Analysis Overview
SHA256
2d2ea666c719ce212256bc1b47dbc4ba6cea3f03e44cc847490cb032643e58b3
Threat Level: Known bad
The file c1d4dedb1c642d819f0db123d804d136_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 23:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 23:40
Reported
2024-08-25 23:42
Platform
win7-20240705-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000005003d3dcc8e65eb2b29e9537c205116d711c5169580e62f7456b76c299e5ce16000000000e80000000020000200000006591aefd8e2bac70164fdb832427c2eb4984bc92733c0d48fd5867dbbde5407c20000000de102dedbfe607bab7171f9727a6ede43e433e638c502a6537690f4db8d3e0fb400000004733f68529c34bcadd4f32f8e9bf9d281d9c5229bf5198d1ff32924b44879fa03f519d888f7585752a9329783efd58b564a2611f4617c65c770009bb34fb6674 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430791083" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\NumberOfSubdomains = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60FD8B41-633B-11EF-9F10-6A4552514C55} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0916d4748f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000076e988ab3c4393907f8de10ed485f7409483909b4bf189a7a441c075bffec49f000000000e80000000020000200000004b5da32a2b5f780eff7db0f052d228199a040e905891a9ead8a0ee50ba6ced4d90000000d95a3027ed4891d110a6387d66d6ab8107e65a089bc594d5f871dcaf3fa04bcfcb4c2515cfbc7435d74eea5fd00ca0b05d779ab538266635119d3acac7d348c61e957bb58ff3b6807a1daac47fddfc05fad0aa63cb342708b003a07cc0318b6f77929eafe05b4dcc9a8320947cc93cb20668e7993fec87d715a7db0f89ef736180db9763a37f660f04f73970787d64b240000000e1eaa6065db1335921908b9858ea660b04dcdf7362160a77ea08d28fca4b8d3e3204a934222bc559d474edb68e2f42b3ae1a1a9b6301030e7f5b2f875f8e0e7e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1d4dedb1c642d819f0db123d804d136_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.66:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.66:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.131:80 | fonts.gstatic.com | tcp |
| FR | 142.250.178.131:80 | fonts.gstatic.com | tcp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | infoforextrading-advise.blogspot.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| FR | 142.250.75.225:80 | infoforextrading-advise.blogspot.com | tcp |
| FR | 142.250.75.225:80 | infoforextrading-advise.blogspot.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | forex.webhostinpakistan.com | udp |
| FR | 172.217.20.179:80 | forex.webhostinpakistan.com | tcp |
| FR | 172.217.20.179:80 | forex.webhostinpakistan.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 92.123.143.169:80 | r11.o.lencr.org | tcp |
| GB | 92.123.143.169:80 | r11.o.lencr.org | tcp |
| FR | 172.217.20.206:80 | translate.google.com | tcp |
| FR | 172.217.20.206:80 | translate.google.com | tcp |
| FR | 172.217.20.206:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| FR | 172.217.20.202:443 | translate.googleapis.com | tcp |
| FR | 172.217.20.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | ftsignals.blogspot.com | udp |
| US | 8.8.8.8:53 | fashion.webhostinpakistan.com | udp |
| US | 8.8.8.8:53 | ras55.com | udp |
| FR | 142.250.75.225:80 | ftsignals.blogspot.com | tcp |
| FR | 142.250.75.225:80 | ftsignals.blogspot.com | tcp |
| FR | 172.217.20.179:80 | fashion.webhostinpakistan.com | tcp |
