Analysis Overview
Threat Level: Shows suspicious behavior
The file https://linkvertise.com/1208172/solara-bootstrapper?o=sharing was found to be: Shows suspicious behavior.
Malicious Activity Summary
Looks up external IP address via web service
Detected potential entity reuse from brand GOOGLE.
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-02 17:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-02 17:38
Reported
2025-02-02 17:43
Platform
win10ltsc2021-20250128-en
Max time kernel
281s
Max time network
285s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Detected potential entity reuse from brand GOOGLE.
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Software\luajit.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-950679536-2019665560-1662069516-1000\{2E21D68A-BE2B-4EBD-BAF5-80D0979E0384} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-950679536-2019665560-1662069516-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://linkvertise.com/1208172/solara-bootstrapper?o=sharing
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff952e146f8,0x7ff952e14708,0x7ff952e14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,8099015041076295823,7527972340434260438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Software\luajit.exe
"C:\Users\Admin\Downloads\Software\luajit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | linkvertise.com | udp |
| US | 104.18.0.75:443 | linkvertise.com | tcp |
| US | 8.8.8.8:53 | cdn.exmarketplace.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | js.chargebee.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxst.icons8.com | udp |
| IT | 95.110.204.9:443 | cdn.exmarketplace.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| GB | 216.58.213.2:443 | securepubads.g.doubleclick.net | tcp |
| DE | 18.66.147.29:443 | js.chargebee.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 2.19.252.203:443 | p.typekit.net | tcp |
| GB | 84.17.50.9:443 | maxst.icons8.com | tcp |
| GB | 2.19.252.211:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 75.0.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.190.20.in-addr.arpa | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| DE | 65.9.66.92:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | exmarketplace.com | udp |
| US | 8.8.8.8:53 | assets.churnkey.co | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| US | 104.26.10.238:443 | assets.churnkey.co | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.204.110.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publisher.linkvertise.com | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.10.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 104.18.0.75:443 | publisher.linkvertise.com | tcp |
| US | 104.18.0.75:443 | publisher.linkvertise.com | tcp |
| US | 8.8.8.8:53 | euob.bizseasky.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 18.245.31.106:443 | euob.bizseasky.com | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | tcp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 106.31.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | obseu.bizseasky.com | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| IE | 3.248.162.96:443 | obseu.bizseasky.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | api.taboola.com | udp |
| US | 151.101.129.44:443 | api.taboola.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.162.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | integrate.linkvertise.com | udp |
| US | 104.18.1.75:443 | integrate.linkvertise.com | tcp |
| US | 104.18.1.75:443 | integrate.linkvertise.com | tcp |
| US | 8.8.8.8:53 | ad-server.linkvertise.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.1:443 | tpc.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 75.1.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.advertiser.linkvertise.com | udp |
| US | 8.8.8.8:53 | imagedelivery.net | udp |
| US | 104.18.1.75:443 | cdn.advertiser.linkvertise.com | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| GB | 142.250.179.238:443 | img.youtube.com | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.3.18.104.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | am-api.taboola.com | udp |
