Analysis Overview
SHA256
c5701af10df111f738ed461f5b071c4165ad6e26446a21daea8accb769b55f26
Threat Level: Known bad
The file myufn.dll was found to be: Known bad.
Malicious Activity Summary
Qakbot/Qbot
Reads user/profile data of web browsers
Loads dropped DLL
Adds Run key to start application
Drops file in Program Files directory
Program crash
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-02-03 12:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-03 12:54
Reported
2023-02-03 12:57
Platform
win7-20220901-en
Max time kernel
150s
Max time network
47s
Command Line
Signatures
Qakbot/Qbot
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\myufn.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\myufn.dll,#1
C:\Windows\SysWOW64\wermgr.exe
C:\Windows\SysWOW64\wermgr.exe
C:\Windows\SysWOW64\wermgr.exe
C:\Windows\SysWOW64\wermgr.exe
Network
Files
memory/1576-54-0x0000000000000000-mapping.dmp
memory/1576-55-0x0000000075111000-0x0000000075113000-memory.dmp
memory/1576-56-0x00000000007C0000-0x000000000088A000-memory.dmp
memory/1576-57-0x00000000002F0000-0x0000000000313000-memory.dmp
memory/1576-59-0x00000000002F0000-0x0000000000313000-memory.dmp
memory/1576-58-0x00000000002F0000-0x0000000000313000-memory.dmp
memory/1576-60-0x00000000002B0000-0x00000000002E2000-memory.dmp
memory/1576-61-0x00000000002F0000-0x0000000000313000-memory.dmp
\Users\Admin\AppData\Local\Temp\EE944C6B.dll
| MD5 | 53bb811ed12d2c867b354390fabf9612 |
| SHA1 | 81b29c540c0e2a09385cf7e821639ff64fbffd91 |
| SHA256 | a972b482b09e50875c5cdc2cfd6c9b2fa96c9dbf9d23894d0b3061c97145b133 |
| SHA512 | 5f7b584b9b42b0dc6ebbd3571cac1bc07c16301a994c9891201007c7b8698ef4604b2cc1f7e9a2edb016e50d415a6a9ca390a0df89bab01c889c7d382d2e8d24 |
\Users\Admin\AppData\Local\Temp\23925755.dll
| MD5 | 53bb811ed12d2c867b354390fabf9612 |
| SHA1 | 81b29c540c0e2a09385cf7e821639ff64fbffd91 |
| SHA256 | a972b482b09e50875c5cdc2cfd6c9b2fa96c9dbf9d23894d0b3061c97145b133 |
| SHA512 | 5f7b584b9b42b0dc6ebbd3571cac1bc07c16301a994c9891201007c7b8698ef4604b2cc1f7e9a2edb016e50d415a6a9ca390a0df89bab01c889c7d382d2e8d24 |
memory/1692-64-0x0000000000000000-mapping.dmp
memory/1576-66-0x00000000002F0000-0x0000000000313000-memory.dmp
memory/1692-67-0x00000000000D0000-0x00000000000F3000-memory.dmp
memory/1692-68-0x00000000000D0000-0x00000000000F3000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-02-03 12:54
Reported
2023-02-03 12:57
Platform
win10v2004-20220812-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Qakbot/Qbot
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a96ae988-57f1-430f-b270-341cffb40e4c.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230203135633.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\myufn.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\myufn.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2584 -ip 2584
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 624
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?launchContext1=Microsoft.Windows.Cortana_cw5n1h2txyewy&url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dmyufn%26form%3DWNSGPH%26qs%3DSW%26cvid%3D3c89bcd9ba264ed4ba31968d9a7c8a46%26pq%3Dmyufn%26cc%3DUS%26setlang%3Den-US%26nclid%3D9C0DA10A27A69B5F4DC9FC093B60234D%26ts%3D1675432578104%26nclidts%3D1675432578%26tsms%3D104
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf15d46f8,0x7ffdf15d4708,0x7ffdf15d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3688 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x374 0x320
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff678205460,0x7ff678205470,0x7ff678205480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,11360349330415230897,12137279347078103570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 93.184.220.29:80 | tcp | |
