Analysis Overview
SHA256
6a2a88d701f29f74e4b2624197527dc81fb72b2b9fd1baf41a4d092329cfd510
Threat Level: Known bad
The file backup-message-10.7.1.84_9045-4451296.eml was found to be: Known bad.
Malicious Activity Summary
Latentbot family
LatentBot
Loads dropped DLL
Executes dropped EXE
A potential corporate email address has been identified in the URL: vlibras-portal@dev
Blocklisted process makes network request
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Suspicious use of FindShellTrayWindow
NTFS ADS
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of SetWindowsHookEx
Gathers network information
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-19 04:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-19 04:26
Reported
2024-11-19 04:31
Platform
win10ltsc2021-20241023-es
Max time kernel
249s
Max time network
282s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\backup-message-10.7.1.84_9045-4451296.eml:OECustomProperty | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\backup-message-10.7.1.84_9045-4451296.eml
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-19 04:26
Reported
2024-11-19 04:31
Platform
win10ltsc2021-20241023-es
Max time kernel
255s
Max time network
259s
Command Line
Signatures
LatentBot
Latentbot family
A potential corporate email address has been identified in the URL: vlibras-portal@dev
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acsDCCOCH = "C:\\Sharepontoesp\\Gtruck.exe" | C:\Sharepontoesp\Gtruck.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\540cc002-e914-4dd2-ab02-f7238a8fd377.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119042650.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{0219BCE6-72CB-4834-82B8-7B771837E839} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58fbd0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58fbd0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFC8B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI269.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3C2.tmp | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Sharepontoesp\Gtruck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Sharepontoesp\Gtruck.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Sharepontoesp\Gtruck.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Sharepontoesp\Gtruck.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct | C:\Sharepontoesp\Gtruck.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Sharepontoesp\Gtruck.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4152190078-1497776152-96910572-1000\{A464E50D-FB41-4F64-B6EA-B71AE215189D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
| N/A | N/A | C:\Sharepontoesp\Gtruck.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9c4aa46f8,0x7ff9c4aa4708,0x7ff9c4aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff680bd5460,0x7ff680bd5470,0x7ff680bd5480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\23d7d6d7-3d9b-4add-9481-601c4065c044_CONTRATO8.ENDESA-A4-GAS-LUZ-SIMPLEX-TTLDK1822244244411221144121.zip.044\CONTRATO8.ENDESA-A4-GAS-LUZ-SIMPLEX-TTLDK18222442444112211441224422424441.MSI"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BC101B2116823C5DE7585530DC8B45D0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Sharepontoesp\Gtruck.exe
"C:\Sharepontoesp\Gtruck.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ipconfig /renew
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /renew
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=7000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=6744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10998780362484794127,4870174796609901925,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.endesaclientes.com | udp |
| US | 8.8.8.8:53 | click.digital.endesaclientes.com | udp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 45.60.13.133:443 | www.endesaclientes.com | tcp |
| US | 13.111.48.33:443 | click.digital.endesaclientes.com | tcp |
| US | 13.111.48.33:443 | click.digital.endesaclientes.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.13.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.48.111.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cld.pt | udp |
| PT | 213.13.26.152:443 | cld.pt | tcp |
| PT | 213.13.26.152:443 | cld.pt | tcp |
| US | 8.8.8.8:53 | 152.26.13.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cld.pt | udp |
| PT | 213.13.26.152:80 | cld.pt | tcp |
| PT | 213.13.26.152:443 | cld.pt | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| GB | 88.221.135.27:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mobile.bb.com.br | udp |
