Analysis Overview
Threat Level: Known bad
The file https://buahpinggang.my/emptiness.php was found to be: Known bad.
Malicious Activity Summary
Hancitor
Process spawned unexpected child process
Office macro that triggers on suspicious action
Blocklisted process makes network request
Loads dropped DLL
Looks up external IP address via web service
Suspicious use of FindShellTrayWindow
NTFS ADS
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-02-25 16:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-02-25 16:45
Reported
2021-02-25 16:48
Platform
win10v20201028
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Hancitor
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process | N/A | C:\Windows\System32\rundll32.exe | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\0225_27840852049042.doc:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\{EE5DE73D-0769-41CB-95C0-491D3E9C9741}\Hs52qascx.t0mp:Zone.Identifier | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://buahpinggang.my/emptiness.php
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://buahpinggang.my/emptiness.php
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.332011879\1696152514" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1508 -prefsLen 1 -prefMapSize 219511 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1612 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.1045707550\1238288905" -childID 1 -isForBrowser -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 156 -prefMapSize 219511 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2204 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.13.1368259339\1524521623" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 7013 -prefMapSize 219511 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3236 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.20.1919350552\1239770975" -childID 3 -isForBrowser -prefsHandle 4236 -prefMapHandle 4256 -prefsLen 8126 -prefMapSize 219511 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4288 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.27.64113736\449692072" -childID 4 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 8437 -prefMapSize 219511 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 8700 tab
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\0225_27840852049042.doc" /o ""
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" c:\users\admin\appdata\roaming\microsoft\word\startup\Static.dll,PVAXQXJSHTN
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" c:\users\admin\appdata\roaming\microsoft\word\startup\Static.dll,PVAXQXJSHTN
C:\Windows\SysWOW64\svchost.exe
C:\Windows\System32\svchost.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:56580 | tcp | |
| N/A | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 65.9.83.77:443 | firefox.settings.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | location.services.mozilla.com | udp |
| N/A | 52.42.151.74:443 | location.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| N/A | 65.9.83.84:443 | content-signature-2.cdn.mozilla.net | tcp |
| N/A | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| N/A | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| N/A | 65.9.83.102:443 | normandy.cdn.mozilla.net | tcp |
| N/A | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| N/A | 34.216.80.151:443 | shavar.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | push.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| N/A | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| N/A | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| N/A | 8.8.8.8:53 | cs9.wac.phicdn.net | udp |