| FR | 172.217.20.179:80 | fashion.webhostinpakistan.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | blogger-related-posts.googlecode.com | udp |
| FR | 142.250.178.138:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD
| MD5 | 4e36679b90f2b4bac0f6f68eb69c60b9 |
| SHA1 | c19f5f5a46e90073c676608d6b8500f0c43cde5e |
| SHA256 | 655b9ec49bea0f1633cb85af4196827a043da6e89febd48ac14b1f97f4081314 |
| SHA512 | 58abbc2be83a85641f1022bac1968bd02cf34cbae8a6c812e6d222576278c172b1ede7f58c8234b780ec4bb47344d20a3c7310c0dafd1ab303fb17e747d5222c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD
| MD5 | 41f3679c33b3fdfd24b378d6edcb0bf8 |
| SHA1 | 86e1815c93e7574a8d39c885e3435c18dd8386e0 |
| SHA256 | 1a539c5f65e4a163449cc713befc7ae6a636a424f1fd7b133ae3d0d541d5b05e |
| SHA512 | f2577a05643b290cee7146d6749587e6a4c36397f8561d28cafccc1e76903b7a980953e6b57d40fb4492644026ccd23a1159f12e9780156fcfc4081f181bd708 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\f[1].txt
| MD5 | 35e751e9ad4488fdb799ff2ee5c05093 |
| SHA1 | bb6660f96662615a468de0e613e2ce703730877e |
| SHA256 | 120541cf1ce005e98991acf361a6f8d344952c46ac18aeb2edba61f3dc3cfe74 |
| SHA512 | e1cf23aa3fa90aa6555b3176f262aa79fdd2a8b9119f579d45da012f61a9f32b5993c1fbefb715bdcbe3ec8563d93c239fd623b58a46070dc4e90937fcb31914 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\55013136-widget_css_bundle[1].css
| MD5 | e3f09df1bc175f411d1ec3dfb5afb17b |
| SHA1 | 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9 |
| SHA256 | 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617 |
| SHA512 | 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\f[1].txt
| MD5 | afe16f6a3340686371bc2d949867d293 |
| SHA1 | 967a15b860567ac0858aa98cd3bd1d620a6975da |
| SHA256 | 7ad85d098fed0c841543d6083ff7adf49eb61ff14e380ede8c5595ebd1817bc1 |
| SHA512 | 0d1af9bd14fd926cde69796d924f15039a9e5890f8571fbfd65a2f99f28fb8a62d08018a0f63297bb753e35045551e1cfa17cada28ee9c2b4dd9869afdf4fe99 |
C:\Users\Admin\AppData\Local\Temp\Cab4FC7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5085.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\js15[1].js
| MD5 | 4beb0b1c8bbca69316e6eadcd83b1bf0 |
| SHA1 | 602491c5f60960bf4ba7c3d2e600681a06ffcaa1 |
| SHA256 | 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec |
| SHA512 | 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\0[2].htm
| MD5 | 2c9607dc3ba6ce7f822ec1000adc9a9d |
| SHA1 | 97643aa7b1f5d1692463334bdf1bbce57ba5d010 |
| SHA256 | 0ec1bcb240a53aa0a9652b960b56db9e79d1b380f7e8ecb67be7522462798a85 |
| SHA512 | bc0227247b7e473bb5df64c46e1157ebce3f09598a7f04b9857619d113982ef30fa86ab80591235e0c657bd06de6aabaaa940ca377e7bea813c9e2ed8ed993ad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\authorization[1].css
| MD5 | 68b329da9893e34099c7d8ad5cb9c940 |
| SHA1 | adc83b19e793491b1c6ea0fd8b46cd9f32e592fc |
| SHA256 | 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b |
| SHA512 | be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\element[1].js
| MD5 | 41076894bb5d797b2236f9957710cd21 |
| SHA1 | e005a9bdfed2a851a51b5c87eb7e582743272478 |
| SHA256 | 7ae66a854a5c619516aa484acdff819f1759d06dda8254f3c5ea1326c6c91086 |
