Analysis Overview
SHA256
9284d8ddd130a7a45166d9066f2db238245dc34bbf10faf18176428ffdf14193
Threat Level: Known bad
The file f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 21:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 21:52
Reported
2024-12-14 21:54
Platform
win7-20240903-en
Max time kernel
147s
Max time network
148s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001299335696a33b4cb2d2058b3b293d8000000000020000000000106600000001000020000000394b503d84cec106b2ebbe6753b70e2a33319352ce93061e140d2c2c572414af000000000e800000000200002000000098a7716e7f924288e824f02cfe80263245af3bb6e4d61a8a3b6a441837c05b0b200000008c5ed9acf6c0793ae2eda8e0c8ff6cf648c10fb699365a5df4f70b5df1b1e5e8400000002bbdde4dd7f71fbd1899cc20faf8dfb5b446031843110dd0235b69f9161905f3f74055c14a04c3d7c6a0a75698288a0e22e0503b532c46831d61848bd643738e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a4b182724edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440374997" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001299335696a33b4cb2d2058b3b293d8000000000020000000000106600000001000020000000c79ab372ea6ebc03ec8ff4c55d947cd52e89ef6deab5b609c95dc465fed2fb17000000000e80000000020000200000001d1fe0268e94b01f594afc0672b8deba377652be51e72621abf36360d0c5841990000000fb0b28690356146d86eb46708d5f0f5d5ba339725a666aaf584e5ee1c6fd1823c9724097926eb2d68ba4a21fa2b4307a36aa41e936b4aa2474ee089d2f85cfab7ea85838cb0d443d5f59a9f32ed0222b3ae03f48585a5fc75fc184a352bb2c46de1ad166f97f791e598166dc46d6eb65ac41b8e2847a7a230dee81fe5279a284c66ba38101880a50739cf374c3dbe57640000000fe55d8fb33adfdec9500ee3dd9af13568bd2f7a76b5939c296fd02d4bd38b6b094de8fed745bc87013b85b32a85d15ee75752cdfc08bccb62b6d0bef02bc8dc1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAE377C1-BA65-11EF-A914-FA59FB4FA467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2976 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2976 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | berkahherbal.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | klikajadeh.com | udp |
| US | 8.8.8.8:53 | bloggerbersatu.com | udp |
| US | 8.8.8.8:53 | belati.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | s04.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.viralgen.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | www.textbacklinkexchanges.com | udp |
| US | 8.8.8.8:53 | lazada.go2cloud.org | udp |
| US | 8.8.8.8:53 | www.gomezpeerzone.com | udp |
| US | 8.8.8.8:53 | srv-live.lazada.co.id | udp |
| US | 8.8.8.8:53 | banner.autosubmit.web.id | udp |
| US | 8.8.8.8:53 | sepuluhribu.com | udp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | klikaset.com | udp |
| US | 8.8.8.8:53 | www.jempolklik.com | udp |
| US | 8.8.8.8:53 | www.komisiklik.com | udp |
| US | 8.8.8.8:53 | www.probux.com | udp |
| US | 8.8.8.8:53 | www.surgaklik.com | udp |
| US | 8.8.8.8:53 | duitbux.com | udp |
| US | 8.8.8.8:53 | indonesianklik.com | udp |
| US | 8.8.8.8:53 | rizkyprofit.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.21.3.77:80 | bloggerbersatu.com | tcp |
| US | 104.21.3.77:80 | bloggerbersatu.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| IE | 18.202.12.61:80 | lazada.go2cloud.org | tcp |
| IE | 18.202.12.61:80 | lazada.go2cloud.org | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| CA | 192.250.237.6:80 | www.textbacklinkexchanges.com | tcp |
| CA | 192.250.237.6:80 | www.textbacklinkexchanges.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| US | 172.67.211.5:80 | www.surgaklik.com | tcp |
