Analysis Overview
SHA256
a59cb5331ead2128296d3674da0c40f1382c55dd3bf015367879e74423781a1b
Threat Level: Known bad
The file 79bcf5380e83d3054c98a180aff67563_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 12:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 12:55
Reported
2024-10-28 13:19
Platform
win7-20241023-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000c74f3ad3d9a03a412a24916cb500e2c51a7b16d29f30247fce7abcb9f718a73a000000000e800000000200002000000066d352bbf6843d260798448199e1b31286797240de6ee58cac8c2fa3b57ef19120000000502ed61c8397bfa5d212f255605ead22808141740b715b0cd4bcda304720a4a3400000008c8d7894180f4cb99dfa2cfb8d6c7ebc6e1fcaf1fe125ee1d5115418dafe7af8dbf0c05906d9176f1a74a43c1f04e1e316513d0893cf0f1ba8b5cc38b6002607 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3218611-952E-11EF-A9E4-DAA46D70BA31} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436283276" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000009380ac186b78ea4ef2dcdd4462bd60b4ee9ff7e44c62b7fd2292fd43ee85e4bd000000000e8000000002000020000000220ed67b91244a815e48e289b6253b4a344c8c3fe7053b4c2fc602f5125e15829000000036bb4e7bd053ccc815dccf88653fc127894512950484d467173e6e96d9653d84c85d8231b86158f525633836a8923a2b86338ac7866b6931e9f7412d3732a0affc5c74123396ca46a611d6bec825e1c5902fc2508454b73a758ce26fbd501cbb457777918a816ef0e3e7ebbe42700c75a47a198cadabe4490a9a62cbc41bc7863bd82431f6add226b60298e5aa6dff63400000004624c46c00d76c9d689f1450bcd6b585484adce15e7241e447fa7146726ec2d060e6a17f6afe959030780b0279e36255a00ef93ca3cd827d99e66b0f6ba15326 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0706feb3b29db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | iwebgator.com | udp |
| US | 8.8.8.8:53 | smilecampus.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 3.5.27.27:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 3.5.27.27:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.66:80 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 142.250.178.1:80 | smilecampus.blogspot.com | tcp |
| GB | 142.250.178.1:80 | smilecampus.blogspot.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:443 | smilecampus.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | www.blogblog.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2leep.com | udp |
| US | 8.8.8.8:53 | www.avalanchers.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 76.223.54.146:80 | www.avalanchers.com | tcp |
| US | 76.223.54.146:80 | www.avalanchers.com | tcp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.187.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.zaparena.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | www.getfreebacklinks.com | udp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 8.8.8.8:53 | img.britishblogs.co.uk | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | simplehitcounter.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| US | 8.8.8.8:53 | blogginggratis.org | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | www.bloggernow.com | udp |
| US | 8.8.8.8:53 | www.india-topsites.com | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | www.topblogging.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 8.8.8.8:53 | img1.top.org | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.blogratedirectory.com | udp |
| IE | 54.246.152.167:80 | g2.gumgum.com | tcp |
| IE | 54.246.152.167:80 | g2.gumgum.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| US | 54.87.82.0:80 | www.blogtopsites.com | tcp |
| US | 54.87.82.0:80 | www.blogtopsites.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| US | 172.67.155.157:80 | simplehitcounter.com | tcp |
