Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 04:09 UTC

General

  • Target

    9ab805984c4e6aa56ec9aa14672f7cc5.html

  • Size

    26KB

  • MD5

    9ab805984c4e6aa56ec9aa14672f7cc5

  • SHA1

    4d6768e8cc0e35f32e9449244191f1ffbfb48c2d

  • SHA256

    3d8c60410928163dab4cd042dd51d9408d232f2a62fff26fb6fca0e0f866e7bf

  • SHA512

    67e4fe974fa3f5e8a5d5533ca814dd859bc625b3552c73f851de93a17ced37e9c8d94daff7774f0f5d54ba571dee70063c11fba7124bc1f65d3d5878d9619026

  • SSDEEP

    768://1DpKVAqnd+qi9q7B2t44u05t782S8v9U://11KVhnd+LABW44u05t7a

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9ab805984c4e6aa56ec9aa14672f7cc5.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf24e46f8,0x7ffcf24e4708,0x7ffcf24e4718
      2⤵
        PID:3096
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:516
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
        2⤵
          PID:1952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
          2⤵
            PID:536
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:4320
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
              2⤵
                PID:5020
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                2⤵
                  PID:684
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4804
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                  2⤵
                    PID:3448
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                    2⤵
                      PID:1468
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                      2⤵
                        PID:4644
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                        2⤵
                          PID:3472
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1544
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2744
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4324