| US | 172.67.211.5:80 | www.surgaklik.com | tcp |
| US | 15.197.148.33:80 | indonesianklik.com | tcp |
| US | 15.197.148.33:80 | indonesianklik.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| DE | 139.162.181.76:80 | klikajadeh.com | tcp |
| DE | 139.162.181.76:80 | klikajadeh.com | tcp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| DE | 141.101.90.96:80 | www.viralgen.com | tcp |
| DE | 141.101.90.96:80 | www.viralgen.com | tcp |
| US | 104.21.3.77:443 | bloggerbersatu.com | tcp |
| US | 172.67.211.5:443 | www.surgaklik.com | tcp |
| DE | 141.101.90.96:443 | www.viralgen.com | tcp |
| US | 172.65.190.172:80 | rizkyprofit.com | tcp |
| US | 172.65.190.172:80 | rizkyprofit.com | tcp |
| SG | 109.106.252.11:80 | duitbux.com | tcp |
| SG | 109.106.252.11:80 | duitbux.com | tcp |
| US | 54.174.29.0:443 | www.gomezpeerzone.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | banner.autosubmit.web.id | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| GB | 2.17.113.9:80 | e5.o.lencr.org | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | viralgen.com | udp |
| US | 8.8.8.8:53 | www.dynatrace.com | udp |
| US | 199.60.103.22:443 | viralgen.com | tcp |
| US | 199.60.103.22:443 | viralgen.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | www.ppcindo.com | udp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.22.144.149:80 | r10.o.lencr.org | tcp |
| GB | 2.22.144.149:80 | r10.o.lencr.org | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.17.113.9:80 | r11.o.lencr.org | tcp |
| GB | 2.17.113.9:80 | r11.o.lencr.org | tcp |
| US | 104.20.2.69:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | ww38.ppcindo.com | udp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| FR | 2.16.149.12:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| FR | 2.20.41.218:80 | www.microsoft.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 40e83ae4946c3b2c3bdc307b4b9a3a3a |
| SHA1 | 7d8dcea38adfd8e16a85ca875beade1f9b3148f7 |
| SHA256 | c489161b20547cad7552fb17d576395ad8260b8b9b67946d21341be1a91ea56f |
| SHA512 | 2cf4174381c5c6036c7ece59a9acb64c50e2dba0f505b6e637c17066cbb0b9651466218fcf11b9092848635b7ca741a933c2062a6124817757200058d9ad5986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ca56af0c04c5f9db4fa4f692c26459f4 |
| SHA1 | ea7091b3fb90a0e5d87aa60fe77f5ad427fdee9b |
| SHA256 | a4055c5ba8d83623c48da8ad1b14d9d41451e3fcf7fecf11a1b0287229ec018a |
| SHA512 | 5c280f885a90c1f1a65748dffde7b99cf238b9ef0014e19629211f1d4652c2207e03030421827d04f6281b84c275a9df701c63b84882c70205860b0be54ef4e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1326d239ad5be493bf5fd56e881f2a29 |
| SHA1 | 581842f34af3ff826bd75bab8f858a2c6a6ec724 |
| SHA256 | fa449d903bc5fe464f03615782943adb6acfa4c151a7d171fa7c329f7baa0221 |
| SHA512 | b6bee0e2ad770424bec102b4898fee1f4fa53fea3638a2e59c3c7e11dbbd091b45733893d1e3a17c1f64845426ab690eb699c8f3d4cfbc0404b7f1fc611b6a58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 80d47b094404fc16294852f8ba84417f |
| SHA1 | 23ccecf4059535e6cb214d22c90f6802fe334ed7 |
| SHA256 | 1e31fd6b7ce431d2d53d6a79a6cf54dcb36b21a9e8396b53da68359b0fa86cf0 |
| SHA512 | 0aa1b82e81713e6898808f01d8dfecd2edfe844a9ccf7e332db667337fa7590bc3c15e3192c7b697a8e0506964be904d78a90989e4dc31c3feda07ddb2275464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 426b2fce1659119534fb587a7cf41828 |
