| URL: | https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJZTFM4dWtENWxLc0tCdDU0S0gwc3V5cnl3QXxBQ3Jtc0tseWZLV2x2NW92T01JNHpoR1BuMmhTa2REcGNJWUxYcjJUVWxhM3M4ajI4cWZMQXVwcmFYNUtzT0ZYQ1U1RmJMT3RDaVlvYjd2YnlqOTNSSGJLTjNjREZxY2FiZmt3LU5NbjlWM25HSlV2eWdIOGFKdw&q=https%3A%2F%2Fcronacheats.xyz%2F&v=IPWuKV_HMY8 |
| Full analysis: | https://app.any.run/tasks/46e1d686-4911-4bcc-b348-d615d6002954 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | March 28, 2026, 01:53:03 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 19447450C4985AB0239AD6922E612AA0 |
| SHA1: | 35258466D32E34C175F5B06377ABBE374A78F6B0 |
| SHA256: | 4595ACA276D39B52E805AA453D72F3FF0D120397A04016973043FB146D5B7747 |
| SSDEEP: | 6:2OLUxGKmKLqZGcIkiEvhIGSjn+YhpEHvHAdXiETpjNvhI3zsyWn:2jGRfbwEveRj+PHvHyXi8vgO |
MALICIOUS
Executing a file with an untrusted certificate
- CRONACHEATS.exe (PID: 8076)
- CRONACHEATS.exe (PID: 1352)
- CRONACHEATS.exe (PID: 3748)
Malicious driver has been detected
- WinRAR.exe (PID: 800)
- WinRAR.exe (PID: 6500)
Detects Cygwin installation
- WinRAR.exe (PID: 800)
- WinRAR.exe (PID: 6500)
SALATSTEALER mutex has been found
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Changes settings of System certificates
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
SUSPICIOUS
Drops a system driver (possible attempt to evade defenses)
- WinRAR.exe (PID: 800)
- WinRAR.exe (PID: 6500)
Executable content was dropped or overwritten
- CRONACHEATS.exe (PID: 8076)
Application launched itself
- WinRAR.exe (PID: 8972)
- WinRAR.exe (PID: 5240)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
Adds/modifies Windows certificates
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Multiple wallet extension IDs have been found
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
INFO
Checks supported languages
- identity_helper.exe (PID: 7312)
- CRONACHEATS.exe (PID: 8076)
- vanaovh.duckdns.org_b30674.exe (PID: 7924)
- vanaovh.duckdns.org_af7871.exe (PID: 9044)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
- CRONACHEATS.exe (PID: 1352)
- vanaovh.duckdns.org_af7871.exe (PID: 8984)
- CRONACHEATS.exe (PID: 3748)
- vanaovh.duckdns.org_b30674.exe (PID: 3560)
- vanaovh.duckdns.org_af7871.exe (PID: 6816)
- vanaovh.duckdns.org_b30674.exe (PID: 8908)
Reads the computer name
- identity_helper.exe (PID: 7312)
- CRONACHEATS.exe (PID: 8076)
- vanaovh.duckdns.org_af7871.exe (PID: 9044)
- vanaovh.duckdns.org_b30674.exe (PID: 7924)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
- CRONACHEATS.exe (PID: 1352)
- vanaovh.duckdns.org_b30674.exe (PID: 8908)
- vanaovh.duckdns.org_af7871.exe (PID: 8984)
- CRONACHEATS.exe (PID: 3748)
- vanaovh.duckdns.org_b30674.exe (PID: 3560)
- vanaovh.duckdns.org_af7871.exe (PID: 6816)
Manual execution by a user
- WinRAR.exe (PID: 8972)
- WinRAR.exe (PID: 8796)
- WinRAR.exe (PID: 5240)
- WinRAR.exe (PID: 784)
- CRONACHEATS.exe (PID: 1352)
- CRONACHEATS.exe (PID: 3748)
- notepad.exe (PID: 8760)
The sample compiled with english language support
- WinRAR.exe (PID: 800)
- WinRAR.exe (PID: 6500)
Reads Environment values
- identity_helper.exe (PID: 7312)
Reads security settings of Internet Explorer
- CRONACHEATS.exe (PID: 8076)
- WinRAR.exe (PID: 8972)
- WinRAR.exe (PID: 800)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
- WinRAR.exe (PID: 5240)
- CRONACHEATS.exe (PID: 1352)
- CRONACHEATS.exe (PID: 3748)
- notepad.exe (PID: 8760)
Application launched itself
- msedge.exe (PID: 1456)
Create files in a temporary directory
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
- CRONACHEATS.exe (PID: 8076)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 800)
- WinRAR.exe (PID: 6500)
Reads the machine GUID from the registry
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 8208)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Found Base64 encoded file access via PowerShell (YARA)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Application based on Rust
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Found Base64 encoded access to Windows Defender via PowerShell (YARA)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Found Base64 encoded access to environment variables via PowerShell (YARA)
- RuntimeBroker_19bd8b9a_ad51a8.exe (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
211
Monitored processes
68
Malicious processes
6
Suspicious processes
3
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 664 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8332,i,7150676639080823487,13670402629182046046,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 784 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\CRONACHEATS.rar" C:\Users\admin\Desktop\ | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 10 Version: 5.91.0 Modules
| |||||||||||||||
| 800 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIb8972.3316\CRONACHEATS.rar | C:\Program Files\WinRAR\WinRAR.exe | WinRAR.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