| N/A | 8.8.8.8:53 | cs9.wac.phicdn.net | udp |
| N/A | 8.8.8.8:53 | buahpinggang.my | udp |
| N/A | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 34.214.115.165:443 | push.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| N/A | 65.9.83.38:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| N/A | 8.8.8.8:53 | search.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | snippets.cdn.mozilla.net | udp |
| N/A | 52.38.202.57:443 | search.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | search.r53-2.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| N/A | 65.9.83.11:443 | snippets.cdn.mozilla.net | tcp |
| N/A | 8.8.8.8:53 | d228z91au11ukj.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| N/A | 8.8.8.8:53 | search.r53-2.services.mozilla.com | udp |
| N/A | 35.240.229.7:443 | buahpinggang.my | tcp |
| N/A | 8.8.8.8:53 | d228z91au11ukj.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | buahpinggang.my | udp |
| N/A | 65.9.83.74:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 8.8.8.8:53 | d1zkz3k4cclnv6.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | buahpinggang.my | udp |
| N/A | 8.8.8.8:53 | d1zkz3k4cclnv6.cloudfront.net | udp |
| N/A | 65.9.83.84:443 | d2nxq2uap88usk.cloudfront.net | tcp |
| N/A | 35.240.229.7:443 | buahpinggang.my | tcp |
| N/A | 8.8.8.8:53 | www.buahpinggang.my | udp |
| N/A | 127.0.0.1:56585 | tcp | |
| N/A | 127.0.0.1:56593 | tcp | |
| N/A | 127.0.0.1:56608 | tcp | |
| N/A | 104.21.64.72:443 | www.buahpinggang.my | tcp |
| N/A | 8.8.8.8:53 | www.buahpinggang.my.cdn.cloudflare.net | udp |
| N/A | 8.8.8.8:53 | www.buahpinggang.my.cdn.cloudflare.net | udp |
| N/A | 65.9.83.11:443 | d228z91au11ukj.cloudfront.net | tcp |
| N/A | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| N/A | 216.58.211.106:443 | safebrowsing.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| N/A | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| N/A | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| N/A | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| N/A | 8.8.8.8:53 | buahpinggang.my | udp |
| N/A | 8.8.8.8:53 | www.youtube.com | udp |
| N/A | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 8.8.8.8:53 | www.wikipedia.org | udp |
| N/A | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| N/A | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| N/A | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| N/A | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| N/A | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| N/A | 8.8.8.8:53 | www.reddit.com | udp |
| N/A | 8.8.8.8:53 | twitter.com | udp |
| N/A | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | twitter.com | udp |
| N/A | 8.8.8.8:53 | twitter.com | udp |
| N/A | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | support.mozilla.org | udp |
| N/A | 8.8.8.8:53 | mozilla.zoom.us | udp |
| N/A | 8.8.8.8:53 | prod-tp.sumo.mozit.cloud | udp |
| N/A | 8.8.8.8:53 | prod-tp.sumo.mozit.cloud | udp |
| N/A | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| N/A | 8.8.8.8:53 | zoom.us | udp |
| N/A | 8.8.8.8:53 | zoom.us | udp |
| N/A | 8.8.8.8:53 | www.docusign.com | udp |
| N/A | 151.101.2.133:443 | www.docusign.com | tcp |
| N/A | 8.8.8.8:53 | d.sni.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | d.sni.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | cdn.optimizely.com | udp |
| N/A | 104.85.4.151:443 | cdn.optimizely.com | tcp |
| N/A | 8.8.8.8:53 | e5048.dsca.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | e5048.dsca.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | fast.wistia.com | udp |