| SHA1 | 656776a79a546ac0758b344bf4596acfef6d9ba3 |
| SHA256 | 8d10b8a41becfbeb7d4e81c804d246197af64615f65502e2eabda4030294262c |
| SHA512 | 7a68267b0c3e48c753096a16ffa0fca328ab9587712608414c371590d2cbc06f7e477212f8b5db588c1e88ea2c0b77cca42789d3cc15babb0a338d7717e561cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | dcdf0580275386c56c84e37e512287f0 |
| SHA1 | ff0325340ae052c5632d45d87385d525dbfc91c6 |
| SHA256 | 6e222fb832fb951a38385662bb8fea20f378006782d2b56de19fcd156de6bbd2 |
| SHA512 | bfe0658abc58b25d6c577b6e132e289e784a952ba45752059b40024aa90f593f92c24c27781fe48e81f14e88904da7fd5ee3506a34c402a62fbf518e683da78d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 058c55308960d1cd571efc31654f5988 |
| SHA1 | fd99e119336ed530636b7056dbb0518ae044bbf9 |
| SHA256 | 59f5a534a7dfe7efdfd57c79a6867d40903372605659d3aa82a9619d8dfe8c17 |
| SHA512 | 956100ed80dd2ada19b7342190ef87b72c83f691f13086d9489f5f37bc8c1e3aeb1844201aad88bbb260838f70ff93584b4f11faff5af020c825589bb491522f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 55cd3c4eea5ba01c7012e345c743f6b6 |
| SHA1 | 23c1dc9e1691e8755bc2f8a25622d94fe8a0dfb0 |
| SHA256 | b80ba8627414b71449f9aa43ee5e355e30ee6ec443481dbc503d941886e7b5ae |
| SHA512 | 9f1743d0789775c9d106f83cd3a51daa9469184dfaf6591f4f46657dfeda3c3c7d9d2450f422645b8023935dbd4616bbcb93b10fd09df72407c8bf27081d76f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | ae3ecffde4ab085447ae3b9ed649fc96 |
| SHA1 | fe71f9011f62838020579d4b6ad808b16e46b0fe |
| SHA256 | 728854fbc10e1e01a667c0c0eb45e961329026db02d315a997dbb7d34888dfea |
| SHA512 | 7a600a114c5fc3f8f97d3d86dbead9493af0d8d7e72c185b483d889155e3d554093bd77a8240f084f198505f51f78ad6451567a0468fae9512c193873978ac79 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\js15[1].js
| MD5 | 4beb0b1c8bbca69316e6eadcd83b1bf0 |
| SHA1 | 602491c5f60960bf4ba7c3d2e600681a06ffcaa1 |
| SHA256 | 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec |
| SHA512 | 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\2109501[1].htm
| MD5 | 7cb051f4d6cc2685a0c266b46a9ded48 |
| SHA1 | 2bdc81e6318f63ddd756b56bad7c4d29f9b5c793 |
| SHA256 | df1b5f7a07c0d3bd0891b3d2068d94fd01cf0e6bb07eb229e0c17caf1a083bf1 |
| SHA512 | b97573827c83a56ca0b5f30dd938289d49d36fb10435dce9e0366689830797a3c3fcb8b1deff27b846232ee5c05b670f436243665f82f3c9c3af79939238f1ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 362e4f72065309a21f54ab8fd40ce122 |
| SHA1 | 62324767d66e178a559a70dead5fb03801c56519 |
| SHA256 | 4af8f6c08985180545fb807060091bd0a61b855abd09b175c5fc3d296148d192 |
| SHA512 | 4b03f89d4ca375895703677603c8ac3676cc533f1ec1585f7537381a5cce58cb9e5a4cbd5162202e3820a1f30bb7e4935a74af442615807b291f321a8d64007c |
C:\Users\Admin\AppData\Local\Temp\CabB54D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB54F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78846260ba3827343d49d90663e0913a |
| SHA1 | e4fcdd3e254d794487298d7195f1a96b77ad96a2 |
| SHA256 | 1232378bc8d8efbb8b4edc2a797cfc2be46c7f43fde9f38093b4910d71a45317 |
| SHA512 | 1e3da014bc26b03189b8fca098515c092216d33b5448da52d4c7ff8445e633bc8c366c93c8f2fe435bfe85612a76871604501f8e6aea0032e8ddf4afa1befa63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a354c3ff8dfeffaeb947f415397aadf6 |
| SHA1 | 977028d2f36b4890d4b518dab30bf6018872c767 |
| SHA256 | 2da56d3db26aa299a7286877e8dec27edcef9a7def24b78ab3a5204fd4f9cd0c |
