Analysis Overview
SHA256
c7acdb749f3c5c6dfb50c6dfa490a297bdb58b577a65e02d1cdc65bc08db3120
Threat Level: Known bad
The file 2fcd591796d5e5491264f3d2255d0764_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 15:30
Reported
2024-05-10 15:33
Platform
win7-20240419-en
Max time kernel
138s
Max time network
139s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "87" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "141" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D4862D1-0EE2-11EF-AE27-76C100907C10} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "87" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "141" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0244232efa2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "87" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "118" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "118" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d0c2bd57fc9de32536d6c8d10c84bde00d9c465f59a30507c28397f8bba9a1cd000000000e80000000020000200000004d7954ae2947b234d956e2ad8b39e2e352837daea88727f2fc4734da43601b4220000000a941b3fabe69b24c570bfcf5e23593e253d7350d99be64cecba65c3ef901ad4240000000956c0dc0fc635d04023472b34cc6be857f8691c620c9354d4d0c68377cdd86e02ddc304267af48a9ec3ede2ae9956bd9787afd07d941dc63e01a676d0721813d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f95b5c8e9983f3bf6fbc4dfb642834afb19c0d5bc1e3db32bda6796c7d1d257b000000000e80000000020000200000006e35319a0b641ddff81f3b6d93ad497b7e4ddebe02f1c271d912f1ff706672dd900000000ab600fd95fa5926d188ae261e3c31f68c6df8682fe72b5ac216f1e23aa0886752192304c2d283e62af48f8571f64a603c06acfcb555d02b055c7db07552df6df7701fa1c2ff23d02f843427a2933be6504ab55402f6ebe6a6143e8cd636cdfc4114fe604b4957b0e6252b942e262929ca10c13155867bda66362290e51eb265a11f16149e40d22d6a6ed247114cdc9240000000e4c40585771e96c3c2bdfe7408e87e4f6cf192e950ad7707a3441c45fef95624599c8066f9811923edb6d7f5bd002acb03b36a2e8248a9ab1a7d8e7d1bd37fc9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "141" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421516928" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2488 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2488 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | a5.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | a7.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | st301232.sitekno.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | ji.revolvermaps.com | udp |
| US | 8.8.8.8:53 | www.waktusolat.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | sphotos-b.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | widget-6f.slide.com | udp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.228:80 | t3.gstatic.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.228:80 | t3.gstatic.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | photos-c.ak.fbcdn.net | udp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| US | 8.8.8.8:53 | widget-40.slide.com | udp |
| US | 8.8.8.8:53 | photos-e.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | photos-a.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | external.ak.fbcdn.net | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | j3.tagstat.com | udp |
| US | 8.8.8.8:53 | a1.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | img230.imageshack.us | udp |
| MY | 45.127.4.206:80 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:80 | www.waktusolat.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| DE | 185.44.104.99:80 | ji.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | ji.revolvermaps.com | tcp |
