URL: | https://secure.adnxs.com/clktrb?id=273568&redir=https%3A%2F%2Fslettensinc.com%2F%3Fujcdqkso&qrc= |
Full analysis: | https://app.any.run/tasks/6026edfc-da89-47f2-89f9-bbdbd9a978e9 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 20:23:24 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 419DD5942D2A954EF9CE227531F142C9 |
SHA1: | 7BFC632F9B1789F1211B5FDA818EA079C792BB5A |
SHA256: | DB14494EDAD191815388339B31D2216C6E5FE691EC891BD3D6EAB2245A0FFD4B |
SSDEEP: | 3:N8N3udLgJORKMBIrBL6AWCXjvwKM+BUUqGY:2Zud0JORKMBkBzoCU/P |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:5D20513B024F453BF9A6C31BC9AFA13B | SHA256:C8377CB6309CF503E70C9C4CBF831244364BF52FD44B2EB81774787EF5F67920 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:75C045943884AA96F4017F266E4B2BE1 | SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\017fc2bf-8947-455a-a94b-996de4e27dc5.tmp | binary | |
MD5:5D20513B024F453BF9A6C31BC9AFA13B | SHA256:C8377CB6309CF503E70C9C4CBF831244364BF52FD44B2EB81774787EF5F67920 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF296d1a.TMP | binary | |
MD5:D0453075479429FE52D8FB780A7DA8E9 | SHA256:574112CCCB36E004E93B2BCBBA7F6CEB8FF3B12E3E462BEF80F1B57044E035B1 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\eba6146d-5d4f-4647-ae8d-61b37e00422f.tmp | binary | |
MD5:75C045943884AA96F4017F266E4B2BE1 | SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF296de5.TMP | binary | |
MD5:D2615E0C4F6C46045EDB3EAA0ACE252A | SHA256:48EFA073914F67BCCE305DECBC121BE7FA6D343982BE00A666B4C5FB6A30A7A9 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9a37a5f6-5825-4017-af26-cbe099ef43f9.tmp | binary | |
MD5:01997F8F1ADB085763A071FBC83B939D | SHA256:90F5A39C70CCE962AD200CEB18BD6FE98BF52CB46A9B5A8CEEDBBCE562824E26 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF298f38.TMP | binary | |
MD5:75C045943884AA96F4017F266E4B2BE1 | SHA256:1F6085D0A5CBAB0EBCB8E0714FAD4280A9A5F4A95E9F16F3A40C0D49B2187710 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fc | binary | |
MD5:20AECB4CBF76F4E15AE047AB29A39616 | SHA256:C72A1E41B6562D9BB9D5F054A1D1BBA2854A3094EB375FDE73FAD12F1EB8EFC1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 302 | 37.252.173.215:443 | https://secure.adnxs.com/clktrb?id=273568&redir=https%3A%2F%2Fslettensinc.com%2F%3Fujcdqkso&qrc= | unknown | — | — | — |
3024 | svchost.exe | HEAD | 200 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015824&P2=404&P3=2&P4=If%2fVuI4dGpX%2fYJ1Vdt3nfOBsmH75jUFVooKvMd0nKRGNE2BTos5gQIKfqBKp7BHj2ux8LpWJDDEnE5XpfFMVVA%3d%3d | unknown | — | — | whitelisted |
— | — | GET | — | 104.126.37.154:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | unknown | — | — | — |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015824&P2=404&P3=2&P4=If%2fVuI4dGpX%2fYJ1Vdt3nfOBsmH75jUFVooKvMd0nKRGNE2BTos5gQIKfqBKp7BHj2ux8LpWJDDEnE5XpfFMVVA%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | HEAD | 200 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/fd0b3f36-5596-4351-a52a-324d9881c330?P1=1737015824&P2=404&P3=2&P4=If%2fVuI4dGpX%2fYJ1Vdt3nfOBsmH75jUFVooKvMd0nKRGNE2BTos5gQIKfqBKp7BHj2ux8LpWJDDEnE5XpfFMVVA%3d%3d | unknown | — | — | whitelisted |
3024 | svchost.exe | GET | 206 | 217.20.57.19:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736815570&P2=404&P3=2&P4=bbyjzdVMwcflQbbP2LsNpnptruBLccPaecEXtrPMs0B0MXvC9xBM4bV8lZmIpeh3ds3AQoCTQkeClbf%2fVdOfdg%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
5196 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6028 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
4668 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
7172 | msedge.exe | 185.89.210.244:443 | secure.adnxs.com | ASN-APPNEX | DE | whitelisted |
7172 | msedge.exe | 89.185.80.39:443 | slettensinc.com | Anton Mamaev | RU | unknown |
7172 | msedge.exe | 13.107.21.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 23.35.238.131:443 | go.microsoft.com | AKAMAI-AS | DE | whitelisted |
7172 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
secure.adnxs.com |
| whitelisted |
slettensinc.com |
| unknown |
settings-win.data.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
ntp.msn.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected phishing domain based on suspicious redirect (slettensinc .com) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected phishing domain based on suspicious redirect (slettensinc .com) |