| SHA512 | 5554bc95f122afab5af005b43dee1a67377914227b2f0b118fe7672a58f6a7b70f400d936ab86534bda9acd6cf831056e01f22a2fadcbd2529625240e73fb344 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\m=el_main[1].js
| MD5 | 9de274554d9da503847f2b10b78c69ad |
| SHA1 | cd0a276258d0896671b452a71a0d2210472949ef |
| SHA256 | 34ff7b9c2ed8918b0e389a5f7dc71da3cc103b172f96851282dcb2eed3e4c64f |
| SHA512 | d6ae4ccf84b0a18ab05782ff7ce9696f40dcd173a32c8566bc1fd6cb255e1762e99fda1bbb6c96025d3b29294280932aed7372d3621459273fa909a496623b91 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\815507830-widgets[1].js
| MD5 | e22b733357f696505bf0d1d88b0aa66f |
| SHA1 | 93356d84661faf36975fb0b5885919ea01fdaeb3 |
| SHA256 | 897bfe41652bb122534d151228389abb0ad6a7b6ef57a2c92af5ee03ada0020c |
| SHA512 | 48be5314ef48d9775aaa8acfacb784d998d5a9693a8c53142ef2c25878313c366532868a552bc52226d4d363427da7178c8a0cd393e3ffbbe8daff1e0b1e0617 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\css[5].css
| MD5 | a8aa26addf3c87d9f58374f6ea73308c |
| SHA1 | 32e6214b33a369b8d766e6cac55f757e0f7776f9 |
| SHA256 | 5f76b4459b4391e5a30677a87065c7775d9b085b6b3652e1146b03f1b6b8c306 |
| SHA512 | c358b2cb834a9f417357168683463a1ddbac13555cbffb4bb0255761c6e12632ac4ad95bccca24be20bbda2cc21593629d57ddde7cecd01b98c18511c31558df |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\css[4].css
| MD5 | 4169d4a8701b5c253cfb2178415997f1 |
| SHA1 | 24cf6f697756068ab04519c74ca82ce0abb5f9a8 |
| SHA256 | e2ee45552145cf81c35e596d9b6cb6cf60d768675a1e4521ad265d41b9cc7cf5 |
| SHA512 | 03c1aa85db284040fecfc9f40f5e04342b7d203e3a87d7c4f1c904d5a6e27bc095ab86c0d2ca286afdffd78294727d810f4763fe06e2e701342a61208c0044a2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\0[1].htm
| MD5 | 75644b88a94e1c79781eb185dbae4cce |
| SHA1 | 2d39a93b5183df8cd511f09688d1b654fbec9bdf |
| SHA256 | 78f5c4399ca4dab6d77186fb12a19d21faaf7bc02876100ce61838c29d6ec3aa |
| SHA512 | 6a8bfe170c6449066d56d1ce4f37bc71a11499f29c381efcc7dc2e4bdc901f8dbfd1f928b53f91e1033ea692e471bb410262b29d5679f500b6c1f359b758dec6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\dnserrordiagoff[1]
| MD5 | 47f581b112d58eda23ea8b2e08cf0ff0 |
| SHA1 | 6ec1df5eaec1439573aef0fb96dabfc953305e5b |
| SHA256 | b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928 |
| SHA512 | 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 646ab8bb2814d5ac7d137b531fbb3959 |
| SHA1 | a33fa4d7c1071288f8adf9f32133873eee368e44 |
| SHA256 | 29f27adf51f386cec9bdb8b5692375fbac461f3151803c786b664ff8a9b7e8b1 |
| SHA512 | 92b79614c0974c67ce3592c4cd1417e2e275c684ca766e9ca6dc4e8b898a8784e112a0172aedabd90c6a4a9374ec24c6299ea959ba2c2ceb4ff61564b840c1f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3be5ffd2175f0534595cd44e225e6978 |
| SHA1 | f0d22d80e7229fa6239b04ea7368e135a27b4f61 |
| SHA256 | c2ad759a0731ec59305262dbfb7171efc6a3da5b4368ffebb753fb7f0e179a0d |
| SHA512 | c629abb9677be0b8d5b9dee2d12825cdd03c19f02627dc45bda9562ed38d7dd3933834460911f2a04c6470df1102c2e2c5828f9dd62de7b865512ea2c79ddc4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 331165e47d9062afc64227d545a81f60 |
| SHA1 | 55d95fb565e89879dbc6e902e11327e4e35de83a |
| SHA256 | ec9bc019146594d6c0438d55a8a244e029747c7d3ae9f9f8816477d3f5efb068 |
| SHA512 | 5d43ea9455fd68288e4a2fe669a4f969d171346906ea59bfe093c7f4000c82133bf1da8c246b2a5e152bc48f31db0b912cac61cfb0f4e230e4e31193b0c05fab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeb2d76fa10f65a54edf136ac0384927 |
