Analysis Overview
SHA256
21228925e3b15ff741d62a1ae1c56b9ea1223f98747d4b3eec500ed7dee17565
Threat Level: No (potentially) malicious behavior was detected
The file a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:38
Reported
2024-06-13 04:41
Platform
win7-20240508-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415412" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFDD6171-293E-11EF-B023-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2580 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:38
Reported
2024-06-13 04:41
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| US | 192.124.249.12:443 | www.pakpassion.net | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | forum.pakpassion.net | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | 12.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 142.250.200.3:80 | www.google.co.uk | tcp |
| IE | 52.210.176.11:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.176.210.52.in-addr.arpa | udp |
| GB | 172.217.169.34:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| GB | 163.70.151.63:80 | badges.instagram.com | tcp |
| GB | 163.70.151.63:443 | badges.instagram.com | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pakpassion.net | udp |
| US | 192.124.249.12:80 | pakpassion.net | tcp |
| US | 192.124.249.12:80 | pakpassion.net | tcp |
| US | 192.124.249.12:80 | pakpassion.net | tcp |
| US | 192.124.249.12:80 | pakpassion.net | tcp |
| US | 8.8.8.8:53 | pakpassion.neotericuk.co.uk | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 104.22.62.227:80 | ads.themoneytizer.com | tcp |
| US | 104.22.62.227:80 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.62.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | metrics.biddertmz.com | udp |
| FR | 13.249.9.105:443 | count-server.sharethis.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| IE | 34.248.22.168:443 | metrics.biddertmz.com | tcp |
| US | 8.8.8.8:53 | cdn.themoneytizer.fr | udp |
| US | 172.67.174.127:443 | cdn.themoneytizer.fr | tcp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| BE | 23.14.90.90:443 | ced.sascdn.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 105.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.22.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| FR | 145.239.193.51:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pakpassion.net | udp |
| US | 192.124.249.12:80 | www.pakpassion.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| IE | 99.81.158.184:443 | p.cpx.to | tcp |
| IE | 52.51.190.15:443 | adtrack.adleadevent.com | tcp |
| US | 104.22.53.86:80 | cdn.id5-sync.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| FR | 18.244.28.79:445 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| IE | 99.81.158.184:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.158.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.190.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 18.244.28.2:445 | rules.quantcount.com | tcp |
| FR | 18.244.28.120:445 | rules.quantcount.com | tcp |
| FR | 18.244.28.87:445 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| FR | 18.244.28.87:139 | rules.quantcount.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| IE | 34.246.197.125:443 | id.crwdcntrl.net | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 125.197.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 8.8.8.8:53 | 90.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diagnostics.id5-sync.com | udp |
| DE | 141.95.33.120:443 | diagnostics.id5-sync.com | tcp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 104.18.43.90:80 | cdn.confiant-integrations.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| GB | 185.17.181.7:80 | forum.pakpassion.net | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_3528_TGXSBFUVECPXJDMF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ca6ce0977bc021885c88114290211f2 |
| SHA1 | 1283b556946b22f368d45bcb1956f43e40713b06 |
| SHA256 | f7caadde76e77bf7abb44bb2855b928284b1260ec33000d6ff01c42ca2bc3bd9 |
| SHA512 | 64c72443b1164954a13821de4e6513eccdbbf57a403266ca60873b345cee1120629045f77cf715211041f80e6efcc18a708329dffaaecad7d0d27181378c230d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c657c0b6366f70463de2f7cb0cb9634f |
