Malware Analysis Report

2025-01-19 04:33

Sample ID 240811-vwcyhstcre
Target https://www.microsoft.com/en-us/
Tags
microsoft discovery phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://www.microsoft.com/en-us/ was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft discovery phishing

Looks up external IP address via web service

Detected potential entity reuse from brand microsoft.

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 17:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 17:19

Reported

2024-08-11 17:30

Platform

win10v2004-20240802-en

Max time kernel

480s

Max time network

568s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/en-us/

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{ABDC0CA3-B172-4059-85A3-9DD0F9B9D85F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1064 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1064 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.microsoft.com/en-us/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf89b46f8,0x7ffdf89b4708,0x7ffdf89b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6440 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3558172755515752746,11241139976780185305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
GB 92.123.142.16:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 bat.bing.com udp
GB 2.18.109.131:443 c.s-microsoft.com tcp
GB 2.18.109.131:443 c.s-microsoft.com tcp
GB 2.18.109.131:443 c.s-microsoft.com tcp
GB 2.18.109.131:443 c.s-microsoft.com tcp
GB 2.18.109.131:443 c.s-microsoft.com tcp
US 8.8.8.8:53 d.impactradius-event.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 lptag.liveperson.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 publisher.liveperson.net udp
US 8.8.8.8:53 www.clarity.ms udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 34.120.154.120:443 publisher.liveperson.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 34.120.154.120:443 publisher.liveperson.net tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 35.186.249.72:443 d.impactradius-event.com tcp
GB 18.165.242.47:443 cdnssl.clicktale.net tcp
US 13.107.21.237:443 bat.bing.com tcp
GB 92.123.142.34:443 analytics.tiktok.com tcp
GB 2.18.109.131:443 c.s-microsoft.com tcp
US 8.8.8.8:53 16.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 131.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 120.154.120.34.in-addr.arpa udp
US 8.8.8.8:53 23.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 99.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 47.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 34.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
GB 92.123.142.131:443 www.bing.com tcp
GB 92.123.142.131:443 www.bing.com tcp
US 8.8.8.8:53 131.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.160:443 r.bing.com tcp
GB 92.123.142.160:443 r.bing.com tcp
GB 92.123.142.106:443 th.bing.com tcp
GB 92.123.142.106:443 th.bing.com tcp
US 8.8.8.8:53 160.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 106.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 a.omappapi.com udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 ds6.whatismyipaddress.com udp
US 172.67.70.40:443 app.fusebox.fm tcp
GB 143.244.38.136:443 a.omappapi.com tcp
GB 18.244.114.17:443 cmp.inmobi.com tcp
US 104.18.21.206:443 a.pub.network tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 api.floors.dev udp
US 8.8.8.8:53 optimise.net udp
US 34.160.128.112:443 api.floors.dev tcp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 d.pub.network udp
US 34.160.152.31:443 d.pub.network tcp
US 172.67.70.40:443 app.fusebox.fm tcp
US 8.8.8.8:53 api.omappapi.com udp
