Analysis Overview
SHA256
35921e7d6ac4bfb862f09da8660356a307d6aa1bc077d80c96828eb72f9b72e3
Threat Level: Known bad
The file 2d50af59ef68621f4ae35eed7c255093_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 04:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 04:22
Reported
2024-05-10 04:24
Platform
win7-20240419-en
Max time kernel
143s
Max time network
143s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421476807" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10247" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302439bc91a2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10247" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "311" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "150" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007772b9782f33deb9a930b530484e0050f128f251ed27b5096c019163241a4b75000000000e8000000002000020000000d8840af75060934063065bf6302b34e3029d308728eb6a0f68c49616c7f1dca8200000006d1e51e5156029d8cce8911200e49a3a282031706cec404919f724db4288316540000000b52fd6eabdc25bc779019d1be050869beffe3cc786fb80758a4f1b9bc15eced65616124aee0b600c6f9a6728d6afd94219561fd02634ff5f3e1cba3716036e62 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "29" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "144" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "35" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E47D0831-0E84-11EF-88AC-F2AB90EC9A26} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2256 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d50af59ef68621f4ae35eed7c255093_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | layanan.oposisi.net | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | dinhquanghuy.110mb.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | c.gigcount.com | udp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| US | 8.8.8.8:53 | imemovaz.googlecode.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| GB | 216.58.201.110:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | andreykusanagi.googlecode.com | udp |
| GB | 216.58.201.110:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | www.alertpay.com | udp |
| US | 8.8.8.8:53 | mybloggertricks.googlecode.com | udp |
| US | 8.8.8.8:53 | www.lintas.me | udp |
| US | 8.8.8.8:53 | vicahya.googlecode.com | udp |
| US | 8.8.8.8:53 | s2.sigmirror.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | js-kit.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.204.78:80 | img.youtube.com | tcp |
| GB | 216.58.204.78:80 | img.youtube.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 35.171.248.105:80 | www.reverbnation.com | tcp |
| GB | 216.58.204.78:443 | img.youtube.com | tcp |
| US | 35.171.248.105:80 | www.reverbnation.com | tcp |
| GB | 216.58.204.78:443 | img.youtube.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| DE | 37.252.171.85:80 | ib.adnxs.com | tcp |
| DE | 37.252.171.85:80 | ib.adnxs.com | tcp |
| US | 104.21.59.55:80 | www.lintas.me | tcp |
| US | 104.21.59.55:80 | www.lintas.me | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| GB | 13.224.132.128:80 | js-kit.com | tcp |
| GB | 13.224.132.128:80 | js-kit.com | tcp |
| US | 151.201.135.114:443 | www.alertpay.com | tcp |
| US | 151.201.135.114:443 | www.alertpay.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| GB | 13.224.132.128:443 | js-kit.com | tcp |
| US | 8.8.8.8:53 | t.ly | udp |
| US | 172.67.75.122:443 | t.ly | tcp |
| US | 172.67.75.122:443 | t.ly | tcp |
| GB | 13.224.132.128:443 | js-kit.com | tcp |
| GB | 13.224.132.128:443 | js-kit.com | tcp |
| US | 35.171.248.105:443 | www.reverbnation.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 13.224.132.128:443 | js-kit.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.67.115:80 | s10.histats.com | tcp |
| US | 104.20.67.115:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| GB | 142.250.178.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.178.1:80 | lh3.ggpht.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| GB | 18.239.238.36:443 | d167qii8h0pw75.cloudfront.net | tcp |
