Analysis Overview
SHA256
7f23e7f4516b5c9ae034f3e193ceedadfd8d7423d4b585eb43bb91fa412dfa32
Threat Level: Known bad
The file c43112f561fc5bebd1407e8799ac6859_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-27 02:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 02:09
Reported
2024-08-27 02:12
Platform
win7-20240705-en
Max time kernel
131s
Max time network
148s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000f3670a4f3c38ac65b076e4fe5ebd178ffecdddc8321734d3fd2d152cb3fc71fb000000000e80000000020000200000002ae69a0516c22a2bc5c0f2518795eedd203ba82465880c05bd1ccdd5bdb2af049000000012240ef47b370f936eb3f914898c6b14645ae1ebf60353bfa2b05a024e52920c90e65c691ba116d49b79aa132dc9be3d0009f8bdc33ba186b1810f41334539e08a3c1f33a0d9c536f4b09fabf1edd6e68fc035dbbc02760f2be8996afef0e4dda1cbb63e8308a66ba187d1cf3e93ce6f66b6a12cc1ec53b837abb077811f18586a70988de8bc37f5abad5c8c5a6e24d7400000001eeebddf1a321cb0ab7cb04a909ee3f2f5251a8ec090e894fe61c1abca50c24821260de9436c660217fd2bac25ef186bf46b1852050b4dfefcdd9f9afb9afa4b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430886451" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f008575a26f8da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000076b008b4d68293d8b78e578f84ff13272b5f150e618ea359d7ed5c5dc8862eaf000000000e8000000002000020000000a0a02aaf79243202362891bda6efe973b61f3201334ebbd4a55962c43c157e3420000000538e522b4e86395a2fc682bc96312f94eb96491beede9a211bb8e3e21cf004c840000000c10f482e6101906a90f31608c56c3f0d548756d3eae549d86d6f92a743b444ec4f91494c629b0b0b344c253c93f4ca8fedb9bb0560c88b1fc15782a5727e91f9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6CBE75A1-6419-11EF-8B52-DA486F9A72E4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1996 wrote to memory of 1956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1996 wrote to memory of 1956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1996 wrote to memory of 1956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1996 wrote to memory of 1956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | belati.net | udp |
| US | 8.8.8.8:53 | berkahherbal.com | udp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 8.8.8.8:53 | klikajadeh.com | udp |
| US | 8.8.8.8:53 | bloggerbersatu.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s04.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.viralgen.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | www.textbacklinkexchanges.com | udp |
| US | 8.8.8.8:53 | lazada.go2cloud.org | udp |
| US | 8.8.8.8:53 | www.gomezpeerzone.com | udp |
| US | 8.8.8.8:53 | srv-live.lazada.co.id | udp |
| US | 8.8.8.8:53 | banner.autosubmit.web.id | udp |
| US | 8.8.8.8:53 | sepuluhribu.com | udp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | klikaset.com | udp |
| US | 8.8.8.8:53 | www.jempolklik.com | udp |
| US | 8.8.8.8:53 | www.probux.com | udp |
| US | 8.8.8.8:53 | www.komisiklik.com | udp |
| US | 8.8.8.8:53 | duitbux.com | udp |
| US | 8.8.8.8:53 | www.surgaklik.com | udp |
| US | 8.8.8.8:53 | indonesianklik.com | udp |
| US | 8.8.8.8:53 | rizkyprofit.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | tcp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| IE | 52.210.174.128:80 | lazada.go2cloud.org | tcp |
| IE | 52.210.174.128:80 | lazada.go2cloud.org | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| US | 172.67.130.121:80 | bloggerbersatu.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 172.67.130.121:80 | bloggerbersatu.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| US | 104.21.69.181:80 | www.surgaklik.com | tcp |
