Analysis Overview
Threat Level: Known bad
The file http://usescarlet.com was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
A potential corporate email address has been identified in the URL: Montserratwght@700
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: Montserratwght@500
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Enumerates system info in registry
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 15:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 15:31
Reported
2024-11-09 15:34
Platform
win11-20241007-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Detected google phishing page
A potential corporate email address has been identified in the URL: Montserratwght@500
A potential corporate email address has been identified in the URL: Montserratwght@700
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\ScarletAlpha.ipa:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://usescarlet.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffc5bf3cb8,0x7fffc5bf3cc8,0x7fffc5bf3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9167853140678953662,15640137711689829684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6540 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | usescarlet.com | udp |
| US | 8.8.8.8:53 | usescarlet.com | udp |
| US | 172.67.165.37:80 | resources.usescarlet.com | tcp |
| US | 172.67.165.37:80 | resources.usescarlet.com | tcp |
| US | 172.67.165.37:443 | resources.usescarlet.com | tcp |
| US | 8.8.8.8:53 | d3bbyfw7v2aifi.cloudfront.net | udp |
| IE | 3.162.143.16:443 | d3bbyfw7v2aifi.cloudfront.net | tcp |
| IE | 3.162.143.16:443 | d3bbyfw7v2aifi.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 104.21.68.94:443 | ukankingwithea.com | tcp |
| US | 104.21.68.94:443 | ukankingwithea.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.68.94:443 | ukankingwithea.com | tcp |
| US | 104.21.68.94:443 | ukankingwithea.com | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| GB | 18.244.140.102:443 | ghabovethec.info | tcp |
| PT | 3.160.132.30:443 | entxviewsinterfu.org | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| US | 172.67.153.119:443 | veinourdreams.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 216.137.44.128:443 | tcloaksandtheirclean.com | tcp |
| GB | 216.137.44.128:443 | tcloaksandtheirclean.com | tcp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 30.132.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 52.92.185.185:443 | webpick-cdn.s3.amazonaws.com | tcp |
| US | 52.92.185.185:443 | webpick-cdn.s3.amazonaws.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| DE | 207.154.213.139:443 | vpnbest.cc | tcp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 104.21.77.171:443 | www.savinist.com | tcp |
| DE | 18.196.255.18:443 | www.opera.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| GB | 104.82.234.15:443 | cdn-production-opera-website.operacdn.com | tcp |
| DE | 18.196.255.18:443 | www.opera.com | tcp |
| US | 104.21.11.45:443 | resources.usescarlet.com | tcp |
| US | 104.21.11.45:443 | resources.usescarlet.com | tcp |
| US | 104.21.11.45:443 | resources.usescarlet.com | tcp |
| US | 104.21.11.45:443 | resources.usescarlet.com | tcp |
| NL | 139.45.197.242:443 | thubanoa.com | tcp |
| US | 172.67.169.157:443 | my.rtmark.net | tcp |
| NL | 139.45.197.242:443 | thubanoa.com | tcp |
| NL | 139.45.197.151:443 | interstitial-08.com | tcp |
| US | 104.18.11.244:443 | littlecdn.com | tcp |
| US | 104.18.11.244:443 | littlecdn.com | tcp |
| US | 104.18.11.244:443 | littlecdn.com | tcp |
| US | 104.18.11.244:443 | littlecdn.com | tcp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| GB | 92.123.128.150:443 | r.bing.com | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| GB | 142.250.180.5:80 | mail.google.com | tcp |
| GB | 142.250.180.5:80 | mail.google.com | tcp |