| GB | 18.239.238.36:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| GB | 143.204.178.12:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| GB | 143.204.178.12:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.scri8e.com | udp |
| US | 208.87.227.250:80 | www.scri8e.com | tcp |
| US | 208.87.227.250:80 | www.scri8e.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:80 | csi.gstatic.com | tcp |
| US | 216.239.32.3:80 | csi.gstatic.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | damncok.blogspot.com | udp |
| GB | 216.58.201.97:80 | damncok.blogspot.com | tcp |
| GB | 216.58.201.97:80 | damncok.blogspot.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| US | 13.248.169.48:443 | yourjavascript.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | coepoe.googlecode.com | udp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 216.58.201.97:443 | damncok.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | fbcdn-sphotos-d-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| IE | 172.253.116.82:443 | coepoe.googlecode.com | tcp |
| IE | 172.253.116.82:443 | coepoe.googlecode.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 1.bp.blogspot.com | tcp |
| US | 13.248.169.48:443 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\fb[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | be530127ca2aa4f9189b710dd43facec |
| SHA1 | b8aabfdce3fa9308cbbf1b45bbe23dd6118e4b44 |
| SHA256 | f9f5903474eebf2ca1155bbc3ff2af7614e83b3644960c9869250f888581386a |
| SHA512 | d1e44b68caf87dfec335b49da2b9c2693b5ef050b8b3624034193cfe8b7fed925def32d63a0776038903f7cdcc2926ec6453687cd999469ca15a207b55661cef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b6e71adf7324685d8f60c97bdb99f892 |
| SHA1 | ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830 |
| SHA256 | 40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c |
| SHA512 | f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b92e04087248efadec158fe4befbec00 |
| SHA1 | 427fcc360bc43cac86815b8576681d25b0b63e7d |
| SHA256 | a64fd2c9d22e57e1d0a88d59c49774654bd37e622004b1c4a850856c99e1b1da |
| SHA512 | 975ef3733d2c034bf5c5c4eb9b808602eca4ada0d0b4a669629d63228a42dd6652962a31ff026ab63d6df8612c5753423ea4bae6a6aa205a56da698e1c4929b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab82D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 6bf659bb3b289117aac72902885e9e63 |
| SHA1 | 4db82eea305c6ef6de7b4aff277e461768ccfff1 |
| SHA256 | c6fe8a171624663d79484e2ee76c7db6fff6def14dcff76c6aa1e7551b15f288 |
| SHA512 | 14e4ce4d6229ef8a5f8c9023a225c670f56f7525194e8954c3e5cd54ea03d50b83233e217f8ce3561302109a3452fae2c744eb43176077a92d6ae1afaddbe3d3 |
C:\Users\Admin\AppData\Local\Temp\Tar85F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 21e2b5fd825001a4aeb051ba0c2f10a5 |
| SHA1 | c0ba9d30fb605dfe189d45d9b5eb691df33987e5 |
| SHA256 | e99a6aa9071002f69280597b41e6575aeb8b35937b96db84cf8847ca9c718ab9 |
| SHA512 | 267be50cee13dd1ee8edb2b3d1f4b7b18b6c5c594423317a4bdae4f8ae0c082e84729eae096e427180cc39a49ba493f378820db64fb4cef1a1967d4012746009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | f0833e3605edece132b5f14c17788491 |
| SHA1 | 07661dae3690add9bf1c17810cc8ee12502fb6a3 |
| SHA256 | b6fdc97920b02c223dcaf1f9ba97e98d51ffb3aef45a2885d2e37aac750d236b |
| SHA512 | a9138841dfaa2697742ed3dafe93b77d1ce0153876779844b9a98d5e814bc52ce33a6d772b1f0c6eef33420474e6bf9b95f9bae9c19b6acf9092309cb7dd7ebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 633a0d891851ec6f2e39e43726aa5af0 |
| SHA1 | 44b5d3f67c34240227ce7107305090b09a90d3ad |
| SHA256 | 2d4bc1d4edafba1e02d20df789705afd1b27bd24d220bc439de2f89abd0a3308 |
| SHA512 | 442303c29f3c9f0103eb0ea1364fced345ad1b2ba47b34639a48981ace60a623ff1f7b7a601fd2e3a15a370865cb63f79f5297594b806decd41ed9e9e25fd0e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d3228936f0e6f479263046ecca8ba11 |
| SHA1 | 5373c7872ba447eae07ca040e3dae365316223b5 |
| SHA256 | c8d368f60ff52601cf02c3f11b35abc0ed7e7ef7478101e1aaa560e0db28180c |