| US | 104.21.69.181:80 | www.surgaklik.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| DE | 185.53.177.54:80 | indonesianklik.com | tcp |
| DE | 185.53.177.54:80 | indonesianklik.com | tcp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| US | 8.8.8.8:53 | www.viralgen.com | udp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| US | 103.224.182.240:80 | klikajadeh.com | tcp |
| US | 103.224.182.240:80 | klikajadeh.com | tcp |
| US | 172.67.130.121:443 | bloggerbersatu.com | tcp |
| US | 104.21.69.181:443 | www.surgaklik.com | tcp |
| SG | 185.237.145.189:80 | duitbux.com | tcp |
| SG | 185.237.145.189:80 | duitbux.com | tcp |
| US | 54.174.29.0:443 | www.gomezpeerzone.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| HK | 23.248.192.74:80 | rizkyprofit.com | tcp |
| HK | 23.248.192.74:80 | rizkyprofit.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 88.221.134.89:80 | e6.o.lencr.org | tcp |
| HK | 23.248.192.74:443 | rizkyprofit.com | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| US | 172.232.4.213:80 | www.textbacklinkexchanges.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | www.ppcindo.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | ww25.ppcindo.com | udp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 199.59.243.226:80 | ww25.ppcindo.com | tcp |
| US | 199.59.243.226:80 | ww25.ppcindo.com | tcp |
| US | 8.8.8.8:53 | www.dynatrace.com | udp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| US | 8.8.8.8:53 | ww38.ppcindo.com | udp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4103c21cede21cf344955d79f5f87220 |
| SHA1 | 27a810c177f163fbf28668bee674c0e865057b0d |
| SHA256 | d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58 |
| SHA512 | d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\js15[1].js
| MD5 | 4beb0b1c8bbca69316e6eadcd83b1bf0 |
| SHA1 | 602491c5f60960bf4ba7c3d2e600681a06ffcaa1 |
| SHA256 | 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec |
| SHA512 | 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6500b46f551587e10a13ca45eaa28c51 |
| SHA1 | 5273ecf728effd06e4eb331e1502a3af2e0134a9 |
| SHA256 | ae9118bec7c348229939f8fc43562a17017c8c5b823c13d85bcfccf4865d69ab |
| SHA512 | f97405032360f8eb9c0f3621ade598d63c03089e10a32f6b6d3357fc05e41bbde3771d6f77124bec801d679c8c4e13ca294ee76509afcccae09edac53dfcff75 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\2109501[1].htm
| MD5 | 21ea3b74d8489325e9a4cd480a50bf0d |
| SHA1 | 09896b50b607c27f68250c5986ff35af83997a5f |
| SHA256 | ccff2a751f0b6782ffcd1cf2d7c206847b4ec18d417b67d0e165e4599690c893 |
| SHA512 | 23f0a570e678f5dd5bf517f86646827a4d62da66d1a55425b91c4192f77b6228578bff125b1bdbb7715c529d47144bbe0c26049d594d01b2f7738dd739445dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\plusone[1].js
| MD5 | 950e589a42fd435b2b6daacbdbbf877c |
| SHA1 | 78dc5743d4b541018adafe3a2b49b6be5f1c7944 |
| SHA256 | c5e3093bd5e8a58f04846013ead66d36ca25457a0475c9c72d8cde60e598fc0e |
| SHA512 | cf2aa139ee4c2f79ad5dbca6239e4d5179a21f54cf2c3672c45915b3282bda5f5fa702c241d3b5c02805cdf1b48427d34e86b627904055a46ff6ef11be2b2104 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\cb=gapi[3].js
| MD5 | ed72d618fe48f6fc42c19a4b58511e72 |
| SHA1 | 80a2da4af91d56ec81c7b672afaaaa72c83a4414 |
| SHA256 | 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0 |
| SHA512 | 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1 |
C:\Users\Admin\AppData\Local\Temp\TarB1A7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabB1A4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80691a55f4f56edfe52ab59c852f4b65 |
| SHA1 | 5a0808b789b9c3ef217abee1d039976067d14292 |
| SHA256 | e3772e536732dd3b5ce9cc0b0435fdbc245d448d726188e9549a97fd812a4db9 |