| BR | 170.66.17.2:443 | mobile.bb.com.br | tcp |
| BR | 170.66.17.2:443 | mobile.bb.com.br | tcp |
| BR | 170.66.17.2:443 | mobile.bb.com.br | tcp |
| US | 8.8.8.8:53 | 2.17.66.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bb.com.br | udp |
| US | 104.18.28.245:80 | bb.com.br | tcp |
| US | 104.18.28.245:443 | bb.com.br | tcp |
| US | 8.8.8.8:53 | 245.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bb.com.br | udp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 8.8.8.8:53 | cdn.evgnet.com | udp |
| US | 151.101.64.114:443 | cdn.evgnet.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.64.101.151.in-addr.arpa | udp |
| US | 104.18.28.245:443 | www.bb.com.br | tcp |
| US | 8.8.8.8:53 | cdn.bb.com.br | udp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 132.163.96.4:13 | time.nist.gov | tcp |
| US | 132.163.96.4:13 | time.nist.gov | tcp |
| US | 132.163.96.4:13 | time.nist.gov | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | eni.bb.com.br | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| BR | 170.66.72.7:443 | eni.bb.com.br | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | bancodobrasilsa.us-6.evergage.com | udp |
| US | 52.206.222.22:443 | bancodobrasilsa.us-6.evergage.com | tcp |
| BR | 170.66.72.7:443 | eni.bb.com.br | tcp |
| US | 8.8.8.8:53 | 245.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.96.163.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| DE | 13.32.27.104:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 151.101.188.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| GB | 23.73.137.232:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s1.kwai.net | udp |
| US | 8.8.8.8:53 | 9918852.fls.doubleclick.net | udp |
| FR | 163.70.128.23:443 | connect.facebook.net | tcp |
| GB | 92.122.54.3:443 | analytics.tiktok.com | tcp |
| GB | 142.250.200.6:443 | 9918852.fls.doubleclick.net | tcp |
| GB | 142.250.200.6:443 | 9918852.fls.doubleclick.net | tcp |
| FR | 163.70.128.23:443 | connect.facebook.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.72.66.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.222.206.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.54.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.128.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.64.132.43.in-addr.arpa | udp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | zeri5c4f2a5c.zapto.org | udp |
| GB | 142.250.200.6:443 | 9918852.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 172.86.81.34:443 | zeri5c4f2a5c.zapto.org | tcp |
| DE | 3.161.73.179:443 | c.amazon-adsystem.com | tcp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.67:443 | www.google.co.uk | tcp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.169.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | udp |
| US | 162.159.140.229:443 | t.co | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.73.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.81.86.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | 229.140.159.162.in-addr.arpa | udp |
| US | 172.86.81.34:443 | zeri5c4f2a5c.zapto.org | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 104.18.29.245:443 | cdn.bb.com.br | tcp |
| US | 8.8.8.8:53 | ads.mythad.com | udp |
| GB | 88.221.134.73:443 | ads.mythad.com | tcp |
| GB | 88.221.134.73:443 | ads.mythad.com | tcp |
| GB | 88.221.134.73:443 | ads.mythad.com | tcp |
| GB | 88.221.134.73:443 | ads.mythad.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 98.82.157.137:443 | s.amazon-adsystem.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.134.221.88.in-addr.arpa | udp |
| GB | 88.221.134.73:443 | ads.mythad.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| GB | 172.217.169.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | logsdk.kwai-pro.com | udp |
| GB | 88.221.135.232:443 | logsdk.kwai-pro.com | tcp |
| GB | 88.221.134.73:443 | ads.mythad.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.157.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 88.221.135.232:443 | logsdk.kwai-pro.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | logsdk.kwai-pro.com | udp |
| GB | 88.221.135.232:443 | logsdk.kwai-pro.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| BE | 64.233.184.157:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | bb.com.br | udp |
| US | 8.8.8.8:53 | cdn.evgnet.com | udp |
| US | 8.8.8.8:53 | csp-reporting.cloudflare.com | udp |
| US | 104.18.20.157:443 | csp-reporting.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 157.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eni.bb.com.br | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | s1.kwai.net | udp |