| US | 172.67.155.157:80 | simplehitcounter.com | tcp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 104.21.23.102:80 | www.topblogging.com | tcp |
| US | 104.21.23.102:80 | www.topblogging.com | tcp |
| US | 104.21.65.154:80 | www.getfreebacklinks.com | tcp |
| US | 104.21.65.154:80 | www.getfreebacklinks.com | tcp |
| US | 104.21.56.47:80 | www.mynewblog.com | tcp |
| US | 104.21.56.47:80 | www.mynewblog.com | tcp |
| FI | 65.21.240.245:80 | stats.topofblogs.com | tcp |
| FI | 65.21.240.245:80 | stats.topofblogs.com | tcp |
| US | 52.86.6.113:80 | www.zaparena.com | tcp |
| US | 52.86.6.113:80 | www.zaparena.com | tcp |
| US | 8.8.8.8:53 | revuwire.com | udp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 172.67.155.157:443 | simplehitcounter.com | tcp |
| US | 104.21.56.47:443 | www.mynewblog.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.18.190.73:80 | e5.o.lencr.org | tcp |
| GB | 2.18.190.73:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.18.190.73:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:80 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6318.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 921674020faba8819db0802e86246f8c |
| SHA1 | 484b6d58994b41cc85d258cb8390ece8252f4568 |
| SHA256 | 97a5585a3711fdf5571e988c24915ecbc452683e650dfe99c85c10a10926a634 |
| SHA512 | eda8f5266245be1ebcd04b4a784f240d18306eea18355fa2cece85d0e6db24d5c5fedab6c5d72ca1643717002f460f42f6f741216fba217401e681c2a5a18c2d |
C:\Users\Admin\AppData\Local\Temp\Tar634A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae0487d2b194668a3a61ba7c051247f |
| SHA1 | 0c26e4574954dcca61085ad19b4a085da093fe00 |
| SHA256 | e8129dfc03ba4ef4d40b3f3b0aec698171562606513467345602fa06cafe0196 |
| SHA512 | a328983f4f034cfe3b4ff28ea7c3e3e9b3ffd4916142f1b7fb3e906f107bd3fd224ccf9535157cbf9866e1867d4c2a09088e56bac6e0d4a5f3126b6fbc71794a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\f[1].txt
| MD5 | d92b1a84db196dd0a2351625478b612d |
| SHA1 | 230f1ce487d48df0a117380ddd0dcf303928eca1 |
| SHA256 | 86a40dd10580aef67fb6a603566207d843ce533adbf0496135f8b554efd1e55f |
| SHA512 | 11572b8e67c9612fcfc3c8a26edbdc67ad14a7cec55da725292bcd37f9b224ba874eddf112c99c3574860c13268eead561fb6422dc253488c80f912587fbe72a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 286f1fa4fdf5483ad887454d60b95912 |
| SHA1 | de65ac7f547f5ec57504347ccd0a6ece2c746c3c |
| SHA256 | 221026985ce5fa0d41cecb6f7c66ac3c497a7cdd856e8bf52743bffa378ea764 |
| SHA512 | fdfac74ef5db6634d40c71377c1f7b4ac81839e4cd93c9f014338dde466012e42914e579f791f8f383f5bdede4d87ebae0fb0dfbb904ae0206756d8b252b7e77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10328b1f8fdb2ae306da44556ef2b335 |
| SHA1 | 0e5c3d2d6a746c2bf7eaeef9987876a65d09dff2 |
| SHA256 | 09da80206fa77e05d0581243657ae39800a11bcc4f6cee7288b0ec6939a61834 |
| SHA512 | ee9dedcb613f67e68c7e9aff2a329b8fcc5c29ba8e70ee2b48e643c4bc940641555ef3764c96b2673a0e1bef55c96597a043c8f8ac1c371c5e92c0bc102211d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0db688a151b54d91d0f0ecc349be3c9a |
| SHA1 | 194c2cc963b4d558220e14f3c25cad05dc7e24a9 |
| SHA256 | ac5b20434c38880e065adb405bacf5c73838b02ae469786d932f4e6ffef1cbce |
| SHA512 | 14216a1f2eef0b97d84a21fac0118b04ed9341f08edf3184eeda3dccc5ca99224472a28c05dda58a409dabb79bfae48d152a051887c6ca1e02220a7a5d9d88b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d9aeb7c4934f64bf9288f32b89a89bf |
| SHA1 | 8027e9e7a52ad1fa31110e96b749e966643089de |
| SHA256 | fca7427e11e2f7c7a66bfbf4972ae0409cfa80ec41ae85cbabbe3a120cffb717 |