| N/A | 151.101.2.110:443 | fast.wistia.com | tcp |
| N/A | 8.8.8.8:53 | dualstack.f4.shared.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | dualstack.f4.shared.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | www.googletagmanager.com | udp |
| N/A | 172.217.168.232:443 | www.googletagmanager.com | tcp |
| N/A | 8.8.8.8:53 | www-googletagmanager.l.google.com | udp |
| N/A | 172.217.20.67:80 | pki-goog.l.google.com | tcp |
| N/A | 8.8.8.8:53 | www-googletagmanager.l.google.com | udp |
| N/A | 8.8.8.8:53 | cdn3.optimizely.com | udp |
| N/A | 8.8.8.8:53 | e6640.x.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | e6640.x.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | players.brightcove.net | udp |
| N/A | 104.81.141.120:443 | players.brightcove.net | tcp |
| N/A | 8.8.8.8:53 | e9573.g.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | e9573.g.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | sdk.inbenta.io | udp |
| N/A | 65.9.83.27:443 | sdk.inbenta.io | tcp |
| N/A | 8.8.8.8:53 | sdk.inbenta.io | udp |
| N/A | 8.8.8.8:53 | sdk.inbenta.io | udp |
| N/A | 23.52.58.209:443 | e6640.x.akamaiedge.net | tcp |
| N/A | 65.9.83.27:443 | sdk.inbenta.io | tcp |
| N/A | 8.8.8.8:53 | vjs.zencdn.net | udp |
| N/A | 151.101.2.217:443 | vjs.zencdn.net | tcp |
| N/A | 8.8.8.8:53 | dualstack.osff.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | dualstack.osff.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | metrics.brightcove.com | udp |
| N/A | 8.8.8.8:53 | assets.map.brightcove.com | udp |
| N/A | 35.244.232.184:443 | metrics.brightcove.com | tcp |
| N/A | 8.8.8.8:53 | metrics.brightcove.com | udp |
| N/A | 35.244.232.184:443 | metrics.brightcove.com | tcp |
| N/A | 8.8.8.8:53 | d2qf7db5czh0zh.cloudfront.net | udp |
| N/A | 65.9.83.26:443 | d2qf7db5czh0zh.cloudfront.net | tcp |
| N/A | 8.8.8.8:53 | d2qf7db5czh0zh.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | metrics.brightcove.com | udp |
| N/A | 8.8.8.8:53 | edge.api.brightcove.com | udp |
| N/A | 151.101.2.27:443 | edge.api.brightcove.com | tcp |
| N/A | 8.8.8.8:53 | brightcove.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | brightcove.map.fastly.net | udp |
| N/A | 172.217.20.67:80 | pki-goog.l.google.com | tcp |
| N/A | 8.8.8.8:53 | map.brightcove.com | udp |
| N/A | 34.232.166.219:443 | map.brightcove.com | tcp |
| N/A | 8.8.8.8:53 | audience-public-prod-90639937.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | audience-public-prod-90639937.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | a275532918.cdn.optimizely.com | udp |
| N/A | 95.101.126.251:443 | a275532918.cdn.optimizely.com | tcp |
| N/A | 8.8.8.8:53 | e4343.x.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | e4343.x.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | siteimproveanalytics.com | udp |
| N/A | 172.64.130.35:443 | siteimproveanalytics.com | tcp |
| N/A | 8.8.8.8:53 | siteimproveanalytics.com | udp |
| N/A | 8.8.8.8:53 | siteimproveanalytics.com | udp |
| N/A | 8.8.8.8:53 | logx.optimizely.com | udp |
| N/A | 52.6.153.244:443 | logx.optimizely.com | tcp |
| N/A | 8.8.8.8:53 | p13nlog-1106815646.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | p13nlog-1106815646.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | cf-images.us-east-1.prod.boltdns.net | udp |
| N/A | 8.8.8.8:53 | 6042533.global.siteimproveanalytics.io | udp |
| N/A | 54.236.159.227:443 | 6042533.global.siteimproveanalytics.io | tcp |
| N/A | 8.8.8.8:53 | ana-cf-col-elb-78-1759782990.us-east-1.elb.amazonaws.com | udp |
| N/A | 65.9.82.50:443 | cf-images.us-east-1.prod.boltdns.net | tcp |