| AU | 104.46.162.224:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 95.101.74.148:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | t-ring-fallback.msedge.net | udp |
| US | 13.107.253.254:443 | t-ring-fallback.msedge.net | tcp |
| US | 8.8.8.8:53 | teams-ring.msedge.net | udp |
| US | 52.113.196.254:443 | teams-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 95.101.74.148:443 | r.bing.com | tcp |
| NL | 95.101.74.148:443 | r.bing.com | tcp |
| NL | 95.101.74.148:443 | r.bing.com | tcp |
| NL | 95.101.74.148:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| IE | 20.67.219.150:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.67.219.150:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.67.219.150:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.8.8:53 | s.bingparachute.com | udp |
| FR | 104.123.29.138:443 | s.bingparachute.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| NL | 23.72.252.129:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | t-ring-fdv2.msedge.net | udp |
| US | 13.107.237.254:443 | t-ring-fdv2.msedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 131.253.33.239:443 | tcp | |
| NL | 95.101.74.151:443 | assets.msn.com | tcp |
| NL | 95.101.74.151:443 | tcp | |
| NL | 95.101.74.151:443 | tcp | |
| NL | 95.101.74.151:443 | assets.msn.com | tcp |
| NL | 23.72.252.152:443 | tcp | |
| IE | 20.234.93.27:443 | tcp | |
| GB | 18.165.242.8:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 13.107.42.14:443 | tcp | |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 66.225.223.31:443 | tcp | |
| IE | 52.210.115.48:443 | tcp | |
| NL | 173.223.112.20:443 | hbx.media.net | tcp |
| US | 104.19.136.78:443 | cm.mgid.com | tcp |
| US | 104.19.136.78:443 | udp | |
| NL | 185.89.210.212:443 | tcp | |
| US | 76.223.111.18:443 | tcp | |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| SG | 172.241.51.69:443 | tcp | |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 185.89.210.141:443 | tcp | |
| US | 35.208.249.213:443 | trace.mediago.io | tcp |
| JP | 35.213.89.133:443 | trace.popin.cc | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| JP | 35.213.89.133:443 | tcp | |
| US | 20.127.253.7:443 | sync.inmobi.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| FR | 23.39.244.146:443 | ecn.dev.virtualearth.net | tcp |
| US | 131.253.33.239:443 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 117.18.232.200:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 23.200.87.20:443 | deff.nelreports.net | tcp |
Files
memory/2584-132-0x0000000000000000-mapping.dmp
memory/2584-133-0x0000000002F50000-0x0000000002F73000-memory.dmp
memory/2584-134-0x0000000002EE0000-0x0000000002F12000-memory.dmp
memory/2584-135-0x0000000002F50000-0x0000000002F73000-memory.dmp
memory/1064-136-0x0000000000000000-mapping.dmp
memory/3144-138-0x0000000000000000-mapping.dmp
memory/2632-139-0x0000000000000000-mapping.dmp
\??\pipe\LOCAL\crashpad_4648_AQAQDUICARGNUMTR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1208-142-0x0000000000000000-mapping.dmp
memory/100-144-0x0000000000000000-mapping.dmp
memory/5032-146-0x0000000000000000-mapping.dmp
memory/4848-148-0x0000000000000000-mapping.dmp
memory/3036-150-0x0000000000000000-mapping.dmp
memory/3308-152-0x0000000000000000-mapping.dmp
memory/5276-154-0x0000000000000000-mapping.dmp
memory/5292-156-0x0000000000000000-mapping.dmp
memory/5464-158-0x0000000000000000-mapping.dmp
memory/5552-160-0x0000000000000000-mapping.dmp
memory/5616-162-0x0000000000000000-mapping.dmp
memory/5632-164-0x0000000000000000-mapping.dmp
memory/5824-165-0x0000000000000000-mapping.dmp
memory/5872-166-0x0000000000000000-mapping.dmp
memory/5956-167-0x0000000000000000-mapping.dmp