Analysis Overview
SHA256
595b8fa048251a3e3cfd4db67cf534ef466b3d5b6771b26a6ea71569b46d8bec
Threat Level: Known bad
The file c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 04:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 04:46
Reported
2024-08-26 04:48
Platform
win7-20240704-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\Total = "52" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430809440" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "52" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E05FE51-6366-11EF-AF94-46A49AEEEEC8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws\ = "52" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2068 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2068 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | scontent-kul1-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | adukaherbamewah.blogspot.com | udp |
| US | 8.8.8.8:53 | scontent-sin1-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | fbcdn-sphotos-e-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | fbcdn-profile-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | s01.flagcounter.com | udp |
| US | 8.8.8.8:53 | i198.photobucket.com | udp |
| US | 8.8.8.8:53 | www.maybank2u.com.my | udp |
| US | 8.8.8.8:53 | www.malaysialoan.com.my | udp |
| US | 8.8.8.8:53 | i24.photobucket.com | udp |
| US | 8.8.8.8:53 | enes-sc.googlecode.com | udp |
| US | 8.8.8.8:53 | fbcdn-sphotos-h-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | www.yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 66.154.110.210:80 | s01.flagcounter.com | tcp |
| US | 66.154.110.210:80 | s01.flagcounter.com | tcp |
| FR | 142.250.75.225:80 | adukaherbamewah.blogspot.com | tcp |
| FR | 142.250.75.225:80 | adukaherbamewah.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| US | 104.71.143.200:443 | fbcdn-profile-a.akamaihd.net | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| US | 104.71.143.200:443 | fbcdn-profile-a.akamaihd.net | tcp |
| FR | 142.250.179.78:80 | sites.google.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| DE | 52.85.92.81:80 | i24.photobucket.com | tcp |
| DE | 52.85.92.81:80 | i24.photobucket.com | tcp |
| US | 76.223.54.146:80 | www.yourjavascript.com | tcp |
| US | 76.223.54.146:80 | www.yourjavascript.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 92.123.142.114:80 | www.maybank2u.com.my | tcp |
| GB | 92.123.142.114:80 | www.maybank2u.com.my | tcp |
| DE | 52.85.92.81:80 | i24.photobucket.com | tcp |
| DE | 52.85.92.81:80 | i24.photobucket.com | tcp |
| IE | 172.253.116.82:80 | enes-sc.googlecode.com | tcp |
| IE | 172.253.116.82:80 | enes-sc.googlecode.com | tcp |
| DE | 52.85.92.81:443 | i24.photobucket.com | tcp |
| DE | 52.85.92.81:443 | i24.photobucket.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| FR | 142.250.75.225:443 | adukaherbamewah.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| GB | 92.123.142.114:443 | www.maybank2u.com.my | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| US | 8.8.8.8:53 | cdn.html5maker.com | udp |
| US | 8.8.8.8:53 | www.123contactform.com | udp |
| US | 8.8.8.8:53 | mypicpals.com | udp |
| US | 104.26.12.144:80 | cdn.html5maker.com | tcp |
| US | 104.26.12.144:80 | cdn.html5maker.com | tcp |
| GB | 23.106.61.147:80 | www.123contactform.com | tcp |
| GB | 23.106.61.147:80 | www.123contactform.com | tcp |
| FR | 91.134.223.248:80 | mypicpals.com | tcp |
| FR | 91.134.223.248:80 | mypicpals.com | tcp |
| US | 8.8.8.8:53 | app.123formbuilder.com | udp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 8.8.8.8:53 | form.123formbuilder.com | udp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 34.198.120.255:443 | form.123formbuilder.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | www.al-azim.com | udp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 8.8.8.8:53 | www4.cbox.ws | udp |