| SHA512 | fa60ef12c249b7a6ee7dcae53c2a839f850e1e8975b8f647e86c704b01ff838568f913fca1bd3bd1a5c5d54c2c066b6ae9733e0ed1259f64bf67bc15f719798a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21bb6ee66e6fae0819b4b1d89182a4ab |
| SHA1 | af64c891370cd991d94704e8fe709e5bd138c2b6 |
| SHA256 | 3e336b7ad6264d7a271e9ac26b3c2f25ba3e7d030eeafeb407b69298ff28680f |
| SHA512 | 3b33ef1163bafe209c16bb4abbd8502d92439c2be28605351b4e6f1da68833559206eac4973d181f88cfe1a6565b1e64f469c52eddb93dbd84e0fd11146461a0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\platform_gapi.iframes.style.common[1].js
| MD5 | 7ef4bc18139bcdbdd14c5b58b0955a67 |
| SHA1 | afe44fd9a877f81a3c36f571c0fc934324c6cbd7 |
| SHA256 | 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838 |
| SHA512 | 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 667002b5163a3bbc764e7cc97d3d94f0 |
| SHA1 | eb1f3be30af6b002b96366e334b6371fed76afb8 |
| SHA256 | 571bba73385091a8c4fecd1fa49b288f6ff64d639611dd213ba1d5a9088c2f69 |
| SHA512 | d215cbcacbe1547ae7504460b06fab5f73638b8271e3457485ec959519848ce9c6033b2739df5fdbff4165dddb1a6ff143a31689a498a2c8865b1da4311a6c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 531a1ed9bc0cc2bf21dbff97cc9cd44c |
| SHA1 | 1b40a85b3324c31b3c401de1c515803fa286cf7b |
| SHA256 | 8788751ce5a09a165b30c5341ebf1d9ed5121d67c221614d5f00ff0408abb552 |
| SHA512 | beda0a33907dea6d43c5a70c07d6d846bae2843d10b346e119f62bc577b20b433fe14363a0709d578497afd14e4aa5238abd040fb4094a5bc9ae6448e0c319b4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ECYTLC7F\chatroll[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\jquery.min[1].js
| MD5 | a34f78c3aecd182144818eb4b7303fda |
| SHA1 | 6fca78dac2797c02d86a4bf6514eda398b7dbe62 |
| SHA256 | c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776 |
| SHA512 | ddec07100503fdad6655d4e90aaac246719e9667611b35b112e4694e2671b43f4c4ef0b87371d3a6e173f7ade9dfd2058e5e165a41c3a250007d49ec18f2419c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686639b2fb34b10da31ca4274786982b |
| SHA1 | b8ec89e7198388c9766755abf721f0e315b34a33 |
| SHA256 | fd9fd34c4487b0a89e89453b48a14708521b6ca4d477845291d12950d8b7a48f |
| SHA512 | e495a826220d137165202cadbbbd66269813eab21edec561c736d1915a93fda912d89573d005e87296829748b1a97451075f1bc8e6869dc03c4f2dd7bd0a30bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9443fa286b5cb4d468b00a6b80eab186 |
| SHA1 | c1becb59f5608fbc3cb3689bcfda75964ed22f61 |
| SHA256 | 1933877f05a83700f95e9c29fdaf40d7ab066c5a1b8982a78a3f601823183ae6 |
| SHA512 | 8fbcc61b08d860d31b01128eb8469282d23c4cf351c90f33cff18ebeea385a426e753b19536ad7979cde3628a25bf95e23d28831ba7512e39bcc824d928c9a28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e71ce3645324c569fd97543a1d95799 |
| SHA1 | db61df4c05401e7ed7d739577a188faeb52abacd |
| SHA256 | eed5d6c4d0ae21435a5351f1a4d03ab42c91c50e5e7a40c894dc51212becf4a9 |
| SHA512 | f10250821643852cb301cae8bc913ae4e362552ba247831825e00c221f4bfbdf51fe419558b92325075c7140431cb075b3f55bf6178016b0ae798c564863340a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dc8dc4edb7a86f90397dd9c34929951 |
| SHA1 | 56e7f7d8be3c1598df888c8879499e1bbd0ea4ed |
| SHA256 | b574b7eee3fb23c05208b8a663a0ef43578f44a271959c4b8c7c586f78c048b1 |
| SHA512 | 522236d7277c9b9d4110a9da3f82d4f31e74540347531e426b8631563675d7c7a26a1d656465a8100ee88b56d2c0a46b492e48e0da9fad2183adeb626e95b7c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0e1609c7d17b2dab8bd7c89899f4324 |
| SHA1 | bccd01ee28ec5074a5d7c880ec08a27ed2e9b706 |
| SHA256 | f715536cad83883bd17a8f6f7e514da39ae626f867a1663d95d35befc900e7d1 |
| SHA512 | 0fd05e02d73202489bf894871a9c6392f7a8a3a6912a8361d2a7814fee0ddd3a56493a68aa4ee372c8d1bbb181545e595c967d5be204cbe6c94f3d9422c6be0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5395a4684106547165e62a8efcc685bb |
| SHA1 | cfaa418caeeab0c633435690282b7479ab0d1bb9 |
| SHA256 | 1eec95f85e4c1802d984e843deceb28c4394f042ed5bece8668ce2a9eaec7fe8 |
| SHA512 | 9163190a376ad7e89691d2ed89e3309b68676c06d2e3680970051518fa3ef75f800fd0da2072c300ffc4d92f1fc679f802e87008b8d241b8b5ded80d7b1a20d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad57cab0aeb2e3f984a1e29c018f8a3a |
