Analysis Overview
Threat Level: Likely benign
The file http://duckduckgo.com was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand GOOGLE.
Browser Information Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 13:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 13:23
Reported
2024-11-05 13:29
Platform
win10v2004-20241007-en
Max time kernel
284s
Max time network
292s
Command Line
Signatures
Detected potential entity reuse from brand GOOGLE.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://duckduckgo.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8666a46f8,0x7ff8666a4708,0x7ff8666a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5940 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2950191070446193095,8887832774370598346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| IE | 52.142.124.215:80 | duckduckgo.com | tcp |
| IE | 52.142.124.215:80 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | slither.io | udp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 104.22.19.97:443 | slither.io | tcp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 104.22.19.97:80 | slither.io | tcp |
| US | 8.8.8.8:53 | poal.me | udp |
| US | 8.8.8.8:53 | 97.19.22.104.in-addr.arpa | udp |
| US | 104.22.19.97:443 | slither.io | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| SG | 15.235.216.150:80 | 15.235.216.150 | tcp |
| JP | 144.168.36.26:80 | 144.168.36.26 | tcp |
| HK | 43.249.37.55:80 | 43.249.37.55 | tcp |
| IN | 148.113.17.85:80 | 148.113.17.85 | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.235.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.36.168.144.in-addr.arpa | udp |
| ES | 107.155.103.54:80 | 107.155.103.54 | tcp |
| US | 15.204.212.200:80 | 15.204.212.200 | tcp |
| US | 15.204.53.184:80 | 15.204.53.184 | tcp |
| US | 8.8.8.8:53 | 85.17.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.37.249.43.in-addr.arpa | udp |
| FR | 135.125.74.230:80 | 135.125.74.230 | tcp |
| US | 23.227.195.74:80 | 23.227.195.74 | tcp |
| US | 66.165.238.34:80 | 66.165.238.34 | tcp |
| IT | 144.168.46.18:80 | 144.168.46.18 | tcp |
| AU | 51.161.208.162:80 | 51.161.208.162 | tcp |
| US | 192.211.52.146:80 | 192.211.52.146 | tcp |
| FI | 95.216.39.140:80 | 95.216.39.140 | tcp |
| US | 8.8.8.8:53 | 54.103.155.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.204.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.53.204.15.in-addr.arpa | udp |
| PL | 57.128.202.109:80 | 57.128.202.109 | tcp |
| BR | 45.158.39.114:80 | 45.158.39.114 | tcp |
| DE | 57.129.37.44:80 | 57.129.37.44 | tcp |
| GB | 198.244.231.35:80 | 198.244.231.35 | tcp |
| FR | 57.128.20.155:80 | 57.128.20.155 | tcp |
| FR | 40.160.21.51:80 | 40.160.21.51 | tcp |
| CA | 148.113.153.83:80 | 148.113.153.83 | tcp |
| ZA | 102.218.213.17:80 | 102.218.213.17 | tcp |
| US | 8.8.8.8:53 | 230.74.125.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.195.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.46.168.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.238.165.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.52.211.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.208.161.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.39.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.202.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.37.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.39.158.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.231.244.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.20.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.21.160.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.153.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.213.218.102.in-addr.arpa | udp |
| FR | 40.160.21.51:443 | 40.160.21.51 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_4628_CTIURFRAOLJECBGF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbe9e3a42d196353c9916bfba5d493b3 |