| SHA1 | 8cf203bb46d495229d17f03a7e08fd449f70e688 |
| SHA256 | 09deb1053883e19ec5ac26214b4c62c9fee568685f1c8ad0f1da3291e2692dee |
| SHA512 | 96188b9c7749f8ec6ada5b885582d7c998770b8a820887f4c27c0c7d8abd6d8add7db8d7f3fe2a6ef353c15415cb088682dec8b21f50dc48e442027243f9afe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71396a4293b73809c79720f778afc481 |
| SHA1 | 7aefabb4e4b87798856ea8886f132ab6357f525d |
| SHA256 | f3e8c9220f35bc96be377d7b73bb22440f194121eb55fb1cc0faf545f8b57b1d |
| SHA512 | 2fa53614200a59c637c140ecbfa3437d5efb134d321a544b306a8f51770536bbb2c49241a3df9ae742021fa3a9017b43c5df12f69b0ede832a68d2e626ccfe41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55ccc039b117ed9d76c401eebee2c375 |
| SHA1 | e0a9c0ee29b609341dc28389ef8ee823e84e7ecd |
| SHA256 | 7c425c487ac0cd4896c5e34bc8c4a9176835f8671997e7f47755b00161838290 |
| SHA512 | e47c68edff5ac7f286bcc2c5e6ad2f5622abdf18ac12a871ccdd47b2e4bc91cc02ad1ed95dc65cc5709c65a1cd972f995a3434aafdb579b353ef044b8dcff94e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a365d950d5e729ee653cc40c4c7936e |
| SHA1 | 45650769c7887a4f6be24fea0dc77ed2f1819c9f |
| SHA256 | 45ad1a22b4958e89d2eeec4a3afea86b73bd9ca810238e31e5239ba81fddf2fd |
| SHA512 | 512e69ac7c6d92332715d675cf20eb19d7cb38f4f2fdc9b2f657f99e94c2bdc42b7b6d60f0f580208822ba9312b377f72cc1d58de717c69cdd925a6725c3e90c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84baaf21e6db97dce3d52d191c181110 |
| SHA1 | 16268eea18aad140a0f7c645d05b5dcaa126489c |
| SHA256 | bd94a8969ec5ef062ac2471e0771914f926d8af7c000e2a6ea2f9d522792fa01 |
| SHA512 | c2df7aa1d27ff2fcf70825eb02b94fcdd4df5f16096f301a59eef3943a2e2f1d034fa1830fe372f9fa1856c44f4b854f8c463c901a7a3d7fce176dd2042709f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d056878d9ce41cfbcf3507f3c5a21d4e |
| SHA1 | 90d481cb2cd7c3e4a49db9ed3d7d2d2baf5a2e48 |
| SHA256 | 1feb88732fcedbb237a4e16480a78f3e3eca017ff52b2d4db632057bab28e0ff |
| SHA512 | 295b84a867bb9f06f924bcba4d72cac61ee6b74a7c32d8fc2ea971fe0c0e111a386d09a31aada3abeba0227f511d98725aa9a2b41dec73bc5ec0dc948c8b1f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6bd16a97276210a7cbb5197fac0b641 |
| SHA1 | 3dfe1927a32197a74a7edc02d6fceae7f5473535 |
| SHA256 | 585eb46aeb5cad75a83830ac0e2ed28a5ddef99e815b23d65103636e1d8a6617 |
| SHA512 | 7eb21c7e5b62eff70ce6adb65ffe161365713ed15e3cd39b7c8b79b2e8b59d37533621be58e3520594512a573d789959790e2b0f9dc812fad2a46fab6c753cd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a326586d8078be861ec61168eb548b |
| SHA1 | 602ba54f56d71c8ba9fdcb5280a87f569644122b |
| SHA256 | ac6e37127ac3fa1fab849c6da2912554ed5a6d8407e8ec51f993ed5afa48df21 |
| SHA512 | f9e9fbd61ff5a09d87dc49bd212642e7d427e66c59536d55b8eef1c5e0745e4347d6154134cf65a6a407ee66ea6ffd84e62b637c0eed05ce682087952c6f7263 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\e[1].htm
| MD5 | 6c9fcaae9f204d3fbdc498c8e897142b |
| SHA1 | 08744da6568aa66865b7dc089fb5a6c0ec59943b |
| SHA256 | 8a5ee74a0b0652d311ddd54c2c6847c2d38b6db8fbfa55da5d029b3c2185873e |
| SHA512 | 7dad025ccd87f91f8affb1949fcd8e86cb1f44bfa70749ab3300d07eed2d6e44f330224fe8f8d61568bc290003daf947ee5982b331debd69a1e6927f8332a77a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c529e3c455ac36b692ad1240e7fc5bb0 |
