.73:443 | r.bing.com | tcp |
| NL | 88.221.24.73:443 | r.bing.com | tcp |
| NL | 88.221.24.33:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 33.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.75:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| NL | 142.251.39.99:443 | recaptcha.net | tcp |
| NL | 142.251.39.99:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
Files
\??\pipe\LOCAL\crashpad_3168_ZFYNDWJPDBXQYWON
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16c2a9f4b2e1386aab0e353614a63f0d |
| SHA1 | 6edd3be593b653857e579cbd3db7aa7e1df3e30f |
| SHA256 | 0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81 |
| SHA512 | aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4dff6dc02907d6ea03c194889f035e53 |
| SHA1 | 36b8eefc99e6b4d0ccfd83cd19bdfd337db1f87b |
| SHA256 | 78fce4daeca3d3e0f70fa747839aee544b6620a1823a0b64690c548d9bd74bca |
| SHA512 | 7bdc8bb9c20f3bb5758c04eed6f370aba50489e5c337006c67c7610d174fd1b5293b9acb6a6d715b1478e27f285e99c62b0bf3780706bb0e7df08859966d3639 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70d149bfdca32ce1fc73419599fd3676 |
| SHA1 | 839c721a6f844db58b4f06f79b7ee3e5067aea5d |
| SHA256 | 0818df7d01a684f0be6900d78be410a29d6f8d4773061f600351bf9389d3d347 |
| SHA512 | bfa7c452bb6b4a9f9b7347fe29415b7a4994e2e5e242e22b1208d66e279531fdad91fbf55fc40aaf890b167cc46d11b2e1124e8a6148ce456283a15c5874db4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6244cadf9557de5c8db348a4088243fe |
| SHA1 | c5e6beb9881140f40abd6317444944341c73bd60 |
| SHA256 | c4aa1f0c8bd188d59f46099f7c7f71127da0563bf087f58037a554db83341ea9 |
| SHA512 | 17ae92d6da0d9749e2bc28380a58ac8d432d66d7931da58d456ba505d0c8d6b4c2912aec8ecf1a6c999ae8438c05dc062ecdfd78b29c1453704732bf3c80aa03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 699e3636ed7444d9b47772e4446ccfc1 |
| SHA1 | db0459ca6ceeea2e87e0023a6b7ee06aeed6fded |
| SHA256 | 9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a |
| SHA512 | d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c08062f960431888474e929589c32f2a |
| SHA1 | 6a3af421765ad9da43bac7b7b6dae636ad608fea |
| SHA256 | 1fee545da1d527de477888ff9c4ff2046345e65fdd172c626b99009551653f87 |
| SHA512 | 4297a8dada23c0f43e0ef9337274b1fb434015482f24bd770cc665ae94ab27433bb47282b6d09e707b93493e25518e6282f5cdd1beacca982a98cff33a68294e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 15d5392cc1b830edf901cc8d07db4dd1 |
| SHA1 | b7af092c95ef33e8dde3e1fc035e87b2cee3119c |
| SHA256 | 351164e9cca74839547fb82e2e8b44b932f863bbd6e5c12bfb1fd5185acb1c3e |
| SHA512 | 3656aacbcfff44fe4ab173deb662f3f88ad00869e6eef8f9d00b3917a048a0a36f55187fbd69f88b1813d89486d576566a2ff99244da57a14837f49a28524fa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4bee464e360f8b69f2a7469e23cccdcc |
| SHA1 | a02d125e3a2e3809a23d89298206ff84268ffadf |
| SHA256 | 8f998d780ef439553e2ee9651481f4173024913d172d986ea8304ca64f0ec5b9 |
| SHA512 | 5ffc2d3088f3d2b1d71923357f5a5f29c5c2e850560bc5cc5a0723f70c41e5c7c5a237e060dfa135d5b4bc58496552f3f4e74f74dd43fb051bb4b3d3ecf105f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 7d0523c8f2a44a194de34bd42be8beee |
| SHA1 | f46afa868fcfe7c189da86e69b3f3468aab47e39 |
| SHA256 | 6191b5ea83557ff03488f2d3c2aff3d73a6360521c8eaf5f4747db9809df81c9 |
