Analysis Overview
Threat Level: Known bad
The file https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-07 09:11
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-07 09:11
Reported
2023-07-07 09:13
Platform
win10v2004-20230703-en
Max time kernel
71s
Max time network
75s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31043763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "712293014" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b097e72cb3b0d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "93" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "93" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395486098" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "80" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "220" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "712293014" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07d592bb3b0d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "174" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000213b9dd6a4d6c99c8837eaf17c1d85879e1b31ab9954cb8db0c884292e307d25000000000e800000000200002000000064764ad4eb819fbc75ebba94766e20746e548e1d093048c841942f31e99e6011200000005d5cfa2a986e6c0518ce7e03abd69f5c77563840de89409779c5d7daa47444bb40000000bc995cd55f5f1367218a0e9e5f3eaf510d9353346687ee579696b40379da6285be6668774152974e4ae776061a2b0048ded4850aba1ee8caa22229d593a22b9f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "14" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "286" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "80" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee58687030000000000200000000001066000000010000200000005096400c3e2bc7fe1d746cf9f89c92cd90cd24dc0acae5d3121e2a9b9a9a5152000000000e80000000020000200000000d0a6111a3de790163afb378a274bd3815b11a136dc65960b1adeb2e9f3461b6200000006d8d44a8ac73eda1f54d2310adac016d3f78a500a517c93c42ff45e6fbe85df240000000cbcddb76aae56b40c61886afb21122c8869749e0b8eb63ee538c497e55f8bade5a5e70b252bd8c90a06e75d5034ff7b29e8047c3b5fa757f4d0719fa5db8e09e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7060682db3b0d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "14" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "66" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000751daa972224ac3522f444d3156edbad83304de9c7aa1be171cc87c1cffb1987000000000e8000000002000020000000299aa180d2c69301ecfeb44ffc15224615a8c90102317956dfcf7f127ff2d40220000000877a96e2fbeddb4a8b5bea4499610d3f8baeb41d584775cc586dad7c82d15fb24000000029b71ab47229a9f97135cc8d8a31ecc4318f08ad41bb87a4a1a4aea10c794bf30aee55c7ca3f34ba8c4a3a9303723205566c311a3cf20e877ef7fdc791459224 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "107" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "173" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "66" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043763" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.domain.sg | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\freshchat.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "313" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "139" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "220" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "721980076" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{0F59B95C-8908-42FF-860D-4ABCF4E24B48} | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3192 wrote to memory of 4916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3192 wrote to memory of 4916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3192 wrote to memory of 4916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3192 CREDAT:17410 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c 0x2f4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pgr.ao | udp |
| AO | 154.116.254.10:443 | pgr.ao | tcp |
| AO | 154.116.254.10:443 | pgr.ao | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.116.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| NL | 142.250.179.138:443 | ajax.googleapis.com | tcp |
| NL | 142.250.179.138:443 | ajax.googleapis.com | tcp |
| US | 69.16.175.42:443 | code.jquery.com | tcp |
| US | 69.16.175.42:443 | code.jquery.com | tcp |
| US | 104.18.22.52:443 | kit.fontawesome.com | tcp |
| US | 104.18.22.52:443 | kit.fontawesome.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| DE | 23.53.43.161:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 172.64.202.28:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.202.28:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.43.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.202.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 65.9.86.50:443 | logo.clearbit.com | tcp |
| NL | 65.9.86.50:443 | logo.clearbit.com | tcp |
| US | 8.8.8.8:53 | t0.gstatic.com | udp |
| NL | 142.250.179.132:443 | t0.gstatic.com | tcp |
| NL | 142.250.179.132:443 | t0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 50.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.102.239.18.in-addr.arpa | udp |
| AO | 154.116.254.10:443 | pgr.ao | tcp |
| US | 8.8.8.8:53 | www.office.com | udp |
| US | 13.107.6.156:443 | www.office.com | tcp |
| US | 13.107.6.156:443 | www.office.com | tcp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.210.247.8.in-addr.arpa | udp |
| AO | 154.116.254.10:443 | pgr.ao | tcp |
| US | 8.8.8.8:53 | www.domain.sg | udp |
| SG | 103.14.214.15:80 | www.domain.sg | tcp |
| SG | 103.14.214.15:80 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| US | 8.8.8.8:53 | 15.214.14.103.in-addr.arpa | udp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| US | 8.8.8.8:53 | snippets.freshchat.com | udp |
