Analysis Overview
SHA256
06291a72a9afc31a7d21479bd03a7adb7eb25d9de070fb6284e7850c73df4830
Threat Level: Known bad
The file 70afd700699206f7f44a8452a0d16cf5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 20:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 20:30
Reported
2024-10-24 12:01
Platform
win7-20241010-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000005b1622921319c75436c435901ebb17a2d8b2d8090c7eb609af075cbc8856d310000000000e8000000002000020000000509f0e1a6b5601bb8513374f108d3318281e313251830f430a66195fafca98fd90000000f40dfaf78f822e7f09a9c8805cfbe23f904ed4b71e8e986c104b7aa4a2d78877da02ca0d320d861ded9faddec2e9216eb222b9478e3d5c6b573e7b252db2c2a7946b4cac4cb408df6f95f67cf930f6127aa84dd9e0d830511a323ed0551be0ab27d16d0f25a2be53b4e12eecd1e847ef178c8e30345bfd1823b2e86a99b3ae50f03418f75447a82b524512e358caab6040000000cecba9741bb8d79799b411a75352d01fbea47caefb4f29a14454dfc3fa26a424c72c0bf712b0fad787ddadad67d8fa38cceefdd3863fb121fafd1420b73044cb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B0FFE11-91FF-11EF-9D96-D6B302822781} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000016f34f3ecdb672890d84e1127f36676ccc89929d7960f4511fa1e8baeb241742000000000e8000000002000020000000ce3ad90794e0da6260f87440066c938405f8d2e0eafce528521b47f38ee22b6e200000004fce5deaed54cc3716629372266a6675cb7c0a9a2fdb3bbc8a64adcf2909b17540000000e834af471ddace3282171299431474ce22162050fbd4aa6217b98f65b5fc7bc5a448091465a0c8631db9bf76f1a7752ca26687d1e8d870eeb05fa564649625cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407097440c26db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435932981" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1600 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1600 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1600 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1600 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.deropoli.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 103.224.212.217:80 | www.deropoli.com | tcp |
| US | 103.224.212.217:80 | www.deropoli.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.ert-live.gr | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i-am-totally-bored.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 103.224.212.214:80 | i-am-totally-bored.com | tcp |
| US | 103.224.212.214:80 | i-am-totally-bored.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | je.revolvermaps.com | udp |
| US | 8.8.8.8:53 | www.e-cy.net | udp |
| US | 8.8.8.8:53 | i50.tinypic.com | udp |
| US | 8.8.8.8:53 | img52.imageshack.us | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | i1086.photobucket.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 38.99.77.17:80 | img52.imageshack.us | tcp |
| US | 38.99.77.17:80 | img52.imageshack.us | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| DE | 185.44.104.99:80 | je.revolvermaps.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| GB | 13.224.81.93:80 | i1086.photobucket.com | tcp |
| GB | 13.224.81.93:80 | i1086.photobucket.com | tcp |
| DE | 185.44.104.99:80 | je.revolvermaps.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| GB | 13.224.81.93:443 | i1086.photobucket.com | tcp |