| GB | 172.217.169.74:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.74:80 | ajax.googleapis.com | tcp |
| US | 38.99.77.16:80 | img230.imageshack.us | tcp |
| US | 38.99.77.16:80 | img230.imageshack.us | tcp |
| GB | 142.250.200.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:80 | img1.blogblog.com | tcp |
| US | 104.26.11.22:80 | www.widgeo.net | tcp |
| US | 104.26.11.22:80 | www.widgeo.net | tcp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| GB | 142.250.200.33:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh5.googleusercontent.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 142.250.200.9:443 | www.blogblog.com | tcp |
| GB | 142.250.200.9:443 | www.blogblog.com | tcp |
| GB | 142.250.200.9:443 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| GB | 142.250.179.238:80 | maps.google.com | tcp |
| GB | 142.250.179.238:80 | maps.google.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.187.202:443 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:443 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | komuniti-blogger-malaysia.blogspot.com | udp |
| US | 8.8.8.8:53 | tripwow.tripadvisor.com | udp |
| US | 8.8.8.8:53 | tripwow.tripadvisor.com | udp |
| GB | 216.58.201.97:80 | komuniti-blogger-malaysia.blogspot.com | tcp |
| GB | 216.58.201.97:80 | komuniti-blogger-malaysia.blogspot.com | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | busuk.org | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | yazidanefantasy.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.33:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.228:80 | t2.gstatic.com | tcp |
| GB | 172.217.16.228:80 | t2.gstatic.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 188.114.97.2:80 | busuk.org | tcp |
| US | 188.114.97.2:80 | busuk.org | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | 1.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 188.114.97.2:443 | busuk.org | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.refers.es | udp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF10.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 307e6b99288d7ec1dc81c213dc4babcf |
| SHA1 | 727c8710d266427bf596c744415c70cef1a34800 |
| SHA256 | 2da8e3b75a3237bb1f1a99c60eb7999d9011d6e90628a9404aee900e5bdf3ea6 |
| SHA512 | 38497859fbe84776feaf0a81a75c247cff240f2915a9f8e8065cadeee17d53c772909fefa7e78455ba64f79f7e351754204f54961d3638d475496695e6e8dc25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 30ba39f0d9dfc242bcf5a13148c65714 |
| SHA1 | f35a36a5dd87eec68ee6d1e621224995838f30f2 |
| SHA256 | 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8 |
| SHA512 | bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d9ccc7655c5840f43ae3ee76ade48342 |
| SHA1 | 6fe63af380372021739ac08db8e353eb60e0498e |
| SHA256 | 244f5a855d2f2079fbf269ca7037a086d5ac773ada341b3999ab89835f13807a |
| SHA512 | 9c78f2fee56dbd02c1bbce127e09b0e3453b30270b018020ace00496d6116a470474cefe762a39e8380afe7e39441239895460a18bdad1d8a39b2458e594b8c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 7af0e17aee1a521cd18d28d006d43abe |
| SHA1 | 4e4c17147eeca59c856dd0b52eb004dbb1c7e8fa |
| SHA256 | a902ef80deedf7e0866bf10959b7444a752f25dcb1ce3d93991663cdf78cf7c2 |