| US | 8.8.8.8:53 | www.thecutestblogontheblock.com | udp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 172.67.190.152:80 | www.al-azim.com | tcp |
| US | 172.67.190.152:80 | www.al-azim.com | tcp |
| DE | 195.201.153.71:80 | www4.cbox.ws | tcp |
| DE | 195.201.153.71:80 | www4.cbox.ws | tcp |
| US | 8.8.8.8:53 | thecutestblogontheblock.com | udp |
| US | 172.67.182.230:80 | thecutestblogontheblock.com | tcp |
| US | 172.67.182.230:80 | thecutestblogontheblock.com | tcp |
| US | 104.21.75.228:80 | thecutestblogontheblock.com | tcp |
| US | 104.21.75.228:80 | thecutestblogontheblock.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.21.75.228:443 | thecutestblogontheblock.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 104.21.75.228:443 | thecutestblogontheblock.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 8.8.8.8:53 | a.deviantart.net | udp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 8.8.8.8:53 | bcroom.netau.net | udp |
| US | 8.8.8.8:53 | www.emoticoner.com | udp |
| US | 8.8.8.8:53 | cococokie.files.wordpress.com | udp |
| US | 8.8.8.8:53 | emoticoner.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | www.cute-factor.com | udp |
| US | 8.8.8.8:53 | www.astrosafari.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| GB | 13.224.245.10:80 | a.deviantart.net | tcp |
| GB | 13.224.245.10:80 | a.deviantart.net | tcp |
| US | 192.0.72.25:80 | cococokie.files.wordpress.com | tcp |
| US | 192.0.72.25:80 | cococokie.files.wordpress.com | tcp |
| US | 172.67.133.66:80 | www.cute-factor.com | tcp |
| US | 172.67.133.66:80 | www.cute-factor.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 151.101.129.91:80 | www.astrosafari.com | tcp |
| US | 151.101.129.91:80 | www.astrosafari.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 192.0.72.25:443 | cococokie.files.wordpress.com | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| US | 8.8.8.8:53 | wallpapers.com | udp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| DE | 52.85.92.69:443 | wallpapers.com | tcp |
| DE | 52.85.92.69:443 | wallpapers.com | tcp |
| US | 192.0.72.25:443 | cococokie.files.wordpress.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| US | 8.8.8.8:53 | www.mbcslot88.com | udp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| US | 198.252.104.151:443 | www.mbcslot88.com | tcp |
| US | 198.252.104.151:443 | www.mbcslot88.com | tcp |
| GB | 13.224.245.10:443 | a.deviantart.net | tcp |
| US | 151.101.129.91:443 | www.astrosafari.com | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| US | 172.234.222.143:80 | emoticoner.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 8.8.8.8:53 | cococokie.wordpress.com | udp |
| US | 192.0.78.13:443 | cococokie.wordpress.com | tcp |
| US | 192.0.78.13:443 | cococokie.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.themezoom-neuroeconomics.com | udp |
| US | 104.21.53.159:443 | www.themezoom-neuroeconomics.com | tcp |
| US | 104.21.53.159:443 | www.themezoom-neuroeconomics.com | tcp |
| US | 8.8.8.8:53 | www.gulfmanganese.com | udp |
| US | 172.67.161.217:443 | www.gulfmanganese.com | tcp |
| US | 172.67.161.217:443 | www.gulfmanganese.com | tcp |
| US | 8.8.8.8:53 | www.murraybrothersfuneralhome.com | udp |
| US | 172.67.156.47:443 | www.murraybrothersfuneralhome.com | tcp |
| US | 172.67.156.47:443 | www.murraybrothersfuneralhome.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0354176a40f048da70b3bea6f0267bf3 |
| SHA1 | 33c0b0ef929971ceef9447f3ba7a333ee6e0d6dc |
| SHA256 | 10e00c5c66af4374fd697706ac5f144ccfd0511a5b601aeb61933065f944b2fb |