                          Network

                          • flag-us
                            DNS
                            28.118.140.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            28.118.140.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            www.blogger.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.blogger.com
                            IN A
                            Response
                            www.blogger.com
                            IN CNAME
                            blogger.l.google.com
                            blogger.l.google.com
                            IN A
                            216.58.201.105
                          • flag-us
                            DNS
                            www.google.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            142.250.178.4
                          • flag-gb
                            GET
                            https://www.blogger.com/static/v1/widgets/204402360-widget_css_bundle.css
                            msedge.exe
                            Remote address:
                            216.58.201.105:443
                            Request
                            GET /static/v1/widgets/204402360-widget_css_bundle.css HTTP/2.0
                            host: www.blogger.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/css,*/*;q=0.1
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: style
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://www.blogger.com/static/v1/widgets/1258645123-widgets.js
                            msedge.exe
                            Remote address:
                            216.58.201.105:443
                            Request
                            GET /static/v1/widgets/1258645123-widgets.js HTTP/2.0
                            host: www.blogger.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8275446498373687150&zx=4b5338ef-8626-4169-a28c-268702c0561f
                            msedge.exe
                            Remote address:
                            216.58.201.105:443
                            Request
                            GET /dyn-css/authorization.css?targetBlogID=8275446498373687150&zx=4b5338ef-8626-4169-a28c-268702c0561f HTTP/2.0
                            host: www.blogger.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/css,*/*;q=0.1
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: style
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            3.bp.blogspot.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            3.bp.blogspot.com
                            IN A
                            Response
                            3.bp.blogspot.com
                            IN CNAME
                            photos-ugc.l.googleusercontent.com
                            photos-ugc.l.googleusercontent.com
                            IN A
                            172.217.16.225
                          • flag-gb
                            GET
                            http://3.bp.blogspot.com/_rLYhkzmU7RY/TDvdaQEQJhI/AAAAAAAAAAM/tQr4P8Rb7AQ/s1600/line.gif
                            msedge.exe
                            Remote address:
                            172.217.16.225:80
                            Request
                            GET /_rLYhkzmU7RY/TDvdaQEQJhI/AAAAAAAAAAM/tQr4P8Rb7AQ/s1600/line.gif HTTP/1.1
                            Host: 3.bp.blogspot.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Access-Control-Allow-Origin: *
                            Timing-Allow-Origin: *
                            Access-Control-Expose-Headers: Content-Length
                            Content-Disposition: inline;filename="line.gif"
                            X-Content-Type-Options: nosniff
                            Server: fife
                            Content-Length: 43
                            X-XSS-Protection: 0
                            Date: Wed, 14 Feb 2024 02:53:41 GMT
                            Expires: Thu, 15 Feb 2024 02:53:41 GMT
                            Cache-Control: public, max-age=86400, no-transform
                            Age: 4567
                            ETag: "v25"
                            Content-Type: image/gif
                            Vary: Origin
                          • flag-us
                            DNS
                            22.160.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            22.160.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            105.201.58.216.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            105.201.58.216.in-addr.arpa
                            IN PTR
                            Response
                            105.201.58.216.in-addr.arpa
                            IN PTR
                            prg03s02-in-f1051e100net
                            105.201.58.216.in-addr.arpa
                            IN PTR
                            prg03s02-in-f9�J
                            105.201.58.216.in-addr.arpa
                            IN PTR
                            lhr48s48-in-f9�J
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            180.178.17.96.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            180.178.17.96.in-addr.arpa
                            IN PTR
                            Response
                            180.178.17.96.in-addr.arpa
                            IN PTR
                            a96-17-178-180deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            225.16.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            225.16.217.172.in-addr.arpa
                            IN PTR
                            Response
                            225.16.217.172.in-addr.arpa
                            IN PTR
                            lhr48s28-in-f11e100net
                            225.16.217.172.in-addr.arpa
                            IN PTR
                            mad08s04-in-f1�H
                          • flag-us
                            DNS
                            www.google.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            142.250.178.4
                          • flag-us
                            DNS
                            13.86.106.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            13.86.106.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            elmonitor-lemoniteur.blogspot.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            elmonitor-lemoniteur.blogspot.com
                            IN A
                            Response
                            elmonitor-lemoniteur.blogspot.com
                            IN CNAME
                            blogspot.l.googleusercontent.com
                            blogspot.l.googleusercontent.com
                            IN A
                            142.250.187.225
                          • flag-gb
                            GET
                            http://elmonitor-lemoniteur.blogspot.com/favicon.ico
                            msedge.exe
                            Remote address:
                            142.250.187.225:80
                            Request
                            GET /favicon.ico HTTP/1.1
                            Host: elmonitor-lemoniteur.blogspot.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Content-Type: image/x-icon; charset=UTF-8
                            Expires: Wed, 14 Feb 2024 04:10:09 GMT
                            Date: Wed, 14 Feb 2024 04:10:09 GMT
                            Cache-Control: private, max-age=86400
                            Last-Modified: Mon, 15 Jul 2019 08:28:09 GMT
                            ETag: W/"1abf2cc28ab204efeb1fa7a3fb5c54723d955124acce57b95fa1e0bff8970bab"
                            Content-Encoding: gzip
                            X-Content-Type-Options: nosniff
                            X-XSS-Protection: 1; mode=block
                            Content-Length: 412
                            Server: GSE
                          • flag-us
                            DNS
                            225.187.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            225.187.250.142.in-addr.arpa
                            IN PTR
                            Response
                            225.187.250.142.in-addr.arpa
                            IN PTR
                            lhr25s34-in-f11e100net
                          • flag-us
                            DNS
                            157.123.68.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            157.123.68.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            18.31.95.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            18.31.95.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            217.135.221.88.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            217.135.221.88.in-addr.arpa
                            IN PTR
                            Response
                            217.135.221.88.in-addr.arpa
                            IN PTR
                            a88-221-135-217deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            194.178.17.96.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            194.178.17.96.in-addr.arpa
                            IN PTR
                            Response
                            194.178.17.96.in-addr.arpa
                            IN PTR
                            a96-17-178-194deploystaticakamaitechnologiescom
                          • 216.58.201.105:443
                            https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8275446498373687150&zx=4b5338ef-8626-4169-a28c-268702c0561f
                            tls, http2
                            msedge.exe
                            4.2kB
                            73.1kB
                            63
                            67