| SHA1 | 2b0dab1639f0b2d06ea45a9411784a86ee94be8b |
| SHA256 | cb98da0dd41f8e17423103aa070695dfd055c9fb8f6d8431b1f25f89121d298b |
| SHA512 | fdf5651481cee1454f5e908dd3d154e39ed09a1ca70a2ab5f3044f6a1285917f449048d4d24374edfc627f6138e4cc615f8dec4340b013c3601b26cb8b7cf1a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 96810a179f436bed70fe3d01b7af8428 |
| SHA1 | d80b42ae80733c9a72dd7681a2e0dc224dc3a891 |
| SHA256 | 4260899ec7e0eee7bd82a23fb61193bfc07d8195084358b4c280430c74da57f4 |
| SHA512 | 890e18c2bbe98675b49ae9a5b75d10883fd27d473d62da164cbc4094f1238b5c9048ba9b3544626536388510568365ea70e4ddf5fa82e2e04eaed38a968d9b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e38aaeee68f3bbfd2eb6d49e56d2fa8f |
| SHA1 | 8df2618bc33e371ce53706e3868286d491475753 |
| SHA256 | d1aab46859ef6d296c9d7a8b4d1df03fce313c129d826ea3d1f84b4c9207cc47 |
| SHA512 | e7854a11c9bde9dd0220ef7e8b101042a8761aa816ebf85d073529d7ef24c5ca0a0dc7261c0c30d7de7fb88b9dd810ff63c382d95ceef799b4f5d960000316bf |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe07.TMP
| MD5 | a4525bf926ef397f7a1622e5ff079637 |
| SHA1 | 1abbb54fee5b13e83e8c8195c8885ac112a098a1 |
| SHA256 | 580e7398ef6a1ee959ddb8c11bbccdc9661dd06c98170cde70c024f612fcf9ae |
| SHA512 | f79b794be77985cbc5abf3acde59827d6cf50b30ef0355b580a6f67a1f820ec399ba54a582e0594182d71c22d6b435e3b6d8ddcca3eb9b769ee1f217a118b757 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b38578d85b1c264b203df265e4563518 |
| SHA1 | 0600819c781780e071a1fdd0439c58697bfb2da9 |
| SHA256 | df177a7165ef39dc3620ee9f645d6db956ffbeeabcbc360fb79228fe0babff42 |
| SHA512 | 959cae950574ed6c1eb95f75a8dcbfacc55650e1af93b315c3f192c44f50249b72437ff8da63d1d6b6511192e1819860a39e162325b78e56e1da66e9b998812f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2997ffe77372c9533285411ec4e1340 |
| SHA1 | f36dc7f052626d4cdc1b96b5906018489c981806 |
| SHA256 | b005084503b57ef9a2b9d25ce2dd0b1ccbcd863e32e993509e22f5f4af1f88ca |
| SHA512 | b4592405b5ba32f9aabc85a5ec54343cb7856ee298ec65990cc5b81679e40a90406400f08e7ffeed5b582fa63a4a3f222486ebf9bea027c62cb6fa198d00419b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 17fa65201c37b7e2765b996c5e632fa4 |
| SHA1 | 570fed10fd105940739b37b5a42babcd2af806a5 |
| SHA256 | 0019bfe61c9cd0cf495246d68872cee85f952e3583d0386aa94ca54e118603c3 |
| SHA512 | f0ef6f05730c0a094010b8695f6b6ee7e233dae7af44ec3fe03dc57fcd216d64f6263af22bdae462b687dbe7326bc09af703485ec62781fa092b11fbaff71d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bc30ea0fbc6e41a3e6b63ef562db13d |
| SHA1 | fb4d46768260d576655daf0cfc06987c8fa607e6 |
| SHA256 | 01167538fc3f72ed7a2af880cb0bdff68c35ebf9ee517168c797273b09fb53ee |
| SHA512 | e792a9de5351fea378db1d8fadb433b51e3031929e08861eecc76f2cc660a4e1541c5809fcdcae53745c889bbb0291cba9075fec0a674e6b116b78223939ac68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ebf25c927ce6f9b755766cef89f7cae1 |
| SHA1 | 0aecd5062530479ff0dac2bd33a9ed3a93fc0ac7 |
| SHA256 | 62ceb968103fc5854a9f608284721f255ef5539a7e1a25ff7171ccf95dcb0908 |
| SHA512 | 866e100d7a9656e8943863a45cfdddcc5c6df32fe125ab1ea96018ea662614afb9acc6f693b309eccdf6973b57373e27879dd503376391d9a7743d84a1665c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d241381bfd7470736e6cf9cbc695de55 |
| SHA1 | 35da2f5d4042ecad57ba62cf13e63cc9562c0e80 |
| SHA256 | e299c2185c6c13b6f5ec162a384c37ad8dd2c50bd78c598c7986fab15f0fef82 |
| SHA512 | 68b917d794b5572716c468a3fe95567b2824a1e9d4e45e3aa52f1c2fc18b1dcd9291d749a9d5229025ca9db4966ed5703de1c8bd90bebaf1f7324630779f514d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12a6eb8235cbc25b07b9d6a740dafcea |
| SHA1 | 73447c4ad86d961c307f3cd3f9e0e89ba26ba228 |
| SHA256 | e8e4361cc165e1bea9e6ae2c90287055edd28107e6b058a9becbe9c2383ca758 |
| SHA512 | 36eeb7af7674bc4a3d9a360b124f43f4ac9c507c02379c8d39c87f81303d03cc9a5dc4371db0727f73f1bf7f2491c71d3ab83a527800c6ecc05e581d9f7f2cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68bb3160abd720bd23bfa8e0e1ed1afa |
