Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://archivohot.com/o/res/100.html was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:42
Reported
2024-06-13 03:43
Platform
win11-20240611-en
Max time kernel
90s
Max time network
94s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1560405787-796225086-678739705-1000\{D9021517-31D9-4A5A-9593-2CF71D2CF389} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archivohot.com/o/res/100.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecf093cb8,0x7ffecf093cc8,0x7ffecf093cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D0
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13227563303821511900,6028082796641994257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | archivohot.com | udp |
| US | 104.21.235.135:443 | static.archivohot.com | tcp |
| US | 3.164.160.12:443 | djvby0s5wa7p7.cloudfront.net | tcp |
| US | 3.164.160.12:443 | djvby0s5wa7p7.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.164.3.in-addr.arpa | udp |
| US | 172.240.253.132:443 | pl16740905.highrevenuegate.com | tcp |
| NL | 94.242.247.30:443 | blurbreimbursetrombone.com | tcp |
| NL | 94.242.247.27:443 | earringsatisfiedsplice.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| GB | 89.187.167.7:443 | www.premiumvertising.com | tcp |
| GB | 143.204.176.42:443 | getrunkhomuto.info | tcp |
| GB | 18.244.140.100:443 | ghabovethec.info | tcp |
| US | 104.21.45.236:443 | knowledconsideunden.info | tcp |
| GB | 18.244.155.59:443 | tarvardsusyseinpou.info | tcp |
| US | 104.21.45.236:443 | knowledconsideunden.info | tcp |
| US | 104.21.45.236:443 | knowledconsideunden.info | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 104.21.24.208:443 | pogothere.xyz | tcp |
| US | 162.252.214.11:443 | premiumvertising.com | tcp |
| US | 8.8.8.8:53 | 7.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.45.21.104.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.17.166.186:443 | c.adsco.re | tcp |
| US | 162.252.214.5:443 | adsco.re | tcp |
| US | 104.17.166.186:443 | c.adsco.re | tcp |
| NL | 212.117.190.217:443 | coosync.com | tcp |
| US | 162.252.214.5:443 | adsco.re | tcp |
| US | 162.252.214.5:2087 | adsco.re | tcp |
| US | 104.17.166.186:2087 | c.adsco.re | tcp |
| GB | 185.200.118.51:443 | 3vefocnukyq7.l4.adsco.re | tcp |
| GB | 185.200.118.51:443 | 3vefocnukyq7.l4.adsco.re | tcp |
| US | 162.252.214.5:443 | adsco.re | tcp |
| US | 38.132.109.115:443 | 3vefocnukyq7.n4.adsco.re | tcp |
| SG | 185.200.116.51:443 | 3vefocnukyq7.s4.adsco.re | tcp |
| SG | 185.200.116.51:443 | 3vefocnukyq7.s4.adsco.re | tcp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.106.100.48:80 | clients.utubeva.damempire.co.uk | tcp |
| US | 52.92.163.241:443 | webpick-cdn.s3.amazonaws.com | tcp |
| US | 52.92.163.241:443 | webpick-cdn.s3.amazonaws.com | tcp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| CZ | 23.73.141.158:443 | best.aliexpress.com | tcp |
| CZ | 23.73.141.158:443 | best.aliexpress.com | tcp |
| CZ | 23.73.141.158:443 | best.aliexpress.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| SG | 47.246.110.43:443 | ae.mmstat.com | tcp |
| DE | 47.246.146.79:443 | acs.aliexpress.com | tcp |
| SG | 47.246.110.43:443 | ae.mmstat.com | tcp |
| BE | 2.17.107.187:443 | time-ae.akamaized.net | tcp |
| US | 163.181.154.232:443 | bottom.campaign.aliexpress.com | tcp |
| NL | 23.62.61.58:443 | ae04.alicdn.com | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| RU | 47.246.133.89:443 | login.aliexpress.ru | tcp |
| RU | 47.246.133.89:443 | login.aliexpress.ru | tcp |
| US | 151.106.100.48:80 | clients.utubeva.damempire.co.uk | tcp |
| US | 151.106.100.48:80 | clients.utubeva.damempire.co.uk | tcp |
| GB | 142.250.187.206:443 | fcmatch.youtube.com | tcp |