| SHA1 | b0d7578077df4c6a660dfeb86644c882577942d0 |
| SHA256 | b35b6ab74c073fa87c554a6c7bf034a1f0667c1a4ba791f54544a952c1dc4aef |
| SHA512 | 614af6c3954fecaa3986f675c0fa437b868cbf744a56461462b36ae73f0022079213c96fa7e7b1c3fbcb1180ae1bab5715bb9b7ea7568e327dacdbf57ed3f81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b96bc599fb8ec93872e9d86d3aba782c |
| SHA1 | c75db5457c74894346387afae9c726ede6879c70 |
| SHA256 | c88609fae3e7b2cc0b758a1073b06d928dda91ac5ffd8ecb52467a923a6932a3 |
| SHA512 | e280fb33177ba178542e86f36e9b2f072c9c52a34b57fb610e15901258b1615a1d86beea2a528911d488f120cd5590de21146705189ce0d3d05b553d48f90f3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd771cd9cc39110363a2a633494ab5f6 |
| SHA1 | 3e651ee2bbd94b97e7d45288924a050f96b58944 |
| SHA256 | 079067eae3ee9f04593644fb33a69d2711cbbd326241b7ac72866d9547fdb047 |
| SHA512 | 1c08073c9325989b898f88c26cca748486d03ee098037a439e5323b0090f877fb97c5f13a41d451cd0ffc5659f39661f686871cafd6ed693ecaa60fab51450bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d92442dcb4004c5dabd207bb0f0f927f |
| SHA1 | f325e2f5e4fbf42dacf5c279c2d5c9cda9b57781 |
| SHA256 | 0be8679203bc0011464caa88238b1d3a0adccb4afef96310276660f3ca6c6296 |
| SHA512 | decd61bd5a29b1ee00cdfbce35f6118c7827db7135c2096e7715af497d2d0b5ecbab149b7556335a3374c87f3283711d1b99f4d64aa765a6e196255214910e89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb4f86e67e809979b2bfa0fca5db8c29 |
| SHA1 | 94a6da4dbd37dea693ea24cef63bdd88b4eb11b3 |
| SHA256 | 4174355cfca3dc15e899f6593fd78fbd1afa4337ce9db9c99b7e168a92e37cb0 |
| SHA512 | 81e1bf8fed54f01db1aba9a35cb638615f3eb62848d1814d5b32c2d8259fc2efadef288ad3d419edbaa06b170605549f9f88e17662df01e115607b58f97d3e63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 763dc6371d8c0f34378b9cc098098cac |
| SHA1 | 3d59bb33da58cdd095c0e0133e70207d904eac06 |
| SHA256 | 742d3d6886c322cc690046cc43997cd8d1c5a5ab80dcd4f08d0f5148d4043fac |
| SHA512 | 6ea59f54011cb5ee18b82047f1dc4351f77908b6a6832fc2d9ea32bb013265a65bee1802c8a734fa7d03161d111e03e35331714fb930f038160365a41fe9f899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ed451870f2b3c8591353d81e673f6e |
| SHA1 | d81195349c696f09954241eecdcc8c4ac1f42d77 |
| SHA256 | 32ae4f222e8ce23f67d9526f792d866288a154cfffbb48fc746ab1207fecbcc0 |
| SHA512 | 9c74c56221436dfbfc8222922ce148a8e21fa691e5aea4c8adf149bef1a2b88e305b47a46d4ae63513732361ff0bef0e16010ea4cf08a6ce4c0080d144ac457a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9667b138b866041bdfd3922a21d6b55b |
| SHA1 | 9516ddc30b66162ff2632505673445e9d1f8ab84 |
| SHA256 | 9376a893bec8c168d3657820706fa5ae61902a18631a813f947b85ce0b1b0e29 |
| SHA512 | 58a858d557a0e4d181a5610a80672cd9302cba740cc51f16ffb62a5743de8c96476c3e31506a09a8bd7a6017d0a82e381993fa79402b80739be7b05e90924272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1efe1bfba74bfe8623745584438608e9 |
| SHA1 | c7954e2ae147843ea0c863eb0cee8d885231ac6f |
| SHA256 | 68b7723be8a3d9e73e9611a9610dd6b8654ca555e17bdfaa9caa09b93d1a370d |
| SHA512 | 312a7d47e6846cd1449c8a906381f5d4dc0b29249ee08962e9f02936bd2dab10d5ca9624a32c1b67a3bf7a38a06f69f1f253f6da8f452034af55b707d4686c71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7a35db46d47cb2f6305b3e6d844e7d8 |