| US | 8.8.8.8:53 | eortologio.net | udp |
| US | 8.8.8.8:53 | ypokoultoura.gr | udp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| US | 172.67.202.89:80 | eortologio.net | tcp |
| US | 172.67.202.89:80 | eortologio.net | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| US | 172.67.202.89:443 | eortologio.net | tcp |
| US | 8.8.8.8:53 | www.incognitostudios.gr | udp |
| US | 8.8.8.8:53 | img155.imageshack.us | udp |
| US | 8.8.8.8:53 | img693.imageshack.us | udp |
| US | 8.8.8.8:53 | img198.imageshack.us | udp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | i1110.photobucket.com | udp |
| US | 8.8.8.8:53 | i44.tinypic.com | udp |
| US | 8.8.8.8:53 | oi51.tinypic.com | udp |
| US | 8.8.8.8:53 | img5.imageshack.us | udp |
| US | 8.8.8.8:53 | www.neemo.gr | udp |
| US | 8.8.8.8:53 | img709.imageshack.us | udp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | img257.imageshack.us | udp |
| US | 8.8.8.8:53 | img831.imageshack.us | udp |
| US | 8.8.8.8:53 | img.bizinformation.org | udp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.conduit-banners.com | udp |
| US | 38.99.77.16:80 | img831.imageshack.us | tcp |
| US | 38.99.77.16:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| GB | 13.224.81.93:80 | i1110.photobucket.com | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| GB | 13.224.81.93:80 | i1110.photobucket.com | tcp |
| DE | 116.203.113.104:80 | www.neemo.gr | tcp |
| DE | 116.203.113.104:80 | www.neemo.gr | tcp |
| US | 38.99.77.16:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.16:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| GB | 172.217.169.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.2:80 | pagead2.googlesyndication.com | tcp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| GB | 13.224.81.93:443 | i1110.photobucket.com | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 38.99.77.17:80 | img831.imageshack.us | tcp |
| US | 8.8.8.8:53 | www.eortologio.net | udp |
| US | 104.21.52.177:80 | www.eortologio.net | tcp |
| US | 104.21.52.177:80 | www.eortologio.net | tcp |
| US | 104.21.52.177:443 | www.eortologio.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| US | 8.8.8.8:53 | www.greekbloggers.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | s08.flagcounter.com | udp |
| US | 8.8.8.8:53 | referringlinks.com | udp |
| US | 8.8.8.8:53 | www.dokimio.eu | udp |
| US | 8.8.8.8:53 | www.thewebpower.com | udp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ticker.agones.gr | udp |
| US | 8.8.8.8:53 | www.kickstart.gr | udp |
| US | 8.8.8.8:53 | hosting.gmodules.com | udp |
| US | 45.58.124.226:80 | s08.flagcounter.com | tcp |
| US | 45.58.124.226:80 | s08.flagcounter.com | tcp |
| US | 104.27.203.89:80 | ticker.agones.gr | tcp |
| US | 104.27.203.89:80 | ticker.agones.gr | tcp |
| US | 172.67.179.193:80 | referringlinks.com | tcp |
| US | 172.67.179.193:80 | referringlinks.com | tcp |
| US | 76.223.54.146:80 | www.greekbloggers.com | tcp |
| US | 76.223.54.146:80 | www.greekbloggers.com | tcp |
| GB | 142.250.178.1:80 | hosting.gmodules.com | tcp |