| SHA512 | ae5b2bb33e807c983df1aea77c8b283b5a0d2540ea479c15f3f53551ece45e4ecb40414c167fd5689e710d73ca879e7304981c30a460408dd3a700ed6905783c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e339ca7de464980371a46a16d506a1d0 |
| SHA1 | e2ebb37ffe157011c97129a90f5e6c49c3b56757 |
| SHA256 | 21ad3f2e5e55a2a12288f8fced47b37f634327baa0fb59b6f62223cd62564701 |
| SHA512 | b238b49702e0aa7f9c7d411e8337b6d2926297db719ba56848f4d4d855ef21f0529e93478132433deb32e1b32f18b9598b024baa9b70b7495cf7c69c5e651e7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00b73c3cc191a4c63eee692785d37a6d |
| SHA1 | 512aaead89f5ff69393745b4ebf4eb687918f4a6 |
| SHA256 | 2f7cab0de0ce1b98de7e3ffb03d3941bf4157d802efeb5d8145a9aa6cdcf626a |
| SHA512 | 59b9d21234a6965935afa028487534eb6fb555ca9eda562754e13983799409b8a4443d45118b17b7a53649dcd99159ae90aa43ff01c0965cd47d320d29afba3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fb8c6fcb15acfd10b840c0b8c485a9a |
| SHA1 | e483b270d68f4e1888a423375e1ea2447b43f4a2 |
| SHA256 | 5837451bd84c7832fdf073044ce0c771e1623807640c7ed13ef14f268c8c9159 |
| SHA512 | dff9a2972d9516aa00a310b6604d2a73868621b8811a90446bdc3395141cb06a725dd6cc6ea6735690311a2c5347399333f0e7184c6634d21d7058b95ed99ff8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3506303bc2b611dab1b0fc0c722b0821 |
| SHA1 | dc7f148ea11c5c269482dc07d8b4a78b64ac8082 |
| SHA256 | eb7e9e87e193f50d9ecf8baea256514179933384fbd934a8324f65a0ded86128 |
| SHA512 | df3c7cf11e83bb64063bc1a2fd7b607dcc291b3b4520dc6005e5f189079758932551c6e1b889d32b3dbda36a4ecdef5a8a8dbdccefdea443899ccb3781e15908 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c87ad2555473c13547891836853b42f |
| SHA1 | ae80abb877b4aec44a18616d3592f1e2def1e7c3 |
| SHA256 | d9d86de78e4a4f4008f5d635c5695713502a133952389dc785c7f32e5870d1a2 |
| SHA512 | 7034c48550bf559f0a8b3265bbf72021b4edd8ecb7590be16c4ef1134fd6ff5b6694fc7bf72c129d067134229eaa286f977bd4c463db858595495a210376bfd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a124f1f6b67a6c5288b5f3c5dc223fe9 |
| SHA1 | 9cbfa298bd8fdb8aaf1fe5b6be22f3605128e0d2 |
| SHA256 | df3879c5a7f74d9b4107ca000903e30f71121e42a9b801abb246ae70e7ecc945 |
| SHA512 | 34015d0550d17ab2c3bca24b30b0a5fbf18ec319fef15fec121b0963dbb9a1ff1b1d178550fad8eaaea74a7fc78771fa8c781f0c785e95dc985d3d4a2ce32bc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440336cb2e1459ef522aa205c0f177a0 |
| SHA1 | 23ab519be2e550fd20a522f2ce114c4c34ae9631 |
| SHA256 | fd9460f48ffa3a692d41988f2e8ce47c3d406fac1b1605d340aacaaf2762f9cc |
| SHA512 | 6bf56e303eaa7618d42d38e4de03d47b0df4fc28b5a7a6697a3416da2bca8fbafd62be9e73983141b05da34939a9e18974b4b60df4d495b5f965a78e6366827b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eac95b476b5ae1faca33a704e688d0dd |
| SHA1 | a587aa7394e266f999757985be03feddfdea395e |
| SHA256 | 08c06604a9e18d59055aab97c1fae7cce9287cb3a0160c79731b13d4d00e0638 |
| SHA512 | b3ebb2fc1ba0a402a284ee7b12c44231d0b33119bb288de9085f1f49a0f4b6401fe0ae047b49b35e19f8d74bb79f3c81e3e8ac08716015b4eefde88f21b8aaaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a946fa736682cd9d1a1dbc0ba1bac06 |
| SHA1 | edc6562485c38f3b38a48973aa03b7ed2fb4808a |
| SHA256 | a03aff91fa501f3ff54e8acdc56f6a0b2429bc455f03dd9c96bfc1b75cd364ef |
| SHA512 | 65ed567bbfd8ef3f030cea0fe6a11191db3cd83ddf8e5ee5d47d22dd959d3877433497da1792c0298584f752cca3dacd04629d7e882b5849132e9c816c1eb466 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb2eb2adfdd0dd42ee2e65563840edd3 |
| SHA1 | 9f131cd7a20d17ae98d3eeb93c4357212f63b325 |
