Malware Analysis Report

2025-01-19 00:30

Sample ID 240507-xm35fsae9x
Target https://url2.mailanyone.net/scanner?m=1s3cWM-0007Zq-3j&d=4%7Cmail%2F90%2F1714917600%2F1s3cWM-0007Zq-3j%7Cin2c%7C57e1b682%7C28613012%7C14303582%7C663792961556323F60CA7719E24FBD2A&o=%2Fphtu%3A%2Fptsacblmus.i-mdktcnai.ypos.%2F%2Faicm4sore6a1g%2F9-90e40-bd3-f16f8-193b04100e5di%2F5%2FKvEDrF30gZAMUpE-A4D1AQEAGZtaA%3F%25ge%3Dtrr27BeTag%252%25ltUA223r%25sh%2522tp%252tF%2553252%25A2fg52ueerFrornnz.c.es25a%25%25F%25222d22CrRei%252oOecstintp7%25%252%25A%25B233%2522n2%25A522%25ul1C%252l2u%25%252lAnl23d%25%257gD%26iD7U%3DesLtFOt8q8bqVJ1W8k02PQlIwVO4c2lKft5o%25BBn7e%25G1kRCes3DVcrt%26eaier8n%3D5so27754bdd9b3bbaf4343bee51eb8d6&s=WdYCVSQ9Sc0_DEjTfgsDBAJMLLE
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://url2.mailanyone.net/scanner?m=1s3cWM-0007Zq-3j&d=4%7Cmail%2F90%2F1714917600%2F1s3cWM-0007Zq-3j%7Cin2c%7C57e1b682%7C28613012%7C14303582%7C663792961556323F60CA7719E24FBD2A&o=%2Fphtu%3A%2Fptsacblmus.i-mdktcnai.ypos.%2F%2Faicm4sore6a1g%2F9-90e40-bd3-f16f8-193b04100e5di%2F5%2FKvEDrF30gZAMUpE-A4D1AQEAGZtaA%3F%25ge%3Dtrr27BeTag%252%25ltUA223r%25sh%2522tp%252tF%2553252%25A2fg52ueerFrornnz.c.es25a%25%25F%25222d22CrRei%252oOecstintp7%25%252%25A%25B233%2522n2%25A522%25ul1C%252l2u%25%252lAnl23d%25%257gD%26iD7U%3DesLtFOt8q8bqVJ1W8k02PQlIwVO4c2lKft5o%25BBn7e%25G1kRCes3DVcrt%26eaier8n%3D5so27754bdd9b3bbaf4343bee51eb8d6&s=WdYCVSQ9Sc0_DEjTfgsDBAJMLLE was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 18:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 18:59

Reported

2024-05-07 19:01

Platform

win10v2004-20240426-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.mailanyone.net/scanner?m=1s3cWM-0007Zq-3j&d=4%7Cmail%2F90%2F1714917600%2F1s3cWM-0007Zq-3j%7Cin2c%7C57e1b682%7C28613012%7C14303582%7C663792961556323F60CA7719E24FBD2A&o=%2Fphtu%3A%2Fptsacblmus.i-mdktcnai.ypos.%2F%2Faicm4sore6a1g%2F9-90e40-bd3-f16f8-193b04100e5di%2F5%2FKvEDrF30gZAMUpE-A4D1AQEAGZtaA%3F%25ge%3Dtrr27BeTag%252%25ltUA223r%25sh%2522tp%252tF%2553252%25A2fg52ueerFrornnz.c.es25a%25%25F%25222d22CrRei%252oOecstintp7%25%252%25A%25B233%2522n2%25A522%25ul1C%252l2u%25%252lAnl23d%25%257gD%26iD7U%3DesLtFOt8q8bqVJ1W8k02PQlIwVO4c2lKft5o%25BBn7e%25G1kRCes3DVcrt%26eaier8n%3D5so27754bdd9b3bbaf4343bee51eb8d6&s=WdYCVSQ9Sc0_DEjTfgsDBAJMLLE

