Malware Analysis Report

2025-01-19 03:48

Sample ID 230707-k536ysgb22
Target https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected] was found to be: Known bad.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-07 09:11

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-07 09:11

Reported

2023-07-07 09:13

Platform

win10v2004-20230703-en

Max time kernel

71s

Max time network

75s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31043763" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "712293014" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b097e72cb3b0d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "93" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "93" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395486098" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "80" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "220" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "712293014" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07d592bb3b0d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "174" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000213b9dd6a4d6c99c8837eaf17c1d85879e1b31ab9954cb8db0c884292e307d25000000000e800000000200002000000064764ad4eb819fbc75ebba94766e20746e548e1d093048c841942f31e99e6011200000005d5cfa2a986e6c0518ce7e03abd69f5c77563840de89409779c5d7daa47444bb40000000bc995cd55f5f1367218a0e9e5f3eaf510d9353346687ee579696b40379da6285be6668774152974e4ae776061a2b0048ded4850aba1ee8caa22229d593a22b9f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "14" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "286" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043763" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "80" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee58687030000000000200000000001066000000010000200000005096400c3e2bc7fe1d746cf9f89c92cd90cd24dc0acae5d3121e2a9b9a9a5152000000000e80000000020000200000000d0a6111a3de790163afb378a274bd3815b11a136dc65960b1adeb2e9f3461b6200000006d8d44a8ac73eda1f54d2310adac016d3f78a500a517c93c42ff45e6fbe85df240000000cbcddb76aae56b40c61886afb21122c8869749e0b8eb63ee538c497e55f8bade5a5e70b252bd8c90a06e75d5034ff7b29e8047c3b5fa757f4d0719fa5db8e09e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7060682db3b0d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "14" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "66" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4885326af1dd94bb4dd17ee5868703000000000020000000000106600000001000020000000751daa972224ac3522f444d3156edbad83304de9c7aa1be171cc87c1cffb1987000000000e8000000002000020000000299aa180d2c69301ecfeb44ffc15224615a8c90102317956dfcf7f127ff2d40220000000877a96e2fbeddb4a8b5bea4499610d3f8baeb41d584775cc586dad7c82d15fb24000000029b71ab47229a9f97135cc8d8a31ecc4318f08ad41bb87a4a1a4aea10c794bf30aee55c7ca3f34ba8c4a3a9303723205566c311a3cf20e877ef7fdc791459224 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "107" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "173" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "66" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31043763" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.domain.sg C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\freshchat.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freshchat.com\Total = "32" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "313" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "139" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wchat.freshchat.com\ = "220" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "721980076" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{0F59B95C-8908-42FF-860D-4ABCF4E24B48} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3192 CREDAT:17410 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x39c 0x2f4