| N/A | 8.8.8.8:53 | dh29jf0q5erm3.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | secure.p01.eloqua.com | udp |
| N/A | 142.0.173.130:443 | secure.p01.eloqua.com | tcp |
| N/A | 8.8.8.8:53 | secure.p01.eloqua.com | udp |
| N/A | 8.8.8.8:53 | dh29jf0q5erm3.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | secure.p01.eloqua.com | udp |
| N/A | 8.8.8.8:53 | ana-cf-col-elb-78-1759782990.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | manifest.prod.boltdns.net | udp |
| N/A | 8.8.8.8:53 | dualstack.brightcove.map.fastly.net | udp |
| N/A | 151.101.2.27:443 | dualstack.brightcove.map.fastly.net | tcp |
| N/A | 8.8.8.8:53 | dualstack.brightcove.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | bcbolt446c5271-a.akamaihd.net | udp |
| N/A | 104.97.14.240:443 | bcbolt446c5271-a.akamaihd.net | tcp |
| N/A | 8.8.8.8:53 | a162.g2.akamai.net | udp |
| N/A | 8.8.8.8:53 | a162.g2.akamai.net | udp |
| N/A | 8.8.8.8:53 | dualstack.f4.shared.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | embed-fastly.wistia.com | udp |
| N/A | 151.101.2.133:443 | embed-fastly.wistia.com | tcp |
| N/A | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| N/A | 8.8.8.8:53 | f4.shared.global.fastly.net | udp |
| N/A | 151.101.2.110:443 | f4.shared.global.fastly.net | tcp |
| N/A | 8.8.8.8:53 | f4.shared.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | errors.client.optimizely.com | udp |
| N/A | 3.225.10.210:443 | errors.client.optimizely.com | tcp |
| N/A | 3.225.10.210:443 | errors.client.optimizely.com | tcp |
| N/A | 8.8.8.8:53 | client-error-log-962704628.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | bam-cell.nr-data.net | udp |
| N/A | 8.8.8.8:53 | tls12.newrelic.com.cdn.cloudflare.net | udp |
| N/A | 8.8.8.8:53 | tls12.newrelic.com.cdn.cloudflare.net | udp |
| N/A | 8.8.8.8:53 | sb-ssl.google.com | udp |
| N/A | 172.217.168.238:443 | sb-ssl.google.com | tcp |
| N/A | 8.8.8.8:53 | sb-ssl.l.google.com | udp |
| N/A | 8.8.8.8:53 | sb-ssl.l.google.com | udp |
| N/A | 162.247.243.147:443 | tls12.newrelic.com.cdn.cloudflare.net | tcp |
| N/A | 8.8.8.8:53 | geo.docusign.com | udp |
| N/A | 52.11.224.229:443 | geo.docusign.com | tcp |
| N/A | 8.8.8.8:53 | geo-842869594.us-west-2.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | geo-842869594.us-west-2.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | embedwistia-a.akamaihd.net | udp |
| N/A | 104.97.15.49:443 | embedwistia-a.akamaihd.net | tcp |
| N/A | 8.8.8.8:53 | a168.g2.akamai.net | udp |
| N/A | 8.8.8.8:53 | a168.g2.akamai.net | udp |
| N/A | 8.8.8.8:53 | fast.wistia.net | udp |
| N/A | 8.8.8.8:53 | telemetry.docusign.net | udp |
| N/A | 151.101.2.110:443 | fast.wistia.net | tcp |
| N/A | 185.81.101.85:443 | telemetry.docusign.net | tcp |
| N/A | 185.81.101.85:443 | telemetry.docusign.net | tcp |
| N/A | 8.8.8.8:53 | telemetry-eu.docusign.net.akadns.net | udp |
| N/A | 8.8.8.8:53 | telemetry-eu.docusign.net.akadns.net | udp |
| N/A | 8.8.8.8:53 | compliance.docusign.com | udp |
| N/A | 88.221.68.235:443 | compliance.docusign.com | tcp |
| N/A | 8.8.8.8:53 | e1020.dscb.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | e1020.dscb.akamaiedge.net | udp |
| N/A | 151.101.2.133:443 | embed-fastly.wistia.com | tcp |
| N/A | 8.8.8.8:53 | d.sni.global.fastly.net | udp |
| N/A | 8.8.8.8:53 | distillery.wistia.com | udp |
| N/A | 52.0.1.164:443 | distillery.wistia.com | tcp |
| N/A | 8.8.8.8:53 | prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com | udp |
| N/A | 52.0.1.164:443 | prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com | tcp |
| N/A | 52.0.1.164:443 | prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com | tcp |