| SHA512 | e224bc55953419b5b6b9b990150b035866c475e44ae00349729eec75d3f380903faa838ea795e5cfbbdfac931e46bef2aad7d5673732e8ad7188c468f74bcb52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 36c28093e15de662f68d1625fa5b6d8e |
| SHA1 | 0f8ebfce30e800b697dd2f7f1fbfacb0c1569303 |
| SHA256 | 0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a |
| SHA512 | cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 752c6617bc1693123c6bb893bbc387c5 |
| SHA1 | b6f8e4ef36b9940907f6a59f1b7dacf08d7ee8b0 |
| SHA256 | 15824ea5523e646e7befcccc8c153811745cd503ffe994c1b3eff4bb5266a456 |
| SHA512 | a93576348df99a493ae652cf9c8f437ed1d18e42b948f2d05d39ccbb291edbc1b91573d565eafca5b290dc5616e463c1868527c87446e3e9dc63aab6a521057f |
C:\Users\Admin\AppData\Local\Temp\CabDC8B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDCBD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | f485d09b5bfa19e8d5c53bb29bf6386b |
| SHA1 | bfa1877c1538215f0e72990bd55850faf416f6af |
| SHA256 | fbbacae9f66cc369c7acc5ff2f5d5d062965b632065b9a404116d2b842506585 |
| SHA512 | a401fbc3342c315f5f2893e01ed5218012ef3225e16a7d17951072aca79cfb6b306f1dfd6ba47dc0d859557aa145ba265316453efcd18f1c8581520e49ee92c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a45a59f48325b0b65512e2d1f0a02190 |
| SHA1 | ec3b874eb214457b4be089c17ed601d65862818d |
| SHA256 | 554491534471612aae62e16fcea82733f8c0629142395d9f64e47a73b46d6581 |
| SHA512 | 24d62f45d3fccacf1ec814beca366b139783ae44fd03d0d91f1a2e439fbfa3f554dcba63ddd214ce60e17ee0a04fd7a5e970541a2dc22d8523caf38729100847 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 039f96092e6ee64c278fe7b09ce5090b |
| SHA1 | 9eed97447f8aa452d7f2c752071ab5af87f92c65 |
| SHA256 | 387eb4ae5dfc7bb6cb096689788c4eb11a3df638f69a9285e46e3ace78f3ece4 |
| SHA512 | bbebfeed2676a580db5e190cf99a95b7aa0de17f1bbb4ba13bd90b1f1b0b5a7f954b6367c8f42f418e2c92387b1c8b229c678121a5842842cb6f87e5772964ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b9bb5f3fa7e7842768dbc2e569906f |
| SHA1 | e9004b9307d1d8dbe405d5aae6ef36bbd274e103 |
| SHA256 | 029bb45b58f5303c4e8289174c7fd8cfdb66256e1ca2174a8083cb5e20cd70cf |
| SHA512 | 3a98ab27a95901e3d168953610e37082c07eb5eed944610af64900da8b621ce68f18556f58b4fcddd91985212e6038c008ca1019cab72cf2b5ec4d116bb07cf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0734bbad74a88f3923d2e0105f96e98b |
| SHA1 | aef7285c5d5b5b80e0dd269f78f291c862344fa7 |
| SHA256 | d67542144aff752e97b8e5747792d8e14dcfa9c595cb864a34ce18f5e6eae5cf |
| SHA512 | 963837f6b6e16f1ccab3b890c29392bbcf883373f7ca01a467ddcf739f951397adff8473735a5845f93c6d92df77e5d4dc11d6561e4ca566523ffa5f536574e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 671135c1b03e8d363ffa2238dceb821f |
| SHA1 | e03d67b70baf2b28d0bb99d6a768ed16b0b7505c |
| SHA256 | 603af73bea0694335b20e604631966d314319865f48c01bf561685ffb71b375d |
| SHA512 | 26d2c8b01cc253462a9cb910191c1fd1fa14cc09ead899bc404b20115eff05f2dbb39cd364ab84ebcd0365cce1eed0d94681988b79c713a1b8e3f7989de49d42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 5a18a4ebe1e12fa2e62d88a0d6c50e7d |
| SHA1 | 5a4fe259053cf2e823c50b9e30e9465a0a808f4f |
| SHA256 | 52d1ad5ecdd976369305b4393f065539bbc700cd278f85e60fbc241ca40facb5 |
| SHA512 | a386611176580b008e8570d6d5b1cc087a8bc13f634346c544e1727023211b69a2e7410b7fc6feb333d5378ffbb3110da55d369988d5d572df246a7cbe34e5c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 1c33733bba48dc1da9b3b72aa0d51872 |
| SHA1 | 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655 |
| SHA256 | 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0 |
| SHA512 | 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08bd621285b0796c447a9dde3c78e87f |
| SHA1 | f3d3bf03203a2fe486f96ba87b0a1bac1d5d2bca |
| SHA256 | 11b6e8b772593d0320be780708a227063d7c91e5c30724578bde8b21cc5e7857 |