| GB | 142.250.178.1:80 | hosting.gmodules.com | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 8.8.8.8:53 | www.kickstart.gr | udp |
| US | 172.67.179.193:443 | referringlinks.com | tcp |
| US | 67.225.208.65:80 | www.thewebpower.com | tcp |
| US | 67.225.208.65:80 | www.thewebpower.com | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 104.27.203.89:443 | ticker.agones.gr | tcp |
| US | 67.225.208.65:443 | www.thewebpower.com | tcp |
| US | 67.225.208.65:443 | www.thewebpower.com | tcp |
| US | 67.225.208.65:443 | www.thewebpower.com | tcp |
| US | 67.225.208.65:443 | www.thewebpower.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8539.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar85E7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45d5d12e08688015b491d09b841960bd |
| SHA1 | 0a766443adfe47e60fc82db2e482130b1f89d6c1 |
| SHA256 | 5e5171abd621c4c11384a89e730f56493917a3331337c09e1d1ecd2e3c5918d5 |
| SHA512 | bd0f953ebd0f5f89a2852ee925dbd439ec4fa87693ece0ab66cc244abe4aa75956b114a431b2749bb14b08b9d41eddb8ae51544f7260b74e17730dd4470f5df9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 735b3f04bf67302957b0748846fb48bc |
| SHA1 | ce1cdbfb923e8923b02e081cb647c895f907fd22 |
| SHA256 | 92ac4f2ce11e3fe8e5215e337f80175fb15317743c67ee2eaa9dab914e50c0e0 |
| SHA512 | a72c151d345133af4f916c99dc6d79d91e1f751d669d993b8971bbca84d89017d31d0f9f095739820cfd20f7c5c1c23de659897b004f75768512a0ee7c9c515e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e28b513ee7e1bb419df10b640411f23 |
| SHA1 | 668a317bd638f43168820d3207bc10a3056f1eb3 |
| SHA256 | f06ba321951f5909318f08eb2724853fe7bef384c7a5b25aa35175410ec655ce |
| SHA512 | 3ab9898f492b89b0b881719edb1fb3af54c6ac5b0bc87d8f8aed8825e4ded8b011befad6dc3ccaa890dc7e0c781ab2ab8c0fe72a2ea1171f80e147bd4495fd12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b86df94038921953a33bcb763e904838 |
| SHA1 | 311824454b100774344ce4093f4bce640601c8c2 |
| SHA256 | 174c8fc71d2dbbb4309646599809fd6b3be922b64bae3467ed37e642ade664e8 |
| SHA512 | 3d37c1688ac63f2758be0501b54d547db36caa1a7f2866dd58f1b64a4e0954d65986e350f4132899180376d342b0450699d234b1b1c77d05cbdbf41c667fcc85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95666792c82f8a2bde57a2b02c649fa |
| SHA1 | 96f967482def9de1c76d8a87975b19c923123cab |
| SHA256 | 0bd5fe15c5880027e4abebbaccbdd960974f73890b62c4bc22523c10799ecb90 |
| SHA512 | 50e4ecefc6d42ef99600a987894c5d415b80d23df6012877ca97f7951d6464035e605cf5504417c31cd0454041acd1d2467322a30667e7d73a9aeee143988057 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85b98c2ec260301a1af603b6451f3c99 |
| SHA1 | 71d3c7a256a69170d2981ae027add4793ab06daa |
| SHA256 | 8d3a2393a028ab75a241ec14c86d4b9a836600cbac5547685713f2b45067d25a |
| SHA512 | 0fc758f50898850232f876bf14de710b691ded8d40c4b2cbb0cb2bce2d4cc9bf7c0457842d1998d5aa5726a63f134189a2d96b049ba5b58a742d85827fed1da5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee4a89b2637b5fad532e16d3c84e1d8 |
| SHA1 | 583a0fdb16000aa3fa7053a40e9a7dbe7e090e2f |
| SHA256 | 4e6d97735a8314123a17ae0f32c164f067be50d1007420d1d26d8d42162fbc73 |
| SHA512 | 2f767e6fe37be8bc9e4325340575a2acaec001c27f335ce4735349c54ac2cf7228602d78ade4a26a77ea86d26f33bce90dd51b83705787f764e194ff7f67ea7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94acee67b9e18459c071aa07e9e5dbc3 |