| SHA512 | 00fd303418a0b264f3866116bffb59a6493f01f058f826ea273dd4feb1c68eefa13a0ae6be0c2c0c6a3dbf045a55df6c0822b4e1aab06a71de594018ea836bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d62cc37e49798926087e08d7517b30cd |
| SHA1 | b7f31102c76af14dbc2d383dd25c7aaed60b101d |
| SHA256 | 4eec69b5176d0cfb29c1a5e1710a9018d5553466c80d54c9aeb44c5cbf18903a |
| SHA512 | 0f46231700df076e1c1a08efdece51ff198275db995e7b795fe75d0ae0b5a4c0bb9762cfa447a0c4d9ead1a2bcb8ddf57f9906aca9f00147119a1625f350dda1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4bcdae88711bdf75fe5733d6b872c5e5 |
| SHA1 | 30d3aa5644655f1627a358c7d4b5b50c7116fbff |
| SHA256 | e4a76fe58165754e54de14df19306d8eb5e9a8788988956e19ea01b1f432c21f |
| SHA512 | 35e84e496e625ba728426eadf33876eda018886cae4ee6f675f1ce426f90ed76a41982192ca6a91195cf96f35e83e8de2b629e5721e98f7d91a5ed31b0381334 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53014627000f996f95459f6bd4269c56 |
| SHA1 | bb1e1f710a0450202420b74507e0bfed960fea05 |
| SHA256 | c52cc8f91dca7131713c9daabe1ef76a39d3f1f19f8a895837608a4de8cd94f4 |
| SHA512 | 6a9f89dd72c91e66efeb9c6d4f6bf6780c597ec7d68bb9bbcf6fabf36994b0f21499c8002533693a880dfa4cdbb95afce6833f2aae15db69912077c5d1392cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1547fac1b01859688ba918d2c1a0f7b |
| SHA1 | 2df58e7ad6e3bbe41c58b7d1582457614f62a201 |
| SHA256 | 03690954edb1cfaf6161ac99422221928cd52d66cd4e57b72e1cc841bcb80506 |
| SHA512 | 87a26c453d9af0cbd72a0c8b4e79fe46b71e512e7906f688e04bca1cf8ee47eb2b29541dd0a1f4c9eb34409a07ee550eedea24bf4cdce3f27fb34e26e1de8029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dae9b52c39c04c7bf35645845e0595c |
| SHA1 | 152406a29840adffdbc1bc30f69b9f311e2ecb32 |
| SHA256 | b6afc0e2f598189880c78a8b2a68fb6b71fe87992d485926e5a16e4a31adf4ce |
| SHA512 | 34c9da8a024d7b3203839479e4fe3157008f1a155a92f4facb210f8ef01415e624aed92ba0677b4dbe5c8983735046ae4638ecaad80b68dcde1b341779f387f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b74b4c1009939cbf3303ec9e85f52b98 |
| SHA1 | 6a1bb4e536a1d40416f75b6eda17c9795ab48676 |
| SHA256 | 095942bc204e2a8ce57e5e284f53467c22f9e8c99e117661106a745b397a98d3 |
| SHA512 | bcc1be48098b4eb267073772d0ff93c96bffb3c37a2a6833db533cdef4cabd4f847b063bf51eba4a8be02850822a26a3e6abfab9a9fd8b4f94fc4cc36f4afbff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4eff4e0592e294dd255254bbba4a32c0 |
| SHA1 | b288b9beb1f3fdd6f4200edaf17ab9e0a5e5fc19 |
| SHA256 | 3fbbd65ebde238884c27a1368851941ebffb1d357942ce043aab243742c1648d |
| SHA512 | 15735e9bd37167d9c50258435cf3f4de2530aba55782e5c4d9843ee2c180b5b3b87964a85f6002df84fc03d1e3dc59bb3c6c9b69f67c4bfd1e978a1b63ecafba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71794b2f58965ddeae6d492aad9268a4 |
| SHA1 | 68cfc571989ae7a8698e25e4b3aafc01783873c2 |
| SHA256 | b8d6e2dfca02da80ece46e4cb6e7b0a86889ad5c1fbbbb1e28706e11598c21df |
| SHA512 | b28cccbb80f632ae97878dbae4a4144c36b6d9e7bcee7b88e4f8e28e03a10622bbafa586f81c1bbccd554df769770a68f8304fccd469cfc8469433d0825aea16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6163602613d2603ab60f07da96795159 |
| SHA1 | 45880289d8a1e829c19940105c2e7d5673e2e3af |
| SHA256 | 2c33349155aeae5dbe5d698a35be93071408ecea6edcc9da726ebfe301c7f8aa |
| SHA512 | bbc2d243bfade81c44cc936bff569eb3913f90990a9f7dae696b22e944a16f4edc6eaae75436345e489ce7d658875981c81c7e03d8e612f31409a4f89d37f61d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88af36e61b5af7b3d88c3b0743d43472 |
| SHA1 | 7b36b2d42ab6b4aede159a5ced89022ca934fded |
| SHA256 | e73cb1529da28955a2d7155a469026a4f9d8e1f3e7db383138d49466a1885197 |