| SHA512 | 7236b5c573c0875fb525989b66530e3080fd03ccaedcbbe05f1c5897c9773b799f46ee2119352ae2313745479e0033831593178c647efdbdf6f8944c9c94ce4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4359e59ba2945646e8d73ff12a197eb |
| SHA1 | eb8f91c7a930c3d11d2e1736872b295513edaa50 |
| SHA256 | 200d6f301de555d9ad17a09779b6d4e7f324c6bca11db392bbdbbaaae3f3b13f |
| SHA512 | 06e2bcecdfa0a0ecfbce8aa61d5ad4c6f7ef27148768398d5fb4abf140b87835d830dd872fb3d5bbf452bf793b5c8b26f3ebf276bf2e9842565e190cd56b6329 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f21b03c79adf89577244bf4296914af |
| SHA1 | 01bb45370e2c4c11916223bd55514fa55efcbcdb |
| SHA256 | 5cdfa9dc2bb2c95fc3269f167e86cb783021903ba40464f61a0dd225c59949e6 |
| SHA512 | 0f302d9825942fecf33b3a057bc50228aae417d0d31f89702f36757688f7ab477c9e25e879cca4280e23cabdda1da89651c9f7cacd95f8ddc99ec35fefa61e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19e30cb051fa5016fdacc51ab92d62aa |
| SHA1 | 93a5585ba33a859fb9d119a7d331017f8bc6a3f0 |
| SHA256 | d3645ed9e5bead2799847c53bd6ec986e9afe3703bb18ffb348e2dbe71f076c3 |
| SHA512 | 9168394de266f5afd721bed846d3b9747704fbf129144a75fa49307ab30fff8a0d55df8c3dc353cf635eaec5c1683f8aecfb07ad97692533628576171a764f14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c574976e476a9cd4a87c5f9245ecfaf2 |
| SHA1 | 250bc799718408ee93d229d49ed691d6fc389e7a |
| SHA256 | 9a66278b59ee7be5efa51fad9b4d71640bc0cff25809f7831a5530e997c66921 |
| SHA512 | 0c3542245ada2ecad7fd7fc5fdf31f1ef3da6c701033fda1bdab9887aa78532dd247db4f82fd660b1fb85e8b9e4d4d177da4b03573c71c230ee35d5aa5cd435b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18004377d6b884ebe56f7c66125e6262 |
| SHA1 | 9ea64a67db16f75f27a2747e02d53e6dd555200f |
| SHA256 | ee6e88f6e9d71c7b496accad4b9ba148891cf476866ed26c4971eb8a2dc7a0c4 |
| SHA512 | 9babdb24244adad4bdfc66bc58e3208f06b9b9961ddb0c8555b6e8237f8f0000de784489b03373924edcad256fc99f0f805ae0b92352e66aae87682c5656d7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 299823c70579831ac3b291afdaf1043d |
| SHA1 | 419914a18f9107b2c4d7347b348443819e51bbe0 |
| SHA256 | 0eb2c87222efe5a472976fffde4e0f9812be0d442cbe3ac8012c44de782bf3d5 |
| SHA512 | 30cbf3fff5bca3f4b80575cc99a48f34452b9e6d2668bd3e588b6d640b5cb90b52278aaa3293f0292c6e76cac1ecc9c47bb810a7b602c3c862553758db4a2413 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90424304c06c1eb37e08218d5a9ff113 |
| SHA1 | 510dfa74fd9d2dbdb3cdee61f4bb2b269c883224 |
| SHA256 | b4116315ab9b9b8c9a753ab43a41e857f9008b6024c9c5c72c2815feeda8be93 |
| SHA512 | 9ca3c1bab5f6a7299e9f1859e98f8e613308a476e1f825961be5d416acaef2f93f0a613b8739c4ccafe93579187dd9ee493cacce4c2e55ecbbf1145b91b09eaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb7c483cbe392d264dcba63725179403 |
| SHA1 | b75455938390a301507f8d668627db9e279b66ea |
| SHA256 | 49d6074fb1f0017ec0f7012881c13c208b0a13a4de1609180a514748d6cbd3d0 |
| SHA512 | e7ace9013358e03f0ed0180c3c8fb2e0c70d17ed7366d876b6c41f8c9c424803b7833cc3f4c4098294a5e58c004976c6c4a9f754d9bfd4128b34d9f6ee4606d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da90bd0706e0a734979dc405de492fe3 |
| SHA1 | 1c126b67f0233998aac77a395a7a5c9e45681af3 |
| SHA256 | 695e0df91b8e994ef2ffb21e329868253a250eb612b8a01978abdd68ca39bd17 |
| SHA512 | f4c0936e33c00db72d83eaa577cb3b3944eb7b893af8bfcc65a533864718422f85b119143c059dd46152e398ec827c6af502068112454dbea3341e79f7b91dbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b14efe91c7ce43daef3ffd71e57bed39 |
| SHA1 | d3caa112966d76f76f2655842be8fe76580ad83f |
| SHA256 | a9a70a8e731badc651447af91819ef179282205eb4add6360704611861f066b9 |
