Analysis Overview
Threat Level: Known bad
The file http://www.anacorteslittleleague.com was found to be: Known bad.
Malicious Activity Summary
Detected phishing page
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-01 19:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-01 19:32
Reported
2024-04-01 19:35
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Detected phishing page
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.anacorteslittleleague.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd40d46f8,0x7fffd40d4708,0x7fffd40d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5221024196146654991,8863959584320831172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.anacorteslittleleague.com | udp |
| US | 104.17.198.145:80 | www.anacorteslittleleague.com | tcp |
| US | 104.17.198.145:80 | www.anacorteslittleleague.com | tcp |
| US | 104.17.198.145:443 | www.anacorteslittleleague.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 88.221.134.137:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.198.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dt5602vnjxv0c.cloudfront.net | udp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| NL | 52.222.137.186:443 | dt5602vnjxv0c.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 186.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.206:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | bsbproduction.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.segment.com | udp |
| GB | 142.250.187.206:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| NL | 13.227.222.191:443 | tcp | |
| NL | 13.227.222.191:443 | tcp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| NL | 13.227.222.191:443 | tcp | |
| US | 8.8.8.8:53 | 191.222.227.13.in-addr.arpa | udp |
| US | 52.216.39.105:443 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.39.216.52.in-addr.arpa | udp |
| NL | 13.227.222.191:443 | tcp | |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.178.14:443 | udp | |
| US | 34.36.213.229:443 | tcp | |
| GB | 142.250.200.22:443 | tcp | |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.213.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 52.216.39.105:443 | tcp | |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 34.107.204.85:443 | data.pendo.io | tcp |
| US | 34.107.204.85:443 | data.pendo.io | tcp |
| US | 34.107.204.85:443 | data.pendo.io | tcp |
| US | 162.247.243.39:443 | tcp | |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| GB | 172.217.16.228:443 | tcp | |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.204.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 216.58.212.227:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 216.58.204.70:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stacksports.com | udp |
| US | 141.193.213.20:443 | stacksports.com | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 141.193.213.20:443 | stacksports.com | tcp |
| US | 8.8.8.8:53 | 20.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | js.driftt.com | udp |
| US | 54.203.23.243:443 | tcp | |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 13.227.219.60:443 | js.driftt.com | tcp |
| US | 8.8.8.8:53 | stacksportspr1.wpengine.com | udp |
| US | 54.203.23.243:443 | tcp | |
| US | 35.223.18.192:443 | stacksportspr1.wpengine.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.18.223.35.in-addr.arpa | udp |
| NL | 52.222.139.19:443 | static.hotjar.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.201.99:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.28:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.219.227.13.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 54.69.251.6:443 | api.segment.io | tcp |
| US | 8.8.8.8:53 | 6.251.69.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0764f5481d3c05f5d391a36463484b49 |
| SHA1 | 2c96194f04e768ac9d7134bc242808e4d8aeb149 |
| SHA256 | cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3 |
| SHA512 | a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224 |
\??\pipe\LOCAL\crashpad_4376_IVJJUEDCMAUDFMEI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e494d16e4b331d7fc483b3ae3b2e0973 |
| SHA1 | d13ca61b6404902b716f7b02f0070dec7f36edbf |
| SHA256 | a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165 |
| SHA512 | 016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e313da12337b9f2fd2fb7def8d7731a |
| SHA1 | 244431ce334a7cdfd8bba30d5f05c6bdc6566cf8 |
| SHA256 | f3d54c0c1d7317a96b4d7ad3e9cb7396db7fc2facced66035ab833a4d7a66a56 |