| SHA512 | 9f7546fd52f2625a61c2764797d1ca1b754843a94ff8cb5ad3e06b60a6f19141688ed2311084724370c07d366d43b543cf1a2ba41b59fcd26a14b162eb5ef164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df22d45900ef5de2321aacd95e45166d |
| SHA1 | 348ef4e6273af1c517e550d4ebae4b2ebbc6c6bf |
| SHA256 | 0d05d5f04ad4ce660beb4cf28b2fe4c02bb6d7d65ee12d85c0dfbc51bbbe9481 |
| SHA512 | 98952088e07aa99fd71ae017fd062b63a2113261062f61244718a1dc78d8072be2ac31be96fdb2b429d1ccd2ab7380e52102d6d029b2d34f15423648659378f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96ee878e1a3ebbf6d4eb656bd80b415f |
| SHA1 | cfa98541b0ad73a9f4b25f5744ddbd426018096b |
| SHA256 | 001003daf0cf4e8465c4ed1dd5fd7e338811d9c9e760a14a68a273eb56667b1f |
| SHA512 | fa3a8d63c610c46c6a10d11c07e3252978cb7080d1f8fe18cf98c7816342689ddd4bf26bdf2095bd17f1e40f744a278ceec157bf712e29e101260235d717d14b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4dd2f2e94b10b92ba0d2dfcbab789cd |
| SHA1 | 0b44498d834151091aa25fcf4a08b0707b8e9e2c |
| SHA256 | 9bf22300a3298333705acac353cc4f4d0d0a0e002e1e72c7f21b52ed093386ad |
| SHA512 | 792637e39344a99072d8f494ef90103b81e349e2adabc1f4614e38bbd5b09a54cc362b51fc2f06482958548c210465c5f20b9e560ab8e2e333a8483eba0d6a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8f59fbc5751f29fd70b79e1e305d47f |
| SHA1 | 119d98f2fd4517937a2706f53809e9e2fdff4e54 |
| SHA256 | 55dffde1c3fdabb42e4b532ae60a3cb181bc3de0b520edcb8fde4acfa2a8a73a |
| SHA512 | 234123478df6e0090df20514b25a0455de9276cf17e6903fdaef538f7ac59f3f91bf0c4b03b442dc6be80c7f5b8fa92e48a3765962087d53f83017fbf4a71661 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea9bd99d5369590e01180be4f9458cb |
| SHA1 | 66c3ead821f4cdd2945d76279c3665c311a8f0e4 |
| SHA256 | 5586199751990f6642a49dc4511ab3bf56ad49e6935a9ea952b00fbdbfaee592 |
| SHA512 | 18164e45d2515659ac23bb95ce2d8e8906c11434f8edb7d0acd99be6ba1400f6c20b39690f45b648b60a8b3b65fef6d65ed5a93ca472ef036c641a3cc7ed06cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f2023427513b1da2dace3424dc9deac |
| SHA1 | b9781399dce696e69f75a4ff5576bfd9afec42e5 |
| SHA256 | 419679007b09083ff5205421f755be785e8ceb571a4a87155dbc6b7606c30c43 |
| SHA512 | 52f6c4c7e0fca300dfdb4639b00d954cf7e64d90de2f5d11eec1c7e18bf84672409514eb2a24251193dcc3a16247625defe39cb401501a994b76364e6918c32b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8797f5b77da34171b4cacbd372fbfdd |
| SHA1 | a79e2f3a0b0ba694fe5157c4e7c8fd2571d8babb |
| SHA256 | 639b08a094bcac9dab13a673fb095a70b6bdc0b268d94c29cf6c8cc01900bd9b |
| SHA512 | 2db174386681c6ee00d68aedcaa6a52754bbbc48b72d75ffc3395866b45b243055e81387843fef58d4d0a8fd701f6d6e6e387b14d8845a162b355916b70da59b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\cb=gapi[1].js
| MD5 | ed72d618fe48f6fc42c19a4b58511e72 |
| SHA1 | 80a2da4af91d56ec81c7b672afaaaa72c83a4414 |
| SHA256 | 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0 |
| SHA512 | 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d05cb122226356dbb3421d08fed349 |
| SHA1 | 08174ddb27147f5e2b243423823bda5492e8a530 |
| SHA256 | 6301d20637137534acb60107a6bbf202c9559c89e7fe7bfabb14ab3cf808d9fc |
| SHA512 | 07ab7e6e1f563fb7fc8ed7045e7fee013683147b3b59b1e6c547598f2bb9284414f27c8f8c2dbc2e9afdf62ac9291a1bbb9c32e4d1624bfd1f263608cfbe8bb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75f6061077d8fc68c034d13dff341dfd |
| SHA1 | 10ec3953264300b77ed4b4f99ecb9b2e1794922e |
| SHA256 | 722beff8e656a4e04ec226ae4233fc6f9ad0071a6ce99ae90d0f27229b5a4dd5 |
| SHA512 | cfe248191d5049ad491329c87c79f61963802144b9e117f59fe6cda2798b2fb865777bf24272582f579798bb146f2de19743caa0c17371eb3cfb5e1e63432f37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66776560600d9a2aa9b32fb536f1ccca |
| SHA1 | 900dd1bd5cd9dc6fcd4f36efe88b61c23d687c4f |