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{F7A596C5-C1C8-4A4F-97CB-B3D4CBB17175} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 468 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 468 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.mailanyone.net/scanner?m=1s3cWM-0007Zq-3j&d=4%7Cmail%2F90%2F1714917600%2F1s3cWM-0007Zq-3j%7Cin2c%7C57e1b682%7C28613012%7C14303582%7C663792961556323F60CA7719E24FBD2A&o=%2Fphtu%3A%2Fptsacblmus.i-mdktcnai.ypos.%2F%2Faicm4sore6a1g%2F9-90e40-bd3-f16f8-193b04100e5di%2F5%2FKvEDrF30gZAMUpE-A4D1AQEAGZtaA%3F%25ge%3Dtrr27BeTag%252%25ltUA223r%25sh%2522tp%252tF%2553252%25A2fg52ueerFrornnz.c.es25a%25%25F%25222d22CrRei%252oOecstintp7%25%252%25A%25B233%2522n2%25A522%25ul1C%252l2u%25%252lAnl23d%25%257gD%26iD7U%3DesLtFOt8q8bqVJ1W8k02PQlIwVO4c2lKft5o%25BBn7e%25G1kRCes3DVcrt%26eaier8n%3D5so27754bdd9b3bbaf4343bee51eb8d6&s=WdYCVSQ9Sc0_DEjTfgsDBAJMLLE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4939163526969935290,10414337376587053646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 url2.mailanyone.net udp
US 104.18.11.14:443 url2.mailanyone.net tcp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 public-usa.mkt.dynamics.com udp
US 52.146.76.30:443 public-usa.mkt.dynamics.com tcp
US 52.146.76.30:443 public-usa.mkt.dynamics.com tcp
US 8.8.8.8:53 30.76.146.52.in-addr.arpa udp
US 8.8.8.8:53 greefrunners.co.za udp
ZA 102.130.123.81:443 greefrunners.co.za tcp
ZA 102.130.123.81:443 greefrunners.co.za tcp
US 8.8.8.8:53 81.123.130.102.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 hdbfhja.store udp
DE 5.230.47.86:443 hdbfhja.store tcp
DE 5.230.47.86:443 hdbfhja.store tcp
US 8.8.8.8:53 29.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 86.47.230.5.in-addr.arpa udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 oooooajdnnahnnajm.site udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 52.98.207.18:443 outlook.office365.com tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 privacy.microsoft.com udp
US 8.8.8.8:53 r4.res.office365.com udp
DE 2.16.6.15:443 r4.res.office365.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 18.207.98.52.in-addr.arpa udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 15.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.113:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.113:443 r.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
GB 199.232.56.159:443 abs.twimg.com tcp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.x.com udp
GB 199.232.56.159:443 abs.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
US 104.244.42.130:443 api.x.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 192.229.233.50:443 pbs.twimg.com tcp
GB 199.232.56.158:443 video.twimg.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 130.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 104.244.42.66:443 api.x.com tcp
US 104.244.42.66:443 api.x.com tcp
US 104.244.42.66:443 api.x.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 appleid.cdn-apple.com udp
BE 104.68.84.171:443 appleid.cdn-apple.com tcp
US 8.8.8.8:53 abs-0.twimg.com udp
US 104.244.43.131:443 abs-0.twimg.com tcp
US 8.8.8.8:53 171.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 131.43.244.104.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 autologon.microsoftazuread-sso.com udp
NL 40.126.32.140:443 autologon.microsoftazuread-sso.com tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 aadcdn.msauthimages.net udp
US 8.8.8.8:53 passwordreset.microsoftonline.com udp
US 152.199.21.175:443 aadcdn.msauthimages.net tcp
US 152.199.21.175:443 aadcdn.msauthimages.net tcp
US 152.199.21.175:443 aadcdn.msauthimages.net tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
DE 5.230.47.86:443 oooooajdnnahnnajm.site tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 52.98.145.66:443 outlook.office365.com udp
US 8.8.8.8:53 66.145.98.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_468_EQUIDNKQIPZBTAHQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28bb293b75a7a605286a0721745dbfab
SHA1 e888d8a3d39aff07a1143808992741a187b8a7e2
SHA256 cb6f372e11a8813a26ae6aad7a9b6c23b755bdcf5c2800801976fbe5afa92b3c
SHA512 a01925e52296ed0921fd43d0791db9ed4a044ecc40b7398fb02a5a466c475c9462521a371697cb1e3470429751de5013eff328ba7f1cbd5ebe8e8a8aae497f0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7cd92cacfb3448ae6a1da1863cce2d9
SHA1 7517dbf6958fd24474a80fd607f634622c8dc8b0
SHA256 f3bcc693b068837451f2eb13d9105eee19266c26106d6cbb5676a4e2050114b3
SHA512 a0111765508d0ded14e5802df93bd52729e349c3f424d4f75d15d811ff08a57e68786cfa04cde5f74c777bf01f8768d88b2b2b4665ecebb580436b0d2b5d5f40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee25bf88f6b604706a7368db4a1b9167
SHA1 3633abd1c0374e0f04091984ff0ca085a8fc66f5
SHA256 75aef72f4704007b6124ce5486c0545437e547b4391f0611a436071672a3501f
SHA512 f543ef6c1eab83666615489e5aed1b65a5c9416d1eab0ee8e13b08b7ea054d8d91cf394dae1ca9f01cc3cfbc60bea5534e28f7a8f0b94b53348f1a96b0fda4f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab1f1ae96ce13e4b2da04b6bbc9b7c91
SHA1 369288ff1f6b8d4a82b82faa81c7790b85ea538d
SHA256 7170358b496836878cb90e2df65583fdc3d5b3459111a3bba705352c760c79d5
SHA512 ac3b9c87e684a76041d6595af86666b0255c66ea91137fc37fabbd2fef2d2952887d06304b97af2809166b4043e62a7dd992ad3a576f55ad078cbcbf127aea98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 331fd62df198c09b198892cf27f5d529
SHA1 be80d24d5bc9b40b60eadd2bba1065c26f9e4fda
SHA256 5eee0ca66eaa59c23105ceb36b176ea24cda39759c426722e4c371f777a259cc
SHA512 8b94fe3488fc80639b6d954830e48d1f24f9f47d8f5b7e5c0d9eea3c11413af14b31a1a45d11c2fa17d5ff191b3172aecb44ccd2db605543b3b026f2d34c743d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a2a8.TMP