| SHA512 | db9a28754cb0ae20a16eb392bc133c68cc50fe122e9569582eb4fd021b9791d92970f422aa58907c62c053a60eb1bf4214091f3aff1d11450b700a78efbe1dd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 312eccb4ffa657e57c325291c6077d88 |
| SHA1 | 41a05fce0f6b334bf35e419e6080f89032e1d591 |
| SHA256 | 1b3ea13eb3343bf87750b0bc0a21994e1f5bf4d1725da3f8da233e759ba3de3c |
| SHA512 | 127e1b5120fe77467d9a0fabd05b7a06326f981de960773768ca14180fab37c5d158c0fb78f9dffd13e9ad7c60f4b8ef1b570bdc5ea7dfa1a3ffb3d6b946175f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b2241ba3b0d11a12f238fb9a211ccc6 |
| SHA1 | 1bbbcc888532c050d5e42cdd7b399d3458134159 |
| SHA256 | 51146e1d0b15b803c9243fe17c14106dd6939d44d776fc82b4ccd6e5f387ee7b |
| SHA512 | 68baf3c5aad00227fb38463785a5f776fecadd1d2f8ec9fe2a94597ffa37b62379df9fd8a233a31f6c74ce36ce9444c598609b9ba244f8b6c8e17e8befdbfaef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dcd3e60c29092a367ad175a03866affd |
| SHA1 | 86a3123ca29f3af5e1562b6fd63b3c332413b7de |
| SHA256 | 6e05c29a9b79435393e97acf6e2b349464ecfd2fb411d16d7b41371b7c45fc23 |
| SHA512 | 2119f0c1c145e56fcdc36f550a81d7ca0d023a70f66623b2285aa68b7cb844710cb302e3f10b28295314a29d4e2431e053df1e99d812f10ff60db2a511d5f5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8058859091995b8b672a5eb3d35460e7 |
| SHA1 | f2c3e172e5f0889dcc9a6e8829b2457d62b7fe5f |
| SHA256 | 99d6c6e216df7b8ade7bf66de8e98439b5e49a7750f1fd61731132d0793b7367 |
| SHA512 | e9bafca35d7e84510882ad8c11bfc951e13409c3f139b6374442ae5cf05e0987256bd8c543dd1fdad102fb3343a918f8324984e05d9c4a728c66930fc4d3f28c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c469.TMP
| MD5 | 0accd471a1e960b06bddf7851b639557 |
| SHA1 | 60c2fc61398bcab9c0fc56923762cc259079019a |
| SHA256 | 480dfc205256ce0013313fe89413d22bcf81aa2421ecd1f3cf34467d6a508ad2 |
| SHA512 | 1e18f869197b4c38c53ed78c195933e9d6ea5b8d1dacdf7ce0cee1fc46dc470ecdee9f9bdd8382c4d927cdbaa84d259cb95292e5152a48f3db2f7ebaf5ea99c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f9f0c11b7329911847c60c2106d3111 |
| SHA1 | 17b072918893b3c4bd7b47fc307b6117cea990ce |
| SHA256 | fb3020ba0404a27604b4c6fccc492be8a13e7001ac9be34244f03ee4faa5a90c |
| SHA512 | ae2a24a14db3fe34c0f4da60b4a37d79a9a5ec752181ca414e7fa09a4182508c1ad8449d55f85afd4fe9347dad7195760380f722e5e7362d71dd71a9e1325ef0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a0abaeb763f5fbabb711da68292c15b |
| SHA1 | bf4b805e9c5f7236edc6569267871da4a45508e0 |
| SHA256 | ba09564dd58f6891498cbe8d87e901a8088a882adb0ef06e71bb73f480674298 |
| SHA512 | 0301ce5180fc3c4dbf10da2f486cc545d3ae69c1d9be94fd08fb985b30b1b9449217c5340ba3cfe0d0049cb693bea6d6e82e4810b212d64a142bc3a876d534ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd2388c9ddbd19d471c326d0ee938d77 |
| SHA1 | fc9e8818c00ce0dafb73bc315fd03757b3abb1e5 |
| SHA256 | db1dc686200a987f466be7d3534c82409d0eec024120a6a096a00753d0770985 |
| SHA512 | 9b7dd3dabf20b921d7831235a495c2a1fe31a844c24029dd5a1a3b94127b6fa1255ffdc8f6999d7241fc492caaca0926180f06bfcd4d5c529724daf168ec7a49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b20c7db6a06d07af8079450193826ad1 |
| SHA1 | 23b799bd403231fbbbe19737e0fed963d635e40d |
| SHA256 | 0f7585f29e718b0029fe483e61f46512573cbda204233ca5f44cfea17b780456 |
| SHA512 | 261bcaa45641dccad2dba9d2a9c38df2f0d8eb168f962050512d20e0cf9679cf48f3371017e7161ae7d17c651c7df4019d20e8d009442328cc08c334e79faf97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4d6f50044d3b729f2c722449e9abc90d |
| SHA1 | a2fe9326be25774bc9f921d9279769f199cdf84c |
| SHA256 | 213b8e1f951d7ba29acf910c453eaea6e38878507da0b51471a840eceb36a5f3 |
| SHA512 | 3904fade1b0bb2ebb0034b331c08e9b1e678fe2ace2479ef231b0e459cb3bf20c8848bb02842c453f50cfaadf127c1a5a86e4d6aa34476e5528fe997365ca36c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ae59b8e83ab5a806de7c600ca2701678 |
| SHA1 | 831144c2f89714b7079342d00b8a98ca35ac0fec |
| SHA256 | fc1869462ce9c00c54cb84a4bbd260783eeee1e1ecbc1ca8c2d3a751e8d2a206 |
| SHA512 | d1b20d0d673530abc635998087d862e95bf29158d63c026ee3e8b0ff7522f85e7509c1de215e197dea03206ab7f91cb2032924cc565fa4238d472fe714c8f81f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94661104b2e169c5c985967f530ab7f9 |
| SHA1 | 16df074a8edbd733b87947e4c149cbcf75da6fc0 |
| SHA256 | 046f1efc5bacfe96680c42918cb19a485657bcb8a99366551c59e8c2bf28c43b |
| SHA512 | 0536f4686a24167c22628ef215842c9455fa448f2f814c1cc4c76eea12119adde81ce4a33400c9791a7974b43d547319df267355b0bfb5c13a184698e24ffaca |