Analysis Overview
Threat Level: Known bad
The file https://shorturl.asia/UtWSA/#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-11 00:39
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-11 00:39
Reported
2023-07-11 00:40
Platform
win10v2004-20230703-en
Max time kernel
68s
Max time network
75s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000dc71af06d735f42709da4627c2eaefbc9ced1d70db78c46a3c669781d977b068000000000e80000000020000200000005c0a0d2a63135ecfc9e2dfe0f71e85880e07d1a25bcb5eabe3df7bd9796630a72000000024240b0376b6b227989a7fd12cca4714708854bb3561a04823d0c85de18ac0944000000098d61a58d610366493e3fbdba90ab73e97fb74098c6e6226bd7b7496c1102b376774897fd5f9b546fcba4b5c6e69fc730eed91e84e66cb72afe7597d669af67c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{63BA1F95-1F83-11EE-A3FC-EA31DB5664A1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\domain.sg | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.domain.sg | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00aec2d2b5add901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f00000000020000000000106600000001000020000000d6187aece40d0ca976691756026914a645c715e463593c057030f72126d996c5000000000e800000000200002000000029fcf1a15bbe303dbfab04c335d548963dae95f8f652d9fde28701f556c8e08720000000aa0988e7fa327252d35924b187a25c651cc839b79359a154faedb40f58a24822400000006051b94c118f2d7eefbee76260aecb98e9645e4132461759427e2a1e06d4b55db6973171708089f3e1973156189e9daf14286a1fedddc3d8626945d53bcab8a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08b5bc4b5add901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.domain.sg\ = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395157356" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00746c4b5add901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\domain.sg\Total = "32" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000007ce7b7852422c48865386072e9a0d0f000000000200000000001066000000010000200000000554ccc5d08365201a5ae15fd5b47317adf44de1249fb9badf7ef59225bf723a000000000e80000000020000200000009900ec1df230cf392212976cc445308a35ac3f9d456edd22bcc55522ea89e4fc20000000cd2c66e6e898b732aabae2589c1acd6254dbf2432b114eddc6db222b62cc5e1340000000a49e7738330004366235efa8e1a9cfd04677e99f2e1ea079ab6598dce4534e3b24d2ba3d6d92feffa69a7845ad4c37bd783af236a5ea84a671091d213bbead30 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 632 wrote to memory of 4500 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 632 wrote to memory of 4500 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 632 wrote to memory of 4500 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://shorturl.asia/UtWSA/#[email protected]
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.105:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 105.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shorturl.asia | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.211.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 172.67.69.104:443 | shorturl.asia | tcp |
| US | 172.67.69.104:443 | shorturl.asia | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.shorturl.asia | udp |
| US | 104.26.7.175:443 | www.shorturl.asia | tcp |
| US | 104.26.7.175:443 | www.shorturl.asia | tcp |
| US | 8.8.8.8:53 | 177.17.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipfs.io | udp |
| US | 209.94.90.1:443 | ipfs.io | tcp |
| US | 209.94.90.1:443 | ipfs.io | tcp |
| US | 8.8.8.8:53 | 1.90.94.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 69.16.175.10:443 | code.jquery.com | tcp |
| US | 69.16.175.10:443 | code.jquery.com | tcp |
| US | 104.18.23.52:443 | kit.fontawesome.com | tcp |
| US | 104.18.23.52:443 | kit.fontawesome.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.64.203.28:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.203.28:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.175.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| NL | 65.9.86.50:443 | logo.clearbit.com | tcp |
| NL | 65.9.86.50:443 | logo.clearbit.com | tcp |
| US | 8.8.8.8:53 | 28.203.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 50.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.102.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | basmamall.com | udp |
