Malware Analysis Report

2025-01-19 00:46

Sample ID 241128-qyrr8syqcx
Target http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D was found to be: Known bad.

Malicious Activity Summary

discovery

Looks up external IP address via web service

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-28 13:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-28 13:40

Reported

2024-11-28 13:42

Platform

win10v2004-20241007-en

Max time kernel

108s

Max time network

105s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://url1995.grupof.com.gt/ls/click?upn=u001.TXg9qm3NBOFbmZz0213syPsJvPN8sOPPiNx23hl016b6qmiuS0Ioy9zeuj-2F25WmVG69ukJXNjN1PEodCWRqOeXkbRU5wJmv2iG5FhlKz4tcPlR2G6ia9v1G87wx5HW3ZziPtq3qVgwEI80G-2BYObBTb8e09ZLMFwPn23G6H-2Fbv3c-3Df7rU_tbVFG6M9zywTG3M7IxJCip96CRys2zAdFC8KJPix6yL5X6GytSFWZkMiY7qdkqRvWuK4sWqjaG4ZXywpz-2BS3zDfosOHp74FnclWa0T-2FkHpcKCHztR5Qdr-2BYpWotYwMmskQVV86X6SgucsCgiEDcejglfxS9zTkDo32bplLtRmJDyE2-2B2wWdoSnOBeb5D13qjvjkNX7pxgr8gHEQRkkBW2MNIEsc-2BHx8e04cZvyYYRApmGxCdF3eJBhI14c17mZeYW8ZHXYDrNH3WsVZzAWZWIgncQYBZUd7Yg9d-2BAiI5VdUOe7IsDEqXIZ8Di8ZacigOydcbWJn2SVaEZbKZhPL4RgZOlzwH9jzT40F-2BJdoRpHhCJ8TeQ0sH4zabnjd9SRzdc-2B3xcG0aBpqd1mowJWcb-2B2hnZqTJH-2Big8EW5sK1-2BqHeJdBsWCGo3sH70NyxLLE3wJfWWV74-2FseZJ5hYUy-2B9rJkHEGYY4CRTh71qj0CSrxI3-2BI3GiMsLWBiDaBQNIuIdpL2Rs7QCBg8Rlav8dtWHcT6cWxTACY8mZfOf3higINcb73spg9IUrwlNjR2tYPpji75zxO0apeSsavysm8dPQWpqUc5fWr5twzKNrs03iBYXIBoNJLdbAUh9cxWGrXc2bhLwDRHUvL8K6V43yg7nkjEAW6V5tTNuLtMxf0TOBEEjccDBtEhZtKlqYqaDcHWURPdNExR-2Bh6AhME3sfSd8PB8Diufrm1WapVoBqd-2BZf-2F0KPT2L1NA9iTy3COn86lb5hH2WeqtRzS2XDJfKtxon7eJFcNhlzIViqQWEgnhUGqGiHZwzE5aVWcRUwWY8LvImRT5tBtxryPH1FXwDv-2BFpM8gTw3cMPFuxmuzQwRxU-2BvYZKKznZ6RqIe0kKHjubLY4f61nHm9dyijDg33rWemPBw7sG1LSfWvMrZrrXN7leX18Nj01tODaMkKQeRfDORxUF8-2BPv-2BvbvhSFr8zPVaxeZOA-3D-3D