MD5 51138ddf2cbf84199ce3c1b6dd1d6191
SHA1 f0c4163bcfe89babcb6b08aa0e6e10a3eeed7908
SHA256 1e0081dabb4448d65a43a5fa6d3ae783c5d730a1727226124f772727dfc9d987
SHA512 505d2cf3ea56bb63f226379a959294c367ee4f026f175a2512eec0799a1a1decc106bb57478f6122b366baaaab10baf2413c10ceabe4ffe615e363859961dfc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da7dc31990cb010a81fc1ef36afc4b36
SHA1 1447dd47798d54387843a7f63b49b6d22cd28c1f
SHA256 a48c4727f03132f193f8dc015574075b412c44d4a7d8e9bb138c4b7afbccfdc7
SHA512 447e22d8bdf403ee3e1752138fc1f701f44a033059694c9eecf2ce715de923e38908c96edc105ebab76e3ee4f9bda93f2397dd8a1196826676ffd574f1dda918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0abea06db2eeb1a762fe36c6eb9621b6
SHA1 531d35d187bc45ec41328e3a86090799bd0fc92e
SHA256 09dbb9bf322273947461b567e07a14cf54fc4ba6eed0f454e9aa9dec17e3e0fc
SHA512 f60a92dd4d391f2fb9c4ed5cc198e7f1d48c71defe058698f883938b924cbc35ecec105acfe9d363c4d5b72863da089c755db9ed7b6fed74e9ee87d875d8224d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5601bbc76ddbe383b7a29b00e8154e14
SHA1 9bb81197fb66e3b5c5ce102865a8011a3d82223c
SHA256 3f94c5d20dbfcdc4c8c88000ea66fe4e9c427a2740e5fb58b67d9c14801018d3
SHA512 bfe4a7636f103521705c50d1acb813e01efc3f32113ebeb3ae804db8fe7a9c3c17c04927479ddf3aa7f54d111a6c4abbe610fccc1646aa6416e477a618b5d8db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 49bba96b7a9afb8fce4d63ff07c34e2b
SHA1 d83f69e7d78c6f23ea4890a06449ee628ac92bdd
SHA256 b9bc40929b5f425f7da9fd02c2e1e748ae4e8e806c54f825f2b421fb8222bd2c
SHA512 3486ddae6e4f67c27b05be8f02935075e6e8701c670dde0bc1224617ffb0169eb0d97a393cf334a7b2a73fefeb01f6723ff0384dd007ab55dd44cc5992d2b8a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf67bff4337573ab654513c16cc5f7ea
SHA1 4da4afd7450f4c61b854f256b8fcc2f83842fcb2
SHA256 06531ac8c271f6687fdff3e53dc3982a0919a8da5863511c50d4d8fd7516f7bb
SHA512 8185e6118698a9c43b530e44f81a1e66bf89c763084dc2c8fd54d1449c2a33094a26ce4b481649cd7d586d0898c4be7e52c3388454dd1c938372e78974d687c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f26cfdc523c5ecd5cde1a35c607f1061
SHA1 9c1d541fbaa48f3ad2333daa889994d1e0255ad0
SHA256 a4ed60e2168ed692bbb4dbc0045e89dcfc948331f59aca9bce54834c6eafb1fb
SHA512 192d07b226b2605f984dbd0a48aab8674a2f2b702c30e6014a388325847eb1247d55f6211844c4b3614cb424ebc46c2f4556887bce964b7c994276b801b14ae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec6e7227a78632c6565c40dc4d711456
SHA1 67d4031c5463268a47f792bb5399a2755d03a53d
SHA256 f6f8386a28372ea1b53eec31a503f7fefb8ab815534d8c846fa6650d33a1843f
SHA512 fdac8b4c24fc3cfe80d623589214c9f67fffd5057b91bfb775e49e2aa9ce7b4ace6e95ec4f12d436e534c3def0ea2d8df04d58449e8b5154b4214f1685bda3c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dacad53a773c1c28593070f2a319846d
SHA1 9e045e4da24ddb9e91cd7c560c1664c8d3a37d76
SHA256 a057768e97e1c74061a4e5f85ff12dcf4753b5821e8b94ff3aa703d62668607a
SHA512 a71e1016287cd3dceea396cd5f2d8420f1d50fc1ae8908e7008975ff17929fa41636eb2afc49932b7b5289b1201895b894dcfa979a80b9af9c39fa68577c6188