| SHA256 | d10e602201bebcf141a12d26f11a78dab3b88df0b81209700869b786959060f8 |
| SHA512 | 26e50f04e17d5fb05c0b88dd09c9ba3c0cf8b98c194ba08839552bb4f8667d45b1723c70550a309a362056cbb103b862c48751da519bb49e4510bf412a231ce9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95428a289e3bc2354300732db32e25d6 |
| SHA1 | 70afd01387a36fd74422cc82aad1fbfc679328ae |
| SHA256 | 6bb097391c9d45afacc455d0771eb432bc982a2990a361ae9d94fddf95ab420e |
| SHA512 | b1a83bec78f5fdeaa9d611e30aa3faec6dacc71363239a9b9a58e10346b8ab05f5441e744acf5f9437677b8cb9d7a65d9902f177689bd744d71ea46d686ccd95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9ee215dfa1a0cd58092bd520b7c5dce |
| SHA1 | f0076435d162a1f2e6ff5c84a11898caf8683ace |
| SHA256 | 233fb2cfe3f9df736bbb65bef157eae6a1bf2a076758d15ebd31f3b16a23275f |
| SHA512 | 732a4c3dbb6ad985a03db990a9d9d7a93dd23131379a901c4fcb0ea37da6a60cf460f8ca63de23bb8bd36415035e9f6986ac50ea0526d47e56abb10091100fc4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\1R5PRVV8.htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 15bc74e01f35155bb733d83cbf1789a2 |
| SHA1 | 8273612b10bf90f10d00786b91b2f2b637f7528d |
| SHA256 | 73f71e48dd8b8d15cd88b916312c5642871e044d64486e5fc2d0c264ab3ee936 |
| SHA512 | a096baa36c6f6d76cf3792a0c2be63a0d20207a89ee9f1fb33a5d1ec9d13b93bee74d820f70b1712419d34754f9aac6a6c856d02e08b219a81fa3cf0c376df2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e97f414bc017d68a277c1128e0c0b4bb |
| SHA1 | 76051815697484275d484797c9f02fd53e6021e1 |
| SHA256 | c894ce3b0e97e1d25e360f77bdf0247e4a39a5a0e74fbf24f9ef867d65bda713 |
| SHA512 | 97430785ea3464b17e504cd44c36c25956728d9e9df54cd86a9b8e68d4710813624fe3470af8f3384a4ee61c5f6eb58e8786e92eaf21540335336bea3a450630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\1380534674-postmessagerelay[1].js
| MD5 | c1d4d816ecb8889abf691542c9c69f6a |
| SHA1 | 27907b46be6f9fe5886a75ee3c97f020f8365e20 |
| SHA256 | 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f |
| SHA512 | f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\rpc_shindig_random[1].js
| MD5 | 45a63d2d3cfdd75f83979bb6a46a0194 |
| SHA1 | d8e35a59be139958da4c891b1ef53c2316462583 |
| SHA256 | f7067f1d01d9c60618becbe4df3d61778244108459226e2e8a818cfbc2c18ae6 |
| SHA512 | cea9c9eb8ff0c43048ff371f135148438fc1a2614bf8bbc3518cf430c37778edba3452ce92b4236679cd1a4123af0ca320f530b1c20cedd0883b545209c048cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bef8b838d94cd5e5a92f139235a3e78 |
| SHA1 | 200de5df870ea81787ee33585054360496470935 |
| SHA256 | f9cc08d2d2a03966c1d810b2617963f19b15ccd82f38f70bc533362e4e882ebd |
| SHA512 | 3dcddd0253f630ad27ba4a1a3baaf61325f341a7bc425b0bf262d68533478c2e71839380d750a2af2074e7ef2cef5c56906b041e1a64276e3bf4d6286ac9b3b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 04:46
Reported
2024-08-26 04:48
Platform
win10v2004-20240802-en
Max time kernel
146s
Max time network
148s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4c846f8,0x7ffab4c84708,0x7ffab4c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x90 0x50c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 172.217.20.206:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.106:80 | ajax.googleapis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | adukaherbamewah.blogspot.com | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | enes-sc.googlecode.com | udp |
| US | 8.8.8.8:53 | www.yourjavascript.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | cdn.html5maker.com | udp |
| US | 13.248.169.48:80 | www.yourjavascript.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.75.225:80 | adukaherbamewah.blogspot.com | tcp |
| FR | 172.217.20.206:139 | translate.google.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| US | 104.26.11.22:80 | www.widgeo.net | tcp |