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde2f746f8,0x7ffde2f74708,0x7ffde2f74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,15800629895630082631,12083053610924508070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 url1995.grupof.com.gt udp
US 167.89.115.28:80 url1995.grupof.com.gt tcp
US 167.89.115.28:80 url1995.grupof.com.gt tcp
US 8.8.8.8:53 igacorp.conohawing.com udp
JP 118.27.122.26:443 igacorp.conohawing.com tcp
JP 118.27.122.26:443 igacorp.conohawing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.115.89.167.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 151.101.130.137:443 code.jquery.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 26.122.27.118.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 logo.clearbit.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
NL 18.239.36.32:443 logo.clearbit.com tcp
US 8.8.8.8:53 image.thum.io udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 34.202.133.228:443 image.thum.io tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 32.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.100:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 223.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 228.133.202.34.in-addr.arpa udp
US 8.8.8.8:53 100.83.239.18.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 34.117.59.81:443 ipinfo.io udp
US 8.8.8.8:53 www.ril.com udp
GB 2.18.190.132:80 www.ril.com tcp
GB 2.18.190.132:80 www.ril.com tcp
GB 2.18.190.132:443 www.ril.com tcp
US 8.8.8.8:53 rilstaticasset.akamaized.net udp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net tcp
GB 2.18.190.73:443 rilstaticasset.akamaized.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 184.26.44.174:443 s.go-mpulse.net tcp
US 8.8.8.8:53 customerfirst.ril.com udp
US 8.8.8.8:53 nmacc.com udp
US 8.8.8.8:53 ebiz.ril.com udp
US 8.8.8.8:53 132.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 40.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.44.26.184.in-addr.arpa udp
US 8.8.8.8:53 relianceretail.com udp
US 8.8.8.8:53 scm.ril.com udp
US 8.8.8.8:53 supplierregistration.ril.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 rilassets.akamaized.net udp
GB 2.18.190.69:443 rilassets.akamaized.net tcp
US 8.8.8.8:53 www.ajio.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.instagram.com udp
US 8.8.8.8:53 www.jio.com udp
US 8.8.8.8:53 www.jiobp.com udp
US 8.8.8.8:53 www.jiomart.com udp
US 8.8.8.8:53 www.jioworldcentre.com udp
GB 2.18.190.69:443 rilassets.akamaized.net udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.mumbaiindians.com udp
US 8.8.8.8:53 www.reliancefoundation.org udp
US 8.8.8.8:53 www.tirabeauty.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 23.200.208.174:443 c.go-mpulse.net tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 174.208.200.23.in-addr.arpa udp
US 8.8.8.8:53 684dd32a.akstat.io udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
GB 2.18.190.68:443 trial-eum-clienttons-s.akamaihd.net tcp
GB 2.18.190.136:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 wxl3auycck7iqz2iomwa-pqetxi-34edbffeb-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 181-215-176-83_s-2-18-190-68_ts-1732801324-clienttons-s.akamaihd.net udp
GB 2.18.190.136:443 wxl3auycck7iqz2iomwa-pqetxi-34edbffeb-clientnsv4-s.akamaihd.net tcp
GB 2.18.190.68:443 181-215-176-83_s-2-18-190-68_ts-1732801324-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 68.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 136.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_4900_NTAZCHQOWSAADMNT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9340d44cfa50f6112c5ba034f94e908
SHA1 57424094ffbb8169ec9569d54cbd0a15454faa8a
SHA256 5e84bb4cf1c0df98fd5a02d975d8f075bf8a18e84e1ca4543b21d38561e34c03
SHA512 df93502b1ad4bb4bc3c4a6bfc7fc4089ce0742c8d6110bc45a178d5b0b008603e84d838be68b08c4e102349c1630bc7926364804c07ce2087de3b3f490441196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 99d09d0825615541d9ed8c330e5f18d1
SHA1 63af56ffb38d8add13d679b39dd07201910ace68
SHA256 426c8d25ef33d9da7dea3cf6864aff89dda28897be16734984834d751974867a
SHA512 d0a8bf8a5e4e78a3b3af00cb334f3de6da97f52867d610fc6a0fc02cc9623c66e03ff49cfb0005438ac57e5e9357a0bed79648c091bdcd63d06bdc60f928b913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c6dc0f8ca755db9dc4f26e33c0bbdf8
SHA1 6d96a4b098a7bae377942250850646f530707768
SHA256 6ed22a5acdda03a8ee61c74e2b8a1cec303984868d76a0cc350e44d9cb89c4b6
SHA512 8530d68a870b9636096292cacb8a646135e9292eb8f34e6edf6a69b76800a341feb69fda44779578bc5c35f43efb7d6cbd243f33e742accf134309578766b46e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5948756dd5837f37f2b643ea3d398b0
SHA1 b8897fff6300884d6456ce437554e4fbd9b5752e
SHA256 2b3a08753f5c4c6108c78d061aedb1b35fb74f662db8c187ef36ca096aa282b4
SHA512 008ea5fd8760fbdfdfc770e863db8d666dfc135336fc1ab98c001ccd5f94c1b9dcf156bd75adbe23abb71816e18cffc910893c8ad90434e603e861329cd00213