| SHA256 | 3c23a4aacf35fd2143bd143cb528a041dc44ffbe9e86ad70155a705bb0ccdb9e |
| SHA512 | 7111ed8a31cf94de022d77023028fe7fb57cf0f7440fb067f7ba61bc139e86c3317b185f89e08081fa1addbb9b9b4d2d66db354450791ac9c0fb4dafdd8f0460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98ca7270fa9dcd4938345d1c128aa9a3 |
| SHA1 | ac7859fcd00ad4ea9a71c7a9886da2f8a23f69bf |
| SHA256 | 8418519d8dc478d798a9477d0540a0d1f684e052717609f76488884fb2474aa6 |
| SHA512 | 2f625254c9ab788187d9a667ce35147514b3ae4cbb15c3ac55a2ef911c9092bcee1f2772a9022be0b05eac96f2df12bca6b5938ddc0f13568a68bda0f7b1a48b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9a1d314472ca581a6a1b55cdda614201 |
| SHA1 | 0ea3841ee8ba4b1f68131a9245bedaffbf010c52 |
| SHA256 | df1b54377fb6f8adb897a6efb4aa72909dd0cda3191c28f2a0c612f2d29dae4d |
| SHA512 | 592d01ab0d284c0778914c2bf1d9e08ae9417757a85e338d1b962b121c4d7a471e5f9e70f57283b35f26113e759d457f9167e252e3c864fbbba412ac8a3932e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c58e019a94d52971dca4a7e86fe795 |
| SHA1 | db50772236e1dde39677706b88ca353473777ead |
| SHA256 | 2a8e042e36e6831ee63d45890f33dcabc5206f7fbffb45c860130aea87815daf |
| SHA512 | ebaa2c5660b01b55c40cbce89e8665170b5f675a603b586530a4573b284668b63b56e49459f54059e313dfc2f80c51cac18c09975f174c90bd8abc0d69b8632a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9deeb6c6d39dab7d180f0eb166114457 |
| SHA1 | 1b615474b558ccf23cb14dbf64fc66c52217cc3d |
| SHA256 | c24d967f162d2ca6dc67e137381c4dfe1b2f03d9041b136d3790dda231187585 |
| SHA512 | 6cbcd016c91c933ed668e2d63bab1c5189ddc7ca2a6f81f8f71d72899d7d0b9e913f39516b7b276f4efa73cd17e5c126d6ce0fba6aade1e32bac57b6ff317a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4419836d72ea6ec7c70c05c57c8871a0 |
| SHA1 | da0ace07a4f2f6c5f3a9ae3fc9aa146851902be3 |
| SHA256 | 1dfac178391ff3b590e149de6fc4deba30990a3854c601ab066ac741ed0fb7b3 |
| SHA512 | 7f6f81d547cf6e5377aa17c5ed30c833f55bca2bc6b65a41ca241703d01ed03fb3c79f34a7c8bd9ffec95eaf0e9389dd2c765907f9dff738a6606657dcd43aea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-14 21:52
Reported
2024-12-14 21:54
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdd546f8,0x7ffebdd54708,0x7ffebdd54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 142.250.179.78:445 | apis.google.com | tcp |
| FR | 216.58.215.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | lazada.go2cloud.org | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| IE | 52.210.2.133:80 | lazada.go2cloud.org | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| FR | 142.250.179.78:139 | translate.google.com | tcp |
| FR | 142.250.179.78:443 | translate.google.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | klikajadeh.com | udp |
| US | 8.8.8.8:53 | belati.net | udp |
| US | 8.8.8.8:53 | bloggerbersatu.com | udp |
| US | 8.8.8.8:53 | berkahherbal.com | udp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s04.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.viralgen.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.210.52.in-addr.arpa | udp |
| US | 104.21.3.77:80 | bloggerbersatu.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| DE | 172.104.149.86:80 | klikajadeh.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 206.221.176.133:80 | s04.flagcounter.com | tcp |
| DE | 141.101.90.96:80 | www.viralgen.com | tcp |
| US | 104.21.3.77:443 | bloggerbersatu.com | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.textbacklinkexchanges.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| SG | 152.42.169.9:80 | berkahherbal.com | tcp |