| SHA1 | 27ca816e0a22f6ac25b545caf73fbd0645ba80d9 |
| SHA256 | 416d87623091e14cc476f1350b474f368c92e04831f2caa294581b01e682847f |
| SHA512 | 8b82a94451b3d70bd2cd86294ff22314936eafa1e1d3cb44f44a0287cc34369dbd92b39e3d819e90fa7688647dd1d0e38b60c39734d2b626a2c1728bdc4be7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f30183206c2ef5c3da8b746d35892cf6 |
| SHA1 | 0f2a20b26ec182e3147a6bb5266d59aa73e10c22 |
| SHA256 | 17e447dfa7bb99de9909e932e98cf5b7fcd646b1af9a7c2844df9dd0ea0beb1e |
| SHA512 | 1f50d8453212c3e8e4c5331af67849ae3d2e482ec61e88cdee0e05d162472eda9254ce0d3d6546c53f4b297f91ac728adee21f0cfef8807a12275250d12a2c43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61b11eb49ab33c0084a1895290b02f66 |
| SHA1 | 8b584e55f16690070a544de5cfdb1be3c338990c |
| SHA256 | e24cb20e63dac682a722e660ad2a26e994369a8d7307396b7685e25a12a80ff5 |
| SHA512 | 96aa9a57a88ba3b7bbc98885943c5505e6a9a4cd81e45366aff8dd44b060ce065a50ef1cc1da685b08fafade393cf97d23dddb46ebf37782c43d515c9c625799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e73b2adbaaade19ffc259dd21cba1ea6 |
| SHA1 | f14728de5f9404da658b60936a41171a11a0bbfe |
| SHA256 | 83e98f9d70b81875195298fb8f219323c5af8ce1e00f73500db67141b5a8798d |
| SHA512 | 9c4ac7e6d8f21733f983769ad89fd1b77b4072e9b22d9bcfc99b7ca3ed9fd0294db18d58dcb40f1fc96a0b02e7dae3a5f71d8a1e6018cb17ff011ee3e56915ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | defb32ff0cf0a37686a16bc551e753bc |
| SHA1 | 6d7b29f6fc7d028a244522d3ea7db7e69913c9c4 |
| SHA256 | 53d44a7e101947b445c5ccab2dbf8d6bc7811946b8f5440ddec289a48092a50f |
| SHA512 | 5b80ccc5bab5776357adc651a5241e5f76a0dffdecc3a3f63f84b45a2b41fbe33b2ce46b2295b004c99c2a0edacd733fb81e184fe3d2b73453e89e531ab8a7dd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\all[1].js
| MD5 | 278a8fc5f86aadeac28123124e3d3e16 |
| SHA1 | 9a27346472f22ba5e1c4e1cf68465d52589b3902 |
| SHA256 | 077d1d75f0cd77e2bf28e55778e85b4bd63d6c271f713013c1601ec34c402050 |
| SHA512 | f814d07e8a35aac438e8e24eb4d620e05c56ce6400035279918f4f684cf86509a3060c99eb48be22d0807d9bf3f2708c218df183051963c32f0b60f231daf5a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26fbc80108af2e060361e12965f9ed67 |
| SHA1 | 08b8faaad2abab4888a384bdf67b35596390c170 |
| SHA256 | ba9637cd48a7654466ed09bd153afbfb2cebe51af043204cdfd0e597b388ebde |
| SHA512 | a16c6b15f8b5cb2430095c50cfc17d431d01b5ee57b4ad5b29b2a37ae07dda18cb69e0b1404b88a8afc02859d3d90f33993bec0fd54e836496abd96f76dceff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c541a6fd0d4a794da02ce708d5df8138 |
| SHA1 | a095df1f31cd8d8a0021dab7fb9e0a886cc60bb5 |
| SHA256 | f89c887ff0eb74d81b309806bd56a4979d9ea089f226d3f8cf1208488edd77c1 |
| SHA512 | 61a095ab14aa6c5f6c399ac1c06fff1e1d90e60b81a2792fdb16b99ba1f0f3123509ed9d33da7a4dbb4580b91a1ce6b5426dce6872388049e858470f17394ff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8de3662c210d2a93f51b448619af1b26 |
| SHA1 | ff00414eb3b9782563ceb7fc2a1a75dd3fe0a01c |
| SHA256 | 8965c1b50b7f0eab3908399155b6cb279e91c45545e85ea40607ae1e5fd44176 |
| SHA512 | 2b1d81525a72896d7c0554e0ce4ad11f1373c74b3de106327acae27094fcf33cbabcfb4eb1f6cb01b2f4afe4762ffe689056833e7f747e35d0ff35ff5ebe5f97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9771a59b529d467f0b6c3ca31c95aa43 |
| SHA1 | 2f9bfada9ad87a58caca76b83a94d099c6280d78 |
| SHA256 | d3872db9443ae4695a90a5ad3c7ecba1dd5f4f6dbb939e1f87bae01347f92eb2 |
| SHA512 | 6ec7c843c1cbaa1976fe2de75c3227433496ffdfb4093becbd084a7a829442c5b690bea417bdac52ec919f154d667c51b8233326b62b4d925db7e987e3dddf10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aed69bcc33489328ad0d4ff82a3d30b5 |
| SHA1 | 9f72bbc7ab3a71761a53ad6666aaead693508dea |
| SHA256 | f3cc29bcb1e14d9ae72f7a8aa6e4864f739246033fbbe62d42d922889c0ee959 |
| SHA512 | 14421c1d56905733f6fda3074c6cace8b89d1516ffdc2dbc7daad10ca62f2aa04e0ad22f3ad07d6f4882d373da4a0d205a658e4f1379f5f61a98c7c1f55b887d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19db206eed0132b4fe96135ebc4e971c |