| SHA512 | 2130daa3b2b25e74cce5f3085b028cfc9f0cfb4deaa05b041d24ebdcb20843115060793a3af8a8a40348e5379dab16c21978c36cb72637b48c2a99ee3c17380e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20155a4d494a518d2e5c14147051173f |
| SHA1 | db2d6a70b4de4b02de0175f8991e637c5f67650f |
| SHA256 | ae67b7cd457b955cefa03bd4d974ef170ed5104564d7d533fb84cbfd1da8cabb |
| SHA512 | 16bfab5d4f524f3b18faac6ec26eebb44a119a4a387a239275148efcc4ee972a38bbb7ed1dd32945821b2af6fed18ad13a97968059b3c9a8ec086561a38f0177 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa851f3e0f9c99cbfbad0030dffc22e |
| SHA1 | c764343384d6d1185b6ee7ae5b0c9632b2d976ca |
| SHA256 | 625d27b2e512d2e8a1e16a04c44b027c824479921beb18dd30abc652c6eb45f4 |
| SHA512 | 0920f2948db33da3151a47550bd1452a600b1f35795c8465a2c050a800797f36deb15fc8ffd9ff93788b46695c5bf6b00e49ddb9a379527cc20820b3b138e0d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04bfbc0aeb205bcea91579ad1cf05cb4 |
| SHA1 | c0b25b41cfb1f0d4b4e1757cf4a914f5ed7b7f91 |
| SHA256 | 1a3e190182afed412fef77c3fb66882d3d5320bc2707a4e1499cd8ec17d48e0e |
| SHA512 | 368ea8d2b009ccb89818b18e07cdd8be53fec0284967d56e2d41b5a6ab3b98237f81e8dea7a9473af72b38b415c37d7a9b604780faea9a879bdf5e95a0944f00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cee05290179df63e627dc767ca5a0ad3 |
| SHA1 | 95219c4a396e77e20293c6a54c937e7e28564210 |
| SHA256 | 960549e63d6f646867123dabaa07299ee468e92a746693bdd3b908a7721e9e95 |
| SHA512 | 49f1c99471bbd3ec13230266b3cd92a887e478b4b77d39f120a1e6519eea898aa9c0da0db2136529237e3af4031f2fbb337cf0ef12f1ecea36db3a96d20d6617 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52436c10f3043e900b93a778ae611603 |
| SHA1 | 5333dd7d9a6f482a0f6780d23e6175cb1c3118d1 |
| SHA256 | 63cc12287f8093d38cedce9c6e8cb8d7e111c5eece3260b7bbc509a62560bfae |
| SHA512 | 647346f8b031a8bd44591dd07160e24cf6b8c47880d5056a510b4a290dfac114a3fba7fedeac526818cbb9730625caf0ec4015a5e71323303912898e6e5fe72b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 986a4f9ce3edbb522565d7939b205ccf |
| SHA1 | 1e4b8a1c4bd57d9cea0597c4603e740d0b0db273 |
| SHA256 | 68a24a68c7665fa64dcf913c19b7c10ebcd79284007b908e873c94cd92e61e72 |
| SHA512 | c5a17875b74bc95e89b4ead29b529e4a3d2ac3e37a6378a76e02610d37b0c537593b85062dcdb7150de142e07bd3c0cfe686702a9178dd18c461401c9434e624 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 12:55
Reported
2024-10-28 13:20
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x49c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7024 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | iwebgator.com | udp |
| DE | 91.195.240.123:80 | iwebgator.com | tcp |
| US | 8.8.8.8:53 | smilecampus.blogspot.com | udp |
| GB | 142.250.178.1:80 | smilecampus.blogspot.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.240.195.91.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | smilecampus.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2leep.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 104.21.29.45:80 | 2leep.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.avalanchers.com | udp |
| US | 52.216.211.217:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| US | 13.248.169.48:80 | www.avalanchers.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.134.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.211.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | video.xx.fbcdn.net | udp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| GB | 216.58.212.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | www.zaparena.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | www.bloggernow.com | udp |