Network

Country Destination Domain Proto
US 8.8.8.8:53 pgr.ao udp
AO 154.116.254.10:443 pgr.ao tcp
AO 154.116.254.10:443 pgr.ao tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.254.116.154.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
NL 142.250.179.138:443 ajax.googleapis.com tcp
NL 142.250.179.138:443 ajax.googleapis.com tcp
US 69.16.175.42:443 code.jquery.com tcp
US 69.16.175.42:443 code.jquery.com tcp
US 104.18.22.52:443 kit.fontawesome.com tcp
US 104.18.22.52:443 kit.fontawesome.com tcp
US 8.8.8.8:53 assets.msn.com udp
DE 23.53.43.161:443 assets.msn.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 172.64.202.28:443 ka-f.fontawesome.com tcp
US 172.64.202.28:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.175.16.69.in-addr.arpa udp
US 8.8.8.8:53 52.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 161.43.53.23.in-addr.arpa udp
US 8.8.8.8:53 28.202.64.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 logo.clearbit.com udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 65.9.86.50:443 logo.clearbit.com tcp
NL 65.9.86.50:443 logo.clearbit.com tcp
US 8.8.8.8:53 t0.gstatic.com udp
NL 142.250.179.132:443 t0.gstatic.com tcp
NL 142.250.179.132:443 t0.gstatic.com tcp
US 8.8.8.8:53 50.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 132.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.102.239.18.in-addr.arpa udp
US 8.8.8.8:53 136.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 11.102.239.18.in-addr.arpa udp
AO 154.116.254.10:443 pgr.ao tcp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 126.210.247.8.in-addr.arpa udp
AO 154.116.254.10:443 pgr.ao tcp
US 8.8.8.8:53 www.domain.sg udp
SG 103.14.214.15:80 www.domain.sg tcp
SG 103.14.214.15:80 www.domain.sg tcp
SG 103.14.214.15:443 www.domain.sg tcp
US 8.8.8.8:53 15.214.14.103.in-addr.arpa udp
SG 103.14.214.15:443 www.domain.sg tcp
SG 103.14.214.15:443 www.domain.sg tcp
SG 103.14.214.15:443 www.domain.sg tcp
SG 103.14.214.15:443 www.domain.sg tcp
SG 103.14.214.15:443 www.domain.sg tcp
US 8.8.8.8:53 snippets.freshchat.com udp
US 8.8.8.8:53 wchat.freshchat.com udp
US 52.204.233.252:443 wchat.freshchat.com tcp
US 52.204.233.252:443 wchat.freshchat.com tcp
NL 52.222.139.97:443 snippets.freshchat.com tcp
NL 52.222.139.97:443 snippets.freshchat.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 18.239.100.55:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 97.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 252.233.204.52.in-addr.arpa udp
US 8.8.8.8:53 55.100.239.18.in-addr.arpa udp
US 8.8.8.8:53 billing.apc.sg udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.38.181:443 analytics.google.com tcp
US 216.239.38.181:443 analytics.google.com tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
SG 103.14.214.15:443 billing.apc.sg tcp
US 8.8.8.8:53 cdn.fraudlabspro.com udp
IN 103.180.115.6:443 cdn.fraudlabspro.com tcp
IN 103.180.115.6:443 cdn.fraudlabspro.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 assetscdn-wchat.freshchat.com udp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
NL 52.222.139.92:443 assetscdn-wchat.freshchat.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 92.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 6.115.180.103.in-addr.arpa udp
US 8.8.8.8:53 rts-static-prod.freshworksapi.com udp
US 18.239.94.52:443 rts-static-prod.freshworksapi.com tcp
US 18.239.94.52:443 rts-static-prod.freshworksapi.com tcp
US 8.8.8.8:53 s.fraudlabspro.com udp
DE 18.195.237.197:443 s.fraudlabspro.com tcp
DE 18.195.237.197:443 s.fraudlabspro.com tcp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 68.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 52.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 197.237.195.18.in-addr.arpa udp
US 8.8.8.8:53 fc-use1-00-pics-bkt-00.s3.amazonaws.com udp
US 54.231.202.177:443 fc-use1-00-pics-bkt-00.s3.amazonaws.com tcp
US 54.231.202.177:443 fc-use1-00-pics-bkt-00.s3.amazonaws.com tcp
US 54.231.202.177:443 fc-use1-00-pics-bkt-00.s3.amazonaws.com tcp
US 8.8.8.8:53 177.202.231.54.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\jquery.min[1].js

MD5 2f6b11a7e914718e0290410e85366fe9
SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA512 0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\faviconV2[1].png

MD5 2b211699e540f9966c9607c0cf9610dd
SHA1 50d05731149e616eb4df5cf93d2a92609af9c019
SHA256 8302965543614a1f45aca4bea921c737531578a7508fdfd32a1e20087b090bef
SHA512 f157f87dfb87d1159117e000b0b17e8fbd0c20fe98bba81416fb2c531056a1a34e3efa872b2856dcf7fff2aeb02d575aed18de0b8700f4d12b956e49857d4128