US 8.8.8.8:53 79.222.19.104.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 40.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 17.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 206.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 172.66.42.248:443 api.omappapi.com tcp
US 8.8.8.8:53 onesignal.com udp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 static.libsyn.com udp
GB 18.165.242.37:443 static.libsyn.com tcp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
NL 172.217.168.195:443 www.google.co.uk tcp
DE 52.57.223.191:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 248.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 37.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 191.223.57.52.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
GB 18.154.84.35:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 35.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 account.live.com udp
US 13.107.42.22:443 account.live.com tcp
US 13.107.42.22:443 account.live.com tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 fpt.live.com udp
US 8.8.8.8:53 22.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 client.hip.live.com udp
IE 20.190.159.67:443 client.hip.live.com tcp
US 8.8.8.8:53 scu.client.hip.live.com udp
US 8.8.8.8:53 67.159.190.20.in-addr.arpa udp
IE 40.126.31.66:443 scu.client.hip.live.com tcp
IE 40.126.31.66:443 scu.client.hip.live.com tcp
IE 40.126.31.66:443 scu.client.hip.live.com tcp
US 8.8.8.8:53 66.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_1064_FOOPDJSWAVHOTQGU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e07b8c70efbb9cbd1c90d3f1a1881ffd
SHA1 3a39d36156876af8f516b936be6a7b7327e0310f
SHA256 186947d918f981f5edc81e0e13ae5690a402b5726fac8eb4aa3585b0c3676205
SHA512 4463a5c070c8fd3c43fa59baefd0b606bec1c929ddb4a009d7b5f33272dac96274ac83c493b0fab773dfa6e21fbc788f05ff7c39f6c27305542bfc4de1bd271b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8509bd2e0afb9b2e8b3a1a329a19699
SHA1 0e7c00abc9f98a3996770c4c0e266b0da55d1a21
SHA256 83b6b795ac4f3d17e3fccea69dd0ccfb585d62c4ee9c5e0b255d60efb5724bd7
SHA512 7e96d86b0d7757de080e9862fdfe6157cf7162d8c13c5c944387ee6b4afa6cc672d738288f5adbab1b8ecf1d6668efb2ca84f7393dc7bd3278adfe6802b214b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e2020ac3ea535a70fe9cbe1a11214e1
SHA1 f567bacb281c1f1f8dc3b3e94ec1f0e01594f23b
SHA256 482d80887339bf68b4528f24aeb4a1ba9e046a7565181b0fc8036ecb7cbc0a8a
SHA512 36577711ddac0d5309c487ad1f2a076dc638fff759c9a1819852764cc1302cd742e9f8f4571fafc32eec34877228dd50047f925d5739f142572ab00e87b7bcc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 c8f4e0f893943c78ba0345488fabc27a
SHA1 e589e2756b366e258c674ceb4300189faf9d4141
SHA256 2e42b32a5b6436ada4a99d7ef62e07a1d44f6c4cb8344eed037ab10d6a4a8f1f
SHA512 89a019e3933b0ac62f54c7d01679caef01a8fc661c4459cad68983adb1abb55eb9b56902e3277c447975d12b06f02a6637fde52512823bf5beb5437f1baa0a25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d053dbf626d5186853e5ba79b0f6f27
SHA1 a7be3f5ed334bdec71bdbd563370f508df6647ff
SHA256 d5f52ce91174594b85f94029cdc46cb7c7d22d00b804ef8887e833f8899becbc
SHA512 338af0a0cb2a0cc264c2596fb6c16a9e9f1d9da156bd99e005b8ad1e49c8d3c95b0f7ef9b9b3caa497553553fb2f1164eec7a41e82310ceb1ab3290b98b661a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b36c2e95becfa2a096d2bcf9582532a
SHA1 7773b1504672ffbab73881002039c7ac1444a40d
SHA256 efde8d468d9ecbcb1b991e83698aa56009f602204c0a709387bdb505b41c0d3f
SHA512 e3b7c16d9a65f7882a02bc0b5590b8fb12aa39b634b55241a9a9477739332b601b19bf900d80f12d09cbf133921bc9de38a0cb66e8b7652f7c4b9512a0924f07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e00f.TMP