| SHA1 | d7433aa91a868f0158e0475243af46682867e0c4 |
| SHA256 | 16fa3bc25622102f07c0094a84fec3bde0c4f428e1ce3bd25cfbfa026f95e320 |
| SHA512 | d3593955c9c2211d4ffa9fa1de5229cecd77fdc1b2014cd3bd0c1666f4d1aea072ef10d2c1532c3d2cd5db3ea86be50b10a6e9440f8f413271a34765f829ba35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd706e2b81b1e76d05d5a7b8ed058225 |
| SHA1 | 168f3c59e414936809680601d7edb5ebaa916040 |
| SHA256 | 5d7b89270eb6ba9e472a85f0f01f03bc582210ffea541ccac1fc43865177316b |
| SHA512 | ec0f828f0508e16ba3f2fec6ce5d72a56ad82463d9b13d5504ad4e8301e4fa4216890c53d179c3af44c9850f70f68ea1d79295444a948a2a61a5786879ea2bb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12e3bc70cf2f2f10cb0d76616f5e4ff1 |
| SHA1 | ab7699c888900cc693f19ffec8321eff1abcb243 |
| SHA256 | 224635355a75a110b4e8cb84ae7c8f317a35e65b6e5f80678d81adda2b1edde2 |
| SHA512 | 02b45c2c00389a426da29d28208de359134a80ecb753e3ed1b49d085cbc2b871c2bbc283443575d1d19013bf2fca1c393bc482a30b7d5581fb0f213e532d050f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a92404f2fabc416aa785798b3f0093b |
| SHA1 | a5e67f083cf5b54cd9780e5c7af36237138fb3e5 |
| SHA256 | f7c7ab9071a9e49f3739bc87e5e62b021bacd4a7911ba49b475da7b80baf0a88 |
| SHA512 | c3a938e2a24fee3688bd1cbe49729f9903e45239411ab872699e6c19b88e519d11ccdbb63d78a7429400fc76d1949cba0895f1555eaf8c0a391bd447a6f66c76 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | 9cb2724b1be607211d6da8c037612618 |
| SHA1 | abbee2660b856c99d3ab24f2dc2bcc41a9826dc3 |
| SHA256 | 85938aa05bcbb23fddb2ede64a01fd2f773a86647f4249317584e44a53cfb58f |
| SHA512 | 2f19a33e4713f0973c66d59f2491077a08d0d68df8dc6fb34b24d1fad574b888dc83c9a3d07f7f1eecd786c7296f0ae902cc190ad7ef433184e7bf335181035f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e91ec8f766f6086910f8e089059377eb |
| SHA1 | 3f7640019543c691e3391db07ceff9d19ce5cf31 |
| SHA256 | c770588053f1acb78a62e0462d696da3808be72345abbfa095c994556c22f8e3 |
| SHA512 | 2f1d115ac6545b415b40cda22dc26bd6cf112f4a1ad39e3474a18ddca31aa1d4902166cec1aace0fdf837bac8bb8f87eab26bbf7a6eef9c94d3e109191357953 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\favicon[1].ico
| MD5 | 871c1f2e03f0d59f06d5d5262ca7a337 |
| SHA1 | 546bff947a8917533e8a0ec56c689bb364e0cd11 |
| SHA256 | 2fa2f956b179e8c6009c18d6e25c7bdb2b9e946ab9a8df2f3ffe35dc7244d4d1 |
| SHA512 | f86d18613ee477dffc952a4a73ef85ae3a7e87c64b03a6a88723a7c1d938cbdb8c543775d1d3196d4cd0986dca02525b989b924a0f6898586f2e1aebda799422 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat
| MD5 | aed6e6726f7873b859def7f4b380b473 |
| SHA1 | bad8881fb2c0fc3d3014da1ec25fdd3db9e43d7e |
| SHA256 | 39dc540acb9ff6467c7ff468419ecfa43f730854bc8f3fa98c3f7e3b27b18ae1 |
| SHA512 | b10010692768716b09839d1e709434ab00811399aa66cc5f459bf9f9872570cbb6803541891c07f8762abce337f720371d4deffceb144b78f7c5040d5abf098f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | 0356ff97ab62021030dd3e4d68405b00 |
| SHA1 | a5e12faf1cc0da25cc09051c53f16887ae6a2aa5 |
| SHA256 | 493a48be706f6db684c7df6974892ac4806f2754af02536d11abf056b171fed7 |
| SHA512 | 885984db91154bb408720d81996cbaed3627393a44db42aaceee55a52db23edcd84496ab3e6ca67422a0d6bbd7a61d103eac327efbcc2874e8272d82651ecc63 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | 18541a63246921fba3d7cda528a92d8a |
| SHA1 | 84042e52a2e6b21350882da647188bcf175a832c |
| SHA256 | e3bbdb8d1d6c6d4158f2d01cf7a5484e849ebf60f1d1f3f9a2a2b3fc61a2b61e |
| SHA512 | 4915460012337d654ec6c1d4c3fdb2045172260f036bd788cfbe9b8b8685f405798b82d1683b6a0bf9707f270ba8b0099f607431e90b79bef6c91540a61b4641 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | d8953aed409f37b997d040d22999743f |
| SHA1 | e6b5e21eec35ebeddbaa1282eae275b05bded32b |
| SHA256 | 924e23cefe4d116861789fd44bc7c2a27548d2b0c9e3ccc621cc3840ae8d35c2 |
| SHA512 | 3c2fdf44addf3df7563b47a2066e62ea39e04d6561f1edf3f7457f3de43e7cb4d2f890e2744f77695272b0b170b0c7bb407f05b9e36b2b801338b913f0d720b4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | eb86aff3f8a5dccb2ba323e87f3210c5 |
| SHA1 | fef0cb52403b2dbe208fa643b2d52fb59d651011 |