| GB | 142.250.200.6:443 | 9918852.fls.doubleclick.net | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| BR | 170.66.72.7:443 | eni.bb.com.br | tcp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| BR | 170.66.72.7:443 | eni.bb.com.br | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | ads.mythad.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 88.221.134.40:443 | ads.mythad.com | udp |
| US | 8.8.8.8:53 | api.mythad.com | udp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| US | 8.8.8.8:53 | 241.158.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.32.132.43.in-addr.arpa | udp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| SG | 43.132.32.56:443 | api.mythad.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.28.245:443 | bb.com.br | tcp |
| US | 8.8.8.8:53 | vlibras.gov.br | udp |
| BR | 18.229.244.154:443 | vlibras.gov.br | tcp |
| BR | 18.229.244.154:443 | vlibras.gov.br | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 154.244.229.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| GB | 43.132.64.154:443 | s1.kwai.net | tcp |
| US | 8.8.8.8:53 | www2.bb.com.br | udp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| BR | 170.66.193.50:443 | www2.bb.com.br | tcp |
| US | 8.8.8.8:53 | 50.193.66.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www14.bancobrasil.com.br | udp |
| US | 8.8.8.8:53 | idhtm.bb.com.br | udp |
| US | 8.8.8.8:53 | bb.dnofd.com | udp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.132.129:3478 | aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | aa.online-metrix.net | tcp |
| DE | 3.161.82.80:443 | bb.dnofd.com | tcp |
| BR | 170.66.212.5:443 | www14.bancobrasil.com.br | tcp |
| BR | 170.66.212.5:443 | www14.bancobrasil.com.br | tcp |
| N/A | 127.0.0.1:31989 | tcp | |
| US | 8.8.8.8:53 | s.dnofd.com | udp |
| US | 8.8.8.8:53 | ofdb-u.dnofd.com | udp |
| BR | 18.230.86.124:443 | s.dnofd.com | tcp |
| BR | 18.230.86.124:443 | s.dnofd.com | tcp |
| DE | 18.245.46.58:443 | ofdb-u.dnofd.com | tcp |
| US | 8.8.8.8:53 | 129.132.235.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.133.235.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.212.66.170.in-addr.arpa | udp |
| BR | 18.230.86.124:443 | s.dnofd.com | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| US | 8.8.8.8:53 | 58.46.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.86.230.18.in-addr.arpa | udp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| US | 8.8.8.8:53 | h.online-metrix.net | udp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| NL | 91.235.132.130:443 | h.online-metrix.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | h64.online-metrix.net | udp |
| US | 8.8.8.8:53 | cjwi5pjhhzdikqh7prwv4n2enmjymklqtfi5seefaf71408066d1ea88am1.e.aa.online-metrix.net | udp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| NL | 91.235.134.131:443 | cjwi5pjhhzdikqh7prwv4n2enmjymklqtfi5seefaf71408066d1ea88am1.e.aa.online-metrix.net | tcp |
| US | 192.225.158.1:443 | h64.online-metrix.net | tcp |
| US | 8.8.8.8:53 | eu-aa.online-metrix.net | udp |
| US | 8.8.8.8:53 | 130.132.235.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.134.235.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.158.225.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:31989 | tcp | |
| N/A | 127.0.0.1:30900 | tcp | |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | udp |
| NL | 91.235.132.129:3478 | eu-aa.online-metrix.net | tcp |
| US | 8.8.8.8:53 | www100.bb.com.br | udp |
| N/A | 127.0.0.1:63333 | tcp | |
| BR | 170.66.72.5:443 | www100.bb.com.br | tcp |
| BR | 170.66.72.5:443 | www100.bb.com.br | tcp |
| BR | 170.66.72.5:443 | www100.bb.com.br | tcp |
| BR | 170.66.72.5:443 | www100.bb.com.br | tcp |
| US | 8.8.8.8:53 | 5.72.66.170.in-addr.arpa | udp |
| N/A | 127.0.0.1:5900 | tcp | |
| N/A | 127.0.0.1:30900 | tcp | |
| N/A | 127.0.0.1:5901 | tcp | |
| US | 8.8.8.8:53 | www101.bb.com.br | udp |
| BR | 170.66.72.4:443 | www101.bb.com.br | tcp |
| N/A | 127.0.0.1:5902 | tcp | |
| N/A | 127.0.0.1:30900 | tcp | |
| US | 8.8.8.8:53 | 4.72.66.170.in-addr.arpa | udp |
| N/A | 127.0.0.1:5903 | tcp | |
| N/A | 127.0.0.1:30900 | tcp | |
| N/A | 127.0.0.1:3389 | tcp | |
| N/A | 127.0.0.1:5950 | tcp | |
| N/A | 127.0.0.1:5931 | tcp | |
| N/A | 127.0.0.1:5939 | tcp | |
| N/A | 127.0.0.1:6039 | tcp | |
| N/A | 127.0.0.1:5944 | tcp | |
| N/A | 127.0.0.1:6040 | tcp | |
| N/A | 127.0.0.1:5938 | tcp | |
| N/A | 127.0.0.1:5279 | tcp | |
| N/A | 127.0.0.1:7070 | tcp | |
| N/A | 127.0.0.1:2112 | tcp | |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