| SHA1 | 55c6e4992796da4304b5252777fff398f0da61c0 |
| SHA256 | 3d934e1d11f1e0ea5037421f29b0ba5e7cb9d511cc1b5fa9872664291238ab41 |
| SHA512 | bb0fee135ef4c49acdf9ccd5b78c4690222920dc028d9ee0f94f3b7ceda00f1bdf8222d171d4c6c2e0c2674e2e09fedca005d1dc2bc971774e87cec70f37be4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 487fb0a4015b78de3b0d75588abf75c1 |
| SHA1 | cd39b7a7d43757daafcc4bdbff7c1d277d51718a |
| SHA256 | 83331a7b58ac2c611843d456ebca8110b9c008529a7e971a20c6cbfb99f0a21c |
| SHA512 | 8d9365f04d923c47680def1a0279bb5cc43d8bde1d37685187eadf03240c3a8e2a34a6ccaa78da9fc43ac0602a600f40471b22f2ce772e61512610d307d614fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21d77be83a4cb50a10b6f1bec62386a4 |
| SHA1 | eaffcbd79ef99bd091524229000edc310fb29ad2 |
| SHA256 | e0a3b9cac8125f8ec875ce7688cc90b2ceb31c293f23f21ffd544521101994b3 |
| SHA512 | eb69f5ac6d6ce529c7d2424b807bf152943d54ffb8cf635e897cfe574cc43e9024ad049763c4e8aa59913f75e6cd4e52a0769081d2511a04f4ac686a97b16707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 723133dac04f3fa67efe3dc74f3587a4 |
| SHA1 | 5d3410a6512be7f6cd0bc3f63bd2b0143de2e5e7 |
| SHA256 | 29b66a69acc406831e1cead3731e54554dbbe5da1223d9047963142f5a6e0aa8 |
| SHA512 | c7205c9dc75f5a3b0bbdd8ec61b2e6166c78ebbb9a84204d6de56732833cbf71828739f43ca8699280caf1547350f7f32e0e92ea77db9da71e32fbdf07edd36c |
memory/4812-411-0x000001F23ED40000-0x000001F23ED50000-memory.dmp
memory/4812-427-0x000001F23EE40000-0x000001F23EE50000-memory.dmp
memory/4812-443-0x000001F247160000-0x000001F247161000-memory.dmp
memory/4812-445-0x000001F247190000-0x000001F247191000-memory.dmp
memory/4812-447-0x000001F2472A0000-0x000001F2472A1000-memory.dmp
memory/4812-446-0x000001F247190000-0x000001F247191000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e879c688ba8faa78abb88993bc6bebe3 |
| SHA1 | 85ca0ecfcb6733fb52880c069bfcce37e60cd984 |
| SHA256 | ca0d54fdf957912cd839f3d2097ae61e2ac0576b2eac445f79dd7e4b2d28875a |
| SHA512 | b28c212d9f3a9974b28cc06de7c3ae5de5eca43429a5c4d690193b27ebf8e4b1cae44ebb5b208f9f5fe01a7035dc6cc919bc71a5cca01718e7a4863fa1fe0e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a30dbc135e1a8590c510a7b6491f10fe |
| SHA1 | 65ecf5f03cb511d30aeb9c8627eca9d994efbfed |
| SHA256 | 9fa8a6154e2d60ca574390e87da12c7e77a9d30100c54eb84e063b2cecbc5d0f |
| SHA512 | 0fd092a2382f87deaf4e9a27ddbfd9f4961b30825c6f7c07b411e70c37b50a2a70eb89cfdee631cf51b0675eada23715e3805407ba973ba00de1770dee6a09b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca4542ae762080426599603c0516f771 |
| SHA1 | 43fd9661ed3d2f0daa6affa98e28641dc87967cf |
| SHA256 | aac1d59c67ae4461716f2cf408a1448df7a46ddbb46d2e3406d08c712fbe96ac |
| SHA512 | cfda174760398d5209c32e8e92674fe2427e54411fb0513fc11bc653ce0c8851d822a0281e9fbceca46b7128e8bcf9f6054404600618aca9906c6f8ce8269933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 24c5cfde7abf11523d6f98c9e3d4e17f |
| SHA1 | 75d600aad446ed509a0237bf7dda787260734261 |
| SHA256 | 72c34b5f53f9b9fe18b337c4bbd69e759768f6d200dcc0f8e04fbd41d5a8392c |
| SHA512 | 90feb8ecc8a2b3ba523519d488d2d87036808ac5846a1538066a1fa248771bbeae8ded6b7af385ba5ba88d9b02a5e50bc0f64cef08a8d65eeee5c4bc44c1f756 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab22c2c286a4b8d8473f0e1cc7dd89eb |
| SHA1 | 834a9e73b8e890c8e797272b772306df5f8112fd |
| SHA256 | a3b61fff8947cdc2f2cad53cabd8a74c667fb1d20f78b5339f1dc17f19ade730 |
| SHA512 | 08753a7e13cdbc2c2f5471a7477053553442db07939c9826fd02060db49b7aae72088bd6313e73baacac2caec313cdba30bf915a89b4eb1b88f7912c39f91b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 760f3da5a9ede6497b2569fa3c9b87b9 |
| SHA1 | 38091d8740f8d36184bacc9550235215e8fcb390 |
| SHA256 | 8e68e99d3e5866745a9c135624c621558f8b3b227a763f23f9a13c0ea5a6435e |
| SHA512 | e51a8a320bba0195904f739ecc46a703d5c1f221ed062c2facf6fb9b966e839402102268c7ce7ad8983871b4d397d8f257a8ce0ff4a1ff326bf1897c2bc23aff |