Analysis Overview
Threat Level: Known bad
The file http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D was found to be: Known bad.
Malicious Activity Summary
Looks up external IP address via web service
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-28 13:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 13:40
Reported
2024-11-28 13:42
Platform
win10v2004-20241007-en
Max time kernel
108s
Max time network
105s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde2f746f8,0x7ffde2f74708,0x7ffde2f74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | url1995.grupof.com.gt | udp |
| US | 167.89.115.28:80 | url1995.grupof.com.gt | tcp |
| US | 167.89.115.28:80 | url1995.grupof.com.gt | tcp |
| US | 8.8.8.8:53 | igacorp.conohawing.com | udp |
| JP | 118.27.122.26:443 | igacorp.conohawing.com | tcp |
| JP | 118.27.122.26:443 | igacorp.conohawing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.115.89.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 26.122.27.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| NL | 18.239.36.32:443 | logo.clearbit.com | tcp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 34.202.133.228:443 | image.thum.io | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.133.202.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 34.117.59.81:443 | ipinfo.io | udp |
| US | 8.8.8.8:53 | www.ril.com | udp |
| GB | 2.18.190.132:80 | www.ril.com | tcp |
| GB | 2.18.190.132:80 | www.ril.com | tcp |
| GB | 2.18.190.132:443 | www.ril.com | tcp |
| US | 8.8.8.8:53 | rilstaticasset.akamaized.net | udp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | tcp |
| GB | 2.18.190.73:443 | rilstaticasset.akamaized.net | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| GB | 184.26.44.174:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | customerfirst.ril.com | udp |
| US | 8.8.8.8:53 | nmacc.com | udp |
| US | 8.8.8.8:53 | ebiz.ril.com | udp |
| US | 8.8.8.8:53 | 132.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.44.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | relianceretail.com | udp |
| US | 8.8.8.8:53 | scm.ril.com | udp |
| US | 8.8.8.8:53 | supplierregistration.ril.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | rilassets.akamaized.net | udp |
| GB | 2.18.190.69:443 | rilassets.akamaized.net | tcp |
| US | 8.8.8.8:53 | www.ajio.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.instagram.com | udp |
| US | 8.8.8.8:53 | www.jio.com | udp |
| US | 8.8.8.8:53 | www.jiobp.com | udp |
| US | 8.8.8.8:53 | www.jiomart.com | udp |
| US | 8.8.8.8:53 | www.jioworldcentre.com | udp |
| GB | 2.18.190.69:443 | rilassets.akamaized.net | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | www.mumbaiindians.com | udp |
| US | 8.8.8.8:53 | www.reliancefoundation.org | udp |
| US | 8.8.8.8:53 | www.tirabeauty.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 23.200.208.174:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.208.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 684dd32a.akstat.io | udp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| GB | 2.18.190.68:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| GB | 2.18.190.136:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | wxl3auycck7iqz2iomwa-pqetxi-34edbffeb-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 181-215-176-83_s-2-18-190-68_ts-1732801324-clienttons-s.akamaihd.net | udp |
| GB | 2.18.190.136:443 | wxl3auycck7iqz2iomwa-pqetxi-34edbffeb-clientnsv4-s.akamaihd.net | tcp |
| GB | 2.18.190.68:443 | 181-215-176-83_s-2-18-190-68_ts-1732801324-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 68.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_4900_NTAZCHQOWSAADMNT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9340d44cfa50f6112c5ba034f94e908 |
| SHA1 | 57424094ffbb8169ec9569d54cbd0a15454faa8a |
| SHA256 | 5e84bb4cf1c0df98fd5a02d975d8f075bf8a18e84e1ca4543b21d38561e34c03 |
