Analysis Overview
SHA256
ba8642b9e7d8395eedbb92496337f2d47a5e41cf952281fa1acf091d8c241d7f
Threat Level: Known bad
The file 6ff7678e16d644b98fb1727832779cf8_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 17:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 17:05
Reported
2024-10-23 17:08
Platform
win7-20240903-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309eb0066e25db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000bf51616dfb5e79c3c3bb70c07f7b22da2c4fece97c2779a4f80bd60f7ce1d1f9000000000e800000000200002000000054a929a8bfa96c58e7c832d61067417c91416018601ecf9fbf2136df7d92f987200000008d7cc796096d8ec4be0a46e7333d703f0e639ba62b52e892325e3b07daa1556d4000000077264c760f0f39223f4d8408bbc75fd2b386ad9444d477d6b4434bd617399a1bd49ec904096a48eebac72070840fe16fe507bb731e0cc9b5a359d89c66a4d135 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000905f6f38cc91412567d3d3fa865713c596e64a501557457733742cfab8823913000000000e80000000020000200000001bcdd3093e889face115f2fea027efab8de8c41effb922727382a433c28e5a3f900000009bb5f0493f0e38bf40d2f37b181b26faccdee67eb88a644eb876ed2fd357de725cc60074363c300c4d3c4542dd685e981abbd2bfe53681a30265c1d4c61986dbc711e6a55b7320de8e2b054a2d70d1c9cd59092fe102108b541a98a46ab82316138c87bc8d6db5838c5f6115f0adb6bdd2f11488d3a3f09b3e6526172bcb5ecd052f239a6d5a0389fd07d9f790d702f8400000002674860e2eb9efe02bc049c95f6b4fb33267f8dfa4dace9d6b9b50ccb318f386e2bdd0a13d949ac804d9352b99aa2832cd480998970e7fe96305ab1856069e00 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435864996" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00CBBC71-9161-11EF-8BDE-523A95B0E536} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2904 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | iwebgator.com | udp |
| US | 8.8.8.8:53 | smilecampus.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| GB | 216.58.212.193:80 | smilecampus.blogspot.com | tcp |
| GB | 216.58.212.193:80 | smilecampus.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| GB | 216.58.212.193:443 | smilecampus.blogspot.com | tcp |
| GB | 172.217.169.73:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| GB | 172.217.169.73:443 | www.blogblog.com | tcp |
| GB | 172.217.169.73:443 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2leep.com | udp |
| US | 8.8.8.8:53 | www.avalanchers.com | udp |
| US | 3.5.19.176:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 3.5.19.176:80 | twitter-badges.s3.amazonaws.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 76.223.54.146:80 | www.avalanchers.com | tcp |
| US | 76.223.54.146:80 | www.avalanchers.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.zaparena.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | simplehitcounter.com | udp |
| US | 8.8.8.8:53 | blogginggratis.org | udp |
| US | 8.8.8.8:53 | www.bloggernow.com | udp |
| US | 8.8.8.8:53 | www.getfreebacklinks.com | udp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 8.8.8.8:53 | www.india-topsites.com | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | www.topblogging.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 8.8.8.8:53 | img1.top.org | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.blogratedirectory.com | udp |
| US | 8.8.8.8:53 | img.britishblogs.co.uk | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 52.71.57.184:80 | www.zaparena.com | tcp |
| US | 52.71.57.184:80 | www.zaparena.com | tcp |
| US | 104.21.65.154:80 | www.getfreebacklinks.com | tcp |