| SHA1 | a08fb58dc365aa93d82fed5157c1598b294625db |
| SHA256 | 5383714bf1df52187b4493a03ab0a0774623d1288db7606964dd6729a5b1227f |
| SHA512 | ff4220151b5c3ec353b9cd9fe3480fa4458cf88035cbcbd94c936b97ebc9a2474eea0cbadbf50c148175500f2a3e83bf0edd4d647875589fdcf1d2ed3a62f0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e64e526f9f68e0a6f42d788cadbacff |
| SHA1 | 08f63efdae2c848c5435b444c7b5ee0707fadf88 |
| SHA256 | 020bd80fdfbd878e132406475fbea36718aa9dd63f07ea58407789a28d2d9201 |
| SHA512 | aacc819c7bd146c0eb90b7003b2f5e6d4ed1e9a8008dd93f1ce85d5ffd6fe065b2719b92c8e5b49d7b4c40cb9804304ad04c71f8ea88f833ad64902ee13ac197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01a063cce52b351ef50dd926f59117fb |
| SHA1 | 8a91bd5b37ef034a43679a713a503b48e7670d3e |
| SHA256 | 3c185df21580d5d59567f081f4f853d86aeb77bca49b10f035b250d83dcc3c5e |
| SHA512 | 11d5c4a557e1bf5592eb704e1386498b7c04223ae2743625c07aeeb2d7ee98d753b8503470665a10a727f71d985a9be0c217983cf356ff1796f59e1d1f917091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ed29f701a4b8e152d54071c66c8469f |
| SHA1 | 459446c6f0ac3417e3698baa6e7f57bf791d6170 |
| SHA256 | 379086d90d8204b599d2803b59f2ecec06051e899b19235a4485e32c9e28a427 |
| SHA512 | a602801614b0b44d467f10b31cc6ab6a6b8dd2c1d737d82d2ec32ce39393a5731375d57c3a29d9a6aedfea72008843f0e74cf2c7e61105c5ae4ca3cc1c846a2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c723470762d914fc3e611cad8f006a5 |
| SHA1 | 8dbaf852d3b009e43a8805725d8afe430d73f6aa |
| SHA256 | 13acbeb9f860f2b77a47270302ff64eede4d9a0e0f31c550b86e65eced1745d9 |
| SHA512 | a4625d93598d2d2f7604872641d0dbb8f708a8f4bcb6031e809d5cb3ece730f1d89557b0ba8c2051c2d71a4532f23b50e4fc0d037947a6f81a11c00baf6b30ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d6ab6f8ff697211e16e15367916cca8 |
| SHA1 | 832e8090e4d61406735c013d2da9a42481cf189d |
| SHA256 | af8b4ba44d6db3e52489df22153632cb4204b1b4ac05549ea40636ae601a9655 |
| SHA512 | 2c313d1474b291228fd980013514a9d8cf79a29db26dadbb985600d346a413ef3ecbf916d52b11ca6097a04a186bfc501c4de55e12df36989d47ef0c25bf479b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef429305870710e3dfabbb98716a6aa7 |
| SHA1 | ffdeb1464e8f213ed365430f064b836a8f1c32d0 |
| SHA256 | b1ed6b6c7915b7181c30e40606b7e1f8e3332b345f048b7b1eaf58cf01c300fe |
| SHA512 | ec34a141e50109c5b43699264255c69c3122afb00bf75bce2c6e38384d39d4831df0ea60ecee03b1cee982a51db2806ff8dd666e334184a3eef7759cef0d69af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44af751ae0e719c6fab0c7609e23b88e |
| SHA1 | b4d8039c360be61cccbada8ee43232d60f6512d7 |
| SHA256 | 62e1bd656d152b38b5b15c6a508c3ecf68f1c9a76eabbe7bd471e604f321274c |
| SHA512 | 289700f6e03420203c69d33e95dd7d10571d4cf4c4ccce1baa2d35a976c35ab679b2f4e664dab4c075a725e88748fcf76774a4c9e038d07891afbf02a35bd19f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7414f53ca64097a5f7442a163825d638 |
| SHA1 | 770a8c95542e7f78cf32eceba66bebd867032679 |
| SHA256 | 09f409fd6836fda0fa242d5bdbdc92dfb4be98d57bb02abfa20fbeb881f2fd3c |