| N/A | 52.0.1.164:443 | prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com | tcp |
| N/A | 127.0.0.1:56658 | tcp | |
| N/A | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| N/A | 130.211.5.208:443 | cdn.mxpnl.com | tcp |
| N/A | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| N/A | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| N/A | 8.8.8.8:53 | s.adroll.com | udp |
| N/A | 8.8.8.8:53 | cs9.wac.phicdn.net | udp |
| N/A | 104.81.140.157:443 | s.adroll.com | tcp |
| N/A | 8.8.8.8:53 | e4007.g.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | www.google-analytics.com | udp |
| N/A | 8.8.8.8:53 | www-google-analytics.l.google.com | udp |
| N/A | 172.217.168.238:443 | www-google-analytics.l.google.com | tcp |
| N/A | 8.8.8.8:53 | e4007.g.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | www-google-analytics.l.google.com | udp |
| N/A | 8.8.8.8:53 | scripts.demandbase.com | udp |
| N/A | 8.8.8.8:53 | bat.bing.com | udp |
| N/A | 8.8.8.8:53 | scripts.demandbase.com | udp |
| N/A | 65.9.83.106:443 | scripts.demandbase.com | tcp |
| N/A | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| N/A | 204.79.197.200:443 | dual-a-0001.a-msedge.net | tcp |
| N/A | 8.8.8.8:53 | connect.facebook.net | udp |
| N/A | 8.8.8.8:53 | scripts.demandbase.com | udp |
| N/A | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| N/A | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| N/A | 8.8.8.8:53 | snap.licdn.com | udp |
| N/A | 8.8.8.8:53 | static.ads-twitter.com | udp |
| N/A | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| N/A | 8.8.8.8:53 | e9706.dscg.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | a.quora.com | udp |
| N/A | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| N/A | 151.101.1.2:443 | a.quora.com | tcp |
| N/A | 8.8.8.8:53 | e9706.dscg.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | ocsp.godaddy.com.akadns.net | udp |
| N/A | 8.8.8.8:53 | quora.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | service.force.com | udp |
| N/A | 8.8.8.8:53 | quora.map.fastly.net | udp |
| N/A | 8.8.8.8:53 | ocsp.godaddy.com.akadns.net | udp |
| N/A | 161.71.1.166:443 | service.force.com | tcp |
| N/A | 8.8.8.8:53 | location.l.force.com | udp |
| N/A | 8.8.8.8:53 | location.l.force.com | udp |
| N/A | 157.240.201.15:443 | connect.facebook.net | tcp |
| N/A | 104.81.141.130:443 | e9706.dscg.akamaiedge.net | tcp |
| N/A | 151.101.36.157:443 | platform.twitter.map.fastly.net | tcp |
| N/A | 8.8.8.8:53 | match.prod.bidr.io | udp |
| N/A | 8.8.8.8:53 | id.rlcdn.com | udp |
| N/A | 8.8.8.8:53 | api.company-target.com | udp |
| N/A | 65.9.83.33:443 | api.company-target.com | tcp |
| N/A | 8.8.8.8:53 | api.company-target.com | udp |
| N/A | 8.8.8.8:53 | api.company-target.com | udp |
| N/A | 8.8.8.8:53 | id.rlcdn.com | udp |
| N/A | 8.8.8.8:53 | match.prod.bidr.io | udp |
| N/A | 8.8.8.8:53 | q.quora.com | udp |
| N/A | 3.217.219.88:443 | q.quora.com | tcp |
| N/A | 8.8.8.8:53 | id.rlcdn.com | udp |
| N/A | 8.8.8.8:53 | q.quora.com | udp |
| N/A | 8.8.8.8:53 | match.prod.bidr.io | udp |
| N/A | 8.8.8.8:53 | q.quora.com | udp |
| N/A | 8.8.8.8:53 | d.adroll.mgr.consensu.org | udp |
| N/A | 63.35.200.21:443 | d.adroll.mgr.consensu.org | tcp |
| N/A | 8.8.8.8:53 | adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| N/A | 8.8.8.8:53 | pop-esv5.mix.linkedin.com | udp |
| N/A | 8.8.8.8:53 | pop-esv5.mix.linkedin.com | udp |
| N/A | 8.8.8.8:53 | r3.o.lencr.org | udp |
| N/A | 88.221.25.225:80 | r3.o.lencr.org | tcp |
| N/A | 8.8.8.8:53 | a1887.dscq.akamai.net | udp |
| N/A | 8.8.8.8:53 | analytics.twitter.com | udp |