| GB | 142.250.187.206:443 | fcmatch.youtube.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 173.194.183.105:443 | rr4---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.105:443 | rr4---sn-aigl6nek.googlevideo.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 74.125.168.170:443 | rr5---sn-aigl6nzl.googlevideo.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 173.194.143.137:443 | rr4---sn-q4flrnek.googlevideo.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| GB | 74.125.175.72:443 | rr3---sn-aigl6nzs.googlevideo.com | udp |
| GB | 173.194.183.105:443 | rr4---sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 74.125.105.105:443 | rr4---sn-aigl6nsk.googlevideo.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.98:443 | ade.googlesyndication.com | tcp |
| GB | 172.217.16.238:443 | i1.ytimg.com | tcp |
| GB | 172.217.16.238:443 | i1.ytimg.com | udp |
| GB | 216.58.201.98:443 | ade.googlesyndication.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 196eaa9f7a574c29bd419f9d8c2d9349 |
| SHA1 | 19982d15d1e2688903b0a3e53a8517ab537b68ed |
| SHA256 | df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412 |
| SHA512 | e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7 |
\??\pipe\LOCAL\crashpad_2136_BJZZJHQQUZZDFDKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f717f56b5d8e2e057c440a5a81043662 |
| SHA1 | 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f |
| SHA256 | 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945 |
| SHA512 | 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8b91422a638e0721bd74efbac75f82f |
| SHA1 | b8baf8d66957996a2924de397abdce0135deab44 |
| SHA256 | 5bcf89da9e7e5338087de0da9b1d294df205af15a6de08846db849b1205beb31 |
| SHA512 | 5565b0429da4a8e4c09a84755ff0a537acbe83463c63bfa547a7ca6b81a3c50951da06976b346dd1841a2261858097b2b7f94a0aa2c03a1a3d294758ee710899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_archivohot.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | bf2c9b4c340827cb10ac21e17f3db378 |
| SHA1 | 2203a03b53ed7ee3ef8f7a4835694a3d313becff |
| SHA256 | d66c19bcc3bae147b4606eb1cf98fdf16427865451b9b5f41ca685215abed254 |
| SHA512 | d2e87455aca2b99bb29fc5f4940a64a78ddc6da47703a02f8b46d51b4bdbd301b67532165af9d0afa48afbf1b4785b714e00bdd33f67a80a8d68250b0e4037c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16afad5c2842dfde9fe2eee93447c80a |
| SHA1 | 4d0935b5eee8d7acb2671e4ef36856c20bedaf7c |
| SHA256 | d5ed7c0b54a1d7e21a71ee5dc99b7755a2a5f656fc5553c7864135dac7b95e3a |
| SHA512 | 0dbabaecce50a6b2e37c319f03683ff7a5f54b33f4ca5689fb9a402cf35d017d7e251c07b6cf0dddb1a0683444ff226a886fe27d758fe00610d62d7d2067daae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e314000bdad6b5ff84f979802af39884 |
| SHA1 | 6237fe2e8fea383ed8e21aca2901c8fc8e1f6f32 |
| SHA256 | a217cfdadb88277bdc04e58738f340d7aab17da58e0c953bfd7958cdf7f31dee |
| SHA512 | a93ddb2081aaaf02f100c959347c45e1ec29bde1cf5276e5386701ae9a0b98cb85b515260e59cd39b25bdf47c0b8184f4903abcc2cab24a06a2f5beda3ad7035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa268081a7e7d75c322ebcabc8ced4be |
| SHA1 | 65edb2c105e44ac171800af3404e2f054a5ed3eb |
| SHA256 | 94e9fc9afa5db8eb3c201306d9a25ba075730d3074ed5c60ec884fac643ce87e |
| SHA512 | 000ba535f43d868cb95758eae9aaf0877524e5b3a763b96d9e3810e6e3ec9c72dcd5dad6c81474ed99344fbebf8e9b6245adfef371e82727d1912c9c51540a1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 379094265b789fbc923f7a66fcd4ec78 |
| SHA1 | f5f5219a1716500dd103334ea3446a2a7b9826c3 |
| SHA256 | 0133ffe8321616444708b5efeab4754b12ec9b000e554d1c79787c51e97426a0 |
| SHA512 | 467c36a9594557d915815f84e483e5fb2311610f1d72fb0ec77de7d8462f91d51fb4e2c35afc13bef4895cefd7efcf4429669c41cd46957df0ce814cff9d15d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbc9.TMP
| MD5 | 6254b040257a1b0448be27a8ada19495 |
| SHA1 | 1745dbc1bdb672df4a271e051d8cb4bea37ea05b |
| SHA256 | 65f235d2f6327d0766df5bbcc4cc46dd44807cdbef4f0e3c3e336991039b168f |
| SHA512 | ad129a603ec3ed7c89e045726e21fc9f1a3640409c4e41861e13967a1cca6cc0944f0a1f352b9a4778e7a28e46364daa6ed62d56dcdb78a14a3e425e47a90500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a499f072983a718fff70e5ed13b806a |