| SHA512 | 8a7eb6a888c96edd1d11a2645e3d6287824a9310d37ed297706cf3934956f465509841bdafe04426c6e6b0e65cfaa89970c00622af5e0e9b775e70c5fecb9247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e40e47b8b499adbfb024b4be674083d |
| SHA1 | 0a1ac0146df3589db01c9c2d14c5c0c923d9f68f |
| SHA256 | bab10511a019e57ca139c2fe5deb765df354c268c5173f7ce9943ca7c078a2d1 |
| SHA512 | 4dbe058eb2fa87a2ca318f03ae7464e97f0cc4706abe7a9cc683ea688890fa47e10d00cac226faa4b54b4509ca6b04dd54ced2b886cb50bb86d2090e343edd57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76d38988eb889757ab49bc375ce7366f |
| SHA1 | 19a2c9c3617f316eb3902220beea51b9005d18ba |
| SHA256 | de9fce97042e0bce7768b10ee95908e6b02583ca8ccc2bb30b92ff833e19287d |
| SHA512 | 2bb4940d40251bc5d0b3986eef3c6bdc5687d89200942664a173014eb56cf3f3ad1fc44843fe21f7d2620b821fd0de683728bb5b8c98c5ee3d1eb12c41162c90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 609fd94e959b026a6db6e2e003893a51 |
| SHA1 | 2118ad475218df0a46f0c70ff8f3125216e5f78c |
| SHA256 | b304f49258493feabed90082ca183b93917d0a9aae86b709069b84d78117a1e3 |
| SHA512 | 7108aeebe45bc591217e111a612e943df79bbf2b53927aaf753ede626b63e12b756f5c845bad16c9a82825d367123a64f55ef04ea5c000dde70154cfa3f0f942 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df335bdfd8aa90c10dcd4b4e7e615450 |
| SHA1 | e7e5f1e7b350750df7b6c65e592a2354b60c86f4 |
| SHA256 | d46fd1eaebf567da3af806795dc8b27895fed84a31c50e1d36c1535b030269be |
| SHA512 | a52b05b2473e5bd986107cc3af6af2d3bb558be193f07922fdfd0471e8335a6f7fbbebcbd2db9aa8bf71fd42dc7fd04ff9223744009e264a88249c5b668857e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b99d178d5b598cf7f93d0b437e1f2676 |
| SHA1 | 214f33b7336f4cb38925071e71848d51191fca93 |
| SHA256 | b5edfb862062d957520cde71eda01f274e3bce8058ff3b6eccb9953554d622c2 |
| SHA512 | 31efc6ef5fd479b83ab2776ea8e87a5483afd099b2fc1e4205c0228227ca1a420d0e087561b9691d6865d28c0c7a70ab08a542d240ce8086c3011fb52647b37f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bef4c422adc714921b8f56eae891b64 |
| SHA1 | b8e97ebf4d65aa850b6227feeb6e72dd0dafe509 |
| SHA256 | d407a9e284deed0d605fdfd19d09011d08149ae9e51b97e750e512ad5b069eda |
| SHA512 | 7216d0a7e72acbef69324af59d17d6aa4ef71e7bf1606460921dd9a7069b261e91197c251329d87c310f2336caab9d6e6d76e68c0d8d261fcd9cc4cd47191866 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0482c7728fefc912c95c9554c5dd00ac |
| SHA1 | 36cf4954cb9d07d00ec36d3b0fe7d605b35f2c53 |
| SHA256 | 0d0e48191133672ed7ef3e4b568ee110be2490889e13def0491dfb57ecaa166d |
| SHA512 | e813920aa3d3edded772500ae3b6ccf378c75e7b0e67b4922b96d71442d76ea685185304a8e09f5d508a333133588f49bf531a93a0130e2dd0c9450e4788c00b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 685d5a0212ee1d3be0c2c05cdd16a909 |
| SHA1 | 46b3fff35ec589a2b8699d5995710834f5b477cb |
| SHA256 | bc1a0436d7c4e72e780665cb082eab92a184aa12a83e3c01d7b38d081cb5be23 |
| SHA512 | 6c2ef6a10f1565a1d2fb8ed2f4c3bf65d6267587c011aaf9a1996aba9c13174629f9a8a097c3b1fa14216a854b6278471111a6c9c6f3abd4e30d90616e37af43 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 20:30
Reported
2024-10-24 12:01