| SHA512 | b854487ff4ee1ccbf4c33ae01a5fda3efba3eb0585152dd138e896c31905bc1692b3a8f90f445cfbfd744341f0342174fb22b61602de16fb810d6d4e0674a639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ecf735eedf66fa2120ea2ba0d8da16ae |
| SHA1 | 626f2fa1c8fe77d048f250a5272b586cb55f3e48 |
| SHA256 | c424184e77b418f871ab188a280301dd1b582a49f14daf1f7505e514e85cf2ec |
| SHA512 | a7f5f1f03fc6309782b0d54d04d10fdbec7446777b91cde339b3b544e24ca61e57d6810d0c1e9a481d3c1053bf1c855bb6f0dfe4faee27739f0246899047351d |
C:\Users\Admin\AppData\Local\Temp\TarFDE.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5c28fcf9ec722fc35e7fbe70e511603e |
| SHA1 | 9c041e703542145bcd4709574a8b761bd9d9fadc |
| SHA256 | a9198b0db91fde8a74acef6ffbb3cb02be26c7885b824d3ffc9a70a4214b156d |
| SHA512 | 08040df5c80c571aabde238213a4c37c24532910c57052a7097a5a516ac0cc674c5a513903f17389da14f8ab42abae12303572ce7caff750080e663e1eac95be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | db9ddbc658d6dedfc8c03277a8de1f15 |
| SHA1 | b191335171c6b05e4a66aabaa594cc2bfe59a03e |
| SHA256 | ba64ab7cf3a1379ba426e4b194533c76c1b98122759f70dcba949adae62aa1cd |
| SHA512 | 70dcd322bf197b84e0cb9d7addbeef2183b61602dd59ded2418367707fa82cc32d54c88e83b5c62019b26fbf6da46db38cbd9a6a2c938009cfe4608c91710af3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50d8b60888f7a048134916b1fe8b362b |
| SHA1 | 2af14ecce54bf98b7ed0e8aa041183a10d6e9cfc |
| SHA256 | 398171c47293394771cfc6b0cfa9a623c637e93fe7032d01ca2ca92af01d6018 |
| SHA512 | e361aba4b74bf3b645fbb541cce5f924bcff1787749c791d169da0bae3df4088c5b7a291209d588e2e4b4e048ea1af26e0eac0925a4ed8755e8844231aadc027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 469d46e6d36f6ccae2f32fbe0a69ea01 |
| SHA1 | de4f9dcfe0f1a174af9cb67abc21ebbdf54f9ebd |
| SHA256 | 4bc6e15c77aa9a41610be0608910fe2493f91986a1832d7475497c4a31bc598c |
| SHA512 | 9455e16975fd347668aa4c18f5500575637999aa33fd84e13ca05c3d46d1752b0d0ea5acd8b8903533dcb18266f641ca0c4f01e3fef3db10e2b4f3f015b72fff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d07e46805d7cbf4f77cc5858716c5ec0 |
| SHA1 | 797b9996b7d3408f492cdc2d21d903c55d2d2db1 |
| SHA256 | f0d9691a7db90f31075d5bd0b5a13f9aceae4ade686a8a957cfa0e76e9a8a02f |
| SHA512 | ae7d8e067c375c50f912021e77c208b016764d1eca9e3a5a7b60daec0f869086f08c7eae5135442d80f18d8a31de69a9ed7a48ff2693761ba958bf2358605c34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | 43ae1240e82a88c27729aa2e43fdcd18 |
| SHA1 | d3d075e4a91481cb936b162a4aef36a7ec25ee70 |
| SHA256 | e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2 |
| SHA512 | b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\http_404[1]
| MD5 | f65c729dc2d457b7a1093813f1253192 |
| SHA1 | 5006c9b50108cf582be308411b157574e5a893fc |
| SHA256 | b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f |
| SHA512 | 717aff18f105f342103d36270d642cc17bd9921ff0dbc87e3e3c2d897f490f4ecfab29cf998d6d99c4951c3eabb356fe759c3483a33704ce9fcc1f546ebcbbc7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\platform_gapi.iframes.style.common[1].js
| MD5 | 7ef4bc18139bcdbdd14c5b58b0955a67 |
| SHA1 | afe44fd9a877f81a3c36f571c0fc934324c6cbd7 |
| SHA256 | 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838 |
| SHA512 | 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[2].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db98583a7ebd5da5d85705c5b682f2c7 |
| SHA1 | 5af6510623cb6e6adfdd9cf8062dc36c7d0f297c |
| SHA256 | 680fa398b707d530060af702449de20e8d2305f6c096f1a93f737c555166e134 |