| IE | 172.253.116.82:80 | enes-sc.googlecode.com | tcp |
| US | 8.8.8.8:53 | scontent-kul1-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 104.26.12.144:80 | cdn.html5maker.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.123contactform.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 23.106.61.147:80 | www.123contactform.com | tcp |
| GB | 23.106.61.147:80 | www.123contactform.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.75.225:443 | adukaherbamewah.blogspot.com | tcp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | fbcdn-sphotos-e-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | scontent-sin1-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | form.123formbuilder.com | udp |
| US | 8.8.8.8:53 | app.123formbuilder.com | udp |
| US | 8.8.8.8:53 | fbcdn-profile-a.akamaihd.net | udp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 52.0.181.232:443 | app.123formbuilder.com | tcp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.61.106.23.in-addr.arpa | udp |
| US | 104.71.143.208:443 | fbcdn-profile-a.akamaihd.net | tcp |
| US | 104.71.143.208:443 | fbcdn-profile-a.akamaihd.net | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | s01.flagcounter.com | udp |
| US | 8.8.8.8:53 | i198.photobucket.com | udp |
| US | 8.8.8.8:53 | www.maybank2u.com.my | udp |
| US | 66.154.110.210:80 | s01.flagcounter.com | tcp |
| US | 8.8.8.8:53 | www.malaysialoan.com.my | udp |
| US | 8.8.8.8:53 | i24.photobucket.com | udp |
| DE | 52.85.92.81:80 | i24.photobucket.com | tcp |
| GB | 92.123.142.128:80 | www.maybank2u.com.my | tcp |
| DE | 52.85.92.107:80 | i24.photobucket.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| DE | 52.85.92.81:443 | i24.photobucket.com | tcp |
| FR | 142.250.179.78:80 | sites.google.com | tcp |
| DE | 52.85.92.107:443 | i24.photobucket.com | tcp |
| IE | 172.253.116.82:80 | enes-sc.googlecode.com | tcp |
| GB | 92.123.142.128:443 | www.maybank2u.com.my | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | fbcdn-sphotos-h-a.akamaihd.net | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.181.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.71.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.110.154.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.97:443 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | www.al-azim.com | udp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| IE | 172.253.116.82:80 | enes-sc.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 8.8.8.8:53 | www4.cbox.ws | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | www.thecutestblogontheblock.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| DE | 157.240.27.63:445 | badges.instagram.com | tcp |
| US | 8.8.8.8:53 | thecutestblogontheblock.com | udp |
| US | 172.67.182.230:80 | thecutestblogontheblock.com | tcp |
| US | 172.67.182.230:80 | thecutestblogontheblock.com | tcp |
| DE | 195.201.153.71:80 | www4.cbox.ws | tcp |
| DE | 195.201.153.71:80 | www4.cbox.ws | tcp |
| US | 104.26.10.22:445 | www.widgeo.net | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 172.67.190.152:80 | www.al-azim.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 172.67.182.230:443 | thecutestblogontheblock.com | tcp |
| US | 172.67.182.230:443 | thecutestblogontheblock.com | tcp |
| US | 8.8.8.8:53 | static.punchtab.com | udp |
| US | 172.67.190.152:80 | www.al-azim.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | nnaaqua91.blogspot.com | udp |
| US | 8.8.8.8:53 | kisahcincaibuncai.blogspot.com | udp |
| US | 8.8.8.8:53 | ainkening.blogspot.com | udp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 8.8.8.8:53 | bcroom.netau.net | udp |
| US | 8.8.8.8:53 | a.deviantart.net | udp |