| SHA512 | df93502b1ad4bb4bc3c4a6bfc7fc4089ce0742c8d6110bc45a178d5b0b008603e84d838be68b08c4e102349c1630bc7926364804c07ce2087de3b3f490441196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 99d09d0825615541d9ed8c330e5f18d1 |
| SHA1 | 63af56ffb38d8add13d679b39dd07201910ace68 |
| SHA256 | 426c8d25ef33d9da7dea3cf6864aff89dda28897be16734984834d751974867a |
| SHA512 | d0a8bf8a5e4e78a3b3af00cb334f3de6da97f52867d610fc6a0fc02cc9623c66e03ff49cfb0005438ac57e5e9357a0bed79648c091bdcd63d06bdc60f928b913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c6dc0f8ca755db9dc4f26e33c0bbdf8 |
| SHA1 | 6d96a4b098a7bae377942250850646f530707768 |
| SHA256 | 6ed22a5acdda03a8ee61c74e2b8a1cec303984868d76a0cc350e44d9cb89c4b6 |
| SHA512 | 8530d68a870b9636096292cacb8a646135e9292eb8f34e6edf6a69b76800a341feb69fda44779578bc5c35f43efb7d6cbd243f33e742accf134309578766b46e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e5948756dd5837f37f2b643ea3d398b0 |
| SHA1 | b8897fff6300884d6456ce437554e4fbd9b5752e |
| SHA256 | 2b3a08753f5c4c6108c78d061aedb1b35fb74f662db8c187ef36ca096aa282b4 |
| SHA512 | 008ea5fd8760fbdfdfc770e863db8d666dfc135336fc1ab98c001ccd5f94c1b9dcf156bd75adbe23abb71816e18cffc910893c8ad90434e603e861329cd00213 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e6b0821dfb2714ad8ebadcbf207904c |
| SHA1 | aa814da456d1c111b09aba2939e6806c51cd5306 |
| SHA256 | ab144b8cce95e53d500742495d259825c1fc36f73d09713f94f3fae946a1776f |
| SHA512 | 2b6e3930c17b9e1de47998fcddeb8d525ea38a08484c3303bcdcb3a4df63a78a9867c37a6f54a9c40e60fce98f84462fcd94cce43d954c18c3c47d723b9b7672 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a757.TMP
| MD5 | acbd1a6db2c46fc073231bbeefe7db24 |
| SHA1 | 61d2e248843b9caf37d310515a27435936d9241e |
| SHA256 | 5ee4f532acd27533d34ee2754a4e4b0224da25f8f258f01923aa46f18667e08c |
| SHA512 | dea52811db6c74968e2e5d07b6f96a7ab6cac3b5696c364c064765419d1a1677f90b9e676574990f3b0da2828f0a754c6bc52aa35a3f34257edd25e6a1b017ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4043fb7fd7adc94717673a6d241e8ca3 |
| SHA1 | e8e024af1b81f96e3eca491d76267392e0471a72 |
| SHA256 | 9f7739ea3370057c6f784f75a845095bc8b4220b71c42ac3fe106ac05d6d1a26 |
| SHA512 | 9dc473a973a0f80bbff332fa2472ff3d6b700fa650a9d3bfb6829fb8bc657d7cebf50ef19351f4ec6981d27b4744fbee10bd70fd0d8d62dc2255d68e3743187b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9608fbbc6cdaa4ca50b6782f13dd9ab1 |
| SHA1 | 7cbd2a88bff214e026876e477a727fc7d5a4ff57 |
| SHA256 | 2c55f4dcbdfa93bf626c994c8f883b7d460749fdd49580bc00379a8ee3262437 |
| SHA512 | 246ed39f207032f86a95bfe9236e7cc8bbba702a1f6a2d7a55fde5adbcf5589b2cd508f264128b7f6f45db8a58a570a0a0118d21062b5ce94f92cfc02b3e5bc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | bec3a674efacb12c3327576fd1ac0a01 |
| SHA1 | 7cea691877efb5b099e235c43cb24e0dc195c75d |
| SHA256 | c665a6f884a791b24173101678f05dfbe3edf04d9ed61f8c343195f17a4991e4 |
| SHA512 | 02423554cbfb4e26023c261a9378fb480c9f69b2f255df4bad95dd4e63a66b08a8d9d76c99f83753274c88f5b047e7f0012d19bbd7c6b1cc4a86ee0c0683143e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4b758b91aad552a0532659352e3949b |
| SHA1 | 7a4c33067b8f2278c1bb9d816ad6292a79cb4a29 |
| SHA256 | 029f10ab41a00153d2c1d1dbf7d40c9a7b2d529bbfcaa78125b61daecf993319 |
| SHA512 | aa01c827be1b5af1b8c0248c1012ca8198096dfcb2dfdb9a35e42fd6a56982c766d10ba04e79dc4b5484448cae5b05c927efd0d5063015f7f9c6abd578a796df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec0be919fc9b3deafd40a91be4a5d8c6 |
| SHA1 | 132a31ecb2546e7d79321f0dc9f9a93ad75a340d |
| SHA256 | c3a02a3b1d4032fd7dbbb01bce22469dca07bee1881821c32acd927967a15fbe |
| SHA512 | ea256d2adb1e7ac55b8c9b02c5a845232e684ebeee5a1190868680972fa44cd6032bf35b90fece9659b71b2eba8850f55f516510864bc78fd1bf51c7f4771bb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 660f398893afd72268e2a9957de20378 |
| SHA1 | 3941b3e6ee2dce2694795c80274c39db8802676c |
| SHA256 | ce806247be6d0aa9a9e1171ce11176f25909a431f066ed63bfbb2e3cb1d533d4 |
| SHA512 | 023dd23a7cc4b886267b0fca6fc1886bc124ff505fa0406ae0d9c954c5ebfcdad5feaa472307f0541cfac80c8a40896a0a4c5ad275c1e1555d56435365243f92 |