| SHA512 | b0fb0529e41b3f3956a0ecf602a805f428b60138cb5b0d9c945b8b9a6603a3378059fa30e5133553ed8fec55a9d9979e5c3f180a8e9b5d017fd63f30856a4861 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 944ebaef100d501aa5a1cf648b4ba4e1 |
| SHA1 | 7fb5b6aeb35645e919531dcf5d73e5996129adf9 |
| SHA256 | 91af44082905beca557ac56b51606a025a82780a725ed6c8515d9ea019d7e523 |
| SHA512 | 4f8499dc2ad8ccc0d9885a441d65af4dd482ed4130ca8737af14b75847d1e0522b19076a5054945e41b9e9052d4febeea79a6a205f24f68b2bdd75891020f3d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfdfe340b4c92a45508c8da6879652d3 |
| SHA1 | 544b7858b9689860435478562f16e5a7ff95e5d4 |
| SHA256 | 2c2a20eb5a5bda19ce4689689531fe12ff726430c3455159ba860adf5cba20b2 |
| SHA512 | 2fba5eabbd5a6879a75bed2fb617976c35bab3f61407a9a362906be4effb06d2580ac83ab85d8b1ec316a4fb2390a604cf58443447a28a3ed54708f5e0c0517b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d1e7041a20e2118cee882693931a170 |
| SHA1 | d6b2f5f05490daaf7ea844e4e665d19eb3e254c5 |
| SHA256 | 0630e5d673c178297d3a47ecb6db75ec434d0c67c8c17df1b9153295c5278d91 |
| SHA512 | ff6da4652dd077409bc7834b2522034df86e71e811ce882bcb9286d15ec03277931a9bd759dbeab3e9ea9cdb848b157973703ff70925d40f4099e7d5a6f8ad3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e284045da4f0f7ba22d76bcb8e02821e |
| SHA1 | 3ad3fc36d570a642a55af3940015fe7de70be044 |
| SHA256 | a8d8e58d0c48c01460ca1767af0b5c32864ffd4fd8ab25d7197b6c0d1e7e4f11 |
| SHA512 | b5a8b147f6b364b9c0b16e01490e314bb56b3f2264335503ec919363a84e48eaea2ffc6b256a9d2c06dd1f33021c0142a43ec15085d118ea2d0c62a32f7122e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75f5b77d43664e975c8fd5847fe6cfc1 |
| SHA1 | ba908508bf71ac17a0756b712c2844b6b2cd95a4 |
| SHA256 | 7d569d9feef22ed65d44439b942850a94db728991e0ba36eb917243e2a41262a |
| SHA512 | f47437c9435792eb9399e01cdd1cdcbf3742cc76bcfe1806c58760fc03c83dfea098545f1de94f9af85085fdebc3e03a8d87332f01485b9459892520aa122f0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eff2e512c1897eafcc34d8a79f9768ce |
| SHA1 | ac56f6efdbb291a27ed244d91841deb698299e98 |
| SHA256 | 2743f193c40fe33c62c02394f15f4d1b50ee09133c506e294b637f85ae7ae67c |
| SHA512 | 4c62522e075f6e81e7ff670e36c37e08105c236bcd36b3f67db196775ef73d16c41b20948aca738befcda2186919ad368279cdfac813448bc8531c3de37b4499 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a1e458056e14e985beb29d76de2d025 |
| SHA1 | cac99b00e894a6ace0eec10ddfabcff66b2def1c |
| SHA256 | 22b2c30e915330be2a4de442de78f78fa6844c48548eb765208bb243f5d40389 |
| SHA512 | 943cce79b40f18c17485e276febe0e3f045957177f3c491405d9e3ed141e7ee2902a3d0f4186d9c5833739e2b0afce69e7c5faebb8c46e53d31c4332a61d11f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1f8979eda463f71f4ddc6753731c862 |
| SHA1 | ac4c7a2f13be77b6d6b1d9a36e2d095be44766fa |
| SHA256 | 26aa70d6a1c1d73f1b01b98df6eecba9e477f4cb809ce8cdcbe8f6af67351e03 |
| SHA512 | 68d7a9db47cb6cd3d17419156767a231ec6c506881aa3858cfca48eee043b89e4a30f78bfd97d8ba9b38bfd96af80ca1f27813d3a64ee07fd464ffae30bd5da8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419c11f1dca14bbc91e5cc2ee81ff567 |
| SHA1 | 5498eaa8e221ff7b05e687c3b8274a87007309b6 |
| SHA256 | b6fa4c43b33c840d71fbd659c190e4cd63f61c7e9347c8a5afbce3b402130acf |
| SHA512 | 3e4b00ede6b1fa6c07a75bf12e38b690d59458ef3c11b764fc0425312a60e23d730e2d83e88fd5f6d68d345f4ce9e34c25756701c9e1659e05e17dba0bb861df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc728467fc42a042629e5ae6e94f764b |
| SHA1 | f14165f150608c33f637ab9b44ce84dec919be05 |
| SHA256 | 7e238daf4d694ca2144ad31c54c653b1f215376b292ab20fa34eab6ab3478893 |