| SHA256 | bb8a62144a2acae5a434c32b1bb978ecdd23e348829e62213352eeecc8593ea9 |
| SHA512 | cfbcf0022dee3826aace76b20565ade467069de06bf4b4c5e330786e5abba2940b12a0cd27c9fd1ceebd780f0aa972be86f9ca5f070397a9470895d148171645 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | 1f9a00aef4d3307b79b596b32b41cdb1 |
| SHA1 | bc1cd3a8da8065a8c7087d1fc3001b51fbcbd0a8 |
| SHA256 | 00d4781acd1f8ab45a4047fd5088771268ae608240316b13501be888102ea956 |
| SHA512 | 18f20b2d441afc5e96ac7e592096f2663fdccd434e5075e5ca27d24d58a0e9a54f15902ed414cc872a2fa20341ba8a211fbac002dc1f3b68d87a935d01f29645 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | bfe76fc446704058382f2a69f4b50dec |
| SHA1 | 1b052167c2448086be3d5298348ab29f265ef3f9 |
| SHA256 | 3cab2cc78d0a79b97972735b3932281fe71abae9dff78c58441bd2b1cb00ccd0 |
| SHA512 | 15153ca0a8a0854b40abacce15e9a7dde6ec6616558e85d2eb6c71ec0ecbc97769e534fee066ca35933df6daee085e1c85ea301536df5579d8398666a6dd4041 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BLOF947Q\www.youtube[1].xml
| MD5 | f6ada765e1351664b79d11adb1c86702 |
| SHA1 | 804c91a77416d6ffd7a0aa7ada73fa462d847ace |
| SHA256 | ab93e710e8018778533e59c66b77b11c1d544f9175bfe2b8b53770b29d928843 |
| SHA512 | 47d8ae0bfea67f6f4804c3850d6ff099ed664d453c11f738b65e3b01ddea212074b308f2fcb4954dcb91e7dd378df422f4d3453198a6f9de989b469187703ea2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95eadbaf9ffe90f3af6d223f745440cd |
| SHA1 | d4e37493a177b1b37d2e0c61bcc8713df3757437 |
| SHA256 | 6dbdccb5d9cf744183fcb1005214cd89ad08838cf797084a199dd9b3582b3f09 |
| SHA512 | caba7d88ed02696d2a63c52f238335b506dbc68df66f2d8149cd1368f676c0237f2e5e7055b773ad863ceb4d00b2d4184aee763e924787bc8e0cfc80bcc07086 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7411aef84f8eee4ccc195aa1ab448990 |
| SHA1 | c33e894d4d0e40f7c1dd793e92df8dbbfe24a717 |
| SHA256 | 5ac566e84d04b80b14716435f78c611c8e573c21025bdf9b2af801fca6a45e2a |
| SHA512 | 7769c0fa6eeda7bb32c9d9204bcb9b8f5681be8da2b1298c044432361754d8bcddadbb39328d4b0605d9ede0f66158f2a44684d38902683589c43e134189a05e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 284cc464222aa27186b04d4c30f173be |
| SHA1 | 3b31e5d1851fcbdabf446a8a2339e87e89a2a7ac |
| SHA256 | ca1fa722d070d2f5e6a0da7a7a267f5a3efaf667a5e0abd48dc9102612fb7c73 |
| SHA512 | a3696c3a5052f0771dcadedf15d8d61e068dd2427a0ea39f0b245afabf0db49311500f6f4bc07b56e47d5889529ceee2dd9d587f76393752f7eb935149b7f7a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c4985a982f1ef0443eb51904e15ee18 |
| SHA1 | f1f0bf9d03888ee62af320b3e0a8e475c4d88056 |
| SHA256 | a2a0e0141858bdd9af3a6656af2dfb597680bdac4e1a77d32f232ba1b578e104 |
| SHA512 | 17d4a8b52fb9b78b1441f974951895c2e3d9ac220b6c4a84bb69c39a6351cdc8cde4edd4854d9ff863ee47c9c3260fcb9b26cb0a0b1b7fb1d5dacf4613baea94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c1c02c7d7f4fd469766766ff3a64054 |
| SHA1 | 0678fcc541f085314a708e47763723dd2e8d42cd |
| SHA256 | 330e117a4821337be3996ddc4e4e641c9708174737ce9e067047251199e239ee |
| SHA512 | 7154e6bcb308ced9edc2d07a2c9dbec5d7df35ba85984ad6eb12eefcbfc0ba6a807fa7f3076c5a9646709483e0591dc21bb96440b190f6c767c33154224ac7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b533e93c19b677d9e69212c5e56b8bb |
| SHA1 | 88b76eb22a9a3471d3381ad8be922234ee75ecd1 |
| SHA256 | 4f2685475b7698a3f6da6085001debf3a363aca715d2ac96d650a96cd1b5594d |
| SHA512 | 42f429b36470e6920702590348d0fb6c0b949732331ae4fa3b3fcfb26549188beff1b1f5e7e2111694a9b89d33917fd7261562ea1bb7ef4dbd33f4d728613369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d31064937dae422a56f42dbe76ed1b6d |
| SHA1 | 21448cd7d04403fef9a062ccbee68a41169c5d91 |
| SHA256 | 3756472ad153f79e6b41097a4baf5325bc36e7be0ee1b4ce3fad7e350cbf3362 |
| SHA512 | ec2e2135afcb1498de0197770db646ab004028381d2fe30e398970e8230baa3d1f83ce5bdafea20586a63e3b98c5ddad9304595dd64306099282aafa6d5fdc32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02c79ffc782023b611fd2f409fa427e7 |
| SHA1 | 8e815ad53aec6186a63bb1317181ffa7d2e158fe |
| SHA256 | f42e0c00bb2a5f203658af22e4870d21aa48c02013d0c6b9d221a7374b697c49 |