| SHA512 | 1a383f1add1993fc118819e37b53bf29938ba5adae65bc8ae6ca7ae9880069ad897ee47fd00e9175a510f0d71cb97cced7e2cae7cfcf26bab2a337fd371f8373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab84c90917fbd3c935339bd00e817c45 |
| SHA1 | 6ff0f722c216c93dd8e68437590492ce47d2aa6e |
| SHA256 | 496324fcdfec87214ecc32c6976608a1fd936ef1b3a858c1f70c48d4949147b3 |
| SHA512 | 2e0028912e66cf652e684b8af59913a222d3adcc09e4a31a19ffb8f3c10ab0f77de290b08e4b84f2c1be39cd354b828faeeff0f731208d515165bbb6b5763b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88d56f52dc91a6ed86e20e4e765bdbdb |
| SHA1 | 43c01af6d1c454955f4e0f9c5b1237b9430b5212 |
| SHA256 | 8bd29f75da54855c23e950bfda255ade94f4d70397ce61234dd724f263c83cf3 |
| SHA512 | 1e4b76227f446d6d0ce2913b11c590815254e03cb4a2df15033b555203ba491148e075f367b8fefb195b5f91c569a6380f696ebbc84f460b65937ec3102c13fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 409684e153a4380e699f43c43e260a43 |
| SHA1 | c9a2880718812bde8ee5b95325e19b6bbffd18fd |
| SHA256 | 8e0f40b3fc1bef7c6fa005cf02654354d0c0dc71d2f6db6227242eb1ca5cd640 |
| SHA512 | 8e098bbb2dd454fbf51372b21e0828307e299eea46a98657765e6e2cacc77add5a5a350a15e52d5a3849b8bcb5ddbad4f625f2e8d0a19f7e2e50783a13e94298 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8733d4f85a821982dd5b2de173fbea |
| SHA1 | a8f9224928e9b5f0edd0a53d8026fd12c4dfc7ac |
| SHA256 | 69a520b16a762eb53c49526e165f750fa0b2ea1229b1b7639f44842db9950b39 |
| SHA512 | 6ca5d10db6c11f62391253dea1ea2551dc9a5e046769eb6b91b7088365c11da6e63522be04ed3e6f911e2fdeef851cb59f80c3d310bdc421bc8708e618b1e19d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\jquery[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NQROPEEE\komuniti-blogger-malaysia.blogspot[1].xml
| MD5 | 5f732a9a0be42ca1b5144748eae35ec0 |
| SHA1 | a2f8ba7e72cea8582179acc5e4aeac874d27c0ae |
| SHA256 | 907520607a15b99723afead6cadfbd8cb2ace6c8146760a4b196cb0e3e8279bc |
| SHA512 | 2e8ad7452f75b80418ce59c94007dea2838280c1587a0011da9e0ef808cee9fba306b59fd9bd68b69febec8aab0a5d5c4060ac143f42743a4afbad3bf7ea8403 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NQROPEEE\komuniti-blogger-malaysia.blogspot[1].xml
| MD5 | 25e047ceb7a6021032f473222e119a93 |
| SHA1 | 6cda48c4fc4cb830b666f091684f55a55a9c3c61 |
| SHA256 | 98edbc9c9c30195dc323172a54ef6a3c54a940812a8e0c06c0174076ad6a8e80 |
| SHA512 | b7f0c38988ba9ea640feb2ba1513d573456e6cc60548ec69afaf5c1755622ebcc07c352b3b5662564453c1b1d930b433df68e0eeedff97554a5623eac70057bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98663ae8dac1f886d7db20389dafca19 |
| SHA1 | 704c91c78fa399e2cf7af7cb91cbe04694ef25de |
| SHA256 | ce06bf93becdc27652a272f659c28c5ddd60646d7eb4fa2d18f10e912921a2d7 |
| SHA512 | ef7af91e74511036337524a6e08e929c9e799a1d80a4889fa6f1048574c90dbcdc867de9791a1ea21d8e16482b692c623b8d9024b7b44f56614b08207441198a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22d684258f810b2b1c6c0801c37044b6 |
| SHA1 | 211376f085b6db351deb52f08f0af1b64bc267c4 |
| SHA256 | 272019a737e1d7e117eeae10b7240eb23ff64a30fe8f60cadb51b8a83102e3ec |
| SHA512 | b8975048133b2339cdf9c53ababa2f6440592b97465f500f6ffada9f11e3198314c60a505523524734129cfbf81fac00224d99ce93593e1b0e36cd1a3250cf71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca4e1207dddf8c5ebda7a2f917cc5b39 |
| SHA1 | 57a7ade168546c34d44d2202746253b93f509d30 |
| SHA256 | de87145f43fbfd8687d594193e341e776b6b8771130b1aa9db4e5a85be77691d |
| SHA512 | d1b9e625726eabab87ecc1cf5648f1321818a7fa546e6c0b2252b0f2b094a7d5b6668df25d43d8cf6ba5b6360a6cae9491eb1827dcd684b7c8d77ed2891207c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d753a527a02192bfaee58e28af0a9ef |
| SHA1 | 53d91a19001d49071cd5483e9bfc7e1106900f24 |
| SHA256 | 2b37ecf984120f69b022c66679b5ef944cf6b7ad23fc38c2d2167a8e04f6e956 |
| SHA512 | 485a6b115ed96b2001490b21d9cd3831a134e6c4b3a0e14e048d25c782153fb10e402b2f797e7ace160111a9791748581cf4b31f096e13d5c886e49815ce3148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bce3f82a5511c45b2fcdcaf73e929bb4 |
| SHA1 | bc758eff997c4e25204b749c6816f632899675a1 |
| SHA256 | b5d7efcf9de12ea37dea2fc2be0fad4f0ece10cf0cf776671f3c547d538b7b41 |
| SHA512 | 2a707ca1f134ae72de0e6f6124fff4eaf90583e6eb8b0ad357eb7fd10777a84f772b72b57ecb0b37d6c1f03dcd78dff102d3dfc754afc04b61f35cfd01f8752a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 891b9c14082d0d1c5009f359ece9c613 |
| SHA1 | 9f40fb71d30fdd6ba16c263fbd73c2a44888bc84 |
| SHA256 | 0dc7b5b9e79ca03f03a93fce9b8e14b18f87f54380dd72d4c0b3c6ec166c9bc5 |
| SHA512 | 76a5129eec4ed6cccd973766596ff908d3be9ef987232d5f8f549a813341525eebf321f7f1b72706e9d8454ddfa3aaeaa575590f08b5a186351e2097b2bce9b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df42b724c8eb6d2660506bbbc71549c2 |
| SHA1 | b2a557b31bc02fbb50dea0a3d3898c612a04307c |
| SHA256 | a9459a30c0ae538c1cb50600dbdd79f54b007818ef4ab5fb901aa74466a83196 |
| SHA512 | 8aa101333ddea7915b5a7c5b30de09abe6b60b1112a5c8e92f726f9165e78b3018869b3e81f2528cc83fb5b1acf6a198bec17c1f4a3fb07e7457e4070c6f4a4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31eca5e95046986a14472ad5e17e04a8 |
| SHA1 | 4bff72823c9c2024bf4125dc9ff1c9f15e3413ae |
| SHA256 | 155f7adf34cb0fa302ea882dd74ea9b911bb2b1c0cc97dfcfa9c9501f1ee1822 |
| SHA512 | f1758f460866ade73ed2a7dbc5241c1bc35e692b33942ded0a6ed7f1548e14b0349b246ab5a3e2225583b13b823da17aefef9102b50f8cb15efb41b5e4655b96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c584a101d19dbbafd32fd84fd04562f9 |
| SHA1 | 3012e7dc2aa4eeda28a7fa33e09d8d0750314cb9 |
| SHA256 | b8f77a4cb5cfb55ddb9c1c82989100553ee53f91cce083a3f48575d956801ad8 |
| SHA512 | e08e24972078b74e28bc4313378d5da5bdf62b397adecc85121d468c529a24e7279446d17ccf36c96d778171e31d31696be4324ec32a2a40da70f7ab3bd67893 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 267754d6642e93b1bd59b190b4349470 |
| SHA1 | d3e905a759a699ec8a0a4bb8d3fd70718ca89f16 |
| SHA256 | 5e0d1d26690c26e16ec56d9e87d2691a4272d36e9e96a7e6c47990147d7e810f |
| SHA512 | 22efd20071e7d823221e681528b93429f74fe58e4d339771d6d11ade847115d6cc37b04b636a0580a027d2872ea7ef95b96efd64ebaa4756b52b16c50e0b0495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f800927e101fc135d83b34a0c144525 |
| SHA1 | e04a920a2443c30fe31c36cc77c5c5630fe5a938 |
| SHA256 | b10418f923ebbe0d2e1488e9f20df7a3e911db4779ddcd79dca099ef2aa80254 |
| SHA512 | a297d931d1c4c4c16f7554cc16ee7513739e58ac8890ec9f492fe5efdbe5e9fb8f31c8a864f424629c35351de05f6f3cdf5d079a43388ab7dc2b8f936f0cc165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f444c6e3c086b6af783bf6177260ab8d |
| SHA1 | 26fe6796af439327f8508c9289be1576670476a3 |
| SHA256 | 089331b878f9a671e3140c5eb7bf853be2c5e90f776afa47beb333850249bdff |
| SHA512 | 9b48e0dcea1afcb7be980dd004b1af435e000962fe07a84fcec0a33a4b0e604388b172bc974567160d3d471cd97397e1fba774d27a4a3e9a71242d947a2b6dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e181f751c448c09f78a3097b5aaaddee |
| SHA1 | fad533b054455a6ac3e5d592b2a3ea2f8de7a969 |
| SHA256 | 8920e2cf89c8f410215da886a848ee1f66785d15816bb80e189f86a00edfef0a |
| SHA512 | 28a3ae4e0d34b936006557de4a089c3dd0d85e1334248e22021e9c21527631fec9bc347f427cb6696723e0298d29e41f58856b6b4de4d34a26e0c738b903ebf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f832c0a337e81d5415ba735afa280013 |
| SHA1 | c5c59abadb31db817ed6a8005a5f6c43036efdec |
| SHA256 | c027c4677148a9ad8dc342ee6b2603fbdda7b3c794a49bde5787e9dca3c4581f |
| SHA512 | 6d357842cb3a1e2ef101c132870c11c82753b138745771ce69db2cb4b5dd3e8fe97e4a57d2f38d886a1ef6eb9c8bc7be743199bf0c2ebc9126426eccf7754f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef4c24d841b9de428b234108f4560d98 |
| SHA1 | c5e253edb7e096cc22ede4d11da282a0ba6a40d2 |
| SHA256 | 43961c16aba79de7b40dd2c3e4a5a6c3664068fc180fbd11fa4ed2282a8e1ef0 |
| SHA512 | 3f729f3922f37e7fdb0e75c517da99fdb4b491ce3b19ce842b24679424593a6a901cc58421eaaf7d2e06a7e7630037340f7156a57acf5f94a6a4d7ee18e365f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8501f6b7daeb763230a2d9134bcca18f |
| SHA1 | 1cde03c2b888a40f1219d1cbfaf08c36151e8b42 |
| SHA256 | ed8cd71cdce2b32bf114c892bec622c94913ee3b153f9c1b9a22487dabe8219a |
| SHA512 | 878dbb59b30e9facd9ab350bf9d480ca1f14931c89897b30f45c0ea376cb00769bddc8a517e805a146843f6d0995fd3660ee39dfed3facfb3a27c76be7d2e0bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b954cbf8249c6452120bc8d01325ebd |
| SHA1 | e4da1454b2152201edc3f8b14088b6d7f9759300 |
| SHA256 | ebed9b1783bf976a644dd461fafbef74181e6eb43a377c824dc732106adf5a09 |
| SHA512 | 0c16635dac34a0b491abfecd853f4f65ee91ad872980e8f7bc23d3963179083f5d8c380c4db066873350a934c68bb0364168f7f4655834cad3325b45ea59daed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08d3845c55aed0329f9a2fdcb18fdcbb |
| SHA1 | faee759d7009152ef440d2dec48a69830cd8ab92 |
| SHA256 | aff4f469719aaef06609797afc97ae1187e3ae3d0e34b99752ff4018e9772fac |
| SHA512 | f076b59f99341cce3c8401d3758dac326f638b5e613170923daa4e7b359f1412130ec7eef778a279a7db6bdca9603f022a29c2b7118845d81a4fea2a679e1794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d463361bc42c6f6db01d25bb914d65 |
| SHA1 | 4df8195c93c4d30b0d4715b5c79b0860740a5bd0 |
| SHA256 | aa4d9b7f1a149d52a31e15dfe970b260b08608e64cab7fd9777dc0447bb7c3fc |
| SHA512 | 75007b701854a3953891a052918f3443489b4cefaf6d739a5e029d458f9bf7774b9b00d014d36973dcaaa51ec7101f41dac2beab5e46abe43099489d150b2442 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de6651d94fbab7ce7d3343b3caa5533c |
| SHA1 | 5f2e1ea1ef4da45fe631951cbd47aface751bbfb |
| SHA256 | 090b6eaf7a24e218baecf4a67eecce686f6d1e39b75ed21204095f1c1d452265 |
| SHA512 | 0d79b35e32989757bbd0a6fbc76ce46d41b71c957485075eb327ae5c0d935194b663f2f39da8bc9de3fd7c370a54b14a55b15cbe410069e9f988950fa3377fd9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 15:30
Reported
2024-05-10 15:33
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc53246f8,0x7ffcc5324708,0x7ffcc5324718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2576 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | a5.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | a7.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | st301232.sitekno.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.228:80 | t3.gstatic.com | tcp |
| GB | 142.250.187.225:445 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | ji.revolvermaps.com | udp |
| US | 8.8.8.8:53 | www.waktusolat.net | udp |
| DE | 185.44.104.99:80 | ji.revolvermaps.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.200.9:443 | www.blogblog.com | udp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.104.44.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| MY | 45.127.4.206:80 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:80 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:80 | www.waktusolat.net | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | img230.imageshack.us | udp |
| US | 38.99.77.16:80 | img230.imageshack.us | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.225:139 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.238:80 | maps.google.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.4.127.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.9:443 | www.blogblog.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.revolvermaps.com | udp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | sphotos-b.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | widget-6f.slide.com | udp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| US | 8.8.8.8:53 | j3.tagstat.com | udp |
| US | 8.8.8.8:53 | a1.sphotos.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.200.9:80 | img1.blogblog.com | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| GB | 142.250.200.10:443 | maps.googleapis.com | tcp |
| GB | 142.250.200.35:443 | maps.gstatic.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.200.10:443 | maps.googleapis.com | udp |
| GB | 142.250.200.10:443 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| MY | 45.127.4.206:443 | www.waktusolat.net | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | komuniti-blogger-malaysia.blogspot.com | udp |
| GB | 216.58.201.97:80 | komuniti-blogger-malaysia.blogspot.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | yazidanefantasy.com | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| US | 8.8.8.8:53 | busuk.org | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | syoknyatv.blogspot.com | udp |
| US | 8.8.8.8:53 | www.refers.es | udp |
| GB | 172.217.16.228:80 | t2.gstatic.com | tcp |
| GB | 172.217.16.228:80 | t2.gstatic.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | tripwow.tripadvisor.com | udp |
| US | 104.21.26.218:80 | busuk.org | tcp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | photos-c.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.21.26.218:443 | busuk.org | tcp |
| US | 8.8.8.8:53 | widget-40.slide.com | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | photos-e.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | external.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | sphotos.ak.fbcdn.net | udp |
| GB | 172.217.16.229:443 | mail.google.com | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 104.22.74.171:80 | whos.amung.us | tcp |
| US | 104.26.11.22:445 | www.widgeo.net | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | 193.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.tynt.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.64.153.173:443 | cdn.tynt.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 172.67.150.119:443 | arvigorothan.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ic.tynt.com | udp |
| US | 8.8.8.8:53 | glakaits.net | udp |
| US | 67.202.105.33:443 | ic.tynt.com | tcp |
| NL | 139.45.197.242:443 | glakaits.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 104.26.10.22:445 | www.widgeo.net | tcp |
| US | 172.67.69.193:445 | www.widgeo.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 67.202.105.33:443 | de.tynt.com | tcp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.14.97.104.in-addr.arpa | udp |
| US | 67.202.105.33:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 67.202.105.33:443 | de.tynt.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 67.202.105.33:443 | de.tynt.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| GB | 142.250.200.33:443 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | restoranbasha.blogspot.com | udp |
| GB | 216.58.201.97:80 | restoranbasha.blogspot.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_1496_FFPLZYXILITEANOY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd3614cebd67c45b05197fbf2ae28ae9 |
| SHA1 | 034fbed6cc518dc19aeb44d1f24210d287c460c2 |
| SHA256 | b51824df13bea1a92e0eff827ae1bd55690fce988ec07822964e392c619d4597 |
| SHA512 | dc61b9278e709b7ca05e4b68a53c0a200d0575c030477a60751937c952bfbd855cb35c24b84285dc6637c5c96d3fe32e9e8866e17d52da73a3aabdeca51b0365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | b6c8122025aff891940d1d5e1ab95fce |
| SHA1 | a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4 |
| SHA256 | 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e |
| SHA512 | e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 88477d32f888c2b8a3f3d98deb460b3d |
| SHA1 | 1fae9ac6c1082fc0426aebe4e683eea9b4ba898c |
| SHA256 | 1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8 |
| SHA512 | e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2946d86702152219694800210c005237 |
| SHA1 | c2a26540968f44c9a9061fe8ea3d8685e574581c |
| SHA256 | 2c157218c54dbc17f8a72d4555077c04e5d84edede0b0c4d81afa9e0beacfe8b |
| SHA512 | d02e81a61073de0f4727bd2b1a8c617c86ba0eb022d11f4e6113aa10e92c1fe7ffecc184b1506388faba374527f8098650d8ac983e136fb643cc877aa8422690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb707888b0c167430bc6ffc69a1f7e4f |
| SHA1 | 034a7d1f50c2d26964d2e38d763d4537f08eb7fe |
| SHA256 | 882e3ec5e146b7201105058a1bb8ef20683b0b892d6b6f00362cacf74a03a92a |
| SHA512 | 0ee668b979871475fcacce2bf5dbac301fd30050e0c38540d8841c71a761a99608d54f51a512e6f7c392d420d69df84456ff7a7dd9ca07e58b3463001c53055e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb0b3ea0b4b52e9dedc5e12779525426 |
| SHA1 | cbb1da5546df2f59088e92699fec1da4b186803f |
| SHA256 | ae3218235c360093c33c3c3636636dc323bdb099f6491a3cda5562a7c40b6deb |
| SHA512 | 9a06be5cd4687cf139651e8ed326ed6328e2b5d420f3bad66a29283e0ff94359c0763761e74dfacd266aba321d38871f4c02d4a934dcf4b797ccf423e4d94203 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0ecd2d61c127283ef1c1df9bfd3410b |
| SHA1 | 934344d492da66d1e84cdd37d6792907f3ccef7b |
| SHA256 | 99426a52510e5419e90b02a104f38b09ac79409781f63dd9ddc6b66078766a7d |
| SHA512 | c34552e7a559c2703b15712b916760c34a29a95ff3b5cc8ee1aa1d8625694fc71e2448ec0b808bdded6cd32c1c365fb62c7c0ee1103dfad9bea56a1d7ec75046 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b4af27c253cc77ac41369bb27bfe0b1 |
| SHA1 | 0a2f8b4bdeca164d0374c9a5d930386f42a2bd2d |
| SHA256 | 50d24c98c1dd482e8ea6225a0f18f787434eba4079fdf45414dfc6c2328b1a33 |
| SHA512 | 3101825be98c9e5ceb81b120d8ecbb91cd5784456a0bb54df2ef701a4640e28842b92725771aa5de4bc3dacb15ba898b8cdfa085dbc585ad37ef4125d10b93dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f0baa970cde5524337751bb3ed990a12 |
| SHA1 | 3a3f89df900910e43b4a619c1b8ec9124238ebb7 |
| SHA256 | 623b8befabd52fdc5fc5f758d73866568006013cf3eac533c11a731e37bb8992 |
| SHA512 | bfd5c020dcfedf64bb8c7592ae1b0f5ebf4ffd793a1b195d38ae3fa1f02d32ad4d610994e88c4affe80ba7a8eae92196d3b6e14578d0ce55a3cb8549be238fa0 |