| SHA512 | 162493e27bdc591deb622297b44cd3463f21c5f7140dc3b3b632b6f88b0363293985a54ff12715120e83d876cc8a5987db8569698ed269e3ef092c25bf74e4eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fce36fff7659d4c94319a0f867af0e8 |
| SHA1 | f274b624febd0d1937b017ffc17d29043ffb96e0 |
| SHA256 | 96554414bcafb9603867c5712c4e25a3bb6de0c161953cf3727934ea56651c3c |
| SHA512 | 1b57e9eb472a7c6e5e3e9fe1c70432dc56480bc22214a4b3fb653e0da60e80f23ffd12ba0739d7bc569dd1a1040a22b0ae3cdb10e8b3ee356564aa76c50cf07d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\1380534674-postmessagerelay[1].js
| MD5 | c1d4d816ecb8889abf691542c9c69f6a |
| SHA1 | 27907b46be6f9fe5886a75ee3c97f020f8365e20 |
| SHA256 | 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f |
| SHA512 | f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\rpc_shindig_random[1].js
| MD5 | 45a63d2d3cfdd75f83979bb6a46a0194 |
| SHA1 | d8e35a59be139958da4c891b1ef53c2316462583 |
| SHA256 | f7067f1d01d9c60618becbe4df3d61778244108459226e2e8a818cfbc2c18ae6 |
| SHA512 | cea9c9eb8ff0c43048ff371f135148438fc1a2614bf8bbc3518cf430c37778edba3452ce92b4236679cd1a4123af0ca320f530b1c20cedd0883b545209c048cc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-27 02:09
Reported
2024-08-27 02:12
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| FR | 172.217.20.206:445 | translate.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | lazada.go2cloud.org | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 8.8.8.8:53 | belati.net | udp |
| US | 8.8.8.8:53 | berkahherbal.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | bloggerbersatu.com | udp |
| US | 8.8.8.8:53 | indonesianklik.com | udp |
| US | 8.8.8.8:53 | www.textbacklinkexchanges.com | udp |
| US | 8.8.8.8:53 | klikajadeh.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| IE | 52.210.174.128:80 | lazada.go2cloud.org | tcp |
| US | 8.8.8.8:53 | s04.flagcounter.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| US | 172.67.130.121:80 | bloggerbersatu.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| DE | 185.53.177.54:80 | indonesianklik.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 104.96.173.184:443 | s7.addthis.com | tcp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.232.31.180:80 | www.textbacklinkexchanges.com | tcp |
| US | 172.67.130.121:443 | bloggerbersatu.com | tcp |
| US | 8.8.8.8:53 | www.viralgen.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 103.224.182.240:80 | klikajadeh.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| US | 172.232.31.180:80 | www.textbacklinkexchanges.com | tcp |
| US | 103.224.182.240:80 | klikajadeh.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 172.217.20.206:139 | translate.google.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.gomezpeerzone.com | udp |
| US | 8.8.8.8:53 | srv-live.lazada.co.id | udp |
| US | 8.8.8.8:53 | banner.autosubmit.web.id | udp |
| US | 8.8.8.8:53 | sepuluhribu.com | udp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | klikaset.com | udp |
| US | 8.8.8.8:53 | www.jempolklik.com | udp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.probux.com | udp |
| US | 8.8.8.8:53 | www.komisiklik.com | udp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.173.96.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.31.232.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.145.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.182.224.103.in-addr.arpa | udp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | duitbux.com | udp |
| US | 8.8.8.8:53 | rizkyprofit.com | udp |
| US | 8.8.8.8:53 | www.surgaklik.com | udp |
| US | 54.174.29.0:443 | www.gomezpeerzone.com | tcp |