| NL | 91.235.133.182:443 | idhtm.bb.com.br | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cc10dc6ba36bad31b4268762731a6c81 |
| SHA1 | 9694d2aa8b119d674c27a1cfcaaf14ade8704e63 |
| SHA256 | d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f |
| SHA512 | 0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56 |
\??\pipe\LOCAL\crashpad_1192_OCJBFRIRQUOJFSLC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 467bc167b06cdf2998f79460b98fa8f6 |
| SHA1 | a66fc2b411b31cb853195013d4677f4a2e5b6d11 |
| SHA256 | 3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd |
| SHA512 | 0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d3405114a20cf27a46a2fb85424b439 |
| SHA1 | f4a1629d74f7fcfa05c8d43923e3125077622592 |
| SHA256 | dc883fbaeaeeb20153feb7bbcb2eaead95204ea1e47e9124a716977b05df91fc |
| SHA512 | 0fc7294749bb88a342b3a97da99312375503840078c6c0b1f82573b82e96896f734be9759bdd4bd0d5aaedf24298152072d4035fdbabc189850c746e17b2749b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3b964859deef3a6f470b8021df49b34d |
| SHA1 | 62023dacf1e4019c9f204297c6be7e760f71a65d |
| SHA256 | 087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5 |
| SHA512 | c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dbc6a3af00e81ea301817d68c83fad73 |
| SHA1 | bcb87e075ba6d074ba363129b3d313d3badc41c7 |
| SHA256 | b315f724ac221756422840be348dd13dd50f59405296d7f6cc8ff42190a446e0 |
| SHA512 | d4fe32d18f6c9abddecabccd7d2dfad0a43c7f9f849e84bc9a96f2f0b8f87e6def434ed08a477fe9d556157ca25a26cd214b20e95ac4b3f1c211b14cade85075 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4c7df0b90862c6c94eb785e6d666a730 |
| SHA1 | ef68919e80aabda4624ef1c4d6391d4400272718 |
| SHA256 | 1ce6a0de7958ffffdab184c0b49336d8bbdee8b9a05a631ca7b398aa34ea13d9 |
| SHA512 | d8d0b73feff550ce1f5b2b5fbedea2c5b150f56384e815f33a17932b749d39acda51f9610bf2b8dc40cd98dcce97f9e29144b1bc4454cbe80acbbfbeea0e74cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a60dce20ff192e717da748ef6c39c241 |
| SHA1 | 5a8574c8a4d8f72d6c530fb033245a20ed8bc91e |
| SHA256 | 9c01266f0bf6fdf95afbd9b53637d5c4cdd282616401fc2f10db30679fd086b6 |
| SHA512 | e25ed8e3d7d54434a596e614da5577a54dc3623ab0d93e53ddd586680a22df520349671ecbaa99180157e9d588e8feaf9ba8d922f5a12d3bb4647f5b06421ccc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e62550d6a1579ff983209d5e1f18a2c3 |
| SHA1 | 4353e6f309c606543b975bcb8d911151b390d770 |
| SHA256 | 1571c125830ee12df87be7e0ae861ed1542991c1dd51cd4994cd9c4f2fc632da |
| SHA512 | e2494361853572c040583ca697c8c162cc310e2c50528b58e5e494e2794d0e26334f7d3628b489bb2ec3f4220a475bef05fc0fcf42970c1a88a332a6b705dbe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5c2d5c900312f44e72209416d45723cb |
| SHA1 | 68fb8909308589149399c3fb74605600833fbbc1 |
| SHA256 | 56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8 |
| SHA512 | 07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b |
C:\Users\Admin\Downloads\Sin confirmar 462960.crdownload
| MD5 | 45afcb26c6d0e16587eb0b38bd03a223 |
| SHA1 | 25cc46650321464ff51b3d8a4ec8867fe9594065 |
| SHA256 | 0c004f8b53c554e773cf4deafd414422167f9de853ea58cd76a8255521785cce |
| SHA512 | c243f66f0b1eb83076015ccc53466eb750b6d018741ff4df176bcf7df9fc2dda6c7725a92e499c7eaea4842d56b240057f071ed1c449f488f131e720aa262172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d981adfc6b5ec50d987da26302710a4 |
| SHA1 | ac1ee118caf298e6298ea65f5e62c9e065e905aa |
| SHA256 | 3b61b72cdfe321800698d76cc2022b7f1cb5c1b2188be0963db890f491e3eb9b |
| SHA512 | 3c6f20c1a806826d43c4733fab791160b25e7b115484db0ed4ba3b41865d11535f424431bdb02903a1ad7acb2426efa1c961959c635a106d764bd2be47b777f1 |
C:\Windows\Installer\MSIFC8B.tmp
| MD5 | ec6ebf65fe4f361a73e473f46730e05c |
| SHA1 | 01f946dfbf773f977af5ade7c27fffc7fe311149 |
| SHA256 | d3614d7bece53e0d408e31da7d9b0ff2f7285a7dd544c778847ed0c5ded5d52f |
| SHA512 | e4d7aafa75d07a3071d2739d18b4c2b0a3798f754b339c349db9a6004d031bf02f3970b030cec4a5f55b4c19f03794b0ce186a303d936c222e7e6e8726fffff7 |
C:\Windows\Installer\MSI3C2.tmp
| MD5 | a41f3459cbd194e4de49e359f3b7a68f |
| SHA1 | 40f9b4f55484cdd126d8001bff84cf3147f6a6dd |
| SHA256 | 747a0d915e3f527ccf1ee96b22ce72bd030b9ef7476729719e39565518ef0268 |
| SHA512 | a4cc0a55e202bac811f5959c63446b70e6c1b31cc691ed8a568be360e8e45741d995f0fca38058c4bc0d30a81041ac1f038d04c74c1b69dcd39b95995702391f |
memory/1256-245-0x00000000035F0000-0x0000000004614000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ed4036340ce313f5f46b680ad2d6170 |
| SHA1 | 45664b9055da7f80beb05eea909526cd05b7d942 |
| SHA256 | ca791948f38a34b72263d67f1e18f631f7fab25861e10091a50a7e4994e876f9 |