| SHA1 | 03847ad429a092cb2c41aef9ce398367fe89ddae |
| SHA256 | 0f26757b23efe28b01d08238ae43d673599d18bded28e00c93734361897751ca |
| SHA512 | 94d1596cd26ece3ba07d7128a3d5f8ccb7038988dc71978cf663165e1b8de0590c1c5f0f88cf4500fd525a718c8479c77c3ff3c4bccc821291a0b1440901f5b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18623ab92b0db26cd1160f58ad2ed3f8 |
| SHA1 | 9a61896e114c207d2fd077c698b983d495fbe7d0 |
| SHA256 | 93e4f20a089047a0bff9f68a3d156d7a3345bcf8f14a6ca9311b6f58a53784d1 |
| SHA512 | de56209a599c5dee8f063798c2abb631b7c5b99e7e5773e36647ec9ce1a808099458d777f26a50a44b529fb6d93caa0c7081dcbdd455cdd74c319afaacfa2938 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 617cdf5f1c6b548924d6ab3def2e0e68 |
| SHA1 | 8b6ab88f26118b4f630fe50981e9ea58b3666c30 |
| SHA256 | 5f91d9cabd4799e7ae5137282c075b83515d6dfb4a442435fa44bfe925f1edcc |
| SHA512 | 604d7fab1e0cdee4b70c3399cc4127daf0731f39673141d08deafd25060ffe04ada8272f13daf2744886e15befe22c3582eb8ccf172eaf122f263ceafefcdd20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f1e.TMP
| MD5 | d409f3ec7e48bdbcfb4b7c5a0d7fda1f |
| SHA1 | 8a7fd1bc32d60494d147af3566423d23ff2689b5 |
| SHA256 | 695fb1b8ab3868fb4fd0ff8da95811be61e13de24bbdd8c61b3cb84f63da4033 |
| SHA512 | a26b1eb0df07189776c60fd113c4804345db8e06b39ee8f862903c1b785e6ccb066f5ee40644640d42c5926e6f18dc7615fc500f928c5875d33523f4c0c1840d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ae5de7efb594f7ec82aea145ac758c1 |
| SHA1 | 760f61958dcf0d2e22eb310d13237561112a000c |
| SHA256 | af1d583dd44c0b8a9536690cd1b18fa49ea143f48de9708586ab81ca9aa259bb |
| SHA512 | 44b2e04289ea3b8b4a1e2b3d56ac91c0db61312429fa7e85eeb83653defdabd663a548901bca63bf9c1f777fd987e224049abb4f9e16a7531f34eaf055c4a1fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3b7da619b41a8641492c3c300091328f |
| SHA1 | 03dc7d3d3552446ccaf7b7d78445b8d3917de06c |
| SHA256 | 4e25587ac7c9b5ce393698b6e88c4d2f0f9f3d1afcadf987d9528e8ef378cef3 |
| SHA512 | e5e03e94947f116e1374e84499358f838d196e81118fc618bf36f05f352f1b800e46b6fee4a7bab943ec5c3f409a78d1b9d8a02d52c35ad0a61f47f5d553cc41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e85ea8103b1450cdb0f3fd3f1a070acd |
| SHA1 | 5dfd1dec9615dd05100a4c0e731f66a41a823303 |
| SHA256 | 18354690a68e40bb916b6007864f98b43da13c0a324814bad4c88ba7fc3c28ed |
| SHA512 | 7fb3af73913f36bc45f11c83d48f09bf1a9fd46ccd170fb285b2ff400731751054555162c8514af00921416b2747bf62c0c44ad0e45d842f9aff62b2f2cc5625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 598f130ed4569499d76580afb734e1eb |
| SHA1 | eb6cc813bf48eb0a49e9442ef73f305fa4b0690e |
| SHA256 | 189a6ad190d57623ba589f453c9f33d0ed4a330774fcdaf7b8fa88141c973229 |
| SHA512 | afe5fae2e793d1574f622430daeb5b2223cace6db3a61dc45211dd58a817b634085ee4b2c1b6443f3ff6bd29bb4b024150f0162424c49cfa3aebf7f469771cb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ffc263a3a53175c7cc82c7c5374268e |
| SHA1 | 46851e7cbab14064efc09b95fbe5bc35728b4d37 |
| SHA256 | ddf0160eabb1972c177c801b99ca54ed8a14a09d2377330ca10f76fcd05d43c6 |
| SHA512 | 0498dac613218dee08ea4ade673f1ea869f6a3ac6262e9a04a33bd185861e99f7999cf3525f5bc3a12a8af51ad5aec31beb7159da16179cc6ca106ec40b3ece4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3064789aaef81ac5fcde98c0e883e8aa |
| SHA1 | 28987a132026f15096fe5aac8201ab6772fc1e0c |
| SHA256 | 719e5a025bcac9ac3ef3cea7b4527fa06c64b55d5f883d217807898993669ebb |
| SHA512 | cf5f62159e2743a31540d7dd641a06f0cabba2dc56679c6a6f67c266fa59411e6435f3fc1ae194db0b260410fa34cf0a4fe3ac288174985ebef2191544140c29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43429180acfa92b3ac7de04c11a8fe61 |
| SHA1 | a9a80ba6c494f13280ee8aada5a69a3c67c064f8 |
| SHA256 | e29754a0826b2396f14680463534828caadb2a066cf9c55059a9193fcaa12241 |
| SHA512 | a65af025f57015672aab2ad2b8c290c091714923e5c5616d18ebaf18a273a0b1d90691d3c2f22cd776ba0f16c46fdcc0547e3d649a4c470fa51459eb72a8d595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cce690aa1708d0de794d51f2c1063f1d |
| SHA1 | 0ad5b226c44122dae6fa0a23130aa5e1905ed7b5 |
| SHA256 | 3a8f48433d39b7a1b0707cebde2ccfdcf92b570de798b0a75e204c43aead516e |
| SHA512 | 328ace6588051ebf1ce3d258424cd224ba92a399a9ed12316f3a0b8da39fe9fa1ffbe9fd23e7b86279e455464c0b1eb59eea6c35e89bad9be425c86328cc5abd |