| US | 172.67.211.5:80 | www.surgaklik.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| SG | 185.237.145.189:80 | duitbux.com | tcp |
| US | 172.67.211.5:443 | www.surgaklik.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| HK | 23.248.192.74:80 | rizkyprofit.com | tcp |
| SG | 185.237.145.189:80 | duitbux.com | tcp |
| HK | 23.248.192.74:80 | rizkyprofit.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | www.dynatrace.com | udp |
| GB | 18.165.201.116:443 | www.dynatrace.com | tcp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.29.174.54.in-addr.arpa | udp |
| HK | 23.248.192.74:443 | rizkyprofit.com | tcp |
| US | 8.8.8.8:53 | 222.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.221.21.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.249.220.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.145.237.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.192.248.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| HK | 23.248.192.74:443 | rizkyprofit.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| DK | 157.240.200.14:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | www.ppcindo.com | udp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DK | 157.240.200.14:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 132.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww25.ppcindo.com | udp |
| US | 199.59.243.226:80 | ww25.ppcindo.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | udp |
| US | 199.59.243.226:80 | ww25.ppcindo.com | tcp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 199.59.243.226:80 | ww25.ppcindo.com | tcp |
| US | 103.224.182.240:80 | klikajadeh.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | ww38.ppcindo.com | udp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | 224.120.2.75.in-addr.arpa | udp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| FR | 142.250.179.66:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.66:139 | pagead2.googlesyndication.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hengmenroom.blogspot.mx | udp |
| FR | 142.250.75.225:80 | hengmenroom.blogspot.mx | tcp |
| US | 8.8.8.8:53 | hengmenroom.blogspot.com | udp |
| FR | 142.250.75.225:80 | hengmenroom.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dc1a9f2f3f8c3cfe51bb29b078166c5 |
| SHA1 | eaf3c3dad3c8dc6f18dc3e055b415da78b704402 |
| SHA256 | dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa |
| SHA512 | 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25 |
\??\pipe\LOCAL\crashpad_2368_IYTKVCWGJESLQJWR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e4f80e7950cbd3bb11257d2000cb885e |
| SHA1 | 10ac643904d539042d8f7aa4a312b13ec2106035 |
| SHA256 | 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124 |
| SHA512 | 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 054fffc9f2500701948e9a32e45e80a8 |
| SHA1 | 4b056a28be3f44b54a285434c6ccfff039acc4f2 |
| SHA256 | 2bf26f6889da8870b8bc6d31642c6f45d3fa487197c126c50d28964f3cb16198 |
| SHA512 | af9c200b3097cdcb1e0f03ec46d0ad229df3d63c74c1419d81d8db96e3f6a8269827d28f4fd9751d9d5d2e4fb90c6a106ca81993385dff6e44093933f96827c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccc167303ede0b96885b0739cf142822 |
| SHA1 | bf657521d4993f586f12acf7121b63c75d3d3ff3 |
| SHA256 | d873858035861bb577261cfb00567aca9f03a0cccbf2cbb1025a856558fd80bf |
| SHA512 | 34295867c67440e2ea33ef15d9eefaecc17bdc91dc9b14bd9ab53918e3626b6f081b789aac2d718d3e26b3ad4c182a4c84600492f9f6498d975c7ab2e34262fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e3b6e08bb92e26dabb5e9de08ad4d79 |
| SHA1 | acc719c3c231c9d00ba949cd67d5550523dd1e1c |
| SHA256 | 92abc5a42aef893b450fe59930bc8f8b220db15c36df686b2c1937ff01db9dca |