| 1108 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6456,i,7150676639080823487,13670402629182046046,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1352 | "C:\Users\admin\Desktop\cron\CRONACHEATS.exe" | C:\Users\admin\Desktop\cron\CRONACHEATS.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 1456 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first-run --no-default-browser-check https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnJZTFM4dWtENWxLc0tCdDU0S0gwc3V5cnl3QXxBQ3Jtc0tseWZLV2x2NW92T01JNHpoR1BuMmhTa2REcGNJWUxYcjJUVWxhM3M4ajI4cWZMQXVwcmFYNUtzT0ZYQ1U1RmJMT3RDaVlvYjd2YnlqOTNSSGJLTjNjREZxY2FiZmt3LU5NbjlWM25HSlV2eWdIOGFKdw&q=https%3A%2F%2Fcronacheats.xyz%2F&v=IPWuKV_HMY8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2100 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3644,i,7150676639080823487,13670402629182046046,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2204 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,7150676639080823487,13670402629182046046,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2232 | C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache | C:\Windows\System32\svchost.exe | services.exe | ||||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2588 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3660,i,7150676639080823487,13670402629182046046,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
18 387
Read events
18 272
Write events
88
Delete events
27
Modification events
| (PID) Process: | (8796) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface |
| Operation: | write | Name: | ShowPassword |
Value: 1 | |||
| (PID) Process: | (8796) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (8796) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (8796) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (8796) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (8972) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface |
| Operation: | write | Name: | ShowPassword |
Value: 1 | |||
| (PID) Process: | (8972) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory |
| Operation: | write | Name: | 3 |
Value: C:\Users\admin\Desktop\chromium_ext.zip | |||
| (PID) Process: | (8972) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip | |||
| (PID) Process: | (8972) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Downloads\chromium_build 1.zip | |||
| (PID) Process: | (8972) WinRAR.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Downloads\CRONACHEATS.rar | |||
Executable files
60
Suspicious files
678
Text files
527
Unknown types
9
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFe0144.TMP | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe0153.TMP | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe0153.TMP | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe0153.TMP | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe0163.TMP | — | |
MD5:— | SHA256:— | |||
| 1456 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 199
TCP/UDP connections
195
DNS requests
229
Threats
1 180
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7468 | msedge.exe | GET | 200 | 150.171.28.11:443 | https://edge.microsoft.com/autofillservice/core/page/-2890709764810315560/-2469831540298402613?CIdAlgoVersion=2 | unknown | text | 200 b | whitelisted |
— | — | GET | 200 | 204.79.197.203:80 | http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D | unknown | — | — | whitelisted |
7468 | msedge.exe | GET | 200 | 150.171.109.101:443 | https://xpaywalletcdn.azureedge.net/mswallet/ExpressCheckout/v1/GetGlobalConfig?EdgeChannel=stable&EdgeVersion=133.0.3065.92&ConfigVersion=0 | unknown | text | 393 Kb | whitelisted |
7468 | msedge.exe | GET | 304 | 150.171.27.11:443 | https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist | unknown | — | — | whitelisted |
7468 | msedge.exe | GET | 200 | 13.107.253.45:443 | https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US | unknown | binary | 82 b | whitelisted |
7468 | msedge.exe | GET | 200 | 150.171.27.11:80 | http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:9VIFOFDFBZauqCDqwsbTppQHjMy0hx1P_8oZ1p2BGdE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | unknown | — | — | whitelisted |
7468 | msedge.exe | GET | 200 | 150.171.27.11:443 | https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 | unknown | text | 267 b | whitelisted |
7468 | msedge.exe | GET | 200 | 184.86.251.22:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | unknown | text | 665 Kb | whitelisted |
7468 | msedge.exe | GET | 200 | 150.171.22.17:443 | https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0 | unknown | text | 4.60 Kb | whitelisted |
7468 | msedge.exe | GET | 200 | 150.171.27.11:443 | https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 | unknown | text | 314 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
7984 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
5276 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 48.192.1.65:443 | activation-v2.sls.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5532 | SearchApp.exe | 184.86.251.22:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
— | — | 23.11.41.157:80 | ocsp.digicert.com | AKAMAI-AMS | NL | whitelisted |
— | — | 204.79.197.203:80 | oneocsp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
7468 | msedge.exe | 150.171.22.17:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7468 | msedge.exe | 150.171.27.11:80 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
google.com |
| whitelisted |
oneocsp.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
www.youtube.com |
| whitelisted |
api.edgeoffer.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
7468 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
7468 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 invalid frame length |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |
7468 | msedge.exe | Generic Protocol Command Decode | SURICATA HTTP2 too long frame data |