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat

MD5 e87c9de5c4b5003c32592d4550d76d64
SHA1 997ad65d536a766ab9bc4762ee4cbdcbdaac3537
SHA256 f1d97998ef2af3effd40425503927d3ea6cd11407866285455a73e51c3c4a229
SHA512 972525543df4b8e77546b4e85fca7169e75fc1d5c7650ec64cb5c0f297a25bf3149757fc4595ec2074f65fd3cad4e84cba185e6ef504180427c82af38452e915

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\pink[1].css

MD5 bb81ccc45e940f9272c2119fb2763c3a
SHA1 1f932862b8fa91b64eb49c22f1ed0db4304542cc
SHA256 f286c0cb12aaf6efcfc2392df2bdb0d805358c5cd29635a12874af88e79e78de
SHA512 9550e08a8bd02a082bcd9fe3dc517ff5662dfa674bc0384f124ba768283a65adfec262fd5f74a38ae99bfd300011a3e582a7ce41f0ace04b15cf297e33691b1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\index[2].htm

MD5 63068b3f6db7bb700f3aeda82d2f9f69
SHA1 0db299ea73543f44428f5b6e4c661189c4ba0d3c
SHA256 111c43ba6c6561f8aaa4f8cbce28f8f44a9a5e6bb499b03d1916afde37e947de
SHA512 b5c288a44e86586186f2dd77646ae6b396b2a2a9b328ef6450ea31d3b0df62bc8589e943c0f58dac1d6ad384c863699b59ddfc1c5fac0e1ef132f800b690173d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\favicon[1].ico

MD5 00ca0e6805048e5ea2b54c92278e241c
SHA1 3c52bbded14d9964c2a2bc6d9e338048a5036ccd
SHA256 9af0d4aa13acfe1a06f9122a56718b7c7f35a4463d4b3a6450201e8a46547980
SHA512 524c82638c32b34782a2a15c852e78d3d7d40180bbdc66a946bc32cc8f7b8ddc16d0ef5ad4e3471f74db9833bb468cebfce5e6949473b3bae45f79ced8b61da5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat

MD5 0e7c9eb7734be9d8d889073d42eb5989
SHA1 a036d38755e491272641da3d4cb4cf9b0371bb05
SHA256 21c994676945997305732777334a489a76b03333fabed0a84b105d9059881b74
SHA512 fe490b77d602d84e6bff9277ac35a67be1ac60d591d061b7bb1a1e6b967e03b105cb468434ddc0bb01d32665690418b5665eac5f865b6a0b5413f52fc2b7a9ad

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IEREYVXM\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\fd-messaging.35ddc09b98a15a821b79[1].css

MD5 ff152094b79c15ae6b8d764b143971ff
SHA1 c90f0fabeaf869fd6a8f374f02481a89d9f99856
SHA256 68cc1d134b6c206fc45c9fdac5121a1990ac7f82fa188af9bcdb5e214415ebbd
SHA512 9393c77c2378e1624396ec3f761e04c359dcdf11cfeb0e574c6440922e6e07f660a73e66d0d26e9463a65c592f892b050cf380a51bafcc7f8f3a89635632cee8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3X07DW18\wchat.freshchat[1].xml

MD5 1b6afebe71991a3e0bc4e5d6b09bc7ef
SHA1 306e5858304cdc8e00a66bd2379b4a4d5222d1cf
SHA256 14f427aa32f3fd8f835f24695e464a6776279ab8cbaf8d8784f4153f92c5bcb2
SHA512 09569acb9750a7d09d4e0c1681e85d54beb6aa336fa3e91efaaa3e7b44f343c2912d3cfce50b80692c1c49e24fa7310e49fde3c56627aee93c68550d1029e79b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml

MD5 35fe04d25af00ea2662a15035ae2937c
SHA1 b52fca63d66418a4cee83a97aa8114e34490619f
SHA256 c678dc0c173a6f60a2e9533dd55ea9a47b1b4e9e6de4e8badc0b757558cd7d2c
SHA512 694e4a15f268f0ec69bb323c804399ddea293cdeb393a7bd10fb0a871be10e17bbbe056f846d1973dfc629714d04fe465a82da68282215cd1b30796830b86072