Analysis Overview
Threat Level: Likely malicious
The file https://secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=jmalabuyoc%40verifiedfirst.com&p=47d7ba4f-1790-43fa-a6b5-edb2ac0de7b1#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2F47d7ba4f-1790-43fa-a6b5-edb2ac0de7b1%2Fdata%2Fmetadata&dk=hutCcJVXaXfonmLdZx2ypPC1a5uoGYbPZfbzGtGalWw%3D&data=05|02|[email protected]|2c9db3108b8e47c1c0f908dc865d116e|e25da04722d04e2ea07d9d98221979c7|0|0|638532981490164045|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=8PnZFBBN+vRD8tNLiYkP8elfNOzhJNMI+UcjX3lySaQ=&reserved=0 was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-10 19:04
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 19:04
Reported
2024-06-10 19:09
Platform
win11-20240426-en
Max time kernel
306s
Max time network
308s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=jmalabuyoc%40verifiedfirst.com&p=47d7ba4f-1790-43fa-a6b5-edb2ac0de7b1#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2F47d7ba4f-1790-43fa-a6b5-edb2ac0de7b1%2Fdata%2Fmetadata&dk=hutCcJVXaXfonmLdZx2ypPC1a5uoGYbPZfbzGtGalWw%3D&data=05|02|[email protected]|2c9db3108b8e47c1c0f908dc865d116e|e25da04722d04e2ea07d9d98221979c7|0|0|638532981490164045|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||&sdata=8PnZFBBN+vRD8tNLiYkP8elfNOzhJNMI+UcjX3lySaQ=&reserved=0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffb03723cb8,0x7ffb03723cc8,0x7ffb03723cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2350516424834528041,4409697793297801625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6556 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.virtru.com | udp |
| US | 34.160.98.162:443 | secure.virtru.com | tcp |
| US | 34.160.98.162:443 | secure.virtru.com | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 130.211.46.139:443 | api.virtru.com | tcp |
| US | 130.211.46.139:443 | api.virtru.com | udp |
| US | 3.233.158.30:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 34.215.143.46:443 | api.amplitude.com | tcp |
| US | 130.211.46.139:443 | api.virtru.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 3.233.158.30:443 | rum.browser-intake-datadoghq.com | tcp |
| NL | 40.126.32.68:443 | login.windows.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| US | 13.107.246.64:443 | devtools.azureedge.net | tcp |
| US | 152.199.21.175:443 | acctcdnvzeuno.azureedge.net | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| FR | 51.11.192.49:443 | browser.events.data.microsoft.com | tcp |
| FR | 51.11.192.49:443 | browser.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8ff8bdd04a2da5ef5d4b6a687da23156 |
| SHA1 | 247873c114f3cc780c3adb0f844fc0bb2b440b6d |
| SHA256 | 09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae |
| SHA512 | 5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e |
\??\pipe\LOCAL\crashpad_2348_XVOGRYEPFUKDYKIZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e4ed4a50489e7fc6c3ce17686a7cd94 |
| SHA1 | eac4e98e46efc880605a23a632e68e2c778613e7 |
| SHA256 | fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a |
| SHA512 | 5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ee705701ff65b7e0ad93346a53f0894 |
| SHA1 | 0ffa1bbd1228be4da581ca5b2551cf5eb3175633 |
| SHA256 | fd3ee57d498ed31695563555b4a080719dcac3b7bfa084f28e51acb4d79361c4 |