| US | 104.21.65.154:80 | www.getfreebacklinks.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| US | 172.67.210.120:80 | www.topblogging.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| US | 172.67.210.120:80 | www.topblogging.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 3.220.195.79:80 | www.blogtopsites.com | tcp |
| US | 3.220.195.79:80 | www.blogtopsites.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 172.67.177.143:443 | www.mynewblog.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| GB | 2.18.190.73:80 | r10.o.lencr.org | tcp |
| IE | 34.253.247.92:80 | g2.gumgum.com | tcp |
| IE | 34.253.247.92:80 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 172.67.155.157:80 | simplehitcounter.com | tcp |
| US | 172.67.155.157:80 | simplehitcounter.com | tcp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| US | 172.67.155.157:443 | simplehitcounter.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| US | 151.101.193.21:80 | www.paypal.com | tcp |
| US | 151.101.193.21:80 | www.paypal.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 151.101.193.21:443 | www.paypal.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 3.165.148.95:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.67.1:443 | www.paypalobjects.com | tcp |
| US | 151.101.67.1:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | revuwire.com | udp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.18.190.80:80 | e6.o.lencr.org | tcp |
| GB | 2.18.190.80:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab73FA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 206bbf8e7f912100d19314498ad29b2d |
| SHA1 | fa2790bb71d3185ef78ec9842f274d1f3380b640 |
| SHA256 | c84da78a4e9c6efaf94f7c7fb1dd692b56e70202cef709f5445ebdde6ad8613a |
| SHA512 | 143b3812f4a74d46bdb7458ebbfef734479b9f1b4f5ffbc20cc149b3009aa07bb7e3025813a4e34f1cef6714eb3b8d5eda01c59c232071d26874174e1866b802 |
C:\Users\Admin\AppData\Local\Temp\Tar744B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d8d5428a8fcfdc8dcb813fdab562012 |
| SHA1 | 6ddf87baeb803a3389f3a59b8496f9399325b1a7 |
| SHA256 | b62598e1ea0215279c13549182b5b8e223c763e185694fac9d7d1e5399eb59d1 |
| SHA512 | 9124bebf403b1ad9ec13c2c2b7459ddc8f3417474c780274db8d00856d1b6d8981bb58479b7cc9d119be099236b39dfa2806057be73000c51cb2f2180aafc5ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\maia[1].css
| MD5 | 9e914fd11c5238c50eba741a873f0896 |
| SHA1 | 950316ffef900ceecca4cf847c9a8c14231271da |
| SHA256 | 8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a |
| SHA512 | 362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_8D7E0F93FAE4E7E876B7BDE1483A0BE1
| MD5 | 9786d560bf9709f7ca72aaf7e8f3b1a1 |
| SHA1 | 11b12273c7bc97b6822932c3e63a6a3861717fae |
| SHA256 | e4d1bbab03b4e70e3ff7142943d0d9e20d6022f4f51ecad771a600c0b8fed89f |
| SHA512 | ff4a63ec775977b0fb9afa9e9a5a2f75ebb2ff9ed6d9f5c718f48fa88e7b2c3aa09b255d352a7cf4460d8d20b1909821590cb78986e3fac051214b04a1cf23d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\f[1].txt
| MD5 | bd6b979349270fdc04f850f767ac439b |
| SHA1 | 0006b0eb396c08bef19739f60dc16286b68d9605 |
| SHA256 | ecb62a841915a0c5a66614cd2c644c707f6057f77a4661c5144ae626d2f555a8 |
| SHA512 | 5ccd7b605db4e3ae4d837becb7464ba725f374c0bfcd170c72334dc3220b6c48746f50b154772477975d6ffbb8a80e19858958042c9a8c74f0b644dd9e99bd82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccd788275a867da18f2446cf33a69c12 |
| SHA1 | bda674e901ccf3fe3fe66538fc1e3aa699e99b50 |
| SHA256 | f18a1f4c0a254634f9326d7d40ef2b7cea69462475948e98c660e4ec56eb273f |