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a7b946f8,0x7ff9a7b94708,0x7ff9a7b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7712 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 172.217.169.73:445 | img1.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | je.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | je.revolvermaps.com | tcp |
| GB | 172.217.169.66:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.conduit-banners.com | udp |
| US | 8.8.8.8:53 | referringlinks.com | udp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| US | 104.21.59.153:80 | referringlinks.com | tcp |
| US | 104.21.59.153:443 | referringlinks.com | tcp |
| NL | 195.78.120.66:80 | www.conduit-banners.com | tcp |
| US | 8.8.8.8:53 | www.deropoli.com | udp |
| US | 103.224.212.217:80 | www.deropoli.com | tcp |
| US | 103.224.212.217:80 | www.deropoli.com | tcp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.104.44.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i-am-totally-bored.com | udp |
| US | 103.224.212.214:80 | i-am-totally-bored.com | tcp |
| US | 103.224.212.214:80 | i-am-totally-bored.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | www.e-cy.net | udp |
| US | 8.8.8.8:53 | i50.tinypic.com | udp |
| US | 8.8.8.8:53 | img52.imageshack.us | udp |
| US | 38.99.77.16:80 | img52.imageshack.us | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | i1086.photobucket.com | udp |
| GB | 13.224.81.90:80 | i1086.photobucket.com | tcp |
| GB | 13.224.81.90:443 | i1086.photobucket.com | tcp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.10.230.54.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.incognitostudios.gr | udp |
| US | 8.8.8.8:53 | img693.imageshack.us | udp |
| US | 38.99.77.17:80 | img693.imageshack.us | tcp |
| US | 8.8.8.8:53 | img155.imageshack.us | udp |
| US | 38.99.77.17:80 | img155.imageshack.us | tcp |
| US | 8.8.8.8:53 | img198.imageshack.us | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 38.99.77.16:80 | img198.imageshack.us | tcp |
| US | 8.8.8.8:53 | i1110.photobucket.com | udp |
| GB | 13.224.81.90:80 | i1110.photobucket.com | tcp |
| US | 8.8.8.8:53 | i44.tinypic.com | udp |
| US | 8.8.8.8:53 | oi51.tinypic.com | udp |
| US | 8.8.8.8:53 | www.neemo.gr | udp |
| DE | 116.203.113.104:80 | www.neemo.gr | tcp |
| US | 8.8.8.8:53 | img5.imageshack.us | udp |
| US | 38.99.77.16:80 | img5.imageshack.us | tcp |
| US | 8.8.8.8:53 | img257.imageshack.us | udp |
| US | 38.99.77.16:80 | img257.imageshack.us | tcp |
| US | 8.8.8.8:53 | 104.113.203.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img709.imageshack.us | udp |
| US | 38.99.77.17:80 | img709.imageshack.us | tcp |
| US | 8.8.8.8:53 | img831.imageshack.us | udp |
| US | 38.99.77.16:80 | img831.imageshack.us | tcp |
| US | 8.8.8.8:53 | img.bizinformation.org | udp |
| US | 8.8.8.8:53 | www.e-cy.net | udp |
| US | 8.8.8.8:53 | s08.flagcounter.com | udp |
| US | 45.58.124.226:80 | s08.flagcounter.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.greekbloggers.com | udp |
| US | 13.248.169.48:80 | www.greekbloggers.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | 226.124.58.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dokimio.eu | udp |
| US | 8.8.8.8:53 | www.thewebpower.com | udp |
| US | 67.225.208.65:80 | www.thewebpower.com | tcp |