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e6b0821dfb2714ad8ebadcbf207904c
SHA1 aa814da456d1c111b09aba2939e6806c51cd5306
SHA256 ab144b8cce95e53d500742495d259825c1fc36f73d09713f94f3fae946a1776f
SHA512 2b6e3930c17b9e1de47998fcddeb8d525ea38a08484c3303bcdcb3a4df63a78a9867c37a6f54a9c40e60fce98f84462fcd94cce43d954c18c3c47d723b9b7672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a757.TMP

MD5 acbd1a6db2c46fc073231bbeefe7db24
SHA1 61d2e248843b9caf37d310515a27435936d9241e
SHA256 5ee4f532acd27533d34ee2754a4e4b0224da25f8f258f01923aa46f18667e08c
SHA512 dea52811db6c74968e2e5d07b6f96a7ab6cac3b5696c364c064765419d1a1677f90b9e676574990f3b0da2828f0a754c6bc52aa35a3f34257edd25e6a1b017ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4043fb7fd7adc94717673a6d241e8ca3
SHA1 e8e024af1b81f96e3eca491d76267392e0471a72
SHA256 9f7739ea3370057c6f784f75a845095bc8b4220b71c42ac3fe106ac05d6d1a26
SHA512 9dc473a973a0f80bbff332fa2472ff3d6b700fa650a9d3bfb6829fb8bc657d7cebf50ef19351f4ec6981d27b4744fbee10bd70fd0d8d62dc2255d68e3743187b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9608fbbc6cdaa4ca50b6782f13dd9ab1
SHA1 7cbd2a88bff214e026876e477a727fc7d5a4ff57
SHA256 2c55f4dcbdfa93bf626c994c8f883b7d460749fdd49580bc00379a8ee3262437
SHA512 246ed39f207032f86a95bfe9236e7cc8bbba702a1f6a2d7a55fde5adbcf5589b2cd508f264128b7f6f45db8a58a570a0a0118d21062b5ce94f92cfc02b3e5bc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 bec3a674efacb12c3327576fd1ac0a01
SHA1 7cea691877efb5b099e235c43cb24e0dc195c75d
SHA256 c665a6f884a791b24173101678f05dfbe3edf04d9ed61f8c343195f17a4991e4
SHA512 02423554cbfb4e26023c261a9378fb480c9f69b2f255df4bad95dd4e63a66b08a8d9d76c99f83753274c88f5b047e7f0012d19bbd7c6b1cc4a86ee0c0683143e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4b758b91aad552a0532659352e3949b
SHA1 7a4c33067b8f2278c1bb9d816ad6292a79cb4a29
SHA256 029f10ab41a00153d2c1d1dbf7d40c9a7b2d529bbfcaa78125b61daecf993319
SHA512 aa01c827be1b5af1b8c0248c1012ca8198096dfcb2dfdb9a35e42fd6a56982c766d10ba04e79dc4b5484448cae5b05c927efd0d5063015f7f9c6abd578a796df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec0be919fc9b3deafd40a91be4a5d8c6
SHA1 132a31ecb2546e7d79321f0dc9f9a93ad75a340d
SHA256 c3a02a3b1d4032fd7dbbb01bce22469dca07bee1881821c32acd927967a15fbe
SHA512 ea256d2adb1e7ac55b8c9b02c5a845232e684ebeee5a1190868680972fa44cd6032bf35b90fece9659b71b2eba8850f55f516510864bc78fd1bf51c7f4771bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 660f398893afd72268e2a9957de20378
SHA1 3941b3e6ee2dce2694795c80274c39db8802676c
SHA256 ce806247be6d0aa9a9e1171ce11176f25909a431f066ed63bfbb2e3cb1d533d4
SHA512 023dd23a7cc4b886267b0fca6fc1886bc124ff505fa0406ae0d9c954c5ebfcdad5feaa472307f0541cfac80c8a40896a0a4c5ad275c1e1555d56435365243f92