| US | 8.8.8.8:53 | images.taboola.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | 13.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| GB | 88.221.135.43:443 | www.bing.com | tcp |
| GB | 88.221.135.43:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 88.221.135.34:443 | r.bing.com | tcp |
| GB | 88.221.135.34:443 | r.bing.com | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.187.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.65:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 65.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getsolara.app | udp |
| NL | 193.150.70.84:443 | getsolara.app | tcp |
| NL | 193.150.70.84:443 | getsolara.app | tcp |
| NL | 193.150.70.84:443 | getsolara.app | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 193.150.70.84:443 | getsolara.app | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | 84.70.150.193.in-addr.arpa | udp |
| US | 104.17.248.203:443 | unpkg.com | tcp |
| US | 104.17.248.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 203.248.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ec94745cd72f974e0497aa41415bad9b |
| SHA1 | d21ff8668515f2a51aa6a746b3fa15336fc62b5a |
| SHA256 | af45c7c9220e3798ec9208de192ca021515dfba1be3caa38836c6d6d5d3d75b5 |
| SHA512 | 7ecc68f20c8cb104aacdcb02ed78225d55ac97fe617acac03a4da1650e0066993660cfc9d9d164a71f4e4713f11754c1006c7a43d3462bd41b9f3775a7dc65ef |
\??\pipe\LOCAL\crashpad_2492_MAFTZYMXYDLIGLRZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20c63ad75f2e339d14e7d56d050734a3 |
| SHA1 | 7a7d9abf8e248189e28503c3606e0d744d365725 |
| SHA256 | 962483c5425474b992ea33e7e64c404fb9c1570d84e230e108d797ee16f6152f |
| SHA512 | d5439f86c01bf1141b0b823aca524316367412d020eae2d8bd664cb118be4c9599c37381f9564d493059e1a0c264d5f6ce06eb17cb4e17d0ee66527f5df4c98e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bb0446348ca1141310659e25f1dc5904 |
| SHA1 | 9750ac1b4352322939b7d37734d128e428d74e01 |
| SHA256 | 80f31d8fb4b0d9e71796feca385748eac8f40c8e893f9f3046f5f39e9c3bb9b4 |
| SHA512 | ec1b1359938137326cf9fe607448e27064ba96d45d98510acd9aedb5804ca38e3cbd86f3a880d24eb580d1238c2241acfb4fab42fab27ac4504bba25bdba9c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7470c4bdcb39fa0f32469696ecb34dc |
| SHA1 | 3907437bcdefbb9f1db25487017da0aedbd17dce |
| SHA256 | 7c03a1e83930c7a1cc58b8d95b930ac0571c5cbfa60759fbd29e23034b393929 |
| SHA512 | cb44833d051a245fd40a575ab4a7be4321e04c036e5c8551bb56f16f9ad90f44b23af733ab3d9fb2629f1c2f14a07266fd1fec2c7f1f863f5b43993e087a6662 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f30f41bae50b3dabbb78f69c9518c0f2 |
| SHA1 | 14b8aa1ee51cc63eea45dc505e153207cde85d4d |
| SHA256 | 4b51b9f499ede272899680cfac161ec2ccdcc34495b9fa4571bb9a84c32c9657 |
| SHA512 | 80ed88566c3dde7b9c5578f60d8e71f93c39646d226c63deaa439f279ac3f6535ab2fe2ba8dc689e3ba00d6900069ed10f9a9ebde8e4dcda44470fc67b05db00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9daa1c69c357958518bb3c6ae7e08d0d |
| SHA1 | 5841b8d7a10325e119978d1ac9ec8645320bd532 |
| SHA256 | 3d7038f47fabd0db960a45069f28bc18c871320c03be0f68b7e68175bc9e85d5 |
| SHA512 | 02328f482d03dbb2ec9e552b909ed54dd4d30f0c5063b9f59d7340082351b99015a033fd9c01d488ac48bb4b2a7d81b1057367815a9f61160570c8a3108fc171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f8a2d7991db3458c9a87f718f306658 |
| SHA1 | f635d2482c6e3ed3da858750748095d27d913883 |
| SHA256 | e8158cfa96b15dfa5d531bd0c021bc8308a439f006dbf941a673d8a8629570fd |
| SHA512 | 1d87b626d219bf1e9c211909a3f1b8beb7ce08f8404ec6ecbc5ce5da8b27718ec509c33beaf695e9cfd903c119fa34cae0bccbedaac1f346cd2aac8a5ff81f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8640786a6836a776d1412bd7cd2c0101 |
| SHA1 | cce0d5084e530126ef011aeae063906d12e07485 |
| SHA256 | 862c5072cae6cd1b8b2bc1624b4e1ef16093667a04a3e148895132d640cd383e |
| SHA512 | 679505a83ee3f876ebdb30609219b9a68d7fd22b0038d986340ad3f30e27997559ad13b9404385e179cd40fb6593fd0c6135c0a13caee1ca8c4098c46f616ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 964fd19ddbcc20a82f40273a9c6eb63a |
| SHA1 | 547727ef2545a1dd4d971099d5d5108cff0bce7b |
| SHA256 | fe7a13f3b97ea6753122502d13347be8c0e869b0392a5e1c03866179592f3deb |