| N/A | 8.8.8.8:53 | s.twitter.com | udp |
| N/A | 8.8.8.8:53 | a1887.dscq.akamai.net | udp |
| N/A | 8.8.8.8:53 | t.co | udp |
| N/A | 8.8.8.8:53 | s.twitter.com | udp |
| N/A | 104.244.42.133:443 | t.co | tcp |
| N/A | 8.8.8.8:53 | t.co | udp |
| N/A | 8.8.8.8:53 | t.co | udp |
| N/A | 161.71.1.166:443 | location.l.force.com | tcp |
| N/A | 8.8.8.8:53 | d.adroll.com | udp |
| N/A | 8.8.8.8:53 | adserver-vpc-alb-1-1446435489.eu-west-1.elb.amazonaws.com | udp |
| N/A | 8.8.8.8:53 | adserver-vpc-alb-1-1446435489.eu-west-1.elb.amazonaws.com | udp |
| N/A | 52.202.67.23:443 | match.prod.bidr.io | tcp |
| N/A | 35.244.245.222:443 | id.rlcdn.com | tcp |
| N/A | 108.174.11.37:443 | pop-esv5.mix.linkedin.com | tcp |
| N/A | 104.244.42.3:443 | s.twitter.com | tcp |
| N/A | 54.246.184.51:443 | adserver-vpc-alb-1-1446435489.eu-west-1.elb.amazonaws.com | tcp |
| N/A | 104.81.140.157:443 | e4007.g.akamaiedge.net | tcp |
| N/A | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| N/A | 108.177.126.157:443 | stats.g.doubleclick.net | tcp |
| N/A | 8.8.8.8:53 | stats.l.doubleclick.net | udp |
| N/A | 8.8.8.8:53 | stats.l.doubleclick.net | udp |
| N/A | 31.13.64.35:443 | star-mini.c10r.facebook.com | tcp |
| N/A | 8.8.8.8:53 | www.google.com | udp |
| N/A | 8.8.8.8:53 | d.la2-c2-iad.salesforceliveagent.com | udp |
| N/A | 172.217.17.68:443 | www.google.com | tcp |
| N/A | 8.8.8.8:53 | www.google.com | udp |
| N/A | 13.108.232.126:443 | d.la2-c2-iad.salesforceliveagent.com | tcp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | www.google.com | udp |
| N/A | 13.108.232.126:443 | la2-c2-iad.iad.r.salesforceliveagent.com | tcp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | www.linkedin.com | udp |
| N/A | 8.8.8.8:53 | cdn.inbenta.io | udp |
| N/A | 8.8.8.8:53 | www.sfdcstatic.com | udp |
| N/A | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| N/A | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| N/A | 65.9.83.35:443 | cdn.inbenta.io | tcp |
| N/A | 104.110.240.120:443 | www.sfdcstatic.com | tcp |
| N/A | 8.8.8.8:53 | cdn.inbenta.io | udp |
| N/A | 8.8.8.8:53 | e28407.a.akamaiedge.net | udp |
| N/A | 8.8.8.8:53 | cdn.inbenta.io | udp |
| N/A | 8.8.8.8:53 | c1.sfdcstatic.com | udp |
| N/A | 8.8.8.8:53 | e28407.a.akamaiedge.net | udp |
| N/A | 104.110.240.65:443 | c1.sfdcstatic.com | tcp |
| N/A | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| N/A | 8.8.8.8:53 | segments.company-target.com | udp |
| N/A | 65.9.83.98:443 | segments.company-target.com | tcp |
| N/A | 8.8.8.8:53 | segments.company-target.com | udp |
| N/A | 8.8.8.8:53 | segments.company-target.com | udp |
| N/A | 65.9.83.98:443 | segments.company-target.com | tcp |
| N/A | 8.8.8.8:53 | tls12.newrelic.com.cdn.cloudflare.net | udp |
| N/A | 8.8.8.8:53 | d.la2-c2-iad.salesforceliveagent.com | udp |
| N/A | 13.108.232.126:443 | la2-c2-iad.iad.r.salesforceliveagent.com | tcp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | api.ipify.org | udp |
| N/A | 50.19.252.36:80 | api.ipify.org | tcp |
| N/A | 8.8.8.8:53 | speritentz.com | udp |
| N/A | 190.211.254.154:80 | speritentz.com | tcp |
| N/A | 8.8.8.8:53 | wouatiareves.ru | udp |
| N/A | 47.254.131.254:80 | wouatiareves.ru | tcp |
| N/A | 8.8.8.8:53 | d.la2-c2-iad.salesforceliveagent.com | udp |
| N/A | 13.108.235.254:443 | d.la2-c2-iad.salesforceliveagent.com | tcp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | la2-c2-iad.iad.r.salesforceliveagent.com | udp |
| N/A | 8.8.8.8:53 | aus5.mozilla.org | udp |
| N/A | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| N/A | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 65.9.83.23:443 | firefox.settings.services.mozilla.com | tcp |