| SHA512 | d8ece5004be984e7bcbd3c2e8d6654507bf7bf651c98475f9bded7ea8a4b0c8c5f1a1cf0551cfc22297973f8d79766b0f865b4e190dbe8214132721261001b4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5538ef491f069d19a2f5361b7881beaf |
| SHA1 | e5eb2f4e9801570c241dff6d2a86bac7c1fa8684 |
| SHA256 | 6495dc24b443ef03d2a9815e09c6cf1b1ba97edc354d3c174b8b7e64f559bdf1 |
| SHA512 | 3851d62981330d5d7b7349e3f0e7e265ec723f3b6a0586c0ea97272d72dd89a2a1c5a69283b012365f7e191fcef39c65973672b0ff246850526ca85db7de4f71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7d99db0ac87c85af68bba595c970c644 |
| SHA1 | bce4144e0bfaabf49c3114101cb2b6445b1e28f3 |
| SHA256 | 93e2b8420957af62138395ea0474434a3c65d08ace929745ad9aa4d1af218aa9 |
| SHA512 | f9de5722dcf81cd8591d75909c22b4badeb44d38521c14f3dd0d7903c05d43742b4af64f9512f31f658d6233c2004b2108450c0768f69415676af188ea0916d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa6ec1b0e9d11ab19f5584417ff96c0 |
| SHA1 | 5550a39545ca76fb64f79515b68515efce6485a0 |
| SHA256 | 13efca158fe8c18e4a43c383d036e2a9521018a41876b46e6a8163cf55ed49eb |
| SHA512 | 8a1ee5de928e39e495f567b122f3a396325daecfa6b25802c7756dda655e4484c5232816e4a6aa1567143ec94689d41ca0d6594b0696277473fdde08b7132998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f6c93cf315a549ff6f1e21c84a06a89 |
| SHA1 | 55ea88303841cc74c3b7151019d8e5c8520d4f6e |
| SHA256 | 4398a5a580de0e3b8757c91b2371cd87975c6fcd86ef89778e88c05dd6f67b08 |
| SHA512 | df2b91c010d7c6719b03cb64ed0c333542ac7b62ba56f512ff42f971b4fd98d9dc5eb39d4f7126ff700366577fdf6d61ebd138f0498eee8d0e88e80e40ec8ead |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 385dd467e2183b139a3f6b222f3e0fc4 |
| SHA1 | 8fdd2e4b7fbc8d1e35d219400f79612f6debe9ae |
| SHA256 | ebe5cb55f49d7971c0805eddc8025811442894da4815792de85035493d35185a |
| SHA512 | ce52ff40a29b82008b8646732b458e2166d06c5aba52d9e21a11bad2a86c2a52d05ca6a3ca190a9b2195d7322268ca6fa451fa5c1b51de417d5beda284c5ec34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a99be19a7c426b13297c4d73ccb79a12 |
| SHA1 | bf4bae89e583ee0191aee229455b17347c91978f |
| SHA256 | 1ee8108bbcd4aae059e36a2a16e307bae1ef56c751e926c94517a6216c3fb94e |
| SHA512 | 1b136b63381a61f9cf70f9b3f7859a0c148b2a7ec628db8771cc65538c0fa86b6defe114d2a72f3306e5d9e4a3924878861168555120e4d1141abe5e927c04cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 969831a00f4040407c570f09f9ea3030 |
| SHA1 | ded982316cd9fdbd866330bf69a670b5d6aef2b3 |
| SHA256 | f7dc3dbbece4b152470aa4da8169b900fbc1c58dc6890e0c99715c1401fb692e |
| SHA512 | b8c6483ebc7a76be97b1768042bed80298ccd23bb71f5173939757dfafbb40ceb6b6ae5687813b8d0ab571866adde44416df14c3bfe0402adb9cf8a8ecb1e566 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d6f1b03b40e4c33e44a004d3451dca4 |
| SHA1 | bc004b94e67355f3afe9447a3198fd1a0a4793e0 |
| SHA256 | a61c5f2fcc96f2bdb8831f69279e943c030b914a76454e97dfde8881c6fd1647 |
| SHA512 | 98f27b7e2ad7b080a0f058b3fcd6f4ae9f7b6ce4be902f9e53cb7262c86380f69dcae95426b61713c301f96b033393ec0a65ea73408738b046e8f6c48211e1db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5d3a0eb5ae05664da59893e982cbc08a |
| SHA1 | 064946aba3bb04f5b6a46ca616f07f71cd3ba138 |
| SHA256 | cfd42329f69e92cb40f839d3a36ba155a429a62a0d5bfe86a18b5f325e508c59 |
| SHA512 | 43dfcacefb7c5e8368ac8641c75152a41f23b484b5603ad75cac1f91b11fdba94fb550a05dbf995ef3abd08178c47ebcf693ab54ad4f7f1bfb60ac2587a57ef5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7191d3398fb67f7d6680201c1e1ae110 |
| SHA1 | 0951cf0cfdc167e17ce221c44189b2ce5cdcc566 |
| SHA256 | 45f5f5639ae3d8654a173d211f4106abafc1f1a5a0a17d96c43ee9d93bc3f710 |
| SHA512 | 50e0d3aed357c89b7de76d791ae0029b2d203f4471f16beb0789420f176e495b39d0502a014a170661834d3a4ed775d03db68f68c99c7ad2f6285cca989b748a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 368c26efc2e8f9d82b438d9ad1fed8f5 |
| SHA1 | 1171444d2afa3a9d62f32d6f13b91706330cede3 |
| SHA256 | 09d0f23f2506db5ea579d67613b6d6dc462c982e4c91cb29a1cf1b6a67a8b51a |
| SHA512 | d3e46ba7e42f1246ae139357ac5d500b36318f3205be60ac404b359c66e2149b7dbae3a3d55b2053f97f87fcad3f6eb118e34ce46d00d1ea5f6989fe5980d65a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99c40a85a7bf650b7a8c0ead27c6db8b |
| SHA1 | d81fe8aee6b72646eca869ed43b787a146b9cff6 |
| SHA256 | 8c193f9234954d15dfd210e44d1d473daf49889ae187f522a652e0a8e468490d |
| SHA512 | e4999d9dce6523afe223d5c78ce8bd37089bd2c1255b013dc76ff2e5f3e32a980de3bc5315f8fe8a2559f13fd6140e37e98137147af00f23fd07181212f83f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4abb7515bd250e8f88589f58324e068a |
| SHA1 | d731276b01f762ef1510892d7ae5ec523caca60b |
| SHA256 | 65d8e15c8716e3d50ac00690fa20aff964f708bd291aaa5ff6fc5ace536c02f8 |
| SHA512 | 973035f2d4ad016b4bf83194c49b612a458825790f8598208bf5ea7898604b84a751ae4595577d0f6beb79db2cf73d6c0b41ee36607173d7b15087bd3c3e93a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5648371c3855125c0844b1e43036d8c9 |
| SHA1 | 49185ec44dbf63e76d048f02358ff7213ddda616 |
| SHA256 | f1e5eba577cff7fde88a6ed1529312d84f64f0e241edfbb0f45cf1f2c0076f2e |
| SHA512 | 3571f8500e06036df7a43cb18f035e78b4197518544a2dd19d5dd15debec96edc244524cb35518964ec0f5126ca61d12de63d736bf9fc9861ac73eac663e7ed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 144c2778447c7faf57ad49a061b3198a |
| SHA1 | 9106561ff0e9c2ad17257968988094d12959c4cd |
| SHA256 | 4a1229fe9b00cda24256e14ca3214603b2aa2aa6ebdd0d02246b5f674517fba8 |
| SHA512 | 8e6560975bb214764814292c5c1c376656c3a0884f4c9f706bc9e409fcfa32c1dc029faed8e2b0b16ce0f0db741da823a1e068d6e540be84e1316221047697f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 755b16bc4fef82bfee5bb6e2df5dbd39 |
| SHA1 | adc6b55048588c99d8e571930c7f8dbcb446819d |
| SHA256 | 1d807866eed53644390a96a1922756c79bee0d353040836401286cb3f340c7e7 |
| SHA512 | b23bd45d69cb887c62e44c120da3afb7f5ee70680a9477dcd67451f8b54452cf47d405592a154b0d48934ca2c9de754a4e039d1fd3e1263b65e5495e1ab31d27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2674693359783359d9d265cf19e2317 |
| SHA1 | 5b2306d72186abcbd3d2ece99f6b6258341f401a |
| SHA256 | 2bda8039ef51384e8053430d3442a2e32869603b34b895147f44d1cba418a333 |
| SHA512 | 0756c8713db667b3649f4ab6093dd65fb6052608ed08380e5aad5c3c84127d94c8f9a8d49216748d7963d85fcc9100d9a30e19ee05c817dea998028c95dfe133 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2da37c98ac2f4489419f1fd5039e552 |
| SHA1 | 3dd24202dc04f969f8d2dacc43720396c922666d |
| SHA256 | edadcd61e6d29b379b7e1bafc707a758621bd8da06cbd4f8db68acfee58b3778 |
| SHA512 | e4ecfbd604eb65f1e295b01eb88b47577d3a073fba0b5cce2edbdd6be182e3b649ef1264e3b2d3fb3a5d82a8b4273afce5221ae4780feb000984dceb96486f2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd4bce2aa939a6ab1f88e74dc95f905 |
| SHA1 | e171ae4375d0a94f4f8bc1fd0fb8f4b1b75d15b1 |
| SHA256 | 9cf3dbef033071f5034f1f2a56919ed1a1a5de22777aaba0b3926c371c4df64c |
| SHA512 | 5ee4851779e8e89f286f18d87d2111603cc7dc9d2598c943eb511ce897f3cd82d8529fcb105464a19c6d2945f70710ea8990e83af5d77d9132537ec00125abe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1cfdef7775852f5f45a1d689873a24b |
| SHA1 | 1084a0ac38e01e2ed01bddcffb293cb5ae355e97 |
| SHA256 | 3cf07a3bef153921fbc7f01454ee0c3b8397ec9955b759be16ac0f802c90af15 |
| SHA512 | 358ec23fa3883d28fcf7d0903d17fab157ce1a344cf19ef72b607c7b2d849689ec6ee590eb069fb6d29898b9fa0def2e8a2e5a80fa4eeff5fbb09c9a5d2f221d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53f051e5c77f65e18e3ffdf10136449e |
| SHA1 | 7f84c9d1e558f1ab99785dcc6219d26f72ecf613 |
| SHA256 | 9b51c96571baf888e828fc9071ddd57f7c33f7a1c5e1e6c6be3269455192f04a |
| SHA512 | e7dc256aeecd01829b026c186587b6bea7ce5506ab07e7326568247907bc9aba345133ef214d6860c4cedb92376342e995ef0541c52a0abae1e7119526f3dffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 427b10b7f9afb06461f0534c2be26223 |
| SHA1 | 0fb1011efa3bc26719fd41f18fcb1cda2655ee84 |
| SHA256 | 541b6f333f493d9c95b9b01144c9eba19fdcaa4f22fe0d711ad85f9790c6b389 |
| SHA512 | ddcfc8e91d951f4eac8fb68775400d97cf78cf257c8f84a347f1b6068cc85f8fb3991f40f19289a23810041a07d44dba6ab06def6c270a95728711e838cb6f0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e3f5302e278cbe824929947e25253e9 |
| SHA1 | f8ed5919710736ae86b06de24d2051120d1ee95e |
| SHA256 | e6eba4f1c0f24dd2fcec82846fa762864fce9cdfce50165805f0630438eb96ec |
| SHA512 | 2d55c73ca5973d991e081cc4985a7703d7b0d9b74a14b10a493e9ca8ea902e8d68158409e4a201184aafb4891614ae1fb6c50b0a7be57023846fcd63652ac783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff384a3ee941a456d98d93c92f5fb345 |
| SHA1 | ace17956990b1dcc3037a147f36c2d65d8da7687 |
| SHA256 | d36e0374912ccde79a4f772103a14c97a4ba915bf8a85096fa65b62cd1c059a1 |
| SHA512 | 7207ad0de6124ee918df5671327c43a05737482060521f1de1744069afec41826a27898bb312649cc58cb7cfbea504018ae9dbb9a497b38c67c2da91282311a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c23bb56a440936e2f667e4fd553aae |
| SHA1 | 9f5fe7abe98206fa2c257eaae5552d032d9d7087 |
| SHA256 | ca378468932d6f771457fa0f2a37c7797ba69eee0ad1eb2a477469ba65d2606f |
| SHA512 | 8c46ff4de01e5974d7b3bf3e96ba0b374769a2a69892432d5501d3f5d98ae63260d22b0e0aa4f8cea2e82480e4dd87c9ccf4c1d65e77b5ef35c3516a95137fb1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 17:05
Reported
2024-10-24 11:02
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93d546f8,0x7ffb93d54708,0x7ffb93d54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x320
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7092 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | iwebgator.com | udp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| US | 8.8.8.8:53 | smilecampus.blogspot.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.212.193:80 | smilecampus.blogspot.com | tcp |
| GB | 142.250.200.34:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | smilecampus.blogspot.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2leep.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | img1.blogblog.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.134.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 52.216.170.115:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.avalanchers.com | udp |
| US | 76.223.54.146:80 | www.avalanchers.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.170.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | video.xx.fbcdn.net | udp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 12.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | www.zaparena.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | simplehitcounter.com | udp |
| US | 8.8.8.8:53 | blogginggratis.org | udp |
| US | 8.8.8.8:53 | www.bloggernow.com | udp |
| US | 8.8.8.8:53 | www.getfreebacklinks.com | udp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| GB | 142.250.200.35:445 | www.google.co.in | tcp |
| SE | 192.229.221.25:80 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 104.21.72.215:80 | simplehitcounter.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| US | 172.67.146.176:80 | www.getfreebacklinks.com | tcp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 8.8.8.8:53 | www.india-topsites.com | udp |
| IE | 63.34.190.112:80 | g2.gumgum.com | tcp |
| US | 54.209.32.212:80 | www.zaparena.com | tcp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 104.21.56.47:80 | www.mynewblog.com | tcp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| SE | 192.229.221.25:443 | www.paypal.com | tcp |
| US | 104.21.72.215:443 | simplehitcounter.com | tcp |
| US | 8.8.8.8:53 | 215.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.26.98.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.190.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.249.8.212.in-addr.arpa | udp |
| DE | 195.201.124.255:80 | stats.topofblogs.com | tcp |
| US | 54.209.32.212:80 | www.zaparena.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 104.21.56.47:443 | www.mynewblog.com | tcp |
| US | 3.165.148.30:443 | js.gumgum.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| DE | 195.201.124.255:80 | stats.topofblogs.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | www.topblogging.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.23.102:80 | www.topblogging.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.131.1:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | 47.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.117.215.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.23.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.18.12.8.in-addr.arpa | udp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 3.220.195.79:80 | www.blogtopsites.com | tcp |
| US | 8.8.8.8:53 | img1.top.org | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.blogratedirectory.com | udp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 8.8.8.8:53 | revuwire.com | udp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| US | 8.8.8.8:53 | 79.195.220.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.47.208.74.in-addr.arpa | udp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| US | 8.8.8.8:53 | img.britishblogs.co.uk | udp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| US | 8.8.8.8:53 | 164.45.116.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.56.182.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.172.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| IE | 63.34.190.112:443 | g2.gumgum.com | tcp |
| US | 3.165.148.30:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| US | 3.165.148.15:443 | c.gumgum.com | tcp |
| US | 3.165.148.93:443 | aba.gumgum.com | tcp |
| GB | 3.162.20.56:443 | gumgum.com | tcp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.20.162.3.in-addr.arpa | udp |
| IE | 63.34.190.112:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 216.58.212.193:443 | smilecampus.blogspot.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_3656_BGPPSSYFHOUBJMCE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41cffcdde3f100a52d51708f99aa4c45 |
| SHA1 | 9be54aa8f2c0ef17e2c309c172cac83fb6fb0969 |
| SHA256 | 2efc42e854cd9de896d50f6cebdafbaeb31bc5535409d9e9a0194f0e9ddeddc7 |
| SHA512 | 95888fbc77990c2b7583599010843d75630cf35e5e73618201a4d5f1015174b8ee632f963406284e2139e1ba404bdebb1597785bdf0f20aef86b0ab2fe6aeed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1198bd7286b1d16590278b6bfacfb637 |
| SHA1 | c6cb59b36120386952a89536e5422314c46d5bfd |
| SHA256 | fb47123fa2e3a55493fba2a814e45205a4b6586c884e409fd58391e9f147d057 |
| SHA512 | 3841b9af7d21b83398ed0c02598e30fa8b011987d433a539b7d47e3ce02fbb2b503146d41be8527bdb1cee1957510e4cde8b2a9988a80526acfb129ff74e7498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aab16f4f52cbd3471b6db27c09530fc6 |
| SHA1 | 97fefe26f2b1aef1c06d5d7c988e1a5a7077e6d3 |
| SHA256 | 545f155c2ce67149b97cfa7859d370386151b1cd6879dd9cb467bc195148c0d0 |
| SHA512 | 79be2ba3d7d9283f4d5ab8c6a94737238aefe63f3946f447e5c9e93857067f2fe02a953ed0136239895065fab5d3a5c9603c5c2d27c7c902121181b78b60e2b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be17c1f83934162434b00399fd42f9a7 |
| SHA1 | 645d119a4de93544b265e7519f82cf86c56ce1f1 |
| SHA256 | d0620adc8a82f6ef643fb721cb66cdea5ab26eae6533878b64911ced18440fae |
| SHA512 | 3b491076deeffee0696eff8f5f818574c89ff0afdb5434d3bb365fd73c1f91f66f0dbc301a8e42100bfac0b07a3f1cc8471ad01f27b3cc1fdfe08a4ba4721d5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15d429f4dba6e5c4a4337fff27a4a21a |
| SHA1 | bd66e7cd43224f056cbd3264a621a11d71e54893 |
| SHA256 | 1b81570408827639fedc42dbe7c259370030a8819e409651286e78c3fa2be6b7 |
| SHA512 | c6f3237b23d06ca6060bb5edbaffb8f6fd1744c05a3b4545b7e125dac40101b1f1dbeb2e64ad0ae77713e6d05d46f38d7d6a694a63b3102f7bc9f7e1531675ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e986f6b58ceb4732ccceedb3ba6cb97a |
| SHA1 | 50e3f96117f3fdac37fd060dddd10032780754af |
| SHA256 | b37ad8996343959ec0d442684c23e1d777d79332e0ce0689b8b03d6dcac8fa88 |
| SHA512 | 0fd73d02c4c6fd72c2d0892f492ddf6652b85eb4173329ebef53657907cf599469a1b1e0b6ebaeccd4afacfadd9a6b744786991ce171270818bd431bf7f95164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83ed51b92ae551c54ad3a1e4ee1b15e2 |
| SHA1 | 750c3108ad0135c5d9d53cbfe368ba71df4679d6 |
| SHA256 | bf0b4df9ed942b18e2ae7d22ca80871486db53368c166e03feacfc8c5e0d17f6 |
| SHA512 | ace518f1224d10d7381f8f6db1ded8a621cbe8d6b93aae0d7e21235fa56715fab391c3d592bb3c56433a900bd84af66d339fba1fc583f79dd90fcd5ee660d3b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ce80c9a04a8b1036fb53e8d244bb5d39 |
| SHA1 | 572d76a1e23f017adf228a51c06235a336aad076 |
| SHA256 | 2f5592b1789b8f017be047c6bcff1a6ea97f41528143947f23e829123a71d5e0 |
| SHA512 | e49899f261ce2968492d2b004a3e20d06acb429ca9d8b92e7b84b9e142d1f14f9be0e9302d5b64dd66586f802573a0a5cbb2ad55ff2b88e44ab16c6cdfe0fca2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 086ff668358409a33e4e715051ef2fb1 |
| SHA1 | 7aba1eb894af152185b837449f2eb3f6c83e981a |
| SHA256 | 03c855df77983715a9cc55fcdb1142e2ad48ed02ba5ab40466ab5c9a6c4b9c4e |
| SHA512 | 0f5f43d85aa71c4c4bc017f647ccfd4a5672d39de589738957b5bb49eae6afa0fed7a989bdae58aeaf3fda605cad98a546d1357200677140b45d2a21996f2238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4dee002ba8a1ba10c773bcdee9e2be7a |
| SHA1 | 8e8e9387bfbcf55d436f001eff5e49f1a603017a |
| SHA256 | 37e05ab055995cc278ed3a4fc0cd84fe16850060d65abfefd1d4605b406f84bc |
| SHA512 | 03bf4732f7ea49a0bd0ce7e7ab1032b35536cc6386d888df5c9843986b0e8e49c6974c21af4b3d160304a9f962a1cbdcb3f4ab39eb13a166702bccca0ec65ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a1c5f8402e74e5cd5cccb099a2c40683 |
| SHA1 | 91f24e3fe48f76e7ac500df802c276bd7a5fbe02 |
| SHA256 | 6423e0aa7593112b33d938f216b789637c4c0dd74f90b1958e56d02b1d5e9f5f |
| SHA512 | ae1ccbf955b3020ac55e2149c68fee72c75ae88614cb7471012491c0066501b85b83d368441c8ad2196955f857ad2a04b139e69fd66aa0aad0a13fbe60a8e8c9 |