| GB | 149.255.62.31:443 | basmamall.com | tcp |
| US | 8.8.8.8:53 | 31.62.255.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.domain.sg | udp |
| SG | 103.14.214.15:80 | www.domain.sg | tcp |
| SG | 103.14.214.15:80 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| US | 8.8.8.8:53 | 15.214.14.103.in-addr.arpa | udp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| SG | 103.14.214.15:443 | www.domain.sg | tcp |
| US | 8.8.8.8:53 | snippets.freshchat.com | udp |
| US | 8.8.8.8:53 | wchat.freshchat.com | udp |
| US | 34.196.69.230:443 | wchat.freshchat.com | tcp |
| US | 34.196.69.230:443 | wchat.freshchat.com | tcp |
| NL | 52.222.139.117:443 | snippets.freshchat.com | tcp |
| NL | 52.222.139.117:443 | snippets.freshchat.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 18.239.100.55:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 117.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.69.196.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.100.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | billing.apc.sg | udp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| SG | 103.14.214.15:443 | billing.apc.sg | tcp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| IN | 103.180.115.6:443 | cdn.fraudlabspro.com | tcp |
| IN | 103.180.115.6:443 | cdn.fraudlabspro.com | tcp |
| US | 8.8.8.8:53 | assetscdn-wchat.freshchat.com | udp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| NL | 52.222.139.72:443 | assetscdn-wchat.freshchat.com | tcp |
| US | 8.8.8.8:53 | 6.115.180.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.fraudlabspro.com | udp |
| DE | 54.93.142.19:443 | s.fraudlabspro.com | tcp |
| DE | 54.93.142.19:443 | s.fraudlabspro.com | tcp |
| US | 8.8.8.8:53 | 19.142.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\faviconV2[1].png
| MD5 | 2b211699e540f9966c9607c0cf9610dd |
| SHA1 | 50d05731149e616eb4df5cf93d2a92609af9c019 |
| SHA256 | 8302965543614a1f45aca4bea921c737531578a7508fdfd32a1e20087b090bef |
| SHA512 | f157f87dfb87d1159117e000b0b17e8fbd0c20fe98bba81416fb2c531056a1a34e3efa872b2856dcf7fff2aeb02d575aed18de0b8700f4d12b956e49857d4128 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e863qdq\imagestore.dat
| MD5 | 4c94201b930023f1c688a69910f48ca7 |
| SHA1 | c4ab858929b24365488a0c5ebecbec18f4184d16 |
| SHA256 | a167f8d8fad7dc0919a369d12a6374ac11745c923feb5cd0404492f42bfcc258 |
| SHA512 | a0cb1c0edf7d979b7c1b5d0cd7e0ac5fbb946bdc9109652ffb7dcf18dc6cc699ec6c1e44cd3e546dec0f5275c7869911394b5a055ad32173553541695acb786f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\pink[1].css
| MD5 | bb81ccc45e940f9272c2119fb2763c3a |
| SHA1 | 1f932862b8fa91b64eb49c22f1ed0db4304542cc |
| SHA256 | f286c0cb12aaf6efcfc2392df2bdb0d805358c5cd29635a12874af88e79e78de |
| SHA512 | 9550e08a8bd02a082bcd9fe3dc517ff5662dfa674bc0384f124ba768283a65adfec262fd5f74a38ae99bfd300011a3e582a7ce41f0ace04b15cf297e33691b1b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RSFEJP46\index[3].htm
| MD5 | 734ccd20a8a561473b318ec318a493df |
| SHA1 | 88dbcedba13cf94243487beed80f88cb1de33359 |
| SHA256 | adbd08ebbb6f155c27347ad474c97513c2da084bfc0649ce662750de30adb584 |
| SHA512 | 118e2ea4150ed9fed739eab65fa43ebea6a1d0748380c8b9331ecd5ddb4404dfd9ea45614ae24fced551692bbff5b0832ec0902035529f68268df4dd6027878d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFS1FGNU\favicon[1].ico
| MD5 | 00ca0e6805048e5ea2b54c92278e241c |
| SHA1 | 3c52bbded14d9964c2a2bc6d9e338048a5036ccd |
| SHA256 | 9af0d4aa13acfe1a06f9122a56718b7c7f35a4463d4b3a6450201e8a46547980 |
| SHA512 | 524c82638c32b34782a2a15c852e78d3d7d40180bbdc66a946bc32cc8f7b8ddc16d0ef5ad4e3471f74db9833bb468cebfce5e6949473b3bae45f79ced8b61da5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e863qdq\imagestore.dat
| MD5 | e52f124b5dc258bbd588785d6238ef71 |
| SHA1 | 6128becc95530348a85ba62c64f3977e892e8da8 |
| SHA256 | 9aa15b4eefb202ebd3af6156f359cd7bf74f5ee7cdd336c18270af9233604a40 |
| SHA512 | 5a1046652267c9f6489f4dee36bc485ba8ccb94305b71c7c17b1fddf809dfc7aa68d3973aa4ebaa6c80d8d3f024f87bc688a6acf645ebaa619d7e383fbd30ed6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\682LH5TR\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |