Analysis Overview
SHA256
4fa922a1cd0e691bc7f1ce7391644472f54c763cf175441aaf49b5bd585caba7
Threat Level: No (potentially) malicious behavior was detected
The file 91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:02
Platform
win7-20240221-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577877" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10076fdaadb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D330BF71-21A0-11EF-A8CB-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fdd7bb851fac4c4f80b5921d6b5ebc970000000002000000000010660000000100002000000030bbbee9c07f252e28f7e99bc7c7b00c135339cfbd1d8893cdee45fc62775ea5000000000e8000000002000020000000aabed1e002780249bcc9c33607078ad166136fc9c0a5ef103b06edb540295de42000000062d717b7413bcccaf596017ae8295452b22455af7d274c26cca0f7a46d96f4e34000000013253fdedf287a1ca59b471abd0e74ba7b7a5877130294b7b71c693df8f4e31248c1a5bdabae78dd8342f9b8d63830bd2aedb52879d9f0c0d3c593db68ecd976 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fdd7bb851fac4c4f80b5921d6b5ebc97000000000200000000001066000000010000200000009fadd0b93cb617109a3f0d732d6f6b3619b85546215d64f96da44ef892bb44dc000000000e8000000002000020000000799302f81bf4d89c211effb214f2252b4a868139c9ce3898e56c84b083d5c77a9000000020ef45371870c4c4d6c1e82bf550ba2220973ede10297f67cdfd28a873bc74da6ba3c0a53af0e5d59c609d1cd82777dc1060ed94277c5eaca01175bcf4a720a05269669ceb94a3bc43185e70a7a807d22b91d7aa45ae9c3c2d6c989b8849cda55ba78e10a7a30540789b621ecec2a3901dab8505e49520ff5082593c2403c6e9908f7bd7112a2b83931135929711f9c0400000004765848de1eac66f015d4036e138253a6d925e666a8042ad1490ccfa486fb301d74f61639c06414e2c90369b0940ca4f62ee5f0b73e9d976ef97ebc51e811442 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2220 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | ads.smowtion.com | udp |
| US | 8.8.8.8:53 | www.advpoints.com | udp |
| US | 8.8.8.8:53 | www.paid-to-promote.net | udp |
| US | 8.8.8.8:53 | ads.lzjl.com | udp |
| US | 8.8.8.8:53 | poponclick.com | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.trafficrevenue.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | blog.dhgate.com | udp |
| US | 8.8.8.8:53 | www.brightonbeautysupply.com | udp |
| US | 8.8.8.8:53 | www.stylebell.com | udp |
| US | 8.8.8.8:53 | www.human-wigs.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.original.si | udp |
| US | 8.8.8.8:53 | www.style-hair-magazine.com | udp |
| US | 8.8.8.8:53 | sharecall.info | udp |
| US | 8.8.8.8:53 | www.alexandar-cosmetics.com | udp |
| US | 8.8.8.8:53 | www.loopdeloophairbow.com | udp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | www.hairxtensions.co.uk | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | inlinethumb28.webshots.com | udp |
| US | 8.8.8.8:53 | i01.i.aliimg.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lib.store.yahoo.net | udp |
| US | 8.8.8.8:53 | i2.squidoocdn.com | udp |
| US | 8.8.8.8:53 | www.oregoncitylink.com | udp |
| US | 8.8.8.8:53 | img.tootoo.com | udp |
| US | 8.8.8.8:53 | www.outdoor.com | udp |
| US | 8.8.8.8:53 | www.onlineatlas.us | udp |
| US | 8.8.8.8:53 | www.countymapsoregon.com | udp |
| US | 8.8.8.8:53 | mapoftheunitedstates.files.wordpress.com | udp |
| US | 8.8.8.8:53 | mappery.com | udp |
| US | 8.8.8.8:53 | geology.com | udp |
| US | 8.8.8.8:53 | www.citytowninfo.com | udp |
| US | 8.8.8.8:53 | pics.city-data.com | udp |
| US | 8.8.8.8:53 | www.presentationmall.com | udp |
| US | 8.8.8.8:53 | www.geomart.com | udp |
| US | 8.8.8.8:53 | vulcan.wr.usgs.gov | udp |
| US | 8.8.8.8:53 | iloveoregon.com | udp |
| US | 8.8.8.8:53 | www.bargain-properties.com | udp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 162.0.215.156:80 | www.trafficrevenue.net | tcp |
| US | 162.0.215.156:80 | www.trafficrevenue.net | tcp |
| US | 34.232.203.70:80 | poponclick.com | tcp |
| US | 34.232.203.70:80 | poponclick.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.67.196.38:80 | www.style-hair-magazine.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.67.196.38:80 | www.style-hair-magazine.com | tcp |
| US | 104.21.90.132:80 | www.paid-to-promote.net | tcp |
| US | 104.21.90.132:80 | www.paid-to-promote.net | tcp |
| US | 216.27.27.127:80 | www.onlineatlas.us | tcp |
| US | 216.27.27.127:80 | www.onlineatlas.us | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 172.67.74.22:80 | www.alexandar-cosmetics.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 172.67.74.22:80 | www.alexandar-cosmetics.com | tcp |
| US | 3.33.130.190:80 | www.stylebell.com | tcp |
| US | 3.33.130.190:80 | www.stylebell.com | tcp |
| US | 66.39.50.172:80 | geology.com | tcp |
| US | 66.39.50.172:80 | geology.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 18.165.160.71:80 | scripts.chitika.net | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 18.165.160.71:80 | scripts.chitika.net | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 192.0.72.29:80 | mapoftheunitedstates.files.wordpress.com | tcp |
| US | 192.0.72.29:80 | mapoftheunitedstates.files.wordpress.com | tcp |
| GB | 13.224.81.39:80 | www.deviantart.com | tcp |
| GB | 13.224.81.39:80 | www.deviantart.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| US | 137.227.233.178:80 | vulcan.wr.usgs.gov | tcp |
| US | 137.227.233.178:80 | vulcan.wr.usgs.gov | tcp |
| NL | 86.105.245.69:80 | www.outdoor.com | tcp |
| NL | 86.105.245.69:80 | www.outdoor.com | tcp |
| GB | 138.113.149.69:80 | blog.dhgate.com | tcp |
| GB | 138.113.149.69:80 | blog.dhgate.com | tcp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| US | 173.255.244.72:80 | mappery.com | tcp |
| US | 173.255.244.72:80 | mappery.com | tcp |
| US | 34.233.201.131:80 | i2.squidoocdn.com | tcp |
| US | 34.233.201.131:80 | i2.squidoocdn.com | tcp |
| US | 104.21.18.55:80 | www.bargain-properties.com | tcp |
| US | 104.21.18.55:80 | www.bargain-properties.com | tcp |
| US | 135.148.9.28:80 | pics.city-data.com | tcp |
| US | 104.18.10.22:80 | www.citytowninfo.com | tcp |
| US | 135.148.9.28:80 | pics.city-data.com | tcp |
| US | 104.18.10.22:80 | www.citytowninfo.com | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| US | 162.255.119.200:80 | iloveoregon.com | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| US | 162.255.119.200:80 | iloveoregon.com | tcp |
| US | 34.149.87.45:80 | www.original.si | tcp |
| US | 34.149.87.45:80 | www.original.si | tcp |
| US | 8.8.8.8:53 | www.human-wigs.com | udp |
| US | 192.0.72.29:443 | mapoftheunitedstates.files.wordpress.com | tcp |
| US | 35.235.86.96:80 | www.oregoncitylink.com | tcp |
| US | 35.235.86.96:80 | www.oregoncitylink.com | tcp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| US | 172.67.196.38:443 | www.style-hair-magazine.com | tcp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 104.21.90.132:443 | www.paid-to-promote.net | tcp |
| US | 104.21.18.55:443 | www.bargain-properties.com | tcp |
| GB | 13.224.81.39:443 | www.deviantart.com | tcp |
| US | 104.18.10.22:443 | www.citytowninfo.com | tcp |
| US | 8.8.8.8:53 | geomart.com | udp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| US | 172.67.74.22:443 | www.alexandar-cosmetics.com | tcp |
| US | 34.149.87.45:443 | www.original.si | tcp |
| CA | 23.227.38.65:443 | geomart.com | tcp |
| CA | 23.227.38.65:443 | geomart.com | tcp |
| US | 8.8.8.8:53 | www.countymapsoregon.com | udp |
| GB | 13.224.81.39:443 | www.deviantart.com | tcp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | brightonbeautysupply.com | udp |
| US | 216.27.27.127:443 | www.onlineatlas.us | tcp |
| US | 34.233.201.131:443 | i2.squidoocdn.com | tcp |
| GB | 23.73.136.121:80 | i01.i.aliimg.com | tcp |
| GB | 23.73.136.121:80 | i01.i.aliimg.com | tcp |
| US | 34.233.201.131:443 | i2.squidoocdn.com | tcp |
| US | 66.39.50.172:443 | geology.com | tcp |
| US | 8.8.8.8:53 | www.namecheap.com | udp |
| US | 8.8.8.8:53 | hairxtensions.co.uk | udp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| CA | 23.227.38.32:443 | brightonbeautysupply.com | tcp |
| CA | 23.227.38.32:443 | brightonbeautysupply.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 104.16.100.56:443 | www.namecheap.com | tcp |
| US | 104.16.100.56:443 | www.namecheap.com | tcp |
| GB | 13.224.81.39:443 | www.deviantart.com | tcp |
| US | 162.0.215.156:443 | www.trafficrevenue.net | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.mappery.com | udp |
| US | 137.227.233.178:443 | vulcan.wr.usgs.gov | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| CA | 23.227.38.65:443 | hairxtensions.co.uk | tcp |
| CA | 23.227.38.65:443 | hairxtensions.co.uk | tcp |
| US | 173.255.244.72:80 | www.mappery.com | tcp |
| US | 173.255.244.72:80 | www.mappery.com | tcp |
| GB | 13.224.81.39:443 | www.deviantart.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 35.235.86.96:443 | www.oregoncitylink.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 138.113.149.69:443 | blog.dhgate.com | tcp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| US | 137.227.233.178:443 | vulcan.wr.usgs.gov | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.235:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| US | 8.8.8.8:53 | www.besthitsnow.com | udp |
| US | 8.8.8.8:53 | my.blueadvertise.com | udp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 137.227.233.178:443 | vulcan.wr.usgs.gov | tcp |
| NL | 95.211.219.65:80 | www.besthitsnow.com | tcp |
| NL | 95.211.219.65:80 | www.besthitsnow.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 137.227.233.178:443 | vulcan.wr.usgs.gov | tcp |
| US | 8.8.8.8:53 | mapoftheunitedstates.wordpress.com | udp |
| US | 192.0.78.12:443 | mapoftheunitedstates.wordpress.com | tcp |
| US | 192.0.78.12:443 | mapoftheunitedstates.wordpress.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| US | 8.8.8.8:53 | www.fedstats.gov | udp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | www.virtualunatics.com | udp |
| US | 8.8.8.8:53 | webspace.webring.com | udp |
| US | 8.8.8.8:53 | www.elec-intro.com | udp |
| US | 8.8.8.8:53 | www.wackystock.com | udp |
| US | 8.8.8.8:53 | lordofdesign.com | udp |
| US | 8.8.8.8:53 | www.suppanen.com | udp |
| US | 8.8.8.8:53 | www.quarryvillelibrary.org | udp |
| US | 8.8.8.8:53 | www.openclipart.org | udp |
| US | 8.8.8.8:53 | www.presentermedia.com | udp |
| US | 8.8.8.8:53 | www.jesterartsillustrations.com | udp |
| US | 8.8.8.8:53 | www.clker.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | wwp.greenwichmeantime.com | udp |
| US | 8.8.8.8:53 | www.clear-internet.com | udp |
| US | 8.8.8.8:53 | www.best-of-web.com | udp |
| US | 8.8.8.8:53 | dclips.fundraw.com | udp |
| US | 8.8.8.8:53 | www.wpclipart.com | udp |
| US | 8.8.8.8:53 | www.clipartheaven.com | udp |
| US | 8.8.8.8:53 | graphicsfactory.graphicsfactory.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | www.magicwandcompany.com | udp |
| US | 8.8.8.8:53 | www.arthursclipart.org | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| US | 8.8.8.8:53 | www.illustrationsof.com | udp |
| US | 141.193.213.10:80 | www.quarryvillelibrary.org | tcp |
| US | 141.193.213.10:80 | www.quarryvillelibrary.org | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 107.167.237.4:80 | www.wpclipart.com | tcp |
| US | 216.46.53.194:80 | www.presentermedia.com | tcp |
| US | 107.167.237.4:80 | www.wpclipart.com | tcp |
| US | 216.46.53.194:80 | www.presentermedia.com | tcp |
| US | 172.66.43.19:80 | wwp.greenwichmeantime.com | tcp |
| US | 172.66.43.19:80 | wwp.greenwichmeantime.com | tcp |
| GB | 3.162.20.109:80 | i155.photobucket.com | tcp |
| GB | 3.162.20.109:80 | i155.photobucket.com | tcp |
| US | 45.79.168.40:80 | www.openclipart.org | tcp |
| US | 104.26.4.114:80 | www.magicwandcompany.com | tcp |
| US | 45.79.168.40:80 | www.openclipart.org | tcp |
| US | 104.26.4.114:80 | www.magicwandcompany.com | tcp |
| US | 172.67.153.124:80 | webspace.webring.com | tcp |
| US | 172.67.153.124:80 | webspace.webring.com | tcp |
| NL | 37.48.65.145:80 | www.arthursclipart.org | tcp |
| NL | 37.48.65.145:80 | www.arthursclipart.org | tcp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 13.248.169.48:80 | lordofdesign.com | tcp |
| US | 13.248.169.48:80 | lordofdesign.com | tcp |
| US | 50.87.176.114:80 | www.virtualunatics.com | tcp |
| US | 50.87.176.114:80 | www.virtualunatics.com | tcp |
| FI | 5.44.245.31:80 | www.suppanen.com | tcp |
| FI | 5.44.245.31:80 | www.suppanen.com | tcp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 66.39.50.172:443 | geology.com | tcp |
| GB | 3.162.20.109:443 | i155.photobucket.com | tcp |
| US | 64.98.135.115:80 | www.clear-internet.com | tcp |
| US | 64.98.135.115:80 | www.clear-internet.com | tcp |
| US | 8.8.8.8:53 | quarryvillelibrary.org | udp |
| US | 172.66.43.19:443 | wwp.greenwichmeantime.com | tcp |
| US | 23.92.79.106:80 | www.illustrationsof.com | tcp |
| US | 23.92.79.106:80 | www.illustrationsof.com | tcp |
| US | 8.8.8.8:53 | webring.com | udp |
| US | 23.92.79.106:80 | www.illustrationsof.com | tcp |
| US | 23.92.79.106:80 | www.illustrationsof.com | tcp |
| US | 45.79.93.41:80 | www.clker.com | tcp |
| US | 45.79.93.41:80 | www.clker.com | tcp |
| US | 104.26.4.114:443 | www.magicwandcompany.com | tcp |
| US | 104.21.3.96:443 | webring.com | tcp |
| US | 104.21.3.96:443 | webring.com | tcp |
| US | 8.8.8.8:53 | suppanen.com | udp |
| US | 8.8.8.8:53 | openclipart.org | udp |
| US | 141.193.213.11:80 | quarryvillelibrary.org | tcp |
| US | 141.193.213.11:80 | quarryvillelibrary.org | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| FI | 5.44.245.31:80 | suppanen.com | tcp |
| FI | 5.44.245.31:80 | suppanen.com | tcp |
| US | 45.79.168.40:443 | openclipart.org | tcp |
| US | 45.79.168.40:443 | openclipart.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | internetservices.com | udp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| FI | 5.44.245.31:443 | suppanen.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| FI | 5.44.245.31:443 | suppanen.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| FI | 5.44.245.31:443 | suppanen.com | tcp |
| US | 8.8.8.8:53 | greenwichmeantime.com | udp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 172.66.40.237:443 | greenwichmeantime.com | tcp |
| US | 172.66.40.237:443 | greenwichmeantime.com | tcp |
| FI | 5.44.245.31:443 | suppanen.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| GB | 18.165.160.71:443 | scripts.chitika.net | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 8.8.8.8:53 | www.best-of-web.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab236A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar238D.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df7ac02594afc83403dba749ab227901 |
| SHA1 | 87c7b7edb3ea8591b6159ace79c1a5b18365e8f0 |
| SHA256 | bead2ed226d6e77255b3ed40fd8e00e36d68bd6440a02096bf9d3d4e553e34ae |
| SHA512 | 17c64983856da8d2a750985dde4ba31004a25fe1cf752693b91c641e6dd684abb9e8831a1f78e6bc6022a2a49b2aefab762d3a3dc40e698d145f1b5c6697b348 |
C:\Users\Admin\AppData\Local\Temp\Cab248B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6854e77f511af2ef8464a22fff4e944e |
| SHA1 | 6df01b1d5ed9d47e826c16f318663c7553acdd3f |
| SHA256 | d010caff1c4fda24daa8d8d631a69b87b4c9417cdb539ddd61ed6b81a55aa4dc |
| SHA512 | e7011f5521ce0fa7ef0d2e5bbb065a30a46fad91b094bba98b5c244282533db36fcb896f3e5fddb628d44339e78191456aa3935ec1a2da633f3230757232bb3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 4ef3bb472cfb7b22263cc5c723d55271 |
| SHA1 | 3f40e52bff0fb2b2e5638ed0f457ae9177741a26 |
| SHA256 | 34966dc5589bf5be06940f120e486b8a376d8b86abb6af3ae7454ca1bf3fab5d |
| SHA512 | 0553dda46d8370e35cf829d3400fb3d85ec9e2c1cf33f0c5a76ba3fe70b41a50577fb757c36ad4dfbaa232f0a8bf8a45cf993ceb9b8924db160b94887589887e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar24A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3391a3f2dd1e2a78b4132471021842f |
| SHA1 | 82722db36b633083e68a8a62c0abf235975ff288 |
| SHA256 | 1de5ad3663273261a557b65c8492e632c25dfd9ccd4add53d8623ed9352ed038 |
| SHA512 | 5b100a8d963ccd71a178844a5e7df0b76c76e179189ff90b83e4cb67de011cee5dbb8e63eaaea85d4c8f0364abaf6c30eeef05682004c57761babf1b9bdff78f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01bf3b349b993b2e986ca0bced961d90 |
| SHA1 | d230089721d9e639dd99da3914202647876f305c |
| SHA256 | 6db233d3fda1a095a4d95112d7ce346c786ee53a2bcafc4165c23d7dd49ae0d3 |
| SHA512 | e49a6802ac967730e583062ba8df1f69f11963e524445c3ef8e56f4849824d63dca07459b4d9c294451f20cc5497e25405c453f3e064f15b3ca82e7dc4e3c243 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b9e56937de30b051d6c4d1c089b3cb1 |
| SHA1 | ecd0e5cff1eced14eac636b6026622a9e46337d5 |
| SHA256 | 9235244f04d72cf9a9675ce00be066941271f0222e049ccaa61d9049c91bbd47 |
| SHA512 | b8461f25117b8de2bff4a7b03840ef7b4204d0cc95d0e4a21cef6c078ac5f544c9d3d18d02d952c4e0d3246982bde47d9928ed8b9cbc363c980fce668106f9b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 580369ea9aa6f1ba5358cd04fd2ade4e |
| SHA1 | e363cd0f6e9e7d4ae7e18ec4627e662dac3057f4 |
| SHA256 | 9e546dc1afad91aeb6f46b0bfcd8aa701b59aa584bf81280ceccd88b339848ac |
| SHA512 | 79781c16911a71750739e1f93a02c128e6f6ea26782037944153ac07685d7637976bdc927edf94830a09160ac65ff8b8c86881087e6f13fcbb8850a22032b563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16317d2af55bfe2ab3460c79cf78f618 |
| SHA1 | 91ae31d296ab5fd7a8d02c9cff755e5831a9287c |
| SHA256 | 153dd9d3278065a77c27c603d79d71f55a622ad9302c7ce289151cf67aa571cc |
| SHA512 | 5141fbf53e0e82caa42ea7df45b44ec024236cd867fb9c51f6fad3e8970cea2c8441075336fc1734ba27f82f20172881dba0bc5018692f0fe169d4d5606be6c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1baa30e0803d1c0cb915b38ab4cefcbe |
| SHA1 | c9bb83abd8fef17b5cc5da07ad1b23d0168eb4fe |
| SHA256 | 0da1fa856d5a3d1c4ae5a51381a8f85d66da99246bbe00f30f377a20870d3341 |
| SHA512 | 1a43f2b59a87c419c4b48debb92eb3b324cca52ec165d5daa96b1c639c7fd645bfe12aa8640c2673e779c4a5dcdf1443e9baff782efd0decee9b455c200f4f55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25bf5c38ce03bf5effcdbad85c1341aa |
| SHA1 | 7e8160a395bd216ca153458b18650626973eeddf |
| SHA256 | 16d050f85cecf676a4972910a027a2cd4d9a9a2cad7b15fed7065bfab3d16bb6 |
| SHA512 | 750ca62ba914065927a27aba42eda46cc73d051e31bce19e9e8f9212d051216ded075b36bb371861965a32358ed7ed6accbe280e73c94641aa0c5882a944cb02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a662720a2203cdb19699a9b75c919e14 |
| SHA1 | 3f624a824903f33dd25baaa8919edbb88928ea3d |
| SHA256 | 5271d45bf3c90d7a5aad208fa3d690ecfc4cdb19e6a4c68fa01ab32e1bf91d52 |
| SHA512 | 7b1c805611418fd5b44e76d993d90807f212e6f9106c2ef82ee2cd2af5cd11f9caf4d0e01876147dd8abcec6028b29de2dc4d70eb6a954e2be86057ecbd4e551 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cad1a6815d72c7f3720ea46fb8211f58 |
| SHA1 | 1d0621781492634fbdf77f4d7447e3e5f84afc7c |
| SHA256 | 7a34ed89aec3ef31167200b3b05db5bd52bb93f5c02060cc9ecb146e2a6467a9 |
| SHA512 | 0e241af4684d6fd0849982572914919da16a330ff01100a5c948719fde444cb44c4816f594a4b78d05b967163be6d423d09029281958da1ecba8914a82c0949c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b9438d405b2fa5c77ea6d7e73b15d29 |
| SHA1 | 49373fcf6f7ea73964fbba04de8612d57be19dde |
| SHA256 | a4308c5917d75b4b83d9979693be35e220e7583b938478854a4db7731c1a4909 |
| SHA512 | beaaee8a4b245e8da22c10d2e2362e71e616173535e0ef97aebb91958d44d67244fca3029d8fdad26ea4b65d508327d31d1580a0947ef28f4e09bcc703d5c003 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08e59a12694145c8c6aae36547d09579 |
| SHA1 | f933a28f05fecbe118d3c531b382e188b828f2a2 |
| SHA256 | 92176b811451495385f6496d9167fc8432ff6c7da67c9a4f7b1be47153f09ec1 |
| SHA512 | 7617e466b2a811d18437f23777c06e595971bb23688c7dbb1780a6b351802e78f8e7fcc205413d2a1950f3ce23dd2f55ad3db3b538ed765fa8754919dbce880e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\iife.min[1].js
| MD5 | 63f9fd621d1fbd53b7c5856e58c11ccd |
| SHA1 | a46973c2fbdbfeb159e0d717a90f88307e274012 |
| SHA256 | c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089 |
| SHA512 | d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6dbff1a0c11dbf14681f0e36cebb350 |
| SHA1 | 80db3448f3184a6cca3b8030caeb785d6b90bcc6 |
| SHA256 | f10ee730f738f2e111149f3c4c13294047344a1ba3d196f8ac03f70146bf571f |
| SHA512 | 010e92321080caeb2ee2e4156d0c3140295d030176e0587017ca81df89c827457245579bb8ba651aa2e8b1e6c87697630f6a11a48bede9c2711c06231d8ef7b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1ef8a05fd3b9f951f720eb28f64917e |
| SHA1 | 9494a90026efaaf61f46ed9313048ff044f0a77e |
| SHA256 | 2ac3b7808f11409d744194e55461d8f98b443dc8d8a3f4b682dee91b8797d23d |
| SHA512 | 0b8817633b9bcdaf4dc1d82fb4ba5c25092c561c61df59a3628168a800ecdac95f9cde3b9b5412f1d3ca604217f70f1bc00fcafd440875b35fe2c0ca7a25be86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f5940e49826e5cf42a83b7279ba250a |
| SHA1 | 39ed6b7ceb8f01cd052a1d5301dd192f8f08b834 |
| SHA256 | f1894c901e9245aaf229a5037efa2f94300181607ebbc706be32b59d341b3887 |
| SHA512 | a9a1f8b7dd82e6ba7f498d09d515a584cd302f585a4e3fa676b5d292ce309f28b5e683cdc85503e07878c13483956c033f8bc78ec97d4bdb7c1a60339757cfdd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\oregon[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\johnny_automatic_seaweed[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6860adfcc94c871740dc6e877820a26 |
| SHA1 | c72fa5851467e8f9a577b97770d33d767c610209 |
| SHA256 | 87356b614793cbb8638b28db8ea6f50aa4383d38bf7730470dca6c4b02ed3701 |
| SHA512 | d61a1c0226b56a5b0f6762501a7805cbe66c485e3f45512e307ef2651168a30ab204fc6abba62586deefc7d60df3c448737137b28fd153968309c1eb62ebf70d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f44d4458b238e62ff02f63fc0b3d74cc |
| SHA1 | dd8a7c129bd89b3dabb564c3853320442eb76372 |
| SHA256 | 6e444712e66a82a5c747eab7468518feed616fbea9eaf07bc57f683428ed2ceb |
| SHA512 | d44c3ca887488507cd70313e1bb0f4dcc30caf089f948f63273166e3d77306e95abf86f6bc04750ae32e40ee6dbca7f9f07734a399f123f43ada527f9e4cf236 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d91f3baaeb4f309dc52729e1eeaf1bc |
| SHA1 | fd1c394c2987a907d93094ca4fc6b47b8547d872 |
| SHA256 | a475137770a55cb9cc87200b42699980e530facbab856cf30b0069f4aa70f443 |
| SHA512 | 94e6bf6fb161244cc8ed73630db0bbbddb0617ce6a82b7b6c50494045e2d68335f43066bf09ef16b41fe6a041fe10cfac85f0d66d9235503e0eecf413110a9e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0b2fc5fd84971cd4572990520c41a9f |
| SHA1 | 1e5ddfe24a92fc2043f00c9b95c5e074660de90c |
| SHA256 | 6fd070ea6431470f14a5486507ea33b6c4e1a18157b5dbb972921a67a756ec5a |
| SHA512 | c3f22e7d6087f6f6e9c6cbc9c5fbc0fdfa1560f5f46a805ca06f4eeae815b9c91699a9f318942160065d352962095ec3051fae01f5e730b22865e7323194eb0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7b1cafefe78b621747f7f9f8a7839a |
| SHA1 | f51b393a4282d57c49c5215eb609754e3d74fa9b |
| SHA256 | 6f414cc61e640f23b19a0ff8411452f4a89cb192f446e892452f90081bc3c1cc |
| SHA512 | c1df1e94bd9073394bc6b3ed1169f14269f873e6b19fe5925858cf4096b8474fe3011747b65edb5629ae3e97077cc691f235cd1455610ada288ec495050fed35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4c8a87b553331ceea57106ad0738bac |
| SHA1 | 97d78674d90a223da03aedac93ddbdb57d23f148 |
| SHA256 | 6d921086e6f14ec88e4bc02da12d979c186ced6e07bc866a4000d292f783fc9e |
| SHA512 | 1f7843e2ba94083bbc1dd0d5318d48c32706bc2c3f1054782247c41ca1e127524062f09e087ec4bd7e47319625de98a31f20a5dd5d660ba6bd4f9358c4d911b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77289bd76f2ca28870ec590b29db241f |
| SHA1 | 0d45f6be3a2d44f68bfd447b4d57f08571d38005 |
| SHA256 | 08fdea44c555c6ab9c36cc01cd6631dd8dac0b1ffa2fa53d8e46923a6e858ecd |
| SHA512 | 58440c3a1ca84249b4b1a3ef08946c0ecd04f676b382cd9c10c8f62fd944629519e81b8f453086d46cef6ba1c0b522be075683bfc96b850392a4eb5a2ef723cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f80dfb3c39299c793de58535c1748328 |
| SHA1 | 3c0b141d8d0887b0c9225f2c715769b77e5edf3f |
| SHA256 | ce423f040761a09f8d982805a8e16c51dcbcd185ac4396c5c650880bf5d0acf4 |
| SHA512 | fd22a5e691a5d7659871abf40173f3d15bff294e21e80bfc26baa7af72fdbc0cc47614cadcae3eea19c0ad4f52c1f22f205c63fc2e98cd4c64b96fe9951b4232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36cfe8a16bc882cad1615b55e7930c00 |
| SHA1 | 89262ab091d7856d19e4d0cf68fce54723c3eca1 |
| SHA256 | e2efbbd8bb417b07e2d217d60dd77466fbad8900e72bfb7cd706898cd671383a |
| SHA512 | edf58020be3d37d941d7b1f2d4bc515d3310780666389e7bf160fcf6dc89c22c96d91309052a7fe79cc717541e697f83e46a001002c99f851eccceabd6794bee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ca62869397e7e4e9fdfb3cf7505397 |
| SHA1 | 5685fe08f66bbb4edd399b701c0ee528a2440012 |
| SHA256 | 9faf2836c2ad8eb452541c4553da8d3bdddc5f7d59abcbb77049e1b6398884ab |
| SHA512 | ae2769c05d8b781cfa404839ec00d45486835eee515a0d0b80994492740bcbce3a0fadf4a75a02a8192173f7b9c51441aaf85e9060b08d80accd0dd4395d193d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f4feabfab40fece0bbbe8f8ab26a6609 |
| SHA1 | 6442669375fb10ec9fdb59b67f40e6b4c58a164d |
| SHA256 | 187e39a36511e2620e08e3b07403622c7568692da1fd042d7b67614f027c8250 |
| SHA512 | 458c86312a0d2a91f68cf895faba9f8e5c847788b48ae6424f9e873b08c48946abfee3a7fbc81287b918048c96cfe87f6ea3934b476f5c40ff3fde5c33b07ad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 190125215d07fa5528bc0136eda616ee |
| SHA1 | e755cc1be7b00e68f374466821099eb90ed21515 |
| SHA256 | c8e25b82a49d1f35657d0618a7b1c50bac9ce47163937b5de0469798b23fe806 |
| SHA512 | db3c433c501634c4e61cb9a7da9aade6a83e5277167e2ded9fa94d447f59f6b5b0dcdb747ea8832808faeacd4b36c69518581ff8a8fcdc029ea621d259f294a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 594ba2ee148d239ef82f50a5dea030d4 |
| SHA1 | 1c1c5c776edc93341358d79f77464271e8e053db |
| SHA256 | 213acf7c66f6ba8af508e2595f6addcefac00c64a64c971528ba8d5b70fee1c9 |
| SHA512 | 1af8536c0ce07cf39b3fad4845f6776c3136e2b10255fe3619a394f4c17e89964e7040195f84cb6f6ab0220bb71e7ceee2e00bedb4ee377101a48639d46c2660 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91fc33e98887de085426f100931c82e3 |
| SHA1 | 86802e0ecc520d023b3aa22dfeaff778c39f13b7 |
| SHA256 | 98d4b6838077bcf9321dd41fa3eaa5517eae5f748d6f2a1191d3c6b11478a515 |
| SHA512 | 78733dbe02484aae1d9552f440d8acf71b25b4661a00cd7fdd29c5a8344b86eaf6cb951f976c344fb201862b76f63754d2cbc51393e25aca7d12d2b4c3b362de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9d0ce465718556ef274da44c858cc05 |
| SHA1 | cc67175224ee075353ec3041f7ec7ca13fd9363b |
| SHA256 | 4c9ea09d530295aaf078656ea9b28bc1b67728e48c9702f14d7c249ea7ce092b |
| SHA512 | 9ad6de3fe36a9f92bc26cc30bb7f3793a55ae07b2a7f93744f9b51a37d2c45870dfb2e95f221c111a9589ae0ebe235cd2a491197bcd92c6c372b4f3e70cbbba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df83e517753bfbcf895a3d670aaf5bcd |
| SHA1 | a722e0fce73fbcff44e99555adbc0b35754e39b9 |
| SHA256 | e89030aecdaca99fa927975dafbe5e882d315939bc37560fec023c4a3d873951 |
| SHA512 | 3038ddcf32396622ec6b9f38e092caa90b788e5d02ef82bc7fa97db9b7aeae80eb7b0159de71c9db77fca0eb643f4a57426ea59ae2f157eb199b16bc957663b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7078130eddac137df6f8d173d2a1bee |
| SHA1 | d8f6e581873af9b37510c5979e788af453c7c55b |
| SHA256 | 68d796d68fd25dd7ffe6a6dd3f6fa479f3049b84081da4ce00f4cf48899acb04 |
| SHA512 | 524b45f4dd1793b7dbfa82a0af20907d37bc8571b01cf4096886b734a65085af91f30524c65005b76658a748b68a7537f0fcb605338420ce14e09a3629bea066 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b3e1142b902d7ea463cbff38ec4539a |
| SHA1 | aae23deb2ff3d8d2059b2b95b32f4ff26e2b2a3e |
| SHA256 | 1db086dcc15efcfbfbe5e7a7907e45ff6b4535ae11db180c223485b4d46fc496 |
| SHA512 | 8b8c3ff6373217c2d3072a33d70ec0cf7925b68d0f4e372500e5f7fa0d17920ce74bc98fed15fe4e7b288798aa43095ef191be88e7d6bcda1a79a104caea240f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d964634ed4c7c531b9a1dbac67775b |
| SHA1 | 5acf1673d528c18bf07caf230784c02d7e19280b |
| SHA256 | 7a57555897322f11ea91e63e70f9ac35634de01149089c33e7c4bb32b3a2bded |
| SHA512 | 37d4ecbad3cc3a904d2cdf888397ee327d21943376beb74a5ff6aca4e937e1f0e9eabd3dd6fa163f45affefdfb05f0652fe0f36dae871d34748c28d32aee8604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e6454da88ac44eebd15337fae5c2017 |
| SHA1 | 6371ffdea5b8083fc2fe09ff7d029707d6605d7b |
| SHA256 | 294f5933cb1c6b6c98536bc35308e0ad56423b968af2dd13d5dcabf5136a6dff |
| SHA512 | 2a1913d7fd2d29dac6e9644a0dced58e86a7b9ca3b7c78beb460a293ad0919c08233e62ad26a88cc157f2eb36fe6fe7094f1536ca176a17f24ec23f1893f4a71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8913960a2185c213d179678a6c64b926 |
| SHA1 | c32ad5772707e66cee4b62230e6eb4b005d418d8 |
| SHA256 | 2136c98fe2c9b0884dc6ff504ddce263b69ead04f934e159e2d5b5909abf6b12 |
| SHA512 | 87c4aa9c80eda94278d3eb10606d0082ae089d0f07045d2bfa3264a32fdf7d467073981f3d82b3b5cbe17eabaca867b15d67da6803784af02a47314d64e9a94a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3af825e54d117c3d64552111e794e9b |
| SHA1 | 4ce1194bf72344d79c1441542c38df5e3e1bdb93 |
| SHA256 | 71dd63e0a3bdd003dd3a8a3029ff8decd52f0299d43b64a2494dc0a7451de547 |
| SHA512 | 872b1e3fc32876f1bd86ee9c9f42c18525c7bf87b31b4b31a5430cd6dc87efa6d53eb73c1edca9597994859c81e3518e6141b713279cfdf9e9a48431d4627515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f7d5ac4d902fc618e9155f4d2671526 |
| SHA1 | 25989279d168f699fb85abd630cc289f93cc33bf |
| SHA256 | 35b1f3d84c1d95c7a27db58263dedb2d987a314c4decd4ee2dab01e2c7c7a7b0 |
| SHA512 | b2a6c33730e0cd65fe44cca86ee13d0b981f31b42ab393c8c6a4b7a7181771057ed3b7d2d7e3ba430b264bf16bc5e147d6fcc8439f3c93e94a21264a217b9953 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:00
Reported
2024-06-03 12:02
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.smowtion.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.advpoints.com | udp |
| US | 8.8.8.8:53 | ads.lzjl.com | udp |
| US | 8.8.8.8:53 | poponclick.com | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.brightonbeautysupply.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 34.232.203.70:80 | poponclick.com | tcp |
| US | 8.8.8.8:53 | www.trafficrevenue.net | udp |
| US | 8.8.8.8:53 | www.paid-to-promote.net | udp |
| US | 8.8.8.8:53 | blog.dhgate.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 18.165.160.43:80 | scripts.chitika.net | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | tcp |
| US | 162.0.215.156:80 | www.trafficrevenue.net | tcp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.besthitsnow.com | udp |
| US | 172.67.200.168:80 | www.paid-to-promote.net | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | my.blueadvertise.com | udp |
| GB | 138.113.149.69:80 | blog.dhgate.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.stylebell.com | udp |
| CA | 23.227.38.74:80 | www.brightonbeautysupply.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 18.165.160.43:443 | scripts.chitika.net | tcp |
| US | 3.33.130.190:80 | www.stylebell.com | tcp |
| US | 172.67.200.168:443 | www.paid-to-promote.net | tcp |
| US | 8.8.8.8:53 | www.human-wigs.com | udp |
| US | 8.8.8.8:53 | www.original.si | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 162.0.215.156:80 | www.trafficrevenue.net | tcp |
| US | 34.149.87.45:80 | www.original.si | tcp |
| US | 8.8.8.8:53 | www.style-hair-magazine.com | udp |
| NL | 95.211.219.65:80 | www.besthitsnow.com | tcp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.230.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.203.232.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.160.165.18.in-addr.arpa | udp |
| US | 34.149.87.45:443 | www.original.si | tcp |
| US | 104.21.60.120:80 | www.style-hair-magazine.com | tcp |
| US | 8.8.8.8:53 | brightonbeautysupply.com | udp |
| US | 8.8.8.8:53 | sharecall.info | udp |
| US | 8.8.8.8:53 | www.alexandar-cosmetics.com | udp |
| US | 8.8.8.8:53 | www.loopdeloophairbow.com | udp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| CA | 23.227.38.32:443 | brightonbeautysupply.com | tcp |
| US | 104.26.10.141:80 | www.alexandar-cosmetics.com | tcp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 13.224.81.39:80 | www.deviantart.com | tcp |
| US | 104.21.60.120:443 | www.style-hair-magazine.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 162.0.215.156:443 | www.trafficrevenue.net | tcp |
| US | 104.26.10.141:443 | www.alexandar-cosmetics.com | tcp |
| US | 8.8.8.8:53 | www.hairxtensions.co.uk | udp |
| GB | 13.224.81.39:443 | www.deviantart.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| CA | 23.227.38.74:80 | www.hairxtensions.co.uk | tcp |
| GB | 138.113.149.69:443 | blog.dhgate.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | inlinethumb28.webshots.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | i01.i.aliimg.com | udp |
| US | 8.8.8.8:53 | hairxtensions.co.uk | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 23.73.136.121:80 | i01.i.aliimg.com | tcp |
| CA | 23.227.38.65:443 | hairxtensions.co.uk | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lib.store.yahoo.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | i2.squidoocdn.com | udp |
| US | 34.233.201.131:80 | i2.squidoocdn.com | tcp |
| US | 34.233.201.131:80 | i2.squidoocdn.com | tcp |
| US | 8.8.8.8:53 | img.tootoo.com | udp |
| US | 8.8.8.8:53 | www.oregoncitylink.com | udp |
| US | 8.8.8.8:53 | 168.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.149.113.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.215.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.219.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.10.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.201.233.34.in-addr.arpa | udp |
| US | 34.233.201.131:443 | i2.squidoocdn.com | tcp |
| US | 34.233.201.131:443 | i2.squidoocdn.com | tcp |
| US | 8.8.8.8:53 | www.outdoor.com | udp |
| US | 35.235.86.96:80 | www.oregoncitylink.com | tcp |
| NL | 86.105.245.69:80 | www.outdoor.com | tcp |
| US | 8.8.8.8:53 | www.onlineatlas.us | udp |
| US | 8.8.8.8:53 | www.countymapsoregon.com | udp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| US | 35.235.86.96:80 | www.oregoncitylink.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 8.8.8.8:53 | mapoftheunitedstates.files.wordpress.com | udp |
| US | 8.8.8.8:53 | mappery.com | udp |
| US | 192.0.72.29:80 | mapoftheunitedstates.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.citytowninfo.com | udp |
| US | 8.8.8.8:53 | geology.com | udp |
| US | 8.8.8.8:53 | pics.city-data.com | udp |
| US | 66.39.50.172:80 | geology.com | tcp |
| US | 104.18.11.22:80 | www.citytowninfo.com | tcp |
| US | 173.255.244.72:80 | mappery.com | tcp |
| US | 135.148.9.28:80 | pics.city-data.com | tcp |
| US | 192.0.72.29:443 | mapoftheunitedstates.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.presentationmall.com | udp |
| US | 104.18.11.22:443 | www.citytowninfo.com | tcp |
| US | 216.27.27.127:80 | www.onlineatlas.us | tcp |
| US | 35.235.86.96:443 | www.oregoncitylink.com | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| US | 216.27.27.127:80 | www.onlineatlas.us | tcp |
| US | 8.8.8.8:53 | mapoftheunitedstates.wordpress.com | udp |
| US | 192.0.78.13:443 | mapoftheunitedstates.wordpress.com | tcp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 66.39.50.172:443 | geology.com | tcp |
| US | 216.27.27.127:443 | www.onlineatlas.us | tcp |
| US | 35.212.77.40:80 | www.presentationmall.com | tcp |
| US | 173.255.244.72:80 | mappery.com | tcp |
| US | 8.8.8.8:53 | www.mappery.com | udp |
| US | 8.8.8.8:53 | vulcan.wr.usgs.gov | udp |
| US | 173.255.244.72:80 | www.mappery.com | tcp |
| US | 137.227.233.178:80 | vulcan.wr.usgs.gov | tcp |
| US | 8.8.8.8:53 | ww17.my.blueadvertise.com | udp |
| US | 173.255.244.72:80 | www.mappery.com | tcp |
| US | 8.8.8.8:53 | www.geomart.com | udp |
| CA | 23.227.38.74:80 | www.geomart.com | tcp |
| US | 173.255.244.72:80 | www.mappery.com | tcp |
| US | 8.8.8.8:53 | iloveoregon.com | udp |
| US | 8.8.8.8:53 | geomart.com | udp |
| US | 162.255.119.200:80 | iloveoregon.com | tcp |
| CA | 23.227.38.65:443 | geomart.com | tcp |
| US | 8.8.8.8:53 | www.bargain-properties.com | udp |
| US | 199.191.50.72:80 | ww17.my.blueadvertise.com | tcp |
| US | 104.21.18.55:80 | www.bargain-properties.com | tcp |
| US | 137.227.233.178:443 | vulcan.wr.usgs.gov | tcp |
| US | 199.191.50.72:80 | ww17.my.blueadvertise.com | tcp |
| US | 8.8.8.8:53 | 69.245.105.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.86.235.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.50.39.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.9.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.27.27.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.244.255.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.233.227.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fedstats.gov | udp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 104.21.18.55:443 | www.bargain-properties.com | tcp |
| US | 8.8.8.8:53 | www.namecheap.com | udp |
| US | 103.224.182.251:80 | my.blueadvertise.com | tcp |
| US | 104.16.99.56:443 | www.namecheap.com | tcp |
| US | 8.8.8.8:53 | www.virtualunatics.com | udp |
| US | 50.87.176.114:80 | www.virtualunatics.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | wwp.greenwichmeantime.com | udp |
| US | 8.8.8.8:53 | www.clear-internet.com | udp |
| US | 172.66.43.19:80 | wwp.greenwichmeantime.com | tcp |
| US | 172.66.43.19:443 | wwp.greenwichmeantime.com | tcp |
| US | 64.98.135.115:80 | www.clear-internet.com | tcp |
| US | 8.8.8.8:53 | ww38.777seo.com | udp |
| US | 75.2.11.242:80 | ww38.777seo.com | tcp |
| US | 8.8.8.8:53 | greenwichmeantime.com | udp |
| US | 8.8.8.8:53 | www.best-of-web.com | udp |
| US | 8.8.8.8:53 | dclips.fundraw.com | udp |
| US | 8.8.8.8:53 | volcanoes.usgs.gov | udp |
| US | 64.98.135.115:80 | www.clear-internet.com | tcp |
| US | 137.227.239.158:443 | volcanoes.usgs.gov | tcp |
| US | 72.52.178.23:80 | dclips.fundraw.com | tcp |
| US | 8.8.8.8:53 | www.elec-intro.com | udp |
| US | 8.8.8.8:53 | webspace.webring.com | udp |
| US | 188.114.97.2:80 | webspace.webring.com | tcp |
| US | 8.8.8.8:53 | c.parkingcrew.net | udp |
| US | 8.8.8.8:53 | internetservices.com | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 76.76.21.21:443 | internetservices.com | tcp |
| US | 8.8.8.8:53 | webring.com | udp |
| US | 8.8.8.8:53 | www.illustrationsof.com | udp |
| US | 23.92.79.106:80 | www.illustrationsof.com | tcp |
| US | 188.114.97.2:443 | webring.com | tcp |
| US | 8.8.8.8:53 | www.wackystock.com | udp |
| US | 8.8.8.8:53 | www.internetservices.com | udp |
| US | 8.8.8.8:53 | www.wpclipart.com | udp |
| US | 8.8.8.8:53 | www.above.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 76.76.21.9:443 | www.internetservices.com | tcp |
| US | 8.8.8.8:53 | lordofdesign.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 107.167.237.4:80 | www.wpclipart.com | tcp |
| US | 13.248.169.48:80 | lordofdesign.com | tcp |
| US | 23.92.79.106:80 | www.wackystock.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.suppanen.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| FI | 5.44.245.31:80 | www.suppanen.com | tcp |
| US | 8.8.8.8:53 | www.quarryvillelibrary.org | udp |
| US | 8.8.8.8:53 | 200.119.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.50.191.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.99.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.43.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.176.87.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.11.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.135.98.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.239.227.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.79.92.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clipartheaven.com | udp |
| US | 8.8.8.8:53 | suppanen.com | udp |
| US | 8.8.8.8:53 | www.openclipart.org | udp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 141.193.213.10:80 | www.quarryvillelibrary.org | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 45.79.168.40:80 | www.openclipart.org | tcp |
| FI | 5.44.245.31:80 | suppanen.com | tcp |
| US | 107.167.237.4:443 | www.wpclipart.com | tcp |
| US | 69.64.51.72:80 | www.clipartheaven.com | tcp |