| SHA512 | e0eb5a60c688388bf4347d2a227f7084a7a6f4c38fdca49ae056c56f6e5d09903bc25ab985a678d7ba5dd889b63bac09ffc9e4ea6a99281c2ed679afe4ddeb12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7101ecba4bdf2e4fda03ba2dfe1c0e4 |
| SHA1 | b92dcbb3243e69affb7fa2c5d6de606a87a85537 |
| SHA256 | 6255462b9feaba31df0ab6869b4f712cc6774227b798704710ad59e6590f025a |
| SHA512 | 9148311600f9b2671955ef7dea301c30458f439f6e8038f529d6667cf9029661576a0c1d78412b13a442d394a81164b22a481e8b1c0008274e10621ec518b293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72febd0f50ae86ada9b9e0cb6356edb3 |
| SHA1 | da7ecabcd5db4190b67fef739a468d1c2fc58372 |
| SHA256 | c7d7dc35507b6cc9767540aa7e977a7926d919dd34dfb1ec59419943e1280b88 |
| SHA512 | 218aaed87f97a172becf9c50c8601e23563cc7500b3af9bab1f7562b7739d03e88d6565363537eb8c5fe5d46adc2c71441c0213f03f0b9b772963a8f2af74ee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 64860b4daf95d01774c8c27887f92f94 |
| SHA1 | 6b7a14522d2468c2cda593edcb8b55adbcf02936 |
| SHA256 | 449f3018add10f2066d22b49f0b27043a9308b79b639173852275098a6f109e6 |
| SHA512 | efc5b659a8f6f4f17346b76129e4019c831f858959aaba20845d7133ba0a839170f069aeb6fbef0ca49cd8c55f92d20f23e7920147e79826267abcd781c46ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db8405709a420fa425364c970722dbe8 |
| SHA1 | 3380db33ab15f8da906124c8fcadbc71a31a1637 |
| SHA256 | 4cda84f7af5595f9c6b82021256833277a802193b70698f7e8ffd4725054be9b |
| SHA512 | 37786b42e4ea9c7aa4fa2e4bc5aca2e4b8319eee9244ac9b7ba39c483a45e3c3733660d11e461a4a9f6076be2de9c10d2357759a8949247684b13a36f5e3b1e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57afe7.TMP
| MD5 | 2d6c430dc3b95710445e676bd0e14332 |
| SHA1 | 4d03cabdb85f3f6dec6f0fc2816764e3527d0da3 |
| SHA256 | 18b9951bca5aef0ba924b904558298b4b8b7f36d0d3680c60eec7ef280ab12c7 |
| SHA512 | 546ec326f7f8a3950553b68883b335fed8c04cb50754f3035dcec24fbe6519d657cd40e58f6dd28dcca512ccd9b2545e4601cb6198fb25ffaf84e0df7d8dce01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab52d091093c6105ce27842294290c52 |
| SHA1 | 09f58019a28867703f627a3cb0b2c481d654315d |
| SHA256 | 42e07886b539018c4dc67e0bc04509fccc0f1d12ca0ddbfba754a6bc4db9c3da |
| SHA512 | 8cde2481d9e4883ac5b0ea824e08d7f071273424a11981e4c230104d3eb4bdfcf0bb38e0960c6cada5866a4c81b08ce74281d921574076bfa03af773965e0670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7581696cd65755ad1e7ff2fdb54acb96 |
| SHA1 | 6707f753c33662c756377806731fcd6502c7e685 |
| SHA256 | ad4a4dfc562008a8b0239f8fc38efe2abb923d0af451db580df18c9ff17011bd |
| SHA512 | 6a6c13229a2cb2172c6343850c15bf49bf07489fcd802bac9884484606d47524e5b4ce0276a135278e8c1c53ee4ea48e69dced54ce22a1f9e493cde670121eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5246667647718188ce4a5f6fcdb8cd0 |
| SHA1 | 61d82b425f2d44b68dfa1ca3e2ffb6f96850715f |
| SHA256 | a80834fe7252f456121b4837951f80d60d7dedcd292b464e85947ee98271745c |
| SHA512 | e7126305033acfe84f092adef0002c3fca470390d89b150aa2a167c4cc5d281fde0c985af8d89d038bc280dbacc7fde35bcc8da5c358a9dbebd4f22ca4350d75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee67ba40ca3bd2eec1560e56690e64ef |
| SHA1 | 8eeeeab6cb5c9c4a1e2487058e24488f467872d0 |
| SHA256 | 916771a83057f1426b3f95b1d29a48285bbe48a12a007131e549ba8c5d4129b4 |