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 466464d509620c2f503d4d903a4f0318
SHA1 806ae3b03c5c27b87d602459d60fd6e566aca1c7
SHA256 70a309ac533da9a5b387bb31ffaa97e176c04ed35f324947408ceb6c2b678e5b
SHA512 d9844886ad623263db082ce6ffb87a64b5af20e266904ad9f852a55848565d5b2cf2a2b3fd5a989145330d8d044c92f950715dafb2942083ebc3c0a3fb0f75c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5759b6b7cb7c46922f5038746df26d34
SHA1 0d84dc954fe52a7b468daa281095970d38d58c9b
SHA256 345e71195478872b7001b7fa05ee62e8f18d172c9e363aa8d539f238a7e486d4
SHA512 310c2ccf9580b0723f60b1e4a0b1f6368df709e01ce4cb4e06e386c0f64bb3484218f6c02bccff044f931e03258815a8c722fd824a91cd952ca10bf619a2dfc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e71f6388211d7738a6ff314102e3c48
SHA1 dc40da499c94f3823133eb215e77f2f99abc4b43
SHA256 50b3f391c9885ad85124cd0aecb26d8494e1e09bb703670c51eae7fa64b58557
SHA512 83e6b21a129930a3649a5ef77d4adddb6dd1f66d32d50d896e358bc5b701a347ccf8786e21543cda4459e284ed3d0d43520001ffa92b2252c14e38b299d8f2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49c1e5e925dd7c0e0306ce907a70be41
SHA1 eba49ac453d52f3f8bb1b9b19069a79bdcd9e2f1
SHA256 3d448c08b10a434364bd0f51309bf6fe7c68df3e355f303ae39f3d085a8fef33
SHA512 36da29f1316a4421abf573249ecd4ab4fbd1b5452b04cbc64a77f44bb3bd562584a6c5660e52cd00b71a2ef94159b5855fefe38f312117f9b62f7daa166513dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9d1aae2e61f41ec73a0798223f9b6698
SHA1 8b0064d29816ffdaf2f98c32d2f5e6a7f2591c1f
SHA256 e68e9f1a487790f033f6204424dae18c7124c5622d962388dcfb74c44aeeee1a
SHA512 2602d898cb096cb4e51cb8664380ac8ef66a852e1521f0054f59f52b4949e594f3b815bdff51981810739e7096ff6e5c3f5498518e23dc8d731cb7445260a15c