| SHA512 | d7194c2f2155ae23f89e1655e4331a890e3ae3b4fe45ddb2f5aef464094bb2198a03d902f18455f5a307319b98cab42d7eeaf43803e8828f615cb739c729d55f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24d1cd07590111196ad2e96f3be2733c |
| SHA1 | b02fce6547badd094bd6a7774e259b26365b9b1f |
| SHA256 | cec3236687bedb34c5198f3ece4d8ae5d71a5810849462992f72ba65273d8898 |
| SHA512 | 0ab6834baf6199e9b465f2db9cc4b395c401a62213bb3e496a4b8d0c0aa7cc75a8993b69c77df71b3155d57c5a3ec01b31443fe2cc84e806b805cf977cea47d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acbf94a718f47dd6985243155759d147 |
| SHA1 | 2375fdd6dce474364fb432414dd5eddfa44a55b1 |
| SHA256 | 72b8ac85edf55acac7b4203709257f081f301b770662d7ad5669f8908fb95fa6 |
| SHA512 | 4d983e0c0cb5a8752489e4f72842d3eb7fd60d4ede00b4cf9d4a8fc1672b33a79f3a448e81fa708739c7ccd4514c7c036719ab37563486ca4015c5174818ea4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599522.TMP
| MD5 | 19771ddaba7a10a7b0ca9898317faffd |
| SHA1 | cae896105be5a4a094f6239b73bcb0b4a28931af |
| SHA256 | 925a27cd22b6ac26204daf8adcc92934fb1056ba563d095ace591c0968708aa5 |
| SHA512 | 12d42001813be80a9931c985d485eb399cd36f1e783fcc72fd8113f2a87c22d8eb8a607948dfa88cdc465ed847dc1c8149ae51054ba29141f643db543418f424 |
C:\Users\Admin\Downloads\Unconfirmed 234019.crdownload
| MD5 | 3aab4c9294c7abe63bb278102938ba7e |
| SHA1 | 4f3fbe9a1c37aa0ee7ed4d4a2feb4e1af7dffa81 |
| SHA256 | 9a9a534fd91efe25fac592831a2565d33b3cc73dac9a68a318ce079452b4ceeb |
| SHA512 | 30674520a27a5ac2ebb2904d874dd6df2bd57798bf0a59327e0babf601eddc6b96fa00898f2aabe93f989b8b96eda9c5792d846c43ca9c64d7a76ae2acd6f5f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd5b8a062e8a284697b3c536a8c2dc14 |
| SHA1 | f46c7bc07c79ac9d8f65a83349b06d03860cdc20 |
| SHA256 | d81f7985d01f0aab1499f25f8772f97da44f35da93e54a9c10ba533986923bf3 |
| SHA512 | 967d5c08d14b526ff8a02454c4479c0fd007795c1974f87279358e11ade9015352089f0c816dfad2a5a12867e9e100afe01004803ee5dd021a7705a0b52fd447 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
| MD5 | ab79489e9704fc9cc9d8bee4f8e17ec5 |
| SHA1 | b2e19a89b43d537bb5b02ee9ca2418f027259c1e |
| SHA256 | 4d71760d6f3159849068b635ab4c39b9b747d899f03670533971a62d262c264e |
| SHA512 | 60d11ee023b9a045c4b59b88311f001fcf4856e27837a1ffd6ecab0203e5199ee077d85c5217e0f0b94e0bff93b14c3680816b6fbf9d42ee2eff5c23d9a13edd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | abcadf9d54b48db5d0b14f3bb9df12cf |
| SHA1 | 511ec0fbebfc949e8e98dddd5989e51522d20689 |
| SHA256 | b52ce203972cd9de17f44dfbc60e2af2c24b04d25f82fc221e6e65512f0b68f4 |
| SHA512 | afbba49e11dc173b02b0428d5a971aab7f455528ccb4c77ded375ad565d571d8a7629a7d8e08cb78ee7716924345eee965d44f0b0419f6e5589e92573628b541 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 463e705cc7c10bf5814dd94ecb014873 |
| SHA1 | 3d77f38a819814da1be10891b09130c50937590a |
| SHA256 | 7fcd956174e218227625684fe2a582c98f4a943872081df5c1b7f00c7a55405c |
| SHA512 | 681e2d4b18b80f083792c6f70a66e5efd69ff63ebd4a49e86d23921209a44e2c290520413db2aeb9b376f6e6fed4238ed29182f3864e7904ba85182f457a4889 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c419a65e37da1e53a7611bcf9c653574 |
| SHA1 | a033d104ec9f571ffef84f60765b3727aa975941 |
| SHA256 | 46fb7dcbd8f86af5d5e18da66c4bbb7664d4dd0a38990cefe1da512b8e4a5c37 |
| SHA512 | 1b8f66c70d22123e94d032a9a15ad7fedc55f9eb9c691d83c0f1d1859df05c8ac6d98561340def68e6e9c7742d11e0e6c5252ea50ff9f2726ca73e0aee9dba51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b861a1591c07872b92077945131c8d95 |
| SHA1 | c8df24294da9c4e015d4e70136e04af79bd6556c |
| SHA256 | f21b5a0a5b19c07bfbb1d71696abfa727368e5a7671ef51809e165a9896473bb |
| SHA512 | be025a02504ffebd8d7deabc2805f73598b9490b0a26e35a439c4a20f8a612145afdafcd95a3fe18d4978d56e57396411a45183539dbaf121925f18891d47ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ca4f0be915ac8128deb022df940b139a |
| SHA1 | fb559fe7a03570005a0837293e5a1eef8c94eb20 |
| SHA256 | 3354b8714c7fd83e644b7915042d88b3ba2616840a4f9d21fec1920011a40ac9 |
| SHA512 | 1c7aa42072b098cc080112b6ce1a3cc2fda876dcbf22037d31053d7729128b1c089757e086ece7108c879b1a1ab7dcbfc93c2c6ba7e96376c132104487787fb3 |
memory/4380-470-0x0000000000400000-0x000000000040A000-memory.dmp
memory/4380-471-0x0000000066F80000-0x0000000066FEC000-memory.dmp