                            HTTP Request

                            GET https://www.blogger.com/static/v1/widgets/204402360-widget_css_bundle.css

                            HTTP Request

                            GET https://www.blogger.com/static/v1/widgets/1258645123-widgets.js

                            HTTP Request

                            GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8275446498373687150&zx=4b5338ef-8626-4169-a28c-268702c0561f
                          • 216.58.201.105:443
                            www.blogger.com
                            tls, http2
                            msedge.exe
                            999 B
                            5.8kB
                            9
                            8
                          • 142.250.178.4:445
                            www.google.com
                            260 B
                            5
                          • 172.217.16.225:80
                            http://3.bp.blogspot.com/_rLYhkzmU7RY/TDvdaQEQJhI/AAAAAAAAAAM/tQr4P8Rb7AQ/s1600/line.gif
                            http
                            msedge.exe
                            733 B
                            782 B
                            7
                            6

                            HTTP Request

                            GET http://3.bp.blogspot.com/_rLYhkzmU7RY/TDvdaQEQJhI/AAAAAAAAAAM/tQr4P8Rb7AQ/s1600/line.gif

                            HTTP Response

                            200
                          • 142.250.187.225:80
                            http://elmonitor-lemoniteur.blogspot.com/favicon.ico
                            http
                            msedge.exe
                            651 B
                            1.1kB
                            6
                            6

                            HTTP Request

                            GET http://elmonitor-lemoniteur.blogspot.com/favicon.ico

                            HTTP Response

                            200
                          • 52.142.223.178:80
                            46 B
                            1
                          • 8.8.8.8:53
                            28.118.140.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            28.118.140.52.in-addr.arpa

                          • 8.8.8.8:53
                            www.blogger.com
                            dns
                            msedge.exe
                            61 B
                            108 B
                            1
                            1

                            DNS Request

                            www.blogger.com

                            DNS Response

                            216.58.201.105

                          • 8.8.8.8:53
                            www.google.com
                            dns
                            60 B
                            76 B
                            1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            142.250.178.4

                          • 216.58.201.105:443
                            www.blogger.com
                            https
                            msedge.exe
                            3.7kB
                            7.5kB
                            9
                            12
                          • 8.8.8.8:53
                            3.bp.blogspot.com
                            dns
                            msedge.exe
                            63 B
                            124 B
                            1
                            1

                            DNS Request

                            3.bp.blogspot.com

                            DNS Response

                            172.217.16.225

                          • 8.8.8.8:53
                            22.160.190.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            22.160.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            105.201.58.216.in-addr.arpa
                            dns
                            73 B
                            171 B
                            1
                            1

                            DNS Request

                            105.201.58.216.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            180.178.17.96.in-addr.arpa
                            dns
                            72 B
                            137 B
                            1
                            1

                            DNS Request

                            180.178.17.96.in-addr.arpa

                          • 8.8.8.8:53
                            225.16.217.172.in-addr.arpa
                            dns
                            73 B
                            140 B
                            1
                            1

                            DNS Request

                            225.16.217.172.in-addr.arpa

                          • 8.8.8.8:53
                            www.google.com
                            dns
                            60 B
                            76 B
                            1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            142.250.178.4

                          • 224.0.0.251:5353
                            msedge.exe
                            584 B
                            9
                          • 8.8.8.8:53
                            13.86.106.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            13.86.106.20.in-addr.arpa

                          • 8.8.8.8:53
                            elmonitor-lemoniteur.blogspot.com
                            dns
                            msedge.exe
                            79 B
                            138 B
                            1
                            1

                            DNS Request

                            elmonitor-lemoniteur.blogspot.com

                            DNS Response

                            142.250.187.225

                          • 8.8.8.8:53
                            225.187.250.142.in-addr.arpa
                            dns
                            74 B
                            112 B
                            1
                            1

