Analysis Overview
Threat Level: Shows suspicious behavior
The file http://ipfs.chainsafe.io/ipfs/QmWfeBdmjKMZGNjoh5sLp2dApBdUvDYBVjQFzmDXAegHQb/#cmd=https://www.fresno.gov/secure_cloud_storage==cuuhohmmmdfnpndybmgyykngcfaavzlx&id=fjyaqkzlyhxjwltp&session=igzonzypmqgwdnwowzzlhpsmvtzmhbmg&tetfoqwsyvjpfstpatgiynwpmkzgudln=c2hhbm5vbi5tdWxoYWxsQGZyZXNuby5nb3Y=&eqmyvzjtioakivbnauzoyynwelasvdda=U2hhbm5vbg==&zzyqmoslafzagyudlkrqwooslouxmxpw=T3RoZXJzID8=&qgivshhmgnzynejzqkqlmozuwuieilxo=6/12/2024 5:16:07 a.m. was found to be: Shows suspicious behavior.
Malicious Activity Summary
Looks up external IP address via web service
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:32
Reported
2024-06-12 15:35
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ipfs.chainsafe.io/ipfs/QmWfeBdmjKMZGNjoh5sLp2dApBdUvDYBVjQFzmDXAegHQb/#cmd=https://www.fresno.gov/secure_cloud_storage==cuuhohmmmdfnpndybmgyykngcfaavzlx&id=fjyaqkzlyhxjwltp&session=igzonzypmqgwdnwowzzlhpsmvtzmhbmg&tetfoqwsyvjpfstpatgiynwpmkzgudln=c2hhbm5vbi5tdWxoYWxsQGZyZXNuby5nb3Y=&eqmyvzjtioakivbnauzoyynwelasvdda=U2hhbm5vbg==&zzyqmoslafzagyudlkrqwooslouxmxpw=T3RoZXJzID8=&qgivshhmgnzynejzqkqlmozuwuieilxo=6/12/2024 5:16:07 a.m.
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipfs.chainsafe.io | udp |
| US | 3.16.95.151:80 | ipfs.chainsafe.io | tcp |
| US | 3.16.95.151:80 | ipfs.chainsafe.io | tcp |
| US | 3.16.95.151:443 | ipfs.chainsafe.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.95.16.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zeptojs.com | udp |
| US | 185.199.108.153:443 | zeptojs.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.226:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | getbootstrap.com | udp |
| DE | 13.32.27.14:443 | logo.clearbit.com | tcp |
| US | 104.22.59.100:443 | getbootstrap.com | tcp |
| US | 104.22.59.100:443 | getbootstrap.com | tcp |
| US | 8.8.8.8:53 | 226.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 14.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.59.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | devtools.azureedge.net | udp |
| US | 13.107.253.64:443 | devtools.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 172.67.69.226:443 | ipapi.co | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 226.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fresno.gov | udp |
| US | 141.193.213.21:443 | www.fresno.gov | tcp |
| US | 141.193.213.21:443 | www.fresno.gov | tcp |
| US | 141.193.213.21:443 | www.fresno.gov | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.213.193.141.in-addr.arpa | udp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | service.force.com | udp |
| DE | 85.222.153.152:443 | service.force.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| SE | 184.31.15.48:443 | p.typekit.net | tcp |
| SE | 184.31.15.40:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.153.222.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.15.31.184.in-addr.arpa | udp |
| GB | 195.181.164.17:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 195.181.164.17:443 | cdn.userway.org | tcp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 54.213.45.175:443 | api.userway.org | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.la1-c1-ttd.salesforceliveagent.com | udp |
| US | 52.61.130.37:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 52.61.130.37:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 52.61.130.37:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 8.8.8.8:53 | 175.45.213.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.130.61.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn77.api.userway.org | udp |
| GB | 195.181.164.18:443 | cdn77.api.userway.org | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | 18.164.181.195.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | 161.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | d.la1-c1-ttd.salesforceliveagent.com | udp |