| SHA1 | 8d8ad19d7dbd7ee34860313a33fe2619f0592ed9 |
| SHA256 | 3d0513493aa3139ece344dce255301ee635b57fa558e3b5794fd47bd43d9e3e8 |
| SHA512 | 2b0f225124844a299090ece476dd08cf834ef7fb4cecb13dab5acc1552d7d9de50bc724a534960b49d9c64aa6b7b492d2cca909a6878f8e861be44af2e34f981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2272b3a5b872cc3ee83c22ce6d439535 |
| SHA1 | d9015f65d7d7212c00420f1c3c3e513de3df9870 |
| SHA256 | 9cfde9319558bb44a1ed8e315f2823a6fc08faa2376726307a7b536717088669 |
| SHA512 | 4a659d2c5c97899a11cf3a61b4467ae99c07bdefdbf1c5f54da828b468e7b8721f493cc96ef4363f9932b0624faefc56b7054f59499e0fa813ff9abe358894a6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 23:40
Reported
2024-08-25 23:41
Platform
win10v2004-20240802-en
Max time kernel
31s
Max time network
43s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1d4dedb1c642d819f0db123d804d136_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacade46f8,0x7ffacade4708,0x7ffacade4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12847033646302203756,15520811245428132119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.170:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.131:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 142.250.178.131:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.178.130:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | img2.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh4.googleusercontent.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | infoforextrading-advise.blogspot.com | udp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| FR | 142.250.75.225:80 | infoforextrading-advise.blogspot.com | tcp |
| US | 8.8.8.8:53 | 114.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | forex.webhostinpakistan.com | udp |
| FR | 172.217.20.179:80 | forex.webhostinpakistan.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| FR | 142.250.179.105:80 | img2.blogblog.com | tcp |
| FR | 172.217.20.206:80 | translate.google.com | tcp |
| FR | 172.217.20.206:443 | translate.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | fashion.webhostinpakistan.com | udp |
| US | 8.8.8.8:53 | webhostinpakistan.com | udp |
| US | 8.8.8.8:53 | hit007.webhostinpakistan.com | udp |
| US | 8.8.8.8:53 | ftsignals.blogspot.com | udp |
| US | 8.8.8.8:53 | www.alexa.com | udp |
| FR | 172.217.20.179:80 | hit007.webhostinpakistan.com | tcp |
| US | 8.8.8.8:53 | ras55.com | udp |
| FR | 142.250.75.225:80 | ftsignals.blogspot.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www.histats.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 172.217.20.206:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| FR | 172.217.18.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | blogger-related-posts.googlecode.com | udp |
| FR | 142.250.201.170:80 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | udp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | ras55.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | top-sexy-girls-models.blogspot.com | udp |
| FR | 142.250.75.225:80 | top-sexy-girls-models.blogspot.com | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.webhostinpakistan.com | udp |
| US | 209.159.148.130:80 | www.webhostinpakistan.com | tcp |