| SHA512 | 2ec16e2a71f3baef5aa569f8ef7b89eeedef74bfd0e56d5efc0ddea333aaab7342c161ab2c0db05021ddeedfc8920d27624ef7b2bb228abb6ab3ff90fb719663 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bfd698d00d396d36f996e65dceb6550 |
| SHA1 | f83be0b5b5cc13aa857983ef7c1130c2d8cb5ddc |
| SHA256 | 203cf33cdab3e5694df74066aba2b97ceece24d7b716249afc0be50fda6e244a |
| SHA512 | b9980858f540d73b68f28c25dff481a9c7a4c769132e5e6ef75cfc8c023e7670c8a320d36f7e0fc455f2875377aad6ad53e61742376b90bdb8cf5ef0346de5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6c7b438f4c2d2ff768b624320d54eb |
| SHA1 | 80cd0710d4e69bd54469736b0499c44ed2291e3a |
| SHA256 | 79d87dcb8209cad9632c4c4f457a83f720cdd15705df55f11e962e3dd547bc15 |
| SHA512 | 7d34c0fddb22baded5b4a6e13bc8bc8d1a838e312191655b10176e7eb490a620b516c9ddeff039776517d4b0d8009daa5c42a57e78e7f4207e6bec48100c9de2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 04:22
Reported
2024-05-10 04:24
Platform
win10v2004-20240508-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d50af59ef68621f4ae35eed7c255093_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b1346f8,0x7ffe6b134708,0x7ffe6b134718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2952 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4c0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7025318614035204148,14344302077319906188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | layanan.oposisi.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | dinhquanghuy.110mb.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.226:445 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | imemovaz.googlecode.com | udp |
| US | 8.8.8.8:53 | andreykusanagi.googlecode.com | udp |
| US | 8.8.8.8:53 | mybloggertricks.googlecode.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 172.253.116.82:80 | mybloggertricks.googlecode.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | www.lintas.me | udp |
| IE | 172.253.116.82:80 | mybloggertricks.googlecode.com | tcp |
| IE | 172.253.116.82:80 | mybloggertricks.googlecode.com | tcp |
| US | 104.21.59.55:80 | www.lintas.me | tcp |
| US | 8.8.8.8:53 | t.ly | udp |
| US | 104.26.12.201:443 | t.ly | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | vicahya.googlecode.com | udp |
| US | 8.8.8.8:53 | s2.sigmirror.com | udp |
| US | 8.8.8.8:53 | js-kit.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| GB | 13.224.132.52:80 | js-kit.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.78:80 | feeds.feedburner.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 13.224.132.52:443 | js-kit.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| GB | 216.58.204.78:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.145.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 216.58.201.110:443 | img.youtube.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | c.gigcount.com | udp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 54.162.166.225:80 | www.reverbnation.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| NL | 185.89.210.20:80 | ib.adnxs.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | www.alertpay.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 151.201.135.114:443 | www.alertpay.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 54.162.166.225:443 | www.reverbnation.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | udp |
| US | 142.250.96.120:80 | csi.gstatic.com | tcp |
| US | 142.250.96.120:80 | csi.gstatic.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| US | 142.250.96.120:80 | csi.gstatic.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:139 | googleads.g.doubleclick.net | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.166.162.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.135.201.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.96.250.142.in-addr.arpa | udp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.242.47.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| BE | 88.221.83.242:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| GB | 18.239.238.36:443 | d167qii8h0pw75.cloudfront.net | tcp |