MD5 96bb30a12a252882fd0de8fda2f05788
SHA1 2ed11f5a02411ca8e7bc53bfd5bb15750dfd0cbd
SHA256 afa7a3dd87f21bcc611fe46ecf05477a64c0ba113bc59cac3a5a04c48dc555ca
SHA512 26ca1fab3be8cd3b95f62e1a651a4f9dad644837c6741ff5797b2d0372a69822b594793ce890de9cff15d9a6e73022ec04036f818b00dfca7cd2586a704a8baf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 710ec71c52a3a874630fc09b5b8a238c
SHA1 49665d8b207a6310d22a58a9ae1160d665044238
SHA256 7acd258867f600fe341a76d84b649679423cad65591c030f277ebc7bbd7ba4d6
SHA512 0a42284954a11c9eb2a0e65c20408cc38c1821878c719401d6b6d1ee45893d1226d6c6b34a77d58817f060c9db11e08fab58536394f3142004e8c3910750a59c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc7ca9499b016cd620f5bc3501430d04
SHA1 9adb93f3417f170961abe2e7c0a774bdf00ac992
SHA256 bdbc8806c3755015aafe24bb78bce997ecd79991e618376e975193e57cdd2d55
SHA512 3e6b0a4d0697a010a255c1c7469f27255f0390d40cf15488d9fea43a8d03397faa202f9fb5531c401305ffec4a5767c97bf84396bd850a439ef07ea4b2332ca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 622d1a5bd79bd5decdf2064580eae9fb
SHA1 78ece84941b9a2ddbc820f12573b6b3b1532394b
SHA256 a2b37ef6972c25ddd52091a6d3b89456f9b4a0ec872774495ecb296832b11114
SHA512 644fa1ceae92cc71ef0f84313e1458c467ee7f1756a1d2f3104aa3dda4a76a5d11bccfd70f417d9189cd0c65effb028d6f99b222b1e64f817be1c17c1ed7bc05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1cff4a5be0ac7f7c7cdf3ed0ccbc4890
SHA1 a3331dd2e96a0180b8c9cd3e1e6ef53ea3220a57
SHA256 a8dcc7169415df33f27f545811114c9053c6304b668f0f54fd046e8a79505a42
SHA512 9e4f9ca8f12ca082c806f70af5dea9a99a6cfbe6ba6b3c8ff7e59a4b9d71be01a136058496a37dd7d1545c392c091ad8038312ac6d5ffe866176ccc72b7ddcbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00585ff628cb10c353fce5d2e3237df9
SHA1 07cbd6870622054ad5ef6cf9a538d29d1999f68f
SHA256 a4d2f0fae7aeaa7a686ff22eace1473741962efe32af66b354a83d040cdcaf5b
SHA512 ca77c77819c5f4abc0b6af58d66fbcfb448fb5d710c313e3d70e33dcc8dba8a6841762384f85fae8250693b5d4eaa8649a2e234b897b828478882b6d6b18cced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af05685b76e2791966e4349f6e3888fd
SHA1 e02fd6a8f0c6845906e6e08227b1f820e8399775
SHA256 aa0bbc2e9b5e9adc57c6e6fffa1292e7ef5e7f5200d6aed3bb625df2d5d95b08
SHA512 2dd7ae00eee7be51c9b2ebceb89b2aa641f6e6bc6a24f1e420d45500ebf7e6331a4d885af47dfcff206803a0e82535440d1a90e0b29d85fd2537e1208f7d3334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1f291c5a2e2551c26e33db80e6c8e6b
SHA1 15f75020cc482b006b3ccfe00d2d950b61a158b5
SHA256 ad701fc7265090a22734c9edeb335565decad16e1daa782c7ac616d868526bd2
SHA512 09d0289533c74494b128207d416deab8f723d4dcf9290f0161a0aee83eda1603eabd5a8a4581ae18c760e83e9cd77a9752d75854853f14cd580b611e56621e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 8f93cba86e325a41956310aa001ecf4b
SHA1 d0565b11bad45befa4af49b2a756e1db92db9fcb
SHA256 0541883adeed709547f4b0ea224383435264888776b673ef21998aafabcda0be
SHA512 a8684abefdc3fdf190daec2bc53660cadafafbec455124e1d69546232d16a662f0a6a473b2a91bd027c9245028edce53e36e8bdc90fc2d0e515b4c06de08ecbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 b3a1ba8050844f5e86cc83af53c27d20
SHA1 22d3c3d52f631ce2362a6c1bcf476c03543dabda
SHA256 ccf49e7cc2ca71befe16bb8be664c3c2212c64d209680ee30404d9ab9b76a9e4
SHA512 68ea26de05f3d0de5e12aada66c8fba72326df9b7c040b54c63ac66aadd1b02019a5a1a46c5e8a76bb0b4e12828fa4af2fd0fdf7fad4cebd9fbe5e9df460889b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 1e5b765b32c5f65973d835e9ee3ebf20
SHA1 2ae4b7b8e6303dbb2424730062c2fb1d752219b5
SHA256 d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379
SHA512 0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2304d3ad837dca73919a413d733e7e49
SHA1 b883f492c887c3678582e51f781eba20d132dcb2
SHA256 bfad6e4de4d298a4e582fe1c857e5ca33c6227131908b6d75d82ebb81d992c93
SHA512 d379b6f3d769e0da5e1d7bfdf46bfcf97d6daeb64d6eb5c1e5f383c70e20d2c3053e2fa9c9641d9ff9e635becb13771ea2147d9679e781ad983d02ddbf535da7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 090c5aa0fb8f1c10dfa69238269bdc00
SHA1 9beede1dcd0427c9c7611b3f0ff98115eacf6082
SHA256 2f0c8d6e930e680d83df44242a244d4d2cd81383a7e1c8ea60bba76244da5135
SHA512 54120390f91e2296a676c2ecf801ea112b7196aeb27681622118de140b66a652504a63972dadf4e75674a2a2620d29b835e83770b4c1b5c0ea39e285bb0b9dba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a6b0dd53fb4e6baf617fd0d03c67c7fd
SHA1 5d2f54784d798b3bbb00d0b70b660c94ec08af9d
SHA256 83d1112b2ecbf0b1a393c96185f44dc80f4b114c6cdfaf234a9887d4c6379a21
SHA512 95ff2b11e9bfcd7112dc6504d7c1bb95713e660bc39037a5ecb153e85a5334bb1f5e284f60a8bb20274811eebb4bb477ff82accae7994ddbdc2693b338c2485e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