| US | 8.8.8.8:53 | www.gomezpeerzone.com | udp |
| US | 8.8.8.8:53 | srv-live.lazada.co.id | udp |
| CA | 192.250.237.6:80 | www.textbacklinkexchanges.com | tcp |
| DE | 141.101.90.96:443 | www.viralgen.com | tcp |
| US | 8.8.8.8:53 | banner.autosubmit.web.id | udp |
| US | 8.8.8.8:53 | sepuluhribu.com | udp |
| US | 54.174.29.0:80 | www.gomezpeerzone.com | tcp |
| US | 8.8.8.8:53 | banner.adsensecamp.com | udp |
| SG | 103.21.221.4:80 | sepuluhribu.com | tcp |
| US | 8.8.8.8:53 | viralgen.com | udp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 54.174.29.0:443 | www.gomezpeerzone.com | tcp |
| US | 8.8.8.8:53 | www.probux.com | udp |
| US | 8.8.8.8:53 | www.jempolklik.com | udp |
| US | 8.8.8.8:53 | klikaset.com | udp |
| US | 199.60.103.22:443 | viralgen.com | tcp |
| US | 8.8.8.8:53 | www.komisiklik.com | udp |
| US | 8.8.8.8:53 | duitbux.com | udp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| DE | 64.190.63.222:80 | www.probux.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| US | 8.8.8.8:53 | www.surgaklik.com | udp |
| US | 8.8.8.8:53 | indonesianklik.com | udp |
| US | 104.21.69.181:80 | www.surgaklik.com | tcp |
| US | 8.8.8.8:53 | rizkyprofit.com | udp |
| US | 15.197.148.33:80 | indonesianklik.com | tcp |
| SG | 109.106.252.11:80 | duitbux.com | tcp |
| ID | 103.30.145.12:80 | banner.adsensecamp.com | tcp |
| HK | 154.220.249.175:80 | www.komisiklik.com | tcp |
| SG | 109.106.252.11:80 | duitbux.com | tcp |
| US | 8.8.8.8:53 | www.dynatrace.com | udp |
| US | 104.21.69.181:443 | www.surgaklik.com | tcp |
| DE | 18.245.86.69:443 | www.dynatrace.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 172.65.190.172:80 | rizkyprofit.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | 77.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.149.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.90.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.145.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.29.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.237.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.169.42.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.103.60.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.221.21.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.148.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.249.220.154.in-addr.arpa | udp |
| DE | 18.66.147.56:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 69.86.245.18.in-addr.arpa | udp |
| ID | 103.30.145.12:443 | banner.adsensecamp.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.190.65.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.252.106.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.66.9.65.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.3.69:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | www.ppcindo.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| IT | 157.240.203.2:445 | connect.facebook.net | tcp |
| US | 104.20.3.69:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | ww38.ppcindo.com | udp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 8.8.8.8:53 | 69.3.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.182.224.103.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | img1.blogblog.com | udp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IT | 157.240.203.2:139 | connect.facebook.net | tcp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| DE | 172.104.149.86:80 | klikajadeh.com | tcp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 8.8.8.8:53 | ww25.ppcindo.com | udp |