| US | 8.8.8.8:53 | cococokie.files.wordpress.com | udp |
| US | 8.8.8.8:53 | www.emoticoner.com | udp |
| US | 8.8.8.8:53 | emoticoner.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | www.mbcslot88.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 172.234.222.138:80 | emoticoner.com | tcp |
| US | 192.0.72.24:80 | cococokie.files.wordpress.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 172.67.201.54:80 | www.cbox.ws | tcp |
| US | 172.67.201.54:80 | www.cbox.ws | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 8.8.8.8:53 | grautcho.net | udp |
| US | 172.234.222.138:80 | emoticoner.com | tcp |
| US | 198.252.104.151:443 | www.mbcslot88.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| DE | 18.155.145.86:80 | a.deviantart.net | tcp |
| DE | 18.155.145.86:80 | a.deviantart.net | tcp |
| NL | 139.45.197.245:443 | grautcho.net | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 192.0.72.24:443 | cococokie.files.wordpress.com | tcp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 172.234.222.138:80 | emoticoner.com | tcp |
| DE | 18.155.145.86:443 | a.deviantart.net | tcp |
| DE | 18.155.145.86:443 | a.deviantart.net | tcp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 172.234.222.138:80 | emoticoner.com | tcp |
| US | 8.8.8.8:53 | www.cute-factor.com | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| US | 172.67.133.66:80 | www.cute-factor.com | tcp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 153.92.0.100:80 | bcroom.netau.net | tcp |
| US | 8.8.8.8:53 | cococokie.wordpress.com | udp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| FR | 216.58.214.182:443 | i.ytimg.com | tcp |
| US | 192.0.78.12:443 | cococokie.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.astrosafari.com | udp |
| US | 8.8.8.8:53 | wallpapers.com | udp |
| US | 151.101.1.91:80 | www.astrosafari.com | tcp |
| US | 198.252.104.151:443 | www.mbcslot88.com | udp |
| US | 8.8.8.8:53 | www.themezoom-neuroeconomics.com | udp |
| DE | 52.85.92.18:443 | wallpapers.com | tcp |
| US | 104.21.53.159:443 | www.themezoom-neuroeconomics.com | tcp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.153.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.190.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.104.252.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.92.85.52.in-addr.arpa | udp |
| US | 172.67.69.193:445 | www.widgeo.net | tcp |
| US | 104.26.11.22:445 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | www.gulfmanganese.com | udp |
| US | 104.21.42.119:443 | www.gulfmanganese.com | tcp |
| US | 151.101.1.91:443 | www.astrosafari.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.murraybrothersfuneralhome.com | udp |
| US | 104.21.48.205:443 | www.murraybrothersfuneralhome.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 151.101.1.91:443 | www.astrosafari.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 119.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| DE | 157.240.27.63:139 | badges.instagram.com | tcp |
| FR | 172.217.20.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| FR | 216.58.215.34:445 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.215.34:139 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 142.250.178.131:445 | fonts.gstatic.com | tcp |
| FR | 142.250.178.131:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:139 | platform.twitter.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| DE | 157.240.27.63:445 | badges.instagram.com | tcp |
| US | 8.8.8.8:53 | badges.instagram.com | udp |
| DE | 157.240.27.63:139 | badges.instagram.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_3300_KLMNDLIOKMRHWQMR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58abd29ded1cd5f11dbc3fbfb3f899ac |