| US | 67.225.208.65:80 | www.thewebpower.com | tcp |
| US | 67.225.208.65:443 | www.thewebpower.com | tcp |
| US | 8.8.8.8:53 | 65.208.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.ert-live.gr | udp |
| GB | 151.101.188.157:445 | platform.twitter.com | tcp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| NL | 85.17.114.229:80 | www.ert-live.gr | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 146.75.72.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eortologio.net | udp |
| US | 8.8.8.8:53 | ypokoultoura.gr | udp |
| GB | 172.217.169.66:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| US | 104.21.52.177:80 | eortologio.net | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 104.21.52.177:443 | eortologio.net | tcp |
| US | 8.8.8.8:53 | www.revolvermaps.com | udp |
| US | 8.8.8.8:53 | www.e-cy.net | udp |
| US | 8.8.8.8:53 | www.eortologio.net | udp |
| US | 172.67.202.89:80 | www.eortologio.net | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ticker.agones.gr | udp |
| US | 8.8.8.8:53 | www.kickstart.gr | udp |
| US | 104.27.204.89:80 | ticker.agones.gr | tcp |
| US | 104.27.204.89:443 | ticker.agones.gr | tcp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 177.52.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.204.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | e-cy.blogspot.se | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 216.58.212.193:80 | e-cy.blogspot.se | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | e-cy.blogspot.com | udp |
| GB | 216.58.212.193:80 | e-cy.blogspot.com | tcp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
\??\pipe\LOCAL\crashpad_1200_HNZAOAYJXVKUGLZA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 71909663d4fff443cb8eb75a940b498f |
| SHA1 | 4d67e64f6cc62f2fd901a41459e823bbf7e81388 |
| SHA256 | 3ee906fa7ffef04dafa76286beee006288feec09c4d4a845d4cfca665f7d0e7d |
| SHA512 | 014bb3ff5e7608aa3edbade2a33afe24d31cc2d491b2bd731c0771a6637b5874b902fab9179aabba841f4f3fe9dbeac4bf7a077e9f0927f28cd1e1234b0a5cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7c3734dbbdb13cda5423662075cdeb0 |
| SHA1 | e9aa4c9137cb559e1a83598de707613b760e4a7c |
| SHA256 | 48b1f5af5e4ed612e8cf3741c54729558fbb0e284ebb9b4f5a27b4c229ee8f14 |
| SHA512 | bf1a5604ee1a6d64d122a7c068ce06e470805d66dba737886e941823fae7a90a9b930c3351fd3c194d5959f17a8fcd10608deb59a4fc5143df79dad5e5eb8702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d6c934c86902d8a148aaa306ae28ac99 |
| SHA1 | e46749328da8f2a78ac65272a320fb03a53d6a90 |
| SHA256 | 9f262fff34740a58e8df6b63ea5de52de1d4fdde07f5e24ad41a8fffb64e2054 |
| SHA512 | 7e6903bc51d3a3a570e20536a3123ccab22c1caae47536837fce2dd785d2b827554093f84e19facecc9b8552fce55e2c58f555a24d1e6b880f77d48ee5b2cb1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ba804ff12047e04722e1af38a6e48b9d |
| SHA1 | 433719dfe587f1069f30fbe82e8a3dc6824d5db4 |
| SHA256 | 421b51cf8590b4a7422fff3ac3afdf6cb7951f52497cf1c8ed5787cca7864e40 |
| SHA512 | bf9c52d38055bb59ff4f653a47a678ec0ba6e2ccdc953f3ec5e9ff2f0c90f8bb01c762bfd3fe68363bd38802536558d15225f4da1bcfc8a0710277522b86678c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f23f.TMP