| SHA512 | 18e0dbac8f74153a31b0a96fcca65bf3ae7398e1a4a59a5900ef1fffc1220e702c3e1ff11dd7e994f5432a0f89ca454b89838791affe45ce50034971a43a1c22 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e7076e9903685243f778a133df288216 |
| SHA1 | 6f8bdb871d8fbb36eddc76b4d25680a0f2f4adb5 |
| SHA256 | 2c665fc4029125f5cf9551990e9aa013da0fda2c513923cda6ebe28237e76c6b |
| SHA512 | 16b024d8d7467619780db3c16d740aa164f6303f9dd135f89570959cbee23224798f832c552fe4f743da4d43ac4d16b7a2e824a45d68feac84f2829c03d6d240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb29.TMP
| MD5 | 45571b327a693ff9e71ccb21906de361 |
| SHA1 | 83ede3a3143332908d969eed3861060ff8ed1290 |
| SHA256 | 9762b64adb32e6d6648bfaf6b2e5ef7710afc3b69b5c845cb695d0d73bba41f3 |
| SHA512 | 60c803024305ce5938c02740a58aefcc46cbf16d74a42a48e7d9e617ef7e1d659e2b371d4c7832b5927da3eb7df28accc58d750c0aff05ab8db817f67f77c612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54f26e20a4ce1b9435c1523775732f98 |
| SHA1 | cfd2c6c0279fc57f80cedff21cf6c5245cea7a7d |
| SHA256 | fcaa5d66758df7f93d45bea4a8bffcb187cf7da2d39b96885b6c8039a7c71eff |
| SHA512 | 60f39a673fb9ba4175dc8c9c9c02f0591347aebbcdb6f94e5e8c99cfd248fdb24b495e5094c8a8c747958c2590091c1c72069e9e4666268bf26f1a586e33e933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 210abaf349af321ccbae9858f799a491 |
| SHA1 | c609a76cf7348f67f06de81f93bed1eea613e1cd |
| SHA256 | 2719b1558a9187b7d3ff55fc6ad799ed6f2f94c5bd7f7a1761efca91ce1ac993 |
| SHA512 | 6e9ee93d69a8889dc2b922c28da071cf36d84834df7d3a34400e7fbc678cd98a0cd86cf7a22193c48c83e7eed9726202693bbb3b6c2e2763f0e1ae012da1d8de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583b5e.TMP
| MD5 | 9f9d33ab36df8c36eeeb8582d73f27e2 |
| SHA1 | c0555108fc596ee302598fcb7947f6065373ccc5 |
| SHA256 | dfe1fc0a05b5761c203dce8ef29b31476abbe84dc3ef514d3685bcf082142b22 |
| SHA512 | 6134ace54a8c4132866c2bea153a432e1397ccfd776daee5c257105aec12eeaa494b0fd008d4e09bad4da47430202d35903b66f55d1dab2b53107232da907b7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ffe5c4b66e0dfbed048e8cd6b23f9c3e |
| SHA1 | 2dae711547bf3c719933e2dd58a78dd1cb063d89 |
| SHA256 | ff5c7e326221227d9feef317cf2ff409d37f75827d7d2767f32d58695ea03f4a |
| SHA512 | 5ed98280df27bc807b364d164f58454850541e7748ba6d6bf4792dd604216bc22c226b71b3a20e7d769568689a10c869c40c0ef116a48c15e69e3a8c01f5c10c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f40ed4f88f9cd42231ed1ee1bc18c592 |
| SHA1 | 32e4ac127dcb21420420695f7a3373bfe897a633 |
| SHA256 | dba50cd8f467443c59e96a3642eab47b97af364e20fd1f68662463e78943694c |
| SHA512 | b9dee4881c8dee776c7b8a95721b43e1010641947807fa016534fe3c00643529a789c8327cb7d6e608c3443ed78ba151206057a7cc5f37b114349988d07ec419 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c27ddd4b32a103ea53f081256586ce5d |
| SHA1 | 00a2eefbfc3f0c66480bd373f80be0a9bbc1e9b1 |
| SHA256 | 6e980461472bfdaf73e0bae0f7a0b6b1986b51eabf61476a50d43c5f9d5c83cd |
| SHA512 | ba2aab17cbd45ef1de8d28b63bff3b393a85a3970ca0111f826131a656c35434eef8edba28306a0fb5628c887ff134df34d832446b1997407ef3fa0a1ac7868c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a30f1e2817c15373065df1495affe095 |
| SHA1 | b6fa9b2578761abdef44826b3ef0949ebdeb84c4 |
| SHA256 | 7c1825e6134b200d27047141394117edeceffffcec2701cf0d69106644425396 |
| SHA512 | 3efbb4c6d35061770b6175574849571972da64b2f22edc2a07bb62bc8f94e4b5d5328a0bcc41a06334d1d140fd00f85f93628bdd09a9d2315e08c91f0a9264e2 |