| US | 8.8.8.8:53 | openclipart.org | udp |
| US | 8.8.8.8:53 | quarryvillelibrary.org | udp |
| US | 45.79.168.40:443 | openclipart.org | tcp |
| US | 8.8.8.8:53 | graphicsfactory.graphicsfactory.netdna-cdn.com | udp |
| FI | 5.44.245.31:443 | suppanen.com | tcp |
| US | 141.193.213.11:80 | quarryvillelibrary.org | tcp |
| US | 8.8.8.8:53 | www.magicwandcompany.com | udp |
| US | 8.8.8.8:53 | www.presentermedia.com | udp |
| US | 216.46.53.194:80 | www.presentermedia.com | tcp |
| US | 104.26.5.114:80 | www.magicwandcompany.com | tcp |
| US | 104.26.5.114:443 | www.magicwandcompany.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.jesterartsillustrations.com | udp |
| US | 8.8.8.8:53 | www.clker.com | udp |
| US | 8.8.8.8:53 | www.arthursclipart.org | udp |
| US | 45.79.93.41:80 | www.clker.com | tcp |
| NL | 37.48.65.154:80 | www.arthursclipart.org | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| GB | 3.162.20.115:80 | i155.photobucket.com | tcp |
| GB | 3.162.20.115:443 | i155.photobucket.com | tcp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.237.167.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.245.44.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.168.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.53.46.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.65.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.93.79.45.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 162.0.215.156:443 | www.trafficrevenue.net | tcp |
| US | 69.16.230.226:80 | ads.smowtion.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mayamalazurd.blogspot.com | udp |
| GB | 142.250.200.1:80 | mayamalazurd.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
\??\pipe\LOCAL\crashpad_2012_ORTQUVSGCOJADZPR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11d90afed8b77ab3769011a2384a9055 |
| SHA1 | f5727f4beff3be03d7b07d01b888cf880c007068 |
| SHA256 | fa6033c65d2134ee2d999876c862c7dcfcc67ee30db019bc5e57277cce10da17 |
| SHA512 | 026cc2da20285e0830976293d1bd74fb89727942905cc9bd5ec9d5a029b7694e74aaa191c3f92285a8b5bb9032d5e29aa1e6dd5d552c3293020c51e2f938bdd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 86e437ee8aca4f82b547db4118d53ca2 |
| SHA1 | c4b3a8cf8e527581dadfef74ed8826c796d8ade6 |
| SHA256 | ba2732c97fc32998944cd5c6af97c8406c83fd0294ff8e5c850c60bef18384d5 |
| SHA512 | 93d40107e29877963f9bcb3cb74ccf89ed683f48fdecb843a17db922b0693eb7a4afa35ae4cc788cbd8b84f51b0a1c044d0fbbb74b51d8138f8c3741aa7cba86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 9ea750857e35b08a552bde6a4b2017ef |
| SHA1 | f9b96e27b0c1ec46418280f1e322a361a240a624 |
| SHA256 | 0d7020194a5ae975cd4acc76bcf69d7cdb28c209e20332e6253a59ab4111254a |
| SHA512 | 0f2764ba69af79b6a34f6945c7009f9b4c23e99bb66e3bc784269cc427c5d430eefb6c57bfd35bbcca34eb32068ad966beb705bd2a91ca1071b0ace696dcc582 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 437c78259aa18648adf155de331a3656 |
| SHA1 | f4915688655df677b87fdea702b56ae464f062a9 |
| SHA256 | d3ba41a9dfa6dd54bde0e6d98867284d938e79565b5202f6219071ab1dedfbac |
| SHA512 | 9f825f88f6fb860716f13cc00886aef8c0157adef1001c3c572c82ef43633cac0857243d29be1e75f8e218e780c5189edb00987e446ef0b7bb7773669e32490b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72dc025e5e2a7009a4cad8e133d19d3b |
| SHA1 | 9b81de8040be3649d190693de844440ca6abbeb3 |
| SHA256 | 00d12ea8f5707bf144f313648c23743742930c8be860baef7b9b10e8cb418b06 |
| SHA512 | 45243f607168e60633f7d4d8910cab1b2fec2b276ce94d2dd7d66477162afad12cf1d8e2eda2b7b31162cc7635098e48ba511a6c693b0b5d299048f563f49bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8107e12cdd384f43cf81f28bd2181f3d |
| SHA1 | 19e5dbe6f406b1508030019991375a521f1fffc2 |
| SHA256 | a5735e3829919d5dd72d52dae6a5e1c5dfc61eb89870a9f36bf2b233cc353971 |
| SHA512 | dc42abbe878e21fe4cf246d6b8238c644258b7919c46d61252b3403442d02542731b686a6dec01ce65868a4454ca2e7dcd2f6b77d1e03c8ee944f980529756fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e32dfe22d6f9929b76588b1069c17431 |
| SHA1 | 3f7bd9a9e51215cd9e5430002e9a747466b080e9 |
| SHA256 | e2b40ae2a725789be3f4d80fc00c10599b5850bcdfc511d00d0eaed66f2e3a0a |
| SHA512 | aa9923199c1c8e94376fe4ad067806330aff4bbcfaefba9cd87f77f2b5fb246ffbe33ef6f6b8f98f6996300021e6a96cedd5eb44994ea5c9bd2717a82e37a065 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bcd8.TMP
| MD5 | afd251067188103c2c3ca391c87b7cb8 |
| SHA1 | 3a4f7004e13efe44567ece5bc7950256dde13a69 |
| SHA256 | 9956f65e6c41369a63916701b3af6246ef07ef116bb020cd1c4568bfb6d9f491 |
| SHA512 | 33a369d9df6989c6bb94d60ce296abed9a7ec1242a0ef74f3e074bbb56d9eededfe4c77c824fef69c6d9701b62d913a425d7f12fb34b9a5c5efc00c99a28076d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f4eecc9e8e8db1455c8c3cd68bf2c4d |
| SHA1 | b15b4c2794b592cc92e5db6853377bbbc96e871e |
| SHA256 | cdb8d5ebaba8607a4bf04477294b9fe0fbaf81c5cad9f33c520e1b968a5e547e |
| SHA512 | 1c51f0ccefd7d04fed0d676c315015de536f6b4e9121353b5f4691bd68e75e53dbe63fe3a2e428160688a1f6f604e6f957635833b443358d7c18274c86eaa637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 41c810b22c9e2e60e9662d237f4f59ef |
| SHA1 | 3ac6c1d204996b1b4bb20acdd55f787371dda2b0 |
| SHA256 | 3b094500da0eee1c2fd02b56fe4b6500f558a5530fd945a20bf9178b3fbab92a |
| SHA512 | ac3f4cff2b0ea3b03dfab100920c34b5d6cc0a9d9dac47d25412ddcaeb57e2a9029a16b42b176a0b6b5fc4603eb159e1adfa244cb770ea9b0929e07014c7d2a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a5dfef686938976ed6daaf816455087 |
| SHA1 | 6d0871cfa589b2a4b8348067e032a0b59813229d |
| SHA256 | 02c423cf1a5246c5902b58d49ac4d4bf29cce7587ec04231a0d3743b5570e819 |
| SHA512 | b15ef2618c198dd5371241e70ef72a8a100702a0dcac5f141b1bec9941b0b4b3e4dc7d3d8910cd8a4c6e20576f779f879fd69cbe70068f570ab2d31b6451806e |