| GB | 142.250.180.5:443 | mail.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c03d23a8155753f5a936bd7195e475bc |
| SHA1 | cdf47f410a3ec000e84be83a3216b54331679d63 |
| SHA256 | 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca |
| SHA512 | 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41 |
\??\pipe\LOCAL\crashpad_5184_HABDYXYJJBUKQMQU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d68c7edc2a288ee58e6629398bb9f7c |
| SHA1 | 6c1909dea9321c55cae38b8f16bd9d67822e2e51 |
| SHA256 | dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b |
| SHA512 | 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31cf06a9765967bfe18d83aa25cc46fa |
| SHA1 | 2bbc96417a057c829e68280930f0d2c8ab0013de |
| SHA256 | 5ece6cbe04221c4eb7ffc66b41a2103f5e2b03e7ea7447b24eb23a91c0351899 |
| SHA512 | 6e823aeebe8909c76231d3bef6e14967fb8ed6703722833e62868b06fe10e0a2ff803cb48d062194290f066281cd0fe3a2867ddf2d55b346f0fc0574217c9881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf7ae3e8051c56118493388f9531bd06 |
| SHA1 | a691d8fe93132250cdae4dad640f64fad4f158af |
| SHA256 | 83dd358485b0cb527becc610e7d0ce49d968d2bc24ef9113b196087105c3383d |
| SHA512 | c5d2843180367f59cd15c034471bea3f9457f29a95becfdaf81be0930b03e7b20cc24f1e2ec0c38906db1775390dc2c1905c4331704b03d9081648de116a4237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c27009f36028362ba36882c50425a9b3 |
| SHA1 | c493ddb5854dda277dcfd7cf85650a0ec05d2aaa |
| SHA256 | de19354e8903ce4b53ae9237365973502df4588bf44ccd19ab7f8839c2317e2a |
| SHA512 | 1f31407fc60df1b5a08c1bcb7e62aa09f2b0abb4b52ce1fc36ba6b2f49aa10411df0b80e17d23968a2c2fa6253bc76af38ecb2531e3fe2c5fc78ad0e3d7fd1a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a94e46762e5ba1a43ed7d7769af4acc |
| SHA1 | ff58802ad7764984448cedba69511f2b0d19ba61 |
| SHA256 | 7afe0f5e4ab7793d275bbe6a0b089a24ffd20e4e6b83bccd1f1ddacd71aa4b13 |
| SHA512 | b7eaf8e90b7575c5f376bc542069fb9719bfc4ce6d66de41ff347da280a1b4fc9c98a6476222e0689036fc4fee4499b6a48eaa237d3cd7ad0af39474043a6392 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54f2099c113232163cc929875b5db090 |
| SHA1 | d5a410a895933d69055cc6d798ff7fca316b9867 |
| SHA256 | 36a38bc481527cbc63ed529d42813f806948a44b9019edc8a6782549f31b3892 |
| SHA512 | a0008cfc34ccbced2d293e759546ec50a1f631bf57026e892ec531ecc409e61a92e507a47888fc8b16befb7612edecba88fcce854e8389aabef36b76c93eb355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef51.TMP
| MD5 | 66d20e4f104c8c1f79e62647572f572f |
| SHA1 | c2dc0af8f1f96b8ca14bf5b429d9876e4a2cc733 |
| SHA256 | ef81de9a1bd85caa5213ec29220fbfa53beb9d7f72a13ea77134611ee25acd1b |
| SHA512 | b04b2bf1515417cf1a294da798f26dcbc1a9a4c74730e261788575854a87f5a89b50c9bad33667d09efd8c1280b25f1a7849d2a2e1db74bec16dc1a656ddee27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581dd4.TMP
| MD5 | 8342f920f027116f23ed645bc677cfea |
| SHA1 | 3125804e741325bb158444559a216557d2b8b4f3 |
| SHA256 | a224488f1911f2ff587f830b150cdd32b49e1e0d215422a2fc7ad980611fe067 |
| SHA512 | f6bb5e124b8e3fdf973cedc028975312c401904180655ea43db3aec2d2409dad5b87dcf93a950c4fe4e5ddaf2fc8f3715ec8ff0fa1951b98527ae694ccc1bcdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ed0002c2b9266a1a020440550f3608ca |
| SHA1 | ea5a0991c54319564d98d535ebbf6c6c9ed47ef1 |
| SHA256 | 4c8ef41f268ee8f13123bbcc2c8efc3d8354278a9d5e50ccc509acf94189f1d9 |
| SHA512 | 3f531b5c3fc5d35762f8900d913b1a62ad81beff33bcfc9ad86857295d6124e08868297a1d32b24754dc9667ae4ee46fdc1784dc04cfa60d65440272eedef153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | df19435db0238727cafbe8177633809e |
| SHA1 | 6cfdec902a41911630cdabd1f0d1721a78067a1b |
| SHA256 | 9fc6a603913a4195c45e8065715d6324c25aac709c76e5da9a668868ae6c5ffa |
| SHA512 | 0ff5f4921f1c3f2fa41428a4bb86e76566a72d5dfc66fb6e1ad64fc00628c1069cae4d5ae69e0f8c5774b41e99205d3724025b0872e5eef29cc56641378ff515 |
C:\Users\Admin\Downloads\ScarletAlpha.ipa
| MD5 | df7f7f4862ff679404fb75e887b8c140 |
| SHA1 | 2eb3a8a88ee73810bec5163243b176ae2c7bf92d |
| SHA256 | 987b557bca27c06de42e4e236de55e112f8ee17920e3d29cc8b2f04a4f328431 |
| SHA512 | 5380f4ecbc48880f2a92579206fbf16e1273f9c063d89350795e49eac6c8c37b36fcd1fa9a1ef127d227cb39facc8f70ed02bc36124ef6fcdeff1edc7408d341 |
C:\Users\Admin\Downloads\ScarletAlpha.ipa:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec7697c1d405ab41968748e8da194af2 |
| SHA1 | de73c27bcc065efac25b12598f6058f5a7b83901 |
| SHA256 | c39a5dbd948eeb6d10e4ca56cc4d0aaa0df629ade0824def193420195f066e25 |
| SHA512 | b2b3e1ab44a5d33b83268a46c830116997ad3e62d32a7c553e507ed1768cc1f1c38ea00fbd450d1ac88c9b8b4f022e7633360fb2e80451402fc839e1c4ef7480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55d48b23df8c612cf14ca33d3fdefa21 |
| SHA1 | 63739dcfa61d814cc524af09bd314dc68057e16f |
| SHA256 | 3e93a2189a7f1176e536278786530f7f25e9b434201a29a1a85e51bba92730a7 |
| SHA512 | 737a37babf25e13fa22c1fbba88adaa496cab3264b2da63ab311efb7dde5867f25dfd616e38aff89c6da1d49abd1d98957ca84aac69f6832ee10561e3e74ec3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 478cd9ef9c04602626d70862332e9224 |
| SHA1 | f55442a1aadffb4be9441c3c37cf1b0a1c914010 |
| SHA256 | 379528855e8cca57784c24a0bc8ea10cc97b5eaf256a8a50938fae1f8d87f4b2 |
| SHA512 | 4bc4c0100caf6d1ea8f3d032208b56501700d74d209b3979f369878871241e0a6f7719464beecb02d33e19c775c2dbf65d5a4cc36fb7c883aaf4d46b9a1812b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 45c8bb04d27dd594bf047ac5102d4b24 |
| SHA1 | ebd8c3d937ccd1292492a5c6695b776bd261c736 |
| SHA256 | 21a16412fd60f551a2b48a6023bb86cf6706f7b5e2e04e8eba5a5ffc704e5930 |
| SHA512 | 9d9de59f6d6328ea2c00d02fc76017b96a7936368800cc09acee02b0182aea12e885cca5722f28416aab949be4c0a1be5481e85a51bcb1c103f73fe8643ba460 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50b8bcd55bf527c0ceb5b5241b9d375a |
| SHA1 | bfe6cb9d61e82767f5604fd488633e8c1519cf36 |
| SHA256 | 97e76f2871e87ea2412a367fc02a2a7c0c7d1d9ef9ab5d204d4ff18ec420e5b2 |
| SHA512 | a049cb3a80c38691a0348ba524cb703c7aff74e5952160cdecb8421605686678bec7d02a2d7808affd8a72ea1650ca6957d992b7f1836993d60147604d93e663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f21cf2e0a9e7ae5338dd8a784eacbfe2 |
| SHA1 | b39df517dbe9e03ba23f41de0b32ef874f59a2df |
| SHA256 | 828fe1798b0a2cc33c369962b460fe25589dda7851be338a49782d63fb3d1731 |
| SHA512 | a3c65bae3b64540b4ffffb78126f04f6a5ec3c62765fb5c3aa1666478923b1e1623b4f3c5d013778e5cbfc33d39f87dd7a28110cb8d9cc834f064010544caeb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d9afa5e7a94400a6417a74d7cd5ad4a6 |
| SHA1 | daa2f9c8b8f34e7cfa79f02a371ea2c1436f7b9c |
| SHA256 | 7be38825d6b788fe5965acadc3a985ea72b2b47bcfe932b25fef84a8d612cc1f |
| SHA512 | 0abf32bdd8f8e26a76ab4babd25aaebe74347ee09f150b66ee0e04aa3f1d680bccd9c39190fc352909d0e8ff323df1381f9aed9596c75dcf4893e76157b468ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6568c8b16800d8fda1bc446923e5559b |
| SHA1 | b9cff7e68f3fa5c06d5f67bbdda918cde0d05198 |
| SHA256 | 6aec13218e57361e5b95ed2ddaa83ec33f27c87e368d4d883a308399442ca343 |
| SHA512 | f24c47ea101090b1c3839e4115f087f01f2046c635fbf242f0ac47c1c4c050896f6806d8cb0e3f03bf9238f2e1daa347b0d8acd10c45cad9694d70ff921ed7a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5477cced4debb25afec9ed9fcfb9dfd6 |
| SHA1 | f10aed5d3af882542bca343e68eb38d8e351491b |
| SHA256 | 1711235451d617ce98042a18a346aa1f2fad5608b9c890cd92533ad73b47e9f3 |
| SHA512 | f9cc053f15cb11f3e6549eb11c87a14a17c20d4c09eb7b20dc5eda96ad0644e54392378ec159bcd339c7483ae139b3407b10bae6cb3607910aa7d62cde3806a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f4f12c5c7a049458c7a0123b2caff7da |
| SHA1 | 0b4078154e9587ac20610e2ad273bc581395d796 |
| SHA256 | d2b86b41d171dd127546340671c33a1409d3b21cd753cb581f6ce22561b258e1 |
| SHA512 | dec5e18f97c19b6565d5aed9ce5b32dd26352ce67968f675ee09e4380c8436822ca0944189e4aec10da5dfa3fbe68b6751f8485c4ec3e8a7748e989b37563d14 |