| GB | 18.239.238.36:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.183.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| GB | 143.204.178.12:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| GB | 143.204.178.12:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 36.238.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.67.115:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| GB | 142.250.178.1:80 | lh3.ggpht.com | tcp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.scri8e.com | udp |
| US | 208.87.227.250:80 | www.scri8e.com | tcp |
| US | 8.8.8.8:53 | s2.sigmirror.com | udp |
| IE | 172.253.116.82:80 | vicahya.googlecode.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| DE | 141.101.120.10:445 | e.dtscout.com | tcp |
| GB | 157.240.221.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 115.67.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.227.87.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.240.56.149.in-addr.arpa | udp |
| DE | 141.101.120.11:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:139 | ajax.googleapis.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | grasakfuckaudio.blogspot.com.co | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | udp |
| GB | 216.58.201.97:80 | grasakfuckaudio.blogspot.com.co | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | grasakfuckaudio.blogspot.com | udp |
| GB | 216.58.201.97:80 | grasakfuckaudio.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3908_IUGLQAIMSNKYZYGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57459bedf14da63533baa6677128717f |
| SHA1 | 041fb7f9494d1e49cc991ca90677182424660f3b |
| SHA256 | 2e08da43fe6c6085510f31fd331aad106a2c69475998666ffbc797388d587021 |
| SHA512 | d6a6848c2279392601987459343e800e7bec69b5b34c9cf385c0d46fe61741a00ef2356dffd419af4d8c2b526a35dd75aab847985754be18aa302ff85694ba58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3a55857e0f5781e4e576eb2ef4830d32 |
| SHA1 | ad2b2ae6dd1a372f1296f3b2648eea1c31cd4efb |
| SHA256 | dc2273745d6fdeb5036fe1a4aab94a1a5658db18c185f90736a4adb4167e242d |
| SHA512 | dde64b13faea88aba5599a7373884e4740c18f9e79de66248dc2956439be95380bdec8285b93fc79208dd175b997e36c735e9cc9eaaf9b631f5dfcbd100cf071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ecce88e23ea6c84cbadd668669d32d90 |
| SHA1 | a98a6e9a38bc40375fe5ff6d00ca2d0083c83a8e |
| SHA256 | e8008c9aaaf2ba0cf95de09d1d9e0ad20e3cd6edd93cf6889d47274d979bdb20 |
| SHA512 | 9dd3a7a9612a959739dd6cf93b8cfd6d05839e26b004fc0273ba248bf1fbf7092998dd9a77f6bceac6bab93efa698342ef90ad1b47cce5eef4a48f04464e10fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d9802134a1ce0c282334a5c7474dd6c |
| SHA1 | ca6303adbc7530180e856c77b1c0d38c024e28c5 |
| SHA256 | 1ce9cf221272bcb3ae83a7b5222016b0399bb450b94b3fc509f8c1f0bffd7564 |
| SHA512 | 3e84c7cbe03b2916dea4a426a8a0f5d3888f9c6d9982cd219a64ff57b4f8ff685603a07909b213af149ad6edd2dca42b272a94aba2d328eea2665f4d2cbaa6dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 776b1f11c42167253521f48761886e11 |
| SHA1 | 6e14aece402084e0060379395d635630f737d771 |
| SHA256 | 291529d340ff57f427343d0f46be0da206516d208c0f1ef808e03af6dbab7bb0 |
| SHA512 | 25730ae039321a0dd7637fe238dfbb2352cfb1731e99f017765accb30a4c9eb29de65d883c38d427f089508ba58a8f536587c5006e8d98b161898e4feff2f55c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 957f6b0a10e4aa6f8bffc30b098e867b |
| SHA1 | 4447451574058b2f3ec97ea2445ef7c81f179e63 |
| SHA256 | d1810e301037225e203bebced0065b540386d9105138a69ee2b67a3fbb4e605d |
| SHA512 | fb626eb4ccd9033ac6f6bfd89213d29f148858fb67f138c7bc2081da0b46e482cf248e9c04560b291b7b3059dfaf75c6911bd23ebf5b05ac1cd83d76016451da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e6f98d0c56a5561d82f545795dcc4c4 |
| SHA1 | e08e7bf1cdaeb6d7b98d918d41913bb1db3f7cf8 |
| SHA256 | ee805a8072bec14af5ce61a3a4c3b9ceb6d0a3c8d9fac9c2d28eeae55872401e |
| SHA512 | af0c9ce0cb6129027dccc7563bbe990b8024dd3b11d8afa883b3da198932c908f78ac3e2f555e186e5da24f7954d5ca859dd14c6305d00da20bd36cf6e57bd17 |