| SHA512 | 11181632005728ce3b726ce0a9c9963cbd7fb88ad993c099da236e376cf0dcfd48d3da69d36d0e09af4b1acb82adb3747cb99320d9f080f408aca6468d0eea05 |
memory/1256-272-0x00000000035F0000-0x0000000004614000-memory.dmp
memory/1256-308-0x00000000035F0000-0x0000000004614000-memory.dmp
C:\Sharepontoesp\Gtruck.exe
| MD5 | 84eeaf42db9fee1803147216b456d3f5 |
| SHA1 | 52230ffe54e2d4dc3df717d0d1587263bf573ddc |
| SHA256 | 463f8fdf2d0c90cce1734b5e6d12d37d753f53a17e4fb9315ebaaee61ef1e8c4 |
| SHA512 | 91a4dd13561aa90dcfbf8e5153ca02c233b1e8d5da13145c430715ab941017edce6cdcb37c23a209c97c87254b6663203d63586fa27409e36a95b90f89c86687 |
C:\Sharepontoesp\dvdau.dll
| MD5 | ec13c0ca17ff65cf05c04b86a640072a |
| SHA1 | faee721f08ce0b2c32b8b6f0b86fa7c1a70d64e6 |
| SHA256 | 9f649c766b673ddee2edeadf171ef7afc87dfbae2ae1b2835b5af81ee389c707 |
| SHA512 | 0b10073dfbe1a79aa0ea6a7d8b6415bcb363ce35574bafe1caf8679af084108eb1de9f3a913e870a82759ddd46ffca0cc6b2612ef4af0dd9a76eb09e543e7da5 |
C:\Sharepontoesp\StarBurn.dll
| MD5 | e76a62a26a171a1e11802df34c6c571e |
| SHA1 | 03bd5f19a16b1f34e843a11572875a83d2d93511 |
| SHA256 | 57ff90c7fb09a8cebe4ace209bb1a8585d46bb3ea59ee91644323840c1b11a50 |
| SHA512 | b47dcaa55033fbd84a1599dc14f648211c0cd4c16764bfa093b515bb7304293712a5a8ebfe447cede43f034356cbbc04d134aef51f247bf7385dca4625a4fd2f |
memory/3556-343-0x0000000000920000-0x00000000009B5000-memory.dmp
C:\Config.Msi\e58fbd3.rbs
| MD5 | f8102b3dad14b531ab1ed4c7b5e28089 |
| SHA1 | b2ac3f4b4a8a8b0b02d3d0c8f326b90d2ad37f14 |
| SHA256 | 27375491da57f4fe19c15fa69c33e2c91fba3234c0481350e053fac6adc37679 |
| SHA512 | dc0c0e45fd9b6a38824755a78a7ad85f96c55486cbf8e6b7f02168b8c141990bfeb5a412672280a918d7aff39c884ab850c5671b62bd7fc4dc742eeaf6e8a777 |
memory/3556-346-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Sharepontoesp\MediaBurn.log
| MD5 | 4e4ded4e9c6cc9891b7a07ba769fbee2 |
| SHA1 | bca48d9d0d57bf8d7b0cc25717236069c7f50883 |
| SHA256 | 363ae9d17cec2e355254cd48289584889333424c3332d791b8b004f5901d9c24 |
| SHA512 | 2af20b5038782c2bcb9c8a5e412b97479f416258b34a590b027270977d9f76149d27c28139bcd2caa2de876088be70504e4e0773bca97bf30cc690a9a7e442dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4d27dfcfb595cdebd99d17b4ff6feb2f |
| SHA1 | a892cadcd3282b67a2ff98f93083c5dcde26005b |
| SHA256 | 099f2dc473bddb626c3d08355b51a7b2698cce2ad155ebfcab097966bfac876b |
| SHA512 | 166559969abf114aad370f921e92604f47bdba98a574fdf249c66b01c42b5690645f0fb10a8bef38d166c0c3b38dc159600413904c3a459ca708e94c466fd493 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3da1f181e593aaa1f43ac080c67badfe |
| SHA1 | 55573d5ebe9287c7d6b402fcc40b9061dd330f35 |
| SHA256 | 14cc3d992eef0ebc2a2c6ba771d3db79d35140e8155658916306e7601cf18d12 |
| SHA512 | bfddea376305b5c52f585ed9746f1da786b9bfecf39a677a1d1d441dedd57660a851f46ec5970f3c4d90f089ce8691c78558d2683198834de3c97ad7d4df3b96 |
C:\Sharepontoesp\trp.gif
| MD5 | 321b04a8e4ebfc40674f451f426a4da3 |
| SHA1 | a24219445a25f4dadad72658e63fd3ba026ebeac |
| SHA256 | 0628b2f4ecdb9b0c9425c2f2bc22e15bac3b12645a9e63c4f95e90e2d6e9c2f3 |
| SHA512 | 2004b4485f2347036784df31b811f51924665898a9a5476d580b2478022956c5db9f1cdca81be9993469bba120d227616d364ec220e79f1b595703a1221dfbeb |
memory/3556-473-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c903cfb4f1a05d259a439b5f8f751c9 |
| SHA1 | 784f7e8d714c2debc9327cd983a0aabbad5ef2c2 |
| SHA256 | e9c634d2768e5779f829c5d8343885039b47741d11eef0091ff5038af04e7cc7 |
| SHA512 | 56982268ff0e825b195d440670c653a3f6b3b1509393a1ea1c9033e01c0371e8235b6da5c2126543974ed394d1f9537f0956023e9a4b6154ef132ab1f579a9aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599d8e.TMP
| MD5 | 8aababa5cfb02f9b7ac401217ce76ce6 |
| SHA1 | a6a2faf1b0ca1629d08f81533b148b86b078f637 |
| SHA256 | d024e224f6a51857549c08b2831679d9a05440bdf9c33cb31ee194082eae56c0 |
| SHA512 | 31e01401e0ca69e945a5653a2c029a48d3ee5d882c4f622c5382ce2b32b12822a854c7b75a9ef0ccf1250d2e3ccb78056a81d762f6492c46df43b5ca5f0dd0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9ae83369b36c202b1119bb173d2e8814 |
| SHA1 | 3fc3ef73dcb8e7475039e9c757639dd298189066 |
| SHA256 | fa8a6a33417122e5e97e0d5afeec05b30694f9623d218737ace9e48f2016852d |
| SHA512 | ba8b3b7f1e24a7f45a92970dc6e2fca9fbfb54b4556028f1f1d1753f1fe326746dd86b3330fd017be12540db425d3435251765fd7b37d58a893c3981be179202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59a04d.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/3556-524-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 81b46802ff2b6644f60d0bfd26c70c98 |
| SHA1 | 64c6167330755b9a29e0b0b02cdd48014c53c4cb |
| SHA256 | 6db4889749151f4cf70decd8c7387ca8fc62d6d376b368340a29e3aa8737737b |