| SHA512 | 91ce0656dbe46c4a1f01c2a6f59721cbf9d81b4db56af0d2c8f238ddf711c90aad78f08ad5ed9c14731c6f9627db0a29013eb5ed6d9bf866bba3db20d5034e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 02b3b30676f3a187e6194889ba445fd8 |
| SHA1 | eb212c417a2d49638596af0387d40dc1afc45b63 |
| SHA256 | 72e06f5aff0bcadc6def1eb908ec6ed26f7d8ce906f8d5fc9ff3bef390ed73ab |
| SHA512 | 645e735a400b6c22cb6ea073bfc6ba32b37e45c5a9cc585f9f345a0c297e32df16897f221517d077e87f4c53ab5bdd01710b7ce1710b85fe46c3b32e821866ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | aa6a698d1c7fc6d35265b10af5570e9c |
| SHA1 | 00da372ad4964a5d5b8afff7fe1b207ff284f232 |
| SHA256 | 02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a |
| SHA512 | f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc824d7b8a72976dd87e86989213bb6d |
| SHA1 | 03c40493bd17e1b1429281db39f72a256854b41f |
| SHA256 | 1355800e604b98cd014c7c64b1e17653f4778abadcc71fbf6d5b3673f6b136cc |
| SHA512 | 5eaea8b2d399c47cfdca504db0ba6514ad69b7ae1648b9f80096a939810e740e0353be4a0ae0da6da32abaf5bc7766c8c5568edec207b6a314e887ebb3995a12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 445482d6452857fe80b4be79286ea8cd |
| SHA1 | 88cfb1fea65dd9c8c6899558c2a5648762cca446 |
| SHA256 | 673c6b91435d9cd80673b44efa419cdd199c1087f984519d11006fd40e5df2f2 |
| SHA512 | aa09a40514f1eb48098106318454d0fa68d09dc5915f7555ee1f0efd3b2ac8905360bdd85803938e2415b7ae4b21ae3433c35e573fd62bd0e3afc09447c6b6ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585520.TMP
| MD5 | 9122f55abd9613d08bf029c31e3a8d44 |
| SHA1 | 43c55b3481c03b953e7d53f937fbec03edbb0963 |
| SHA256 | c4dc65b910bfcbd827bb1a931c942a24f5351ba6d5ad8443f544e13593332d3f |
| SHA512 | d290e3c178e8ee5932f7baeb9294410026c1fc2ace32d0930e309c893dd687dc6123f17009683876ec4edbba2b852a100b4f54853ad7ab6c65bedf3678f1dbd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0f847df080d718c77874f91c61eb2f18 |
| SHA1 | c391392a512073044871b8e787466af4a2fd9320 |
| SHA256 | cade211334ef3d6757b4807f3614431b62cd49e7ae0b6d1482ffd1080eedafe8 |
| SHA512 | 7e3508d0d1246b94737e1529a5f0aac961f33fc556970d13e70cc48ee191e9f84109219818071864c30e77f3b50bb450fd4e0f8a3331b4e173ea4d91eb92f58e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | efffc77d6040f78c7ffbe69b2ab3c09c |
| SHA1 | a279ad71aa58b22ebb2625abd074d67a3a167bcf |
| SHA256 | 4a57bdc166fb80b6a8b8924748f9305f2656bbfc7fcf0ad8ce75c758246896a9 |
| SHA512 | f70b3b972969dd9d74ceefbc69cd197655beefa5829d66ffd633346a0e244985228b84b3e47c5c58b579b66c1a9a505c02bcb634aaa0e4e8dd9177051d192522 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 37a7d7c55c7174ebbdc8ebd554f35116 |
| SHA1 | e62114463a6568fe68496a158873e3c5836b6184 |
| SHA256 | 891c11bab58b466e2ea9f988b338a8a87adcae866666a214c7d51a7de8493b85 |
| SHA512 | 4f0dd68c51542ab117a000807924a409dcbce5d35caddde5e5de26008f47dc2dd9aa5a32159d575a05a14352cbcbe6ac239105878f90473bf6d31d49df53ae1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce37f8e1f3ae54831426194548fc14af |
| SHA1 | 981c09e33c349dc140a54c6ac01cda4072d84716 |
| SHA256 | ce8d10a4ea3db4b8e69e7aa72291753425dca10d612e1aa61695e421df927e21 |
| SHA512 | f1d805f0ac592a644342b8124cd5f23238daf3bca0459cd539a929e5b3d91999281c7ca6b85c367aa5ef194a9ab447a127eb8e2347122ddcf60f1374eec9b7a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4fd16920b92ab19e22ec42bb74994f4 |
| SHA1 | f1bd088f67aee142de0a8679359b61ea94f27838 |
| SHA256 | 5504db47609ef7fd4bcdc1415fdf52f4545084460b4a99278bec9e810e012b86 |
| SHA512 | 606534cdfbdc3362e69d5a519d0fad1dab7cb252b2f33ad31c2d06412aa7323fbdaec5db3e97b6b82632c7c866d41e560125e5a8ca6171d3713eaf0a8d2bb745 |