| SHA1 | 83755c1c166b7b438c47dcba12f249aaa2a2b110 |
| SHA256 | eb6175c77d2ab1c86538ba6fba9989b5a8805b43e024409a62e0f8ac05978d79 |
| SHA512 | adaabb56c3e59f01a340b7cdf48275db79366feaf2f9a08e5bcbd6dccfe66963f6d7b3efdfb8626a4db0d8debc973088a560ca1ae9091dfd1d843a1b4627167d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6d23e146e712d9e018231757bde5f4dd |
| SHA1 | b035ccd80e2ea59d3723ec4b01f94a524e841821 |
| SHA256 | 6c94115ec4d3744f52909a14a43800bf84cbbe22dd1d64d4821f14d892812801 |
| SHA512 | 085baaae86e5a7b367e7c3cfa5a663c4cc88a42d6ea8f3de6bee9d72969bea062fd88b60f256b3f8c3dc127e291efb5a478642a0f7551be5b7425f190eeb5b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 802e33ccba4dcad2b1c4afed3b3a4754 |
| SHA1 | e58925fd8eb045b6834da39724f47f4a7bda71c4 |
| SHA256 | 80535b5636cf11ffbbea2520bcf904b38c14787967fe2a3703d6d3c45e5cd353 |
| SHA512 | 3392f53a92bf339b545cee19fcf6a34d8a0f922e3b66cf17db4f8b61fea3beef2834e2062e1d1e4a9ea5971c188f4dd2502c2caeeb828e58c2e3a56aa2f879fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e2bdb43903a2d8dfeb26a7ee147f59c |
| SHA1 | 45295c5cb31099de20bd06203a18a9ccacf460ee |
| SHA256 | 7f33fa40edc91cece219e3ea1037417e28b8f76c123d9a3403d5ba117847de92 |
| SHA512 | d5d6d019fa745fadb4605bf19b445f7c3d92c125051ba78e42c73925f0268a97d010f15a0f0814bc492d04fdaa45910979d8d53feff5121985d6fee78effee62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e76880e3826c42fb15f7f5f4313fd7e5 |
| SHA1 | eb8b506ce8af88417e77256ba3ea9ec471e0814c |
| SHA256 | 87f62f79bd0ef12adfeb70c190c5c737e321c18f17f119eac73389415f135716 |
| SHA512 | 635bc616957973fa362e70d1bdb02f281128416782af44f603b93bba77085e511ced4fd609e6cb8b06fb03f14f045621ebf812b708b456581901a7147f7ccb2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b98ad5fa0385dd377fc500983e4122a8 |
| SHA1 | 3f9372c60262458a1ca1dc80e14bb3c04f3f26f8 |
| SHA256 | ae2eb34d1ca267956cad8b07d11d301165963d6d8b90d5da1ee2f565375fd6d5 |
| SHA512 | c5c8f3a092c53913f6f2318952f790a0104b0ae2bef9bb2c8cdc5c0f9b4feb3a5d01400698a43f2e237218cd7a5d352249be9520c60d4bca78347e8954e123d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588b05.TMP
| MD5 | 77582b58ca5a00bc6f467b26368d8b24 |
| SHA1 | 4c35d6a733a02e4da6da72afcbbde18fa949695b |
| SHA256 | 4794b81a5d7137aea64abb60e7c5b1838c98c237a511a874315068558265d5fd |
| SHA512 | 7f1bae786beef30490eb47714bf407dd12dad33fcb5fa1186ac53958e7c3b45a864037d243701a89f94b45d3f32ab499ad1a3e26397d6041e7beedeccd218405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 105ad54104af43591dbc9e846ce6300c |
| SHA1 | 6ba23ed3d5d960929993b172f77a7c4fa1eecca5 |
| SHA256 | 1e3428967efe0d69826ea794d1ffbe451591e901ab80044197712c78e77b7249 |
| SHA512 | f729c4b0976177d8849dbca00fa33130c535676693b3ce0279c00d29c63f8c678bd7743c1d23759a7e4bf17b46ff7b1aa5365ee4709c7e076fb85cf74b24582e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 365e6cacd993aeff945e88baceb2f327 |
| SHA1 | 46b1169f2e2c61c576e72a5288233f9ff5b0ed2b |
| SHA256 | 0f82a04bbfd4a4bf5f3d302fc32f39bbc2ed655ecb7430f32828d0e4814da511 |
| SHA512 | 65cf29383b299f54561f354b65cfb2e412a49d9a009dace0197962fa0d5a86eade5bc1c08789e6f4d271bcb3d97064b3cfaf540ad183baa5c462ffb8d7cf6769 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1b1e819116216d969f059332c353b83 |
| SHA1 | facd97be4392e80f90f843a7bf29d3761b9abe33 |
| SHA256 | 99d9c9e12910a3baf2f0c7a8a9a04ab834f38137f537caaa05571a3807dc3569 |
| SHA512 | 0c560d2949defe39205ddfc708ee3613ad131f9c958c8f64cd6087665cf37cc675d5d49d86c41e54a8a38a826b0f0b814cfd15ec9b82bed63e20773e88ea0045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b6e140772d15cca22381bb01dbcf87e |
| SHA1 | e960d686b8932c973206bfeb3e7619c02275f246 |
| SHA256 | e2836fb80b8e50f7ade446b4056b48ab88dce6213ff69609f8eb198842788317 |
| SHA512 | ba5a233ca6c4157127b4c2be1338db408bfb0bad8e199b03af1521b2a588e2eb7973c868ad3d643715db0d47da82f3508d165c9082c4744e9ada70168062e409 |