| SHA512 | ba73235f50250123ea5f19fdfe310ddecded4cfb6f8252472ee5b548a42657f8a958a1ff9c60cd670010021aad3b9509a700a084e3ff5afd45a9335a3be615fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 54471cdb8cab6a97c21e7d5994d5b352 |
| SHA1 | 1a604e62554ad8b20b63b6a0a08984cbc57eeaf0 |
| SHA256 | 98220cec4d0c52964a8a7e917591515e5ba902ef54b385db0a3729e0e3c3b8d3 |
| SHA512 | 11429d24738044c447822654c1a45100f373ca8df5ce0f5dd7807e1005444e8e81e819d35e52b62fdfd5067b1aff39758ba3c304e6e4a29aa5b6d13ca9168596 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ac5e466b4e723e1fb77631539cedc13 |
| SHA1 | 98e227294c5a36c9c4c5a3e111ff1554f8638876 |
| SHA256 | 2148095468552214c592286910a54eaf94ee6c4b52a428cbe365ab03ddc91903 |
| SHA512 | 3e4a6ac42b5ce9670c23a545a66a683d14c087637b0e644866bbe0b361d9651806a36608debb51dc8fdfd0b70ea0597ee934d8b2f0d96d63b870cf742b4e2bc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d9af55a40b0344fc3a72165070510ca0 |
| SHA1 | ff9028f9b6572e2ebc6809d4dd541cfcb83527a3 |
| SHA256 | 31b4293a0b319319e318ec1e055f4b66400f6292a92ab90faf4369003bbd7dd9 |
| SHA512 | aa7ee34fa14e976d0a2e79df687e23a8f97eba4046c95b76727ecf03470eebc5e20c09821300998a0d8d987a4efdd3e54071355f2f7906aefd709f6b17292833 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 8406855872c6d73a469b4cafe77616cc |
| SHA1 | 2b7584f4743c18bff4fc6180bb3f7a15889e15db |
| SHA256 | 0b10acb966a39d399969ff5b0ec0b5142d5108d152ddff71521e65ef8a8c7779 |
| SHA512 | 562d3cb01cea11f3af6254ff4f14474575374e2db35fb43ca1430a1e18847cab660df5af8040268bc1dc979cef88e9e8a6b60478f1c19b9d32bb8b7b604ab144 |
memory/3556-693-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4118c04473b7db79b0b0146f04dc245c |
| SHA1 | 2171d877ff6cd07bfd14d9d3ffa1234e9cb496b5 |
| SHA256 | ca73be0208545010a92d1d33c14fe2befb457a1a135da97cdf8d5a2bb9abae5c |
| SHA512 | d69a29562b5f16e1fee48890a8ab5d58310c7fc079546ff26e986da2edfa21c7c561253ba4f44e53a78a35bfa464c48d9d1e9c4a62ee54bca0cbda31d7cc144e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8115bedbfc631ed04e54de15f2212556 |
| SHA1 | 133c423256935d1b26502eeebd53cd087b810e52 |
| SHA256 | c6488e9d0723da49d0a6824e4831f65868269c619cd86cac1b26a2ec32f5f18b |
| SHA512 | 22c927f2599de5462842c322bca1ec79545ce384692bd6830983b372a4dc3b921594e9df3fe259f39e6674b3f3a96993c9eaa016dd859250036982b850f2eb86 |
memory/3556-722-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d50f0fbb854ec1d5e9118760de465148 |
| SHA1 | 2f68c7c3b6f89c6bf1a7fa8209a407718dc32e87 |
| SHA256 | 3f80bc802a0915ec6f2be835958fb405ed0b04e1077c600dcbddf716aee7d14d |
| SHA512 | f393dde4abbef561de1ede3b9dea1ca744a5ace26cd4e4cdf7fa2bd62bc4f25a9352acfedbc93ec09c96ef99e296a3285c114a093148455ae53a89c52f618e04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0e88.TMP
| MD5 | 24a9b1a0a4d77968d7e848ce0b487341 |
| SHA1 | 6a2707ca7009a13b26bcb05c410d7af3f4dfc790 |
| SHA256 | 828ebd2385a9ba8faadf42fd268d09f2d8a767a34ec0952e40681432d68aaa7f |
| SHA512 | faf2866de697c4018c48bf8d4f1efaa774f918440f533c641bee445fdef18340710abf8c5cd61e418d93e4dd84535a6d76f455e4464ccb63efa49daacba51697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 543030b19dbfe5c244f8c42189290d9a |
| SHA1 | eb14246b558a6d393f75604d8ebe93135409b66d |
| SHA256 | 75d27daaef217545e2fce4e61ef98c2dd1eb2dfd33a10df4399db2a2d5c2e5a6 |
| SHA512 | 8af73214677dbe900fe874c7bd1a5b8d4329d98d31a1fccf4c7db5fbc6a73785199adf5bb9206074947ab0d023a2b78a96d4cb2f9de9dc000b1c0f15b5c23696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 56943c5df72712d760dc2e2a0d28f13c |
| SHA1 | 3922ed2f34e4c6dfcd54aa34d39d2e524149c40d |
| SHA256 | 3a4a87bf9a23e95fbe6ae37721091972efe2850ac10a5223d82091d027e1b25f |
| SHA512 | 9309d6dd2c46c88fc21234fac42a493f6005b10bc982af255b847d2c01f123714df6b83d1040784511fa84614358122c5661f6c0b53717093175a236e9793ebe |
memory/3556-741-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-742-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-746-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ece76fc4d49fa0e02d2c501abbabbad9 |
| SHA1 | 3a6723b7e79db608854775a07f600cf034916f98 |
| SHA256 | afee9f602f98298db0dfc05f608747746a74a8901940f7f4edae247f20708b69 |
| SHA512 | f0ae14ac94aee5a28d13928f041a21fb1b5ad548e3e986f411651ad0795b28da96568f42d2739749b8fd30380ee60470498a3518348f1a5ad3f7cef3954ad011 |
memory/3556-758-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-768-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-769-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-770-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-771-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-961-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 50c6fab4ce92d2acc6864aa2f5356de9 |