| MD5 | 7fdab925df35e0e6d38b048220d10f1e |
| SHA1 | 2201b37c26d96d40110174089a0eca89ac66ee4e |
| SHA256 | 206c3203c8fc21034b8f414903fdb461c541962c00d5b0dff1fff842439dc450 |
| SHA512 | aa2510b2c220864cbdac9935f9ac290ff70763f8b8ad3f8709729a8624242942cecaa2062c40690ebb3a78a926388855ab607290262f10d9ac188871651b8c8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fbaa4686084376d38b25bcbacc2bf3cb |
| SHA1 | eee64c22abf9e69ae0a4d4577f29d179ac3431e3 |
| SHA256 | eddac05718a7737a076095a3d5b0fb6797185107b7e5f091819c80cea810564c |
| SHA512 | 43f010cba36378f9d22054edeb1bc8b0de93ea9ee1afcd7a0e4c6b220aa0a24e126dc1ccb378d3f3fd4705a38abca97cd9b9d3f219ae006f0444a976428a3351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be433fceccd7e1520dd9adfc518dcb96 |
| SHA1 | 8d935c34b22453f90b0b1bb2a5657bc02b26b20c |
| SHA256 | 2144f78f9f10277732bc7f0e9c3b92453f0754ed5b5ae495896653cfab12f228 |
| SHA512 | 098337eae698352aca9cd6171432ebd9cda2bd628ac7fe76324d0de64c084f9db3d263f3147dea2c02140c153f49ac2cb41c7fca432515a1a1bcf64f151c5ff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28ae38e3230a2994297e70a832a7cae3 |
| SHA1 | 862027a1797dae8d3f20f2baff44b334b9139e1f |
| SHA256 | b0e7f9c0ce4e97ef96e199c6a2d3c5080a9a702867e635324b932428060ebde3 |
| SHA512 | 793668aea92148ba84aa417d8c3d58ac2bb602378e658e2f0edbe44f9cbc2e637a17160554ec9ec9e5f03e43de708a3d64c4f98f0051caea51d437560e353fff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29fc2f21d86c97558902ffebe94e9b4e |
| SHA1 | 320dc2f1392ada2d82883a72223b06982d89bd03 |
| SHA256 | 9b1ebb96b606b9f65f46ecc89b1c0274d837da852fd63ba0ae612f4e282c1ef0 |
| SHA512 | f6597cdc2ca850aa2e3d38bdf764045c90aac76a5f7224de51f406b29dc2b78a848bdd71186af9b7baa499530729852835be42cbfa1fe9604381864761f7c659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4d0eda74bb289200cdf2cfa2694633fa |
| SHA1 | 1ad33af734f4963804f6f9fb95368f3e6fd02999 |
| SHA256 | 3121213f8547b09c431d698055c413d8f821285feaf6e59b2febcbc24df4a8bd |
| SHA512 | d0b24a5116efdc38a932c48492e7702832993da684de0612ade08e75cb8ace1747225f384569b2cde5cd0f775ce1febaa09598fc5480015805155a55dfebbfc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f037f4a7e038071faec7925dd6a5405 |
| SHA1 | d142d99374593ad9dd82569eac656b39a8ef6ffc |
| SHA256 | d1bb74c1aa80a1639aaba40baa44fe505d2751cc12d7a954cb4675c5b608a1c7 |
| SHA512 | b0fffa9366295595825ccf1c8090f1e48f90a0fa5968dd18880e51c2c2b5dccdf172b05fbcffa82ade08f45d4f689c60468e505c4600079cd60cedf2ce4301c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6867eb222ba088e772f65c5322f6a0af |
| SHA1 | 1c274f6993649ea3142b558832b230af19a6afc4 |
| SHA256 | 358c479aca4bc979612041dcba1817e2f4c3811d7a18b1de26216b5a25b379cd |
| SHA512 | e16443d08634533ba75fc60d463d2f6b87084f52a91747fa85e892acb444ecb8ece258e3c3c05f057f41e022961b7f154ccdc8c43c6965ab087321cd20eb152a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d0411317b7a92ded34642f90bd10f03c |
| SHA1 | 2859fe412e1563074eb1ab6b3fa93a12317ba16f |
| SHA256 | 9fdf33100d1ea10165b98faaa4e25dbecd17440ba3cafbe4516d2f8104a833fe |
| SHA512 | 01b562066ff856dc2935ce8fbd40cd503a8917ec86cd50d70a5a2ea8d252057679ca16f355594f5fd28149fa0d8aa6932dbaea1dc3b55c1de29d1d4b67a59bec |