MD5 12e3dac858061d088023b2bd48e2fa96
SHA1 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA256 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512 c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84f5883a159029a7baa33a5ed92d1920
SHA1 d7301324e0f4b9a893ba5a1e8ebd06b0f6561272
SHA256 521185fcdcc8d36d3c42a1ebbe07907aee7955172929d9440d7760591159a5c1
SHA512 49cfb8cafe727d406e27d0f5a16168a9b1794e9e522ef05b943675971a8b75f559afd3004bf4c6775e0dde4c874f8a56ca86fa4eaa85c3acc92ff3c005ce5a6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 18bc3dfbbd3dadc0799eb7ec45337517
SHA1 78eef8f2f87b2274cc5b892605dd24ac226cce43
SHA256 46264fa10196107f958685aa03e6d59442a3f8ea2489e761ceeafb772880d9b1
SHA512 9d1af4829107e34a66374f5a35b0ce4566b6d1c0bd01067b7958695de137bca81956592596003c44e0b474ca21b23331a042ab19554a5302338d8a5a2068fce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c571fea7712fa0c015f23d9492f66235
SHA1 066399f24c690aa3985fee133e8ac1ea6d98efdd
SHA256 4b190dbe721ae25acb6ea27c7f2f274fc3b31f3997b31ab7480dda71e80ae3bc
SHA512 3b71f26962e59f090f856b03e6fa23d24c2fc0aade294d3bf936af9a1c59b9a41e8e6819f5782e9d1fd64beb59fdb1781119388029f75c4893013ac1dac7f4a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75039b5087ddf287df3e466c45fcce5d
SHA1 8439c43af33614466925d0bc98966f8704c341ae
SHA256 2dc7bfa85c1460da843bd9a378714a14616623fab035a7c5befc5353b53ad10f
SHA512 fd42897216e8ec694cb624c2c225eb332334c7455a8a2fedd59b2d652362a2c4ddbea9a5c4f68460a0b648d4190b90a9d281cbf0dfac4298c4fee963ae0ee4ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 f28fa44674f484314e93a3d76321f55d
SHA1 502822b48caca3e21fff3cd7277efb51f924a694
SHA256 18676d295983c374abec7d867d7032f8d1498117b6f70a73df017bd7555a1585
SHA512 fa4754044d433cc4208d439a415db9dc045d477a3c39fc04a1403ad4bc9120d64d3006157366a1d97387fb3b45e2d8152a7591bf46fb11d7a6eea6bfc5bd9b53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 660829aa1f1ad13b5ff2d36a62ee95b0
SHA1 8be7b41bd1aefa5f06203ea242aeb790b29a5c36
SHA256 3455d6220f03bb311bd3a588294e97e93eb60a56c0def9df53b53ca51979077e
SHA512 82d76f46948519979769b5b058c42e3640d2eb5cd9c5d91388947862471624d8e00538df677a6e50fcefb61531f6d119700050f8ce5a3a12ab77968d7be6ef7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c1e74166028002577a62741001bdffa4
SHA1 8ce716fb102316dd3688b34772a4d11400ec73fe
SHA256 93bee1c2fa227c271bd0918e4c0eee7dda2104bedb555ea7d3b868966d95bcfe
SHA512 1250088cd17d4a59e04258daf72e0cd862a63ed22f57556541cf4cbee19363f982c7f8eae76e33cd66db4c9faf6c3ba2d88d225fe6d4ce4c9790f1ef844e91b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9cd25161c60106b97f5bba71eaf2a26
SHA1 d69779f397b1ddbd941e3cbb754b0a98025ca74c
SHA256 a6422bf5fd8df345e166d7b9f8dcb88126efc8e016e0d4e01d332127ccf04e73
SHA512 f569148f7a790eaef65fb7f368cc18beeda70435003e0be8c326991ac5ec005f92105e79ecf5742c587941d8826de31b4451a4ed30056e0dd121599473fec6cc