URL: | ftsonl.awwtec.co?Xi7aV=v6L1 |
Full analysis: | https://app.any.run/tasks/4e39ebfc-4a96-499b-b3b1-50763752aa6f |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 20:17:38 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 12F343A4D2476529E888DDA329D5D50C |
SHA1: | 916EA7AB1A29C38904F01D8DFC3404C3C8F3ECA6 |
SHA256: | 021D0058EEAB8CB588DACFFAB464A0F31C53DADB2EC0631E47ABF78DC837910C |
SSDEEP: | 3:EQFWj0MSfO:EQFbjO |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fd | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | compressed | |
MD5:938D86F1EB9D52FC36E2B827F269199D | SHA256:8EF910EB39AF6B70A78A7921787F03366E1A1F5EC30046B08D7B814A24EB946F | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105 | compressed | |
MD5:5CB54DB2B8CCBFCAD4D109768810A549 | SHA256:3A9B86FDD8E02BE572495DCEAD4789B911E5075FB31A101B1FD7DB587CD74E5E | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100 | compressed | |
MD5:CA9E4686E278B752E1DEC522D6830B1F | SHA256:B36086821F07E11041FC44B05D2CAFE3FB756633E72B07DA453C28BD4735ED26 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ff | compressed | |
MD5:D79B35CCF8E6AF6714EB612714349097 | SHA256:C8459799169B81FDAB64D028A9EBB058EA2D0AD5FEB33A11F6A45A54A5CCC365 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\4469ceca-5935-4fc1-8ad9-aa293a3c717f.tmp | binary | |
MD5:D2E34367B291404D9D4296A3E1579DF4 | SHA256:E16B6344F0A3F7DE42DE0345FDF177DDC0C51299CD0CB991BD2BFC2440764DBF | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:D2E34367B291404D9D4296A3E1579DF4 | SHA256:E16B6344F0A3F7DE42DE0345FDF177DDC0C51299CD0CB991BD2BFC2440764DBF | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296da6.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106 | compressed | |
MD5:6D408851E293965E7F032B6ACE305ACD | SHA256:C34B920BE4E070093DAE32B00A5CC177C80D18D4EAE7C694BE1C3C799D856048 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103 | compressed | |
MD5:6D408851E293965E7F032B6ACE305ACD | SHA256:C34B920BE4E070093DAE32B00A5CC177C80D18D4EAE7C694BE1C3C799D856048 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 302 | 184.30.21.171:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
— | — | GET | 404 | 172.236.243.90:443 | https://ftsonl.awwtec.co/favicon.ico | unknown | — | — | — |
— | — | GET | 200 | 216.58.206.68:443 | https://www.google.com/recaptcha/api.js | unknown | binary | 870 b | whitelisted |
— | — | GET | 200 | 172.236.243.90:443 | https://ftsonl.awwtec.co/?Xi7aV=v6L1 | unknown | html | 174 Kb | — |
3024 | svchost.exe | HEAD | 200 | 146.75.122.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814451&P2=404&P3=2&P4=PL6v7T9cucAXp4hV10DLJGfUJc%2bvniauGyhhX2f9qPiz5MnB2k4eV7y0rdcy0ZlP3ppTIpcM8su2TUGnxbTO5g%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 200 | 172.236.243.90:443 | https://ftsonl.awwtec.co/?Xi7aV=v6L1 | unknown | — | — | — |
3024 | svchost.exe | GET | 206 | 146.75.122.172:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736814451&P2=404&P3=2&P4=PL6v7T9cucAXp4hV10DLJGfUJc%2bvniauGyhhX2f9qPiz5MnB2k4eV7y0rdcy0ZlP3ppTIpcM8su2TUGnxbTO5g%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 200 | 142.250.181.227:443 | https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js | unknown | binary | 547 Kb | whitelisted |
— | — | GET | 200 | 204.79.197.239:443 | https://edge.microsoft.com/autofillservice/v1/pages/ChRDaHJvbWUvMTIyLjAuMjM2NS41ORIZCfDzLgXw7g5-EgUNU1pHxSlWHcjxAGiryw==?alt=proto | unknown | text | 20 b | whitelisted |
— | — | POST | 302 | 172.236.243.90:443 | https://ftsonl.awwtec.co/?Xi7aV=v6L1 | unknown | — | — | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3612 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2384 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 172.236.243.90:443 | ftsonl.awwtec.co | Akamai International B.V. | US | unknown |
7172 | msedge.exe | 13.107.21.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 216.58.206.68:443 | www.google.com | — | — | whitelisted |
7172 | msedge.exe | 23.35.238.131:443 | go.microsoft.com | AKAMAI-AS | DE | whitelisted |
7172 | msedge.exe | 104.126.37.169:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
ftsonl.awwtec.co |
| unknown |
edge.microsoft.com |
| whitelisted |
www.google.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected phishing domain name created with Leet (l1ve) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected phishing domain name created with Leet (l1ve) |