| US | 52.61.130.37:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| US | 52.61.130.37:443 | d.la1-c1-ttd.salesforceliveagent.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:9229 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_2496_SVKQPKUKFZKGRYTI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df093722dcfcf028bf975f2ae0c523ed |
| SHA1 | a930135f9e2c664cb8def14b0cd11189053a9a28 |
| SHA256 | 58fc2da5b622daef7009fd87b869464007c27efbeb3e654075e9b5fa2c6c5364 |
| SHA512 | 1136ccf73a2881a51b771ecd66336c2d142ebb9f436caed04fe4664fdf35bc1c98836b78aed8026ef3c0b5450400426c71c0fd097958c28de6406f9b566f0d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74e06494497966983f32d2c295002c4d |
| SHA1 | fa7fc4680fa836858d6ac69cab18f57129816d37 |
| SHA256 | e25073a63de1364eb435594c5c180d8753897c2c96a187c455998d86f7daf067 |
| SHA512 | 12fae0ef01f1a8179122085d40961729e21dac24fa3ff3310fcde0df46f61ba6604890fef1867e3681dad809dfcef92d60cd80b4f7899f0d47cc47e20b42ccdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c97e0a89e6dfbf4cb24014242052769 |
| SHA1 | 54814d9c147762855f224fb0b0c12449dea38053 |
| SHA256 | 391a28b3398f21c69d4bbcfee8f82c7017e26e7d30cf7a585db2066db8521fb8 |
| SHA512 | e6d4871d4e58193a731c40d831c768acb450b42f0bb1d452ad9035b1143e3a4f74870ed7f06c128fd73c2280145e3aa443297adeda41997cf2c17e22e08bb433 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ef224eefc0ee3b0ec7b97ba4dc5d938 |
| SHA1 | 4a282a495a861b5f384c29daab1309ffee578895 |
| SHA256 | 009c32c5aff2cd6dabec8a20b29455c9684541d83896c4673fb7a032f8e575f6 |
| SHA512 | 0834d3bdf58df6da08f65977aae16b514ea5506668adceeee9ce38474fe5d9c05a56784c4c1bca7311d1d2ad4523b58d30180b1a3d3113aeb2f9a5b64ed7c62d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 522435eac6edc524851fe2829cd9f8dc |
| SHA1 | b250eaee964edf088947215d98c9157725100196 |
| SHA256 | 5ea2922be5a86fb6d5ac9c76dfe2f24db10663b39f69936135758c4f8b13e0e8 |
| SHA512 | 9442f8d952e70d381c892d33adbbcfefa24ed7201eba4d19f4b6e6ba31d5556a91336c4fe07bef080dc9b66650888d5a2e072ecb14f5ab5b0895e924367aa17f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 01793d28a13f2adbcb518aa698f287db |
| SHA1 | 9b96d55b287a34e189c0f22196e83c907b937c43 |
| SHA256 | ff841c6aa6d5ef0f05b3aebd8c4c3a044ca3bbe1e18654e801f61c94e9ef46cf |
| SHA512 | 131801e2f3d1f3a80edf848093d9bf8307723407c2b45eaba4ccff565a0c37585bf5f8b6d5724c576fb06bc41617d5721ac31f8baff21541854194334fc807e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a095258760400a6981da293354bd7794 |
| SHA1 | 0b266c422c6e4eaf1f02728f3d685669662884c0 |
| SHA256 | a0844c8c927c336a7bc264c158e902a53cecd425d6dfd43036ba68397cb6e448 |
| SHA512 | 8fe0bf3a8c80a89d9d9b2f012dd53dd208ccb98f731d58136a1b51d357bb05e81c4a2fa8075197a8f75d0a2cd461ac12d97a07cc3ceb4ae6e4aad4315a6d6f62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 152f497e7569a48b19de8beb84f3ef7b |
| SHA1 | e7d3834afe2e7ef8a2e0bb9c9ac3286c167adcb2 |
| SHA256 | 7ce0d3ffce899b04ec45ac9c9e04861d23f1cf2128870ff4b246d08a7925e539 |
| SHA512 | d74929d8b6a7b73e70be01c3d430de356bfc8d9af42afaad4f9d1f329f89994527fb454b9c0cefb027870c7606c02aefba6b9354c1aabefd255ab53a57e39b52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a2161517e996cfd1f4303b1b014141e |
| SHA1 | fb8f3ef3b5213fa0d4cb02292bd1e049b66fef88 |
| SHA256 | 67c4987c4e43622ab944e6a37da1ed6568f7a7016ee91cf1bc20387bdd338f08 |
| SHA512 | 06ecaf3303638008403a13e25d3dfd808107b6d03bb32b35fa1596da8615390857948b25a552325234d3ef76ca6f2c06f6496a578a6c428baa94a23a2b621b12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbce.TMP
| MD5 | 39ea42d73039f0bfd898446fdf57a3e2 |
| SHA1 | cdc54007d5f6d0e4749c5b24201e0437de7bcbc2 |