| SHA1 | 6ec51c28a9b679b99b14ac6e1941d98f7e5b7b5d |
| SHA256 | f7f790c084987dbb72c4b1af4a0f304a7e52fceedf72d75c37560e01840b9faa |
| SHA512 | 12acf632b4936004d1ab75f372417bb39a455efb73d32b12c21626efd84ebcfc9334a688b8b728390b1c697a9117d27138d3e2f63c6b314b30be0e9adb805cfc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 012857f71290c0bb2a1445edf87224c0 |
| SHA1 | 2941e7ebcec033a5033028220ed44e2a36abf3ed |
| SHA256 | 8a257109bff263709c3b6522d496d1e783f43dcb24672ef15f2532030d35ec4e |
| SHA512 | 4474a3b171db7050c1cfc5282e541b7d33dc828c018e167a41704231d28606bded54e92153c2519d82b31b771eaf86a3647d16b6e236d15127c23984d1b0e976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 3c245078d07eb5cbb23e158efd6ca937 |
| SHA1 | 12a36a9efe15cd7a5069b1d838a20dfd46b222cf |
| SHA256 | e05cfc8ee6c159882251c45f74d6bdab570f14ed43ece74e2153b77c2dde277f |
| SHA512 | 25a6d4d4ae691e3c1bb9d3af7eb92de1c70430082674a98177157c3cfc98047c98541ba74f5cb9a054cbbdb748c9f1971cfaa0f436ceb7416f1b5bbd76585518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 711622216c2db7f01d88768af650cb7a |
| SHA1 | 194da501ce7f360a81edfd84297ca10bbf3e681e |
| SHA256 | cb838260a385e345782f2bc9541d9285fa12d5ee2975cf6aaad5d17b96fcbedd |
| SHA512 | 1225376f46ad361631bf772206791a89dfd07a2557f9524e1bb048137c6d64f1dd9f583479d6ab8ccc142ac0c46a66f2a6e783cd614a53355899a0fddfa1e5c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 55cad2149b27c2cb8e75bc4e27139d45 |
| SHA1 | f7ca26499d9b11466ba01439e0e7a3caeeddb775 |
| SHA256 | da091339a22203f4c51da703b64da1d03664477fd7a49722d7d12f45a6d122ba |
| SHA512 | 4bfc00466d3cc67e9c65cd6573bd852e674dca97f361364f002025c3737cb2c8a8a0b5727e8b68510eb3662027d829c0ce9e5ed5a052da48152d2f53dcceedcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 476b78321ed60cf4f632b0886181c4ac |
| SHA1 | 14600f694ef6ff7a9fabfa9e0810665cc8761afe |
| SHA256 | 7b2a40243873222e786229bae0942818f17cf7447481067cc43a5e6de557c140 |
| SHA512 | f2e9d4705f72f93cd3a039c4f452034cdd74b4885ab6a18f56dd76dcc75dadaa19a265e575766937dea8326dcc64987c819db25ced1faf9eb3ad93d13b869895 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 311e8727331f89fce948a5b4e46e0aca |
| SHA1 | d0d739f9f1279e9c7541c04c66eba0327b4a2bcd |
| SHA256 | 09669cc3a07635ded38a7309beff842dd06e323cff18b5c3afbf1ce4139f06bd |
| SHA512 | 1aff082b367995a02c9992d1840cbea8509e279fab3950ddeba51677678b0c9b7d5bc858d1ee41970f12c4a2a6084aebce97f91824e052cf3ae12883d00d145f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 64dde51beb74b28ee862f95169072562 |
| SHA1 | ef09285f8ea370feef56e02704ecc5fcb9376760 |
| SHA256 | b75313c37e661eea7da95975ebc215f0f1bc6e9588d937652917500d53035c45 |
| SHA512 | f0d7a6c29874198d62f256eedf4e769a49c21860b5ff32f11a254313f6044ef70476842a3c8efd5c951727b02bd8751727140fa4214e7046c0c68eb9df4a62d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 705b59565856b6bd4bbe0e4c104eafee |
| SHA1 | 3aaa665db3a44fc0a60c4ac1e9062e03aaf41f6d |
| SHA256 | cbc41a6aacb9f2c274a6e2808eea7f113cbf031db45079eac68d80a2b90ac382 |
| SHA512 | 135b0201b077c79b13b2207c4932bd5ee0531d1731a363111393c54abf411b8e7f962be221e729c00c9e6991450eae094156874fa141b9cb9fb1c9967fb19d82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | dc654d5da1a531fdb3b1bedb619b0182 |
| SHA1 | 49d3de45bea7c279cf0ffe4cbc43c24779d1877a |
| SHA256 | b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa |
| SHA512 | 38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 59ad6c5a387b54fa805769ee4f01a029 |
| SHA1 | f47d1dd67c94f4e7781e4e5f9b1de1d3c29414f9 |
| SHA256 | 2f77800da97affb60baf185feea3548ccb6f03aeeed0918f60727d582c5deee0 |
| SHA512 | 3f073775e0a42e6756f247f870cc59e10f2826ef9a7d07b8179587c07d7083df1e9894dba11669ec3ef1f11c215165b9067ea203fa433abe4e0eee815912a156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | fcfb5cc5617d44852bc4faaec2925b3c |
| SHA1 | 8af62f642395103a36f87f49e6cb6de7abe001af |
| SHA256 | d778e40d753a19b4eaf67c29bb3f3946cd12743339f1ee7c2c4074c6dc8d3898 |
| SHA512 | 2237aaa498f8a41ed3e18eeb40b720054bb6d7740c7320dd703f7022c507f1d7e4271e5653ce4483e2a68a56125418eec7bfd5336cfd4d60024c9cb8e8b14751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 69a0241efd9f38475dd41c355faca0e3 |
| SHA1 | 1eaf173f8c5922d97e13eb7f62b75867f32dfa8b |
| SHA256 | 3eeb07487649a1afa9bea8ea36fdd6240661494fa5114a5255af47b42211e371 |
| SHA512 | e255f5385c788372e54609c811257337379ba67d5c164bbc79d5fe82c85cdc6ad2634c9888937730a2771cb9f144ee3f760704646cc816f05d54eb63094a1102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 80e248d9112575f48ebd4076cbdbbd97 |
| SHA1 | 75acfb572a0e5e16656341d51891d1610d544fa4 |
| SHA256 | 4843782bc58618147f0a7cd18bea95b58be241771490ac24ca968799d3e78274 |