| US | 8.8.8.8:53 | 224.120.2.75.in-addr.arpa | udp |
| US | 199.59.243.227:80 | ww25.ppcindo.com | tcp |
| US | 8.8.8.8:53 | smartbca.com | udp |
| US | 103.224.182.208:80 | www.ppcindo.com | tcp |
| US | 75.2.120.224:80 | ww38.ppcindo.com | tcp |
| US | 8.8.8.8:53 | 227.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 141.101.120.11:445 | e.dtscout.com | tcp |
| US | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 142.250.179.66:445 | pagead2.googlesyndication.com | tcp |
| FR | 172.217.20.162:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | hengmenroom.blogspot.com | udp |
| FR | 216.58.213.65:80 | hengmenroom.blogspot.com | tcp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_2816_TKSRIOGJMWVIKTEO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bea551bff414fcbd91e45f70be123842 |
| SHA1 | 663080dc329d8ad712ef69606a831cc65dbc275a |
| SHA256 | 7fe8eebb7e63c099e46f21e4623223dafa00f20fc2fe55c785fb00cf06f2a73b |
| SHA512 | adbe7f8d30e5ef127739818f78451d817b92328eb210b39a3104c6e3ffeffef11cd9af7b5fa5209d85ffb3928e549532b7efc7c596325b6852d91ed1a72cfe4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b18ea00274730877d00660f2f355e88 |
| SHA1 | da8840fb2f795933bba46fb0b8bd9154d9cec73b |
| SHA256 | df254cdb51574486ff7106f231192f3caf009367a4688f7917ccfde71a18f316 |
| SHA512 | cfb337ea4400b9192ae81765e8028fe026276bd4ff8f60ca4eeeac091a3cd3cd1b0dd5e52cb3e3376dd76b51d84d050243782d28597f4b06595e6c43ae076ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57be887ab191d333c1c7b0170e68697b |
| SHA1 | 9388643893c0670fc8a25295857467db351b9fd4 |
| SHA256 | eb87808fb282454af7942e1af3d30d02f08d3e698efc6204a2a65f9d2e64d553 |
| SHA512 | a74725f9cf3e989e029074a2a5ee197f68e6cac8664742a6612611df05cd077f0c84574ba7146889c6c52f5ef848e91350b120f5a29b75b199aed4728102b434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19bca6a92d0a2e3b65283355862627cf |
| SHA1 | 7922b1c5d145effd00a1de0408083bb47211af43 |
| SHA256 | 34877249a663148da617b2c8fc6638a86c8d38c3610da2d13a68aae942c5a86b |
| SHA512 | 5ec8e4905234103b5d39077352dfe6f8bce3c41d763b77127a6dc597f6314946f9001449a114fd72a69bdffb9878ce529ae1610684fad299564762471e0e9c6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4183994b97fa199ffb8f5d510c9597f7 |
| SHA1 | 4d04109dc4a9435b00b65c4c70a217e2a0bb5da2 |
| SHA256 | 71a2654deffabb0634e33edd504e2250453537b2ee6e8de2a6117dfe2b59ad21 |
| SHA512 | a4fcfea8dd37735c8000225ec4f30d28fdcba48ce0d57be23c81a36bbee51ef2daa9671c05e8b93e5391a02e5e46513863b074ba8d5e76406e306f63d40430bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 23a683f43e78b51e2decb3b2ad9e8f0e |
| SHA1 | 8de2f1a0b4b2436d4f7b092cbef4176d79a6b9a8 |
| SHA256 | 44ee66b4f886c11277af439872cb56d917fd34786b18ed2907372f6f3b9dcf16 |
| SHA512 | 5f1ac043704944b1fcb65d3e0ede8ffeced903c064fa7b3434fa14a83db99f1f816efc133b66b0c5b16f0a6a5e6c06777afd353d0fd094922251627ea983bb35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7837c4d5f65b78c73f31d707c2409c88 |
| SHA1 | 4ca1740101c03f5430c89b5986dc0c20acdf9a58 |
| SHA256 | 8bf64831340b74056fdc1d91b64a9af3433790c912905281b443eb6c800bcb71 |
| SHA512 | 191cc125b085d0be36c50a437328143999a791fa8ef569a4376fd58058415a5cc4cce894f322f36232c55a370386e7fd9777c769ab962f0700c940a4524b9cd5 |