| SHA256 | 829e25c676e2010c5abe5fb6e42727e1274b96c1527345be1eb59bd392d0c2b1 |
| SHA512 | c236c161737acdd89d1a35218a4c938e3639f26c465d29a5b4c580442b68fbe26e67ad593e2042deb426faf9a76fc3f69721ee4e2ede5c8970d39d07c65407f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db7ae337cf9e4b5aecb547bbd1934872 |
| SHA1 | 638465dc0057680722f868a745cc8a418e92c2d6 |
| SHA256 | 544ed264341aa1027f0086ae118ed5139b6a51938abcc2406d5705060bc4da79 |
| SHA512 | 9536da2b4082200fe8e3efcbff8d9d7a4bf4f0fc2516fb3a859adf87668ad9f0615c5e7a11725724463a65aee65a3527fecab0f9cd9a530b76c5c027e9e64f88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38780c165ba3c7b89beafae1f5cc1386 |
| SHA1 | 4ce757748cd39206818fcf0b2aedd18ae9037b13 |
| SHA256 | ebd33a5f447c3b3be4464ae3c948984f18669ae52770e71d776f890f03fe543b |
| SHA512 | 017ba8cff29c6eae54b2b40372d033011ff47a826e1b2c2c01f6c68423957cd1ce7d99f90c64e9ca99a98796225bbb3cc79af4a44c97b808ce12ad36798f7695 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 701126cd784e213cf756cdc3d1b95863 |
| SHA1 | c2274b42db398d30d36474914700f18c49dbad59 |
| SHA256 | c937290951dba55f9056318660be9a806ab1f4f066335b5ac9dab9572211b603 |
| SHA512 | 1fa4829fa6fb29a27915ca20897eadf97d67c7434b700627ea216df1beb0b85578ddef6e4202cd359d9c04ff747e906b3eb38d807e5dbd609de15448bd2d314d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6768da33d2474e592cf1bc1442eea8be |
| SHA1 | cd42988068ad25d6194a0b4ad28b2c4906a34662 |
| SHA256 | 3b63c91c7707c648c8f350a8e67a4b875337306e6de39d68e95165ec744a0760 |
| SHA512 | 68bbae02545572ec1424d33db8b2d3cc810ad242bab28b32a98bc3a47d034cd70d8769158afd629e6fb2d64a25326ca5549daffeb3261cfd4955cc6b5c48627f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2fd5f905a45b9a7905b28ebc9ebebf7c |
| SHA1 | 4d07e8a09f3dc09f795fceee03be755d8724ddc1 |
| SHA256 | 5cc0aa797003bf4007d51ac3de6eb18d8233e7b143cb4b807edf63c68f799bd0 |
| SHA512 | c3e1e6fe3f238c94d0aab173c3eb4249876dacddc91dd322c7cd660483bb6be327aa1beabc5212f477ad37b45996183b4c5527f524520b4e6534aa6eefa4cdbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f69a248721f0385111d340b837cad247 |
| SHA1 | ada4a51c7002cadf41e1f4d74baff30e733b373e |
| SHA256 | 7dd2933731ad0f451fdfc5727dc786c7564fb947d8b2e38f73d8c64ab9857d98 |
| SHA512 | ac741bd47459a05b5c1646cc6f105e67bd64725ae7c0f5f11bcfffab148adaa2b16283f38ad2cfc57b293bec7f6d1b16686dae743d8a6d9a70e5dd13d96af7bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a40e5519-db9d-4a73-a962-c46275f2cbff.tmp
| MD5 | 9a2f53bc8a95edb351267e6b6d8a079e |
| SHA1 | c2a9075ae6fc64563f515426354cc78628f438f5 |
| SHA256 | ca04b9c497b5424231b6be3c27229f3d0c3972a4b6ef76837fae45254f672de8 |
| SHA512 | b23543020ff28c0e9b8f15f2f8bf46e4db659d6a3968da23d2d8ffd39b0a6eeca6470b7e2e24370dbc72f42bccbaf4e0a6bb9918982031ec9ec35860fa74de06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68af8808af898a5e7bc5ce297c723fd4 |
| SHA1 | 373fd2ec99b3b754d0d20a918ebd9583310f85ba |
| SHA256 | dd83c60f492e27e631ef40917a8c7a2012986b3678c9f1fd525107621295d422 |
| SHA512 | af88a0f7939e48acd766fd4e6742f7ab1f1fa82f8c91543bfa986eea08be10f9301094fac62717b7fd4ee0037eb70cfb80425a166d436e99b0ebd64371936bc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fa6b7c1a514961aa6d8063ac66bd97a |
| SHA1 | 2136bd4c1c3566c8ac66ac2c6c6ab704306c4aca |
| SHA256 | 19371692e142f0ca3004113c8bcb7b6134043b90eeb7fb592bfc4384890251da |
| SHA512 | 19160805317e212cd7eb2ac1947fc7f256a05c516986f3ee887ec05b7b0f71ce338c8f53bc78f8f5b0e9dc701aaf69f5eacb9b931c56ae26d99454bc27e4603e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 33d8f1923f8ffbaa115e9016580f27be |
| SHA1 | 6f5053c381b916e9ef7b97b1d2b3c93e060d2ff1 |
| SHA256 | d3601315e91375cb3318b61aebcaa02ac61e3d953bbb91bb0883e516b678809a |
| SHA512 | 1da575de21ad30cb9950b3c299f97dc5488b44e423f7a9332d6c9911a809b79a97024a7fbdcb50e66ea93b3699b6f68578504042b2fbbd7945563c6c3d1a95ee |