| N/A | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| N/A | 2.22.61.56:80 | ciscobinary.openh264.org | tcp |
| N/A | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| N/A | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| N/A | 8.8.8.8:53 | redirector.gvt1.com | udp |
| N/A | 172.217.168.206:443 | redirector.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | redirector.gvt1.com | udp |
| N/A | 8.8.8.8:53 | redirector.gvt1.com | udp |
| N/A | 172.217.20.67:80 | pki-goog.l.google.com | tcp |
| N/A | 8.8.8.8:53 | r5---sn-p5qlsnz6.gvt1.com | udp |
| N/A | 173.194.7.107:443 | r5---sn-p5qlsnz6.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | r5.sn-p5qlsnz6.gvt1.com | udp |
| N/A | 8.8.8.8:53 | r5.sn-p5qlsnz6.gvt1.com | udp |
| N/A | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| N/A | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| N/A | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| N/A | 65.9.83.23:443 | firefox.settings.services.mozilla.com | tcp |
| N/A | 65.9.83.84:443 | d2nxq2uap88usk.cloudfront.net | tcp |
Files
memory/4872-2-0x0000000000000000-mapping.dmp
memory/720-3-0x0000000000000000-mapping.dmp
memory/4208-4-0x0000000000000000-mapping.dmp
memory/908-5-0x0000000000000000-mapping.dmp
memory/4504-6-0x0000000000000000-mapping.dmp
memory/3264-7-0x0000000000000000-mapping.dmp
memory/1744-8-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-9-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-10-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-11-0x00007FF932A00000-0x00007FF933037000-memory.dmp
memory/1744-12-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
C:\Users\Admin\Downloads\0225_27840852049042.doc
| MD5 | 994f9f36af27509b4a08e43d7df3174b |
| SHA1 | e2836d2f9e67fa9e4eb143bfa7f62e0b3d789fa8 |
| SHA256 | a0b22f3949fccda17414c368463f516533361f149b1612c9c0a94efdfe3f6971 |
| SHA512 | 0130d614d34a13b086c306222f7b9e9a6bfb7a8bf2952191a86482ad197b929340ded1fc7c929e07186b8ef921303fb3fc65f68ee56f0aa85108f66237cb941b |
memory/4308-14-0x0000000000000000-mapping.dmp
memory/4308-15-0x0000000002870000-0x0000000002971000-memory.dmp
memory/4648-16-0x0000000000000000-mapping.dmp
\??\c:\users\admin\appdata\roaming\microsoft\word\startup\Static.dll
| MD5 | d49945a8e31504028a9bcbd7e23ef060 |
| SHA1 | 95430e0b12ebfc9db59548dd392da1d6147b6f7a |
| SHA256 | f14a66b9438ce0548a5415e6a3897c171397376eca30a01738d76c7db357bc16 |
| SHA512 | e3683a1ca7097a2747c87c56da10818c0c1cb46a06b663654ef03167bc62cbe6ad7afc806a2561dcf210c6730842235ef67daf03bba98f80a6f582163e71db64 |
memory/2748-18-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\Static.dll
| MD5 | d49945a8e31504028a9bcbd7e23ef060 |
| SHA1 | 95430e0b12ebfc9db59548dd392da1d6147b6f7a |
| SHA256 | f14a66b9438ce0548a5415e6a3897c171397376eca30a01738d76c7db357bc16 |
| SHA512 | e3683a1ca7097a2747c87c56da10818c0c1cb46a06b663654ef03167bc62cbe6ad7afc806a2561dcf210c6730842235ef67daf03bba98f80a6f582163e71db64 |
memory/1744-20-0x00007FF934190000-0x00007FF936CB3000-memory.dmp
memory/1744-21-0x00007FF934190000-0x00007FF936CB3000-memory.dmp
memory/1744-22-0x00007FF934190000-0x00007FF936CB3000-memory.dmp
memory/1744-23-0x00007FF934190000-0x00007FF936CB3000-memory.dmp
memory/1744-24-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-25-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-26-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/1744-27-0x00007FF91BD80000-0x00007FF91BD90000-memory.dmp
memory/2748-28-0x00000000736C0000-0x00000000736CA000-memory.dmp
memory/2748-29-0x0000000000D50000-0x0000000000D51000-memory.dmp