| SHA512 | 15b2355a702e728c2f9cc14d0b89a6545380e75bcd00465b98851154371ae2ea44c1690879c9c0f69822ca630d5d0c071d600d7175c0e3ca7c41f6fb88147a20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 502ec29632001a3250cf916a9bea892b |
| SHA1 | 858d48a02bff78caf18506d100fa41ee3f60f342 |
| SHA256 | 3fad125a84c026f47dcf8221ea31211b5cad241c5dc02a4944e3c39c150aa9ac |
| SHA512 | cbbcf34d66489d202413ae3944c1cce7ef7039ecd0c0dc1fca5b2c8e4392e33097f6697594955f90660a9a215486678bacc1c4a24440c796d32f6d7d76b11d91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 719148250d1af579ae61e00fc4364fb8 |
| SHA1 | 1aaedd8e2be580440bf01a5b83c28c71992d8f76 |
| SHA256 | 0a89ce45a9cbf62fb2be57eda9cb4308b117e798ad08fd26e0fb48f75e4671de |
| SHA512 | abb238bde47aea303116098768b75fe9229a54beea8401e0df7214d40b0ddf3833e2c38a32dbbd732e6ae6ae65e641fc1bda8b932706b5681e7c39c4853a41e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbf3bce7c96dd1e16a23e582dcc64d44 |
| SHA1 | 0fb326b6133715ad2009dbd180f3eeebcae62185 |
| SHA256 | 56e70077a297114f622b03a98b3e40461f20fa25abbd33c8d781a6da174cfded |
| SHA512 | 25e10ba57d9cd3bc56f44723ed8e720a6c6acd753ea4fba73fc117b7c4dedeb5a740c053564b48389683a505762673e821a712d21681a4c72298a3b9401a39e1 |
memory/3556-1196-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 899084060df6667e1c6b2a9720ffe407 |
| SHA1 | 719e33e67ce22a70e27977a5a55401b7cf1b5600 |
| SHA256 | ac68946976ec0f705e88cb183203278bfe7c146ba76ad5eb4288d7f2717b6d1a |
| SHA512 | 71d490e93b2b2e9f7db958c66b1b5e574b8fced3f4f5867cac5ec8916ef554d98453d9bdfeb1abc141b9a514400afc84a464cfe8f7c91ac21c8efe6783fa897f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bef817cc532614fb62cf37aed5c5322 |
| SHA1 | d904f2ed511a6ff6571c1e94091688af28eaeca1 |
| SHA256 | 87fc541fedbf02463879eacf24cb21a73e20a350da308edefd3bd0b01a20b2b2 |
| SHA512 | 2faec52cbb84144cadfda7f3b2ded6cc7a08045da0b6044a6a71be8ee70e9e670e86ec2d96c45fd30b804e951d4b773695714cdd2120f6d39e9393415bb493c2 |
memory/3556-1305-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9824cdf536e6c482f443c140a1e700f3 |
| SHA1 | 4b1177a4c7401f5d85051ac801c2663829145fbf |
| SHA256 | f30bf49ad7d9b8116f858dbac4bef46df4b63513e9f3e68bf99a09f9266f6a8c |
| SHA512 | ba2d02e5af08dd051ff0dd9a75fd228c47d41e89d2a71f006991fa8ccd3ac9f70ac1b5d256acdaa49ccf5f4dea047197bd02366057799a1130a0ce413511fd45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13bc9c3431540ac221ead6ef62538c7a |
| SHA1 | eb97bc4399956e211503b4512d62ca44f82582e2 |
| SHA256 | 6859d05d8ba6d81227ef4661441034141e96d05880c673f87ea233d669716a38 |
| SHA512 | d30277af1cc4cb0eb28aaeff6621c422779abde99f4dcf73ae25f2475f8d2d7d7d9dfd3eff33a8ae44479a997fc200751ee4c502106240ab724934f1d418f9e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ae6ea045b2fdf5c7aa8edb19f41c42b |
| SHA1 | fcea3ad1632922c5f172a604aa73f407fa419d8f |
| SHA256 | e4f9f6c6435488f8f6bfec5c0ba8ac687f6f7538b98a3b13ef50eb8e76dadf5d |
| SHA512 | 625b8ae3d500952dee74f3193591ec0eb4a12e41099f93ba7bd162a1cf852d08e092ee0be6975be14091c7e5c4b9601c1d5a91119f9b250e3f67cd9041392c46 |
memory/3556-1353-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 025420790b6d46c996ecb00a12d71941 |
| SHA1 | 8f5c88ce6cc66f505a78dadf42ab39807b000680 |
| SHA256 | 964e9426daab4b738b10e6fdae4743344d81658cb56e56b16f688db73be8a1fa |
| SHA512 | 44ff9380d0a5f669574ede74140b47baf7705b46f09948433f7111d4fa1aebbfd579a34c1d28fddc74332b4d0df9fc4eaa68799b9c2356d0112d2d935c14d4cb |
memory/3556-1376-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 25c51cf4e182fc63d3d6a7510896cae3 |
| SHA1 | 2634c583c13c640847b7807013b76dab0908262c |
| SHA256 | 1aa21b1e564e942accde31491ebef7e70847b7980c458da625d7dbb514637d09 |
| SHA512 | e3640b0bd7f59e32dc57d983a9840018e87d1f60829ba1a07a07a8f3abb3cd629412422dcff350b8903aefa3422e41c97d23e2241be6069b1cb1bad59823603f |
memory/3556-1386-0x00000000009C0000-0x0000000003607000-memory.dmp
memory/3556-1387-0x00000000009C0000-0x0000000003607000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b1f1b428353582c2536a067fa528c8aa |
| SHA1 | a2c79d9c8ab127ad66fd0444ba47ac921f132666 |
| SHA256 | 2878b3f6c18a0c534becb20a17ddf2054388576f932e1b4c3adccbb7443573d9 |
| SHA512 | 867a92c241c71540e3530571114bdc3f2cde73e21b76631c12471f66b42605eec317558db91827ce1a0f9fb82c4783363a6a956dbff226f7742b9c22dad00834 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-19 04:26
Reported
2024-11-19 04:31
Platform
win10ltsc2021-20241023-es
Max time kernel
300s
Max time network
289s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\email-plain-1.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.246.116.51.in-addr.arpa | udp |