| US | 8.8.8.8:53 | wchat.freshchat.com | udp |
| US | 52.204.233.252:443 | wchat.freshchat.com | tcp |
| US | 52.204.233.252:443 | wchat.freshchat.com | tcp |
| NL | 52.222.139.97:443 | snippets.freshchat.com | tcp |
| NL | 52.222.139.97:443 | snippets.freshchat.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 18.239.100.55:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 97.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.233.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.100.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | billing.apc.sg | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| US | 8.8.8.8:53 | cdn.fraudlabspro.com | udp |
| IN | 103.180.115.6:443 | cdn.fraudlabspro.com | tcp |
| IN | 103.180.115.6:443 | cdn.fraudlabspro.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | assetscdn-wchat.freshchat.com | udp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.92:443 | assetscdn-wchat.freshchat.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.115.180.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rts-static-prod.freshworksapi.com | udp |
| US | 18.239.94.52:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 18.239.94.52:443 | rts-static-prod.freshworksapi.com | tcp |
| US | 8.8.8.8:53 | s.fraudlabspro.com | udp |
| DE | 18.195.237.197:443 | s.fraudlabspro.com | tcp |
| DE | 18.195.237.197:443 | s.fraudlabspro.com | tcp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.237.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | udp |
| US | 54.231.202.177:443 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | tcp |
| US | 54.231.202.177:443 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | tcp |
| US | 54.231.202.177:443 | fc-use1-00-pics-bkt-00.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 177.202.231.54.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\jquery.min[1].js
| MD5 | 2f6b11a7e914718e0290410e85366fe9 |
| SHA1 | 69bb69e25ca7d5ef0935317584e6153f3fd9a88c |
| SHA256 | 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e |
| SHA512 | 0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\faviconV2[1].png
| MD5 | 2b211699e540f9966c9607c0cf9610dd |
| SHA1 | 50d05731149e616eb4df5cf93d2a92609af9c019 |
| SHA256 | 8302965543614a1f45aca4bea921c737531578a7508fdfd32a1e20087b090bef |
| SHA512 | f157f87dfb87d1159117e000b0b17e8fbd0c20fe98bba81416fb2c531056a1a34e3efa872b2856dcf7fff2aeb02d575aed18de0b8700f4d12b956e49857d4128 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat
| MD5 | e87c9de5c4b5003c32592d4550d76d64 |
| SHA1 | 997ad65d536a766ab9bc4762ee4cbdcbdaac3537 |
| SHA256 | f1d97998ef2af3effd40425503927d3ea6cd11407866285455a73e51c3c4a229 |
| SHA512 | 972525543df4b8e77546b4e85fca7169e75fc1d5c7650ec64cb5c0f297a25bf3149757fc4595ec2074f65fd3cad4e84cba185e6ef504180427c82af38452e915 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\pink[1].css
| MD5 | bb81ccc45e940f9272c2119fb2763c3a |
| SHA1 | 1f932862b8fa91b64eb49c22f1ed0db4304542cc |
| SHA256 | f286c0cb12aaf6efcfc2392df2bdb0d805358c5cd29635a12874af88e79e78de |
| SHA512 | 9550e08a8bd02a082bcd9fe3dc517ff5662dfa674bc0384f124ba768283a65adfec262fd5f74a38ae99bfd300011a3e582a7ce41f0ace04b15cf297e33691b1b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\index[2].htm
| MD5 | 63068b3f6db7bb700f3aeda82d2f9f69 |
| SHA1 | 0db299ea73543f44428f5b6e4c661189c4ba0d3c |
| SHA256 | 111c43ba6c6561f8aaa4f8cbce28f8f44a9a5e6bb499b03d1916afde37e947de |
| SHA512 | b5c288a44e86586186f2dd77646ae6b396b2a2a9b328ef6450ea31d3b0df62bc8589e943c0f58dac1d6ad384c863699b59ddfc1c5fac0e1ef132f800b690173d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\favicon[1].ico
| MD5 | 00ca0e6805048e5ea2b54c92278e241c |
| SHA1 | 3c52bbded14d9964c2a2bc6d9e338048a5036ccd |
| SHA256 | 9af0d4aa13acfe1a06f9122a56718b7c7f35a4463d4b3a6450201e8a46547980 |
| SHA512 | 524c82638c32b34782a2a15c852e78d3d7d40180bbdc66a946bc32cc8f7b8ddc16d0ef5ad4e3471f74db9833bb468cebfce5e6949473b3bae45f79ced8b61da5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat
| MD5 | 0e7c9eb7734be9d8d889073d42eb5989 |
| SHA1 | a036d38755e491272641da3d4cb4cf9b0371bb05 |
| SHA256 | 21c994676945997305732777334a489a76b03333fabed0a84b105d9059881b74 |
| SHA512 | fe490b77d602d84e6bff9277ac35a67be1ac60d591d061b7bb1a1e6b967e03b105cb468434ddc0bb01d32665690418b5665eac5f865b6a0b5413f52fc2b7a9ad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IEREYVXM\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\fd-messaging.35ddc09b98a15a821b79[1].css
| MD5 | ff152094b79c15ae6b8d764b143971ff |
| SHA1 | c90f0fabeaf869fd6a8f374f02481a89d9f99856 |
| SHA256 | 68cc1d134b6c206fc45c9fdac5121a1990ac7f82fa188af9bcdb5e214415ebbd |
| SHA512 | 9393c77c2378e1624396ec3f761e04c359dcdf11cfeb0e574c6440922e6e07f660a73e66d0d26e9463a65c592f892b050cf380a51bafcc7f8f3a89635632cee8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3X07DW18\wchat.freshchat[1].xml
| MD5 | 1b6afebe71991a3e0bc4e5d6b09bc7ef |
| SHA1 | 306e5858304cdc8e00a66bd2379b4a4d5222d1cf |
| SHA256 | 14f427aa32f3fd8f835f24695e464a6776279ab8cbaf8d8784f4153f92c5bcb2 |
| SHA512 | 09569acb9750a7d09d4e0c1681e85d54beb6aa336fa3e91efaaa3e7b44f343c2912d3cfce50b80692c1c49e24fa7310e49fde3c56627aee93c68550d1029e79b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml
| MD5 | 35fe04d25af00ea2662a15035ae2937c |
| SHA1 | b52fca63d66418a4cee83a97aa8114e34490619f |
| SHA256 | c678dc0c173a6f60a2e9533dd55ea9a47b1b4e9e6de4e8badc0b757558cd7d2c |
| SHA512 | 694e4a15f268f0ec69bb323c804399ddea293cdeb393a7bd10fb0a871be10e17bbbe056f846d1973dfc629714d04fe465a82da68282215cd1b30796830b86072 |