| US | 8.8.8.8:53 | simplehitcounter.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | blogginggratis.org | udp |
| US | 8.8.8.8:53 | www.getfreebacklinks.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 151.101.65.21:80 | www.paypal.com | tcp |
| US | 172.67.155.157:80 | simplehitcounter.com | tcp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| US | 172.67.146.176:80 | www.getfreebacklinks.com | tcp |
| NL | 212.8.249.233:80 | www.bloggernow.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| IE | 63.34.190.112:80 | g2.gumgum.com | tcp |
| GB | 216.58.213.3:445 | www.google.co.in | tcp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 8.8.8.8:53 | www.india-topsites.com | udp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 151.101.65.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| US | 54.209.32.212:80 | www.zaparena.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| DE | 159.69.83.207:80 | stats.topofblogs.com | tcp |
| US | 172.67.155.157:443 | simplehitcounter.com | tcp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| US | 172.67.177.143:443 | www.mynewblog.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 8.8.8.8:53 | www.topblogging.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 74.208.47.213:80 | www.freewebsubmission.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 54.87.82.0:80 | www.blogtopsites.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | img1.top.org | udp |
| US | 8.8.8.8:53 | 21.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.249.8.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.190.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.26.98.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.83.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.117.215.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.18.12.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.47.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| US | 8.8.8.8:53 | www.blogratedirectory.com | udp |
| NL | 185.182.56.134:80 | www.blogratedirectory.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 8.8.8.8:53 | img.britishblogs.co.uk | udp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 8.8.8.8:53 | revuwire.com | udp |
| NL | 188.116.45.164:443 | revuwire.com | tcp |
| HK | 47.75.130.169:80 | img1.top.org | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 172.67.210.120:80 | www.topblogging.com | tcp |
| US | 8.8.8.8:53 | 134.56.182.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.82.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.45.116.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| IE | 63.34.190.112:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| NL | 18.239.50.48:443 | aba.gumgum.com | tcp |
| NL | 18.239.18.60:443 | js.gumgum.com | tcp |
| NL | 18.239.36.98:443 | gumgum.com | tcp |
| NL | 18.239.36.41:443 | c.gumgum.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.36.239.18.in-addr.arpa | udp |
| IE | 63.34.190.112:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.178.1:443 | smilecampus.blogspot.com | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3420_LEYAWPROOLCLHTYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f58359e1ee3648ce162b248b66e1e05 |
| SHA1 | 0eca716963be07052b1a0047d23484858337ea56 |
| SHA256 | d6828113c4e9e68bb66803ecf53c33f3b757f84d614e2227020e03f6239a0a26 |
| SHA512 | 87f841921ba1803dd07210022d28c0150cd0f8a096cae6262eabf716186175d67ca2df873b3c59dca92c46f32ee28a49221292bb43be2da561420284ee573d16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 96e57e5dd3ed0211a433d16571922e2a |