| SHA512 | c009eccb6508b22a701909101950408c7abbc79979f14998d7d7ef7b1f05cafa716d35efcdf4fd290bbfacd4869e3b0602814c5849be6f2cf5f5a7f13dccf7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 16d092a0b46864a887b1382c51f6d3c1 |
| SHA1 | 0e0d541310020a5ce630401c33c27eaf8e2fdcb5 |
| SHA256 | 0e1797e0fca860dc6fc8168bd809d196cdd951e0f2fbe1aea9a5cde30dfb4419 |
| SHA512 | 0cbb13c3df5cefa9c9d65a6297376055ed1fe31f8e6e4f9f63e191ce8c97ab0b3724bfdcbd7f9f22d7a221ce496c3701f04f7ab1a361bd6405f941308e5212bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6add8b2d3c1dd7274d865751f959d444 |
| SHA1 | a20cfc9a9da3877e44f0edad53ddfb281230f8e3 |
| SHA256 | 6ec1fe85ba5d9263a365e5014b12ee7f3b868ddf3c9f1fbdb01d2498c80b292c |
| SHA512 | ac0e234dc7801ececc6dd0aeeb655034d1cbca28057539d2f19f003e5618256d5c4c4e0f1dabbbe59d355efe0b825fd35424daf5b8b1737bfccd4e6b4f3921e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2458bcdc1a82c2e8f07bdf3aa8dbf78 |
| SHA1 | 33da839c8ca8110abc8bfb4aa6d1a6734e9d50b9 |
| SHA256 | 86dbb145f130943d5f6c278d14cad9ee4c2be679f7750251105f964beece4dff |
| SHA512 | cc151b1d3c6ed2482133a6fb0b6192eea7f781cdfed3d02e01fb8e8b9ca885ef1342aa425b5a34b30c66757dc272324ff46dc8d484010471fcccf164ab8b9c25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0abd678a60eccd45560cc886d30df010 |
| SHA1 | c2398191b52e2626d731af6f3ec360581dd9fcc1 |
| SHA256 | bc874795bc8d080a0aaff9ff4c32c1459df8eaecd8d81e5c7658ddfaec93db73 |
| SHA512 | 52edeb2e89be79f9eb521b19b12250fd9a3396175bcf83cd839398088559a9c546e7d605abed3476528610dcfa91b4b7ea32cea9792fb822e25a09a3f099ebaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c4696d7-0d5a-46f1-a89d-c3ab922c63bf.tmp
| MD5 | ab9182e348930bc3770bca768d8a859f |
| SHA1 | 63e66464e50e88d0c3c2f52fe214a84b0a8567ea |
| SHA256 | 4cb7cbd3fe2a3e81b7abb52b63b21241a5702ed8dda15e8c0f73db3b5c7a3753 |
| SHA512 | 13e2c7816f7c12865b420eee636dd906e7ba17d2b0277d022275f9c2ccdaf16f555890851e6c20e94cdfc648b20bcbb0434524563ec61d39630453ed70e8cdec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a364d65631b7669e7d133718de7a84c3 |
| SHA1 | 49430050b7a0e64f6f9722516f1be5b70791b4a2 |
| SHA256 | 6f6fea5fad8a5a8b61795a9b580042a2bd1398dcf16e2e51460650bde71ba25a |
| SHA512 | cf422fa8750193eb8f51c9d7dea920a9ffa7182783019575c7a966b15d4ac0b6fd41f4a743475a89c9e0c9f8d4335c4659625b39524b9a6feafe928c85dec31f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9f8084e01538a566970b5c1c2a72c019 |
| SHA1 | 369ad652b419f5b46c523d5871e586a1654c90dc |
| SHA256 | 63cbeaf4a7335d3a75844de7aaf53c87b085a82ebbbe75d6bf371e19a8e715eb |
| SHA512 | e6eab92ea2cbeab534d65ae8d25f34148b1f3fd21664783d5ff7ea093d79d14aed4db3d787f27c6289ab38b6b07e1f96f0bf0f12d89e8aedeeda4ba5b3d0362a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 99aeb21ba7fa2e372ccd0e1c4ac10785 |
| SHA1 | c6fee66af6271670957d5900614aee619729356b |
| SHA256 | a5dec1e193d60704916e1bfae6e9c597c8b27dbc87723e561346e3ee4c29f49c |
| SHA512 | 273172904054e56d49a9ecc265ad951c763bfd228f81453c3c9f83f6d7f3cf1afa8781cdfc9f789b261b06490f8a7532844bf42385e7628189010fbf2ba60ff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22017c2b17049b0311076ea76441b8f0 |
| SHA1 | 6e2d8ccc18f4123fe0218b672e1fb33a86048dfb |
| SHA256 | 15b47b84de5ca2e079d5ebe65547c26907e467cd840b36c4388b38c84e7b5103 |
| SHA512 | 85c8e1cef903f790d00c38ebc91db707f71d06257e635e9e3dad1fd9186abbb914a487dc72736a6f67dacccfaf2063ece02f33ea8cffb9815dd213b811673aa5 |