| US | 8.8.8.8:53 | 130.148.159.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| FR | 142.250.201.170:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_2828_DHGZFKPKKAKHVMDO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96cb758976309384779f04d54e07023a |
| SHA1 | 8c5255d98a9af403acd0d71bb28ca16a7d4b4e7d |
| SHA256 | cf737a47d7ee775c12ac6ceb8a3f96ddaa4de80e69c362c9fa26bb0603fae9f0 |
| SHA512 | 42f316be3a7cdee534d607f326cc40ef702f9d4c3a63b2479a2d2cfc70db389a77da6d304c96a50fdec20fb00830568b0aad2bdaa4025de763abbcdbaf38724e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | e3f09df1bc175f411d1ec3dfb5afb17b |
| SHA1 | 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9 |
| SHA256 | 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617 |
| SHA512 | 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 3b44aafb45f90e25c4b2980c1be2c27a |
| SHA1 | b76e2cc7e7b851310ac1ca3ca7c52353fe6c6ee2 |
| SHA256 | e4610a191acb3eb0d5ce7bb88d0f5e6225d0bec3cc5030b2d216a03ff8081986 |
| SHA512 | 1028d269272b062b7fdf26059ff3737eac53b48b5063b8dbfcfe48ab64f2a37655de5098ec02f4bf22e0d4fbcc603dfe7572d5d03e09872c7119e7fed0285c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7775354a198d6d562243fb366beef768 |
| SHA1 | fdcb70a082959593574d5bdae692d8092761bec4 |
| SHA256 | 0f1c924a97604d12b0ffaf4784073637ca9b0a05d44d03e00204d68e8fc1f6fb |
| SHA512 | 4b55c8d317187ed654caa24d5eba9f17b0a1a5fbb5f4156d37cf4d93f42c52b53a855b84cbb5551aa391600f286f668b57bc6427dc6eb7f58c4d4d2432453d8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19e347b1bbfc586b66a193029c2c12ea |
| SHA1 | a7f7dc14148759792f7601c8d787a63570e98d54 |
| SHA256 | 5a6b54ef24981ce64416681ff6bdafbbdb57bc1804c60a0817a21416acd3af54 |
| SHA512 | 8099f24be3be7394cde731d0b68ce32f497d229299ee8cf628890e7dea1739ee957193333fcd38d52a270b5fb3ecc9372c0cd3c73d8d712eeb5e9a545821515e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 83a365eb4edf510292155e6d37f50dbb |
| SHA1 | 7f152270e58a75a5cf628a57d0fb400f098bd3a2 |
| SHA256 | 4c5af35c6200b96c441a1cc42d1043d56ccb7d2762aa70eb1cbc046545f82109 |
| SHA512 | 0c29259aba104328ac0182427310d58819146162b6b57d8dcce02785dfd16e24b10e5803c7d697cd9aaee590f10dee6cf0d999f8563fb9aa5d60f6d936fb6460 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | e3c88420f982d0cd25217af93546758a |
| SHA1 | 89201ad1f1ae475099f0516230881526b723373c |
| SHA256 | 007dc01fd6bc3d938663a1e3b8b9a3a289992e18fc147f68cbd4b7464fe53323 |
| SHA512 | e2783b4b5960c1869c1522a2c8dfc699f1d4690d5e01ce7e99de44cf53f49f586dc61d9837cf3601a89fefd4ea8a7cce6180cb34f3a82a8a7c06a9a310616915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | a4517a25c14952fd55ba950ebe2be39a |
| SHA1 | 75fb4015b4c3df4eec54260549b1d978d2246889 |
| SHA256 | 7ead9ad23f8a377f86d381a41bd540027b138bf02dc8a864d1b1045e4206dad3 |
| SHA512 | 6eeb75f4e9d7ba46ef41f5e98bed7635aabac5f0b5636ecc7a2a18d9e40c9666c6c7af01d4b7b41ee23c8bcddeedd0bce100b671edae768ff52d202dad4f8645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a300dedc7163148f0bf6003c5475efc8 |
| SHA1 | ec5c1fafd999d431f14335539a701c5559813309 |
| SHA256 | 728083db50cc2a9a4326c567e242619b6f24f0483c5b859f959b641263728f92 |
| SHA512 | b135d4f88c6c59b628c41604642dc6b7fec96b9b9bfe7c9a6967a0e5b82486ab5a6b26afda6fb7b80462878e46f7a28fc08024041daec4c97d385206791f6427 |