| SHA1 | 53f74fe529652d1ba2713c6638b8f1564403c8a7 |
| SHA256 | abdcf61ed91b2d799e682c59b2b40dd004e276eab880bbc20b5f4131478374ed |
| SHA512 | 799ea066027d7ceab148ff3ba9a014389dc7184f9dad725388f311e6d173cff3cc2b9af19f827d37197f2f1908b0e50d162fa1b698cbfa74898b95225a3f1977 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d3fa48454d9948d31ece2603c3fa9dc |
| SHA1 | 0e80810ac744cd7ef7e785d1b0834ba2a1b0545c |
| SHA256 | bd399d6c548cfad60f5407e3a491004a085733091c678183022f9cb56ee04a80 |
| SHA512 | 70a972fb231dff11317b772bc5c2e2b1b971260ce2b33a8148cd3fa516463b783532a1a3af9bde0c2097be5be17670d2f37a837fe6980954fecf8210ddf86e61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e85f3fd356174dfa55e7bb72ee79346 |
| SHA1 | f6bf0e8511578d7395eeb1488e6bbc4dc69e30b0 |
| SHA256 | ab161e9da2b7abe27e2d9aa5b175b8038263a0058bb42e1246a6614368625c06 |
| SHA512 | 7583246b97a4624baacf85ad0c4a705cfd7974611199206cc26101a3c1274ec8821c9bf7aff5e8a11bda3fa6c274a64139c58719e046b8fc8a1faa075c49537e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc1814265aafba298f9e635847698ca6 |
| SHA1 | 085e763d6624a7fc15f04c934b1c355b1b42fa4f |
| SHA256 | 6dc2d9a3894a1da814ac11b49ab30383c025363dd703eea937f252eb9279fbdb |
| SHA512 | 5e9e381fb88d80ecc60fdc1f68397f1d8eebe1fa02682cacbf87dd363889fb3513931693ea193e6ac926ab5554031171e5810b9bbbddf9b1f9515cce9ef5ec42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583b00.TMP
| MD5 | 9476fa2e2e72154c2deb699f2c666ddf |
| SHA1 | 8ce48c0ac8b3eada1312a9a6def197f916e21d8c |
| SHA256 | 73231d6a9fb0f8209ae8f758f8cc825e9a3c822e4f178c9eb49aefb7d8eb570c |
| SHA512 | 912d130538016e70df3da457a83249171618049303fc798a26f20fa24faa119dfe734c6bb0e60edbb3dd91ab5fe2c787bb91ef2c27168f9cde6d89ad989aaa9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e5dc03bb1859a506ab09c33d3ba4687 |
| SHA1 | 1f818d8ec83b940472dbc75107c20c2bff26b9de |
| SHA256 | 9004278d7c314f2b177b63964d6fa3165722a7f04fb4ed034e8e828442128bab |
| SHA512 | 798a694ff6ef97d490728dfa808d69a9d617e466c740b9546a46cb1fdd44ba1ff948934c1ea3b2d26cecde1d35af703cdbea71c188079bdf5244eb7d6663ccd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 73b864a2e05935d9d0c62e906a82057e |
| SHA1 | 91ba2916409f394ac9dad1c66513a5db215bdc3a |
| SHA256 | b90034b92c8fa7bd5f060dd5e06f8192546474d45a461fbb157143ebf289c677 |
| SHA512 | f4d0ad0faa364c6dd57e0721e7773fcefecf3f2c26433add6d742f77ce450edbf1bbf77744560e8cefd1320164404c26e4b30cd13fa52e343970d9fb78137b05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f69cae1bdacdccff0f786309d6959b2 |
| SHA1 | b8949e0aea37c9a5391fc74164dc4c96de2c8a52 |
| SHA256 | 6237637bbf0efded3be18b17bcf96e2ee7374ed833d6f6fa7695317ad96c24f7 |
| SHA512 | 16e1eafc8515cc1ce13c3f56f7d617236b50db18353c569ae67bc957364a062609aee7ef1e1fe672b9d12d483fe8804a2f9bed6fd59ecbbe4e85999137bf880f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ea300a80b7c31c95b3d9e978bc23ac8 |
| SHA1 | d573873ee1a3172b6a0e7b1d21515fe8c5fe65de |
| SHA256 | ff55e432e3ba4f72271d032f8c480ce09433ee386545647fda4143ce79721748 |
| SHA512 | d04ddcae592d5f54aa12b2820a18c6c116f31434be03c4e9a0e9e93231787a88639d809f08dc3ed5e0d31fe8dd62d704d75a1b0812e317635951cf014f48a4c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07f9605fb3d7f8df24d01915f5452fba |
| SHA1 | a4814baf0beb558c6803122f2f3d2978964f3e24 |
| SHA256 | 9303bd21e4ec79fdfe4b7a6870128cc599a07109a2041e6e3ccf40bc4c2ceaa5 |
| SHA512 | 6ac40fa7dcb4a5611634a5e580fddd7f316e42724f6a40b1dac0dd49b87ddcd8adabada1dbfe489c9ed8d85b5f68be6eb22609ea8d44cebaf11ea126b6eb2344 |