                            DNS Request

                            225.187.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            18.31.95.13.in-addr.arpa
                            dns
                            70 B
                            144 B
                            1
                            1

                            DNS Request

                            18.31.95.13.in-addr.arpa

                          • 8.8.8.8:53
                            157.123.68.40.in-addr.arpa
                            dns
                            72 B
                            146 B
                            1
                            1

                            DNS Request

                            157.123.68.40.in-addr.arpa

                          • 8.8.8.8:53
                            217.135.221.88.in-addr.arpa
                            dns
                            73 B
                            139 B
                            1
                            1

                            DNS Request

                            217.135.221.88.in-addr.arpa

                          • 8.8.8.8:53
                            194.178.17.96.in-addr.arpa
                            dns
                            72 B
                            137 B
                            1
                            1

                            DNS Request

                            194.178.17.96.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            f246cc2c0e84109806d24fcf52bd0672

                            SHA1

                            8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

                            SHA256

                            0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

                            SHA512

                            dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            394B

                            MD5

                            047e6e09fcacde873e602b9621757bb4

                            SHA1

                            34d9379ce52bc628c13ca89abc7fe28d62d92496

                            SHA256

                            c790d0e29cdeb340d44a8b9bb496f7e463cbe51aeebf1d96ec87b2df69d3afa9

                            SHA512

                            e98355f147375b2bec92138acbd9e4b908f01faa677266709455c57b7eb57310b0d4023a3902ed02bbfe801cf7c11a58ce91d15dcecaac12b6d87783165d404a

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            111B

                            MD5

                            285252a2f6327d41eab203dc2f402c67

                            SHA1

                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                            SHA256

                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                            SHA512

                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            27553067825375e6fbe0f16cc39b7a1c

                            SHA1

                            0f0efee7c788fb747ede53d5cbe2f469603e1e2e

                            SHA256

                            5da12833a98191900671684d0797fa68a84603d1edb81bd888cf71b029dabe13

                            SHA512

                            3bf6efc44b0c9edac1a295fae91ce7bd4e51aec0b2aa43c27255c153d3fc2632ac108ca35a25e843dcc15d855261ce67f3397703bfb4eef3c83411322a51a69a

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            f408c60f464feba3574fb94d5a4b8299

                            SHA1

                            c90019c58c9f65881539c76215fc5aa4f485a906

                            SHA256

                            91ccacb74adbcb1d45a3e3ec596870bd011a08735467382fa2bbc4f4c7542340

                            SHA512

                            6c52202bea1936a087b3664052bbcd75b89a9f0b9e4570a4bbc0e0301e6b7c91b63713f3e8fa161abbcd065b8fdde898d94f6e9471365c0f39676eb3172c9763

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            494e68a54a8302799a1fd60b6020dade

                            SHA1

                            9e791140626f92dd046b1ef317dac9224197409c

                            SHA256

                            359b82d902d7298cbd84c8bc2edcb82e975cf4b0bd36faa88b6fde9c0b3e631a

                            SHA512

                            e2b44c46579c46502b6935478b978a3bfe12b580d6d8548381bc8612bcecb0242905b29a75a78cd28d5d06186f5c1b2398296959b30e0d322871487a65c2d0d8

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                            Filesize

                            24KB

                            MD5

                            5e62a6848f50c5ca5f19380c1ea38156

                            SHA1

                            1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

                            SHA256

                            23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

                            SHA512

                            ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            067071564a52177a490fd6aac7e4a775

                            SHA1

                            d07ae8253620db8feb8a5db32b266beec1edf186

                            SHA256

                            23b23eb2ad7329cc3db40777babac28d01d40e72391cbb536a2fe0136b0b2e18

                            SHA512

                            9d468d00641f1f21cb789aba36c001ed49373b9768619030ae534671457d95f93c29f4cc353efce2249fff2919a73eb62d1b46c457e160a7dc2e9f2ddde2afb9

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.