| SHA1 | c41010360643cdbe3ce7368dd07c88d73fd7b49c |
| SHA256 | c262687b935f27d1e825b1f0c5180a4bd316393765b52b26986b79097cd1f5cb |
| SHA512 | dbbdfd1ec25e1e5c09bcb9c00203705ef8c16ec22dea01564e10b573b9ed21b6093958a43c7465d76deeb39b7e491fdca8415be850e8506e43e533a217904dfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | a0423f1305547bb6b8f5a4fb1a9fc2d8 |
| SHA1 | 092dcf1fe57e6bb53821eb754e04188ee70602d5 |
| SHA256 | 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8 |
| SHA512 | b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08304b543758f5099f938aaf90cf07a4 |
| SHA1 | 19a0f68a20d322af47c0fa9f03bfa6d02e394f31 |
| SHA256 | fdebd1b6f76b47d154945a5817cb0a08951088b347edc57700f4f0f844f9bb68 |
| SHA512 | 742442bfeefa899c51086167156e1b9b212a014eab12b5dfaa3eba9f50bb14b2a53bffd6ced5ab15b30a828c562d0a2f2f36fb93d08940604246b105a7c92973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a86e371d72496c10c56f60d70421293 |
| SHA1 | 15dc034e88a55b05dc8ef9786c78dddb8c3de612 |
| SHA256 | e3968ffe88062229132dc12728b41ab61185cb1ea6e2b9920153855352103b75 |
| SHA512 | 430e0e64bcd4d4b3955598e11d7d046ebd0ff1524637479f5c51626fe1c6a9cea63848ed8c1de05564463bea72b17683eb3b3a381c7a86e5913f720dd7acf10e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbd7c4d5ae65013a23f34dc99a669f8f |
| SHA1 | 5032c26652bc4793bd0765fe8f72847859cd8f1c |
| SHA256 | 7f1108275c79ef5f4663c745a56a115769a851cc3366b9586b79f3eed2856da0 |
| SHA512 | 927ee4484ed111cc760b0eca455d3342e50e794d5358c95fed78e1e24bdc21a8aecaff37c57cf2de0ef52252733f115776cf49be4e24821f866d1f2d49b661a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aec17a9b716a05fcaeda9edc5bdd3933 |
| SHA1 | ea12a145b036e78876743841110187de8484f37a |
| SHA256 | d82ac7333502e80865e4a8caa1703dbd562d0fe154c97f423dfcc8002752d6bb |
| SHA512 | 291798b6c2ab88e2fc1aa9a79eed85a2620dc53f0ff11370c5e76f7d4a5745289c9c0d59f898e77a82167fa68a21eab5f7d0120a2e539e70c9f179b8e458228a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f889.TMP
| MD5 | 3b263acd14303bb646c0901a7de8ec27 |
| SHA1 | 9f97b927ad85060d7b2ea84cef032a51038ed40f |
| SHA256 | 1fcb3e1d715828c7f3317b10667bbbc5edde4d8160e3eabd1274aa41087c25b9 |
| SHA512 | cdd59010804c5399b6fe22ea60908e4317ce07f5334b82994bc05383bb8c84363e1aec9659f8adb056b4bdbae83f4e8aa78c1d7f80686f0973d63437e813a3d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f179ac6d2f3a1365acbe165040296cef |
| SHA1 | a84d2f36d420c33f102f4e947b9563a171852a12 |
| SHA256 | 89e6a52a5c0148c193310c11fd78d55f17e0db26c02fcab8a4e3b448ee7a4ffb |
| SHA512 | abadb764bcc0b215f11a265168bf548b696debb64ed6c1a9b387f0f6c6130f3c661e9632c8fee745a9c1021ca13b5fdc900486b08a5c052f91661557d3484ee2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f1ce066806d6d10e47bef102baf734ee |
| SHA1 | e3705a7f8d1e3dc25c04e753a4617cd6fe31a3ed |
| SHA256 | 337c98b61eb25dcffdbf6d2339543bf245c587a0710bd230e29de56e37412bc4 |
| SHA512 | 82ec768eb9a6c2628783c224f8180d936808b2a945511c56ab690bb88fb2367cb7c61ce1f6139e288ce313ed28cf44bc1a39e6ad93a8ec6d6a70bc037d27e96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad237e6a2339632738b3c02a751980e9 |
| SHA1 | 3d5cfe918b18ad5a0c3457cdf97691f28446afd7 |
| SHA256 | a4c25991527625e38b644408785cf21a338db61ff6c61bc7a6a6b7808415c813 |
| SHA512 | 22f9f0b346342dc85eee8f5ee181c9af1c07aa147ebca6a49f2d9da2022a4cb0cead8d75698f4960003949dd80f4ab0b5f62479bda4ebb7f9f54d1757f7393ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7daa047afaa73fd51f1b45922d3bfa2e |
| SHA1 | 7995d120e97872adefef4cc601496b2e7693575a |
| SHA256 | ee7f859a8409bc9be4d9fa5c25702b9ee40b503d1a9ec6def467974856c3d324 |
| SHA512 | 29a9a21fdae3109ce55b46c19acda9d1569e6edf9957e51deecfdf83a7b3b898654ec3137dfe90c3dd784fd17abb7d16c6bd7aa8fbdf7501425e4566b05f208c |