Analysis Overview
SHA256
cd4a79079c1367b6ca2d40e188b56b28a8a9fe7a490702aa6a222e7421d36fa2
Threat Level: Known bad
The file f98dc10a31d49aadf099cf8981b79786_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-18 01:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-18 01:21
Reported
2024-12-18 01:24
Platform
win7-20240708-en
Max time kernel
144s
Max time network
147s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440646761" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AD14561-BCDE-11EF-9982-6A2ECC9B5790} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad2097af04d40b4f9f761d03d4ae28460000000002000000000010660000000100002000000001dd2de9a327c6d225f51debc246bb4c50a17805bbd017bfb121f6b86c0e14fd000000000e8000000002000020000000254b7507acec5d046c4abde726c3ed47f5294cbb8173708f133d17ca0abd7f4a20000000fdf187b70bc98e3f78e1eea494b7416e9d3ce7cc4396b9daf76d758ee76a2939400000003a79746eac35282e8fee1dd4880e0e0a5a43252534f00fefe8284fb75545329ba884bcb35edd90cb94a76c157960bb2114878af332428ecd06bde7ebccd1967f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c03d4940eb50db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad2097af04d40b4f9f761d03d4ae2846000000000200000000001066000000010000200000005fa471788bd47dd906b466bc90004848e9c0b16ad59b7334e1d0104047ce3502000000000e800000000200002000000001a8bc2f8e3797f1572271f03f6bc751c38832522b01c6dff42581057680644690000000ed1c25d97a3330003e00c506a4ff047aa2dffde4ed103b6132004466e1841b0761e7d48ce75efd0598bed52214f93a9dd24cdbb6a03cee7a98812d67c127b1c4aa01f0e619504b1eabcf82daa06bca921464885109b2fdba7f999adce55cb52a9b18199f7ad4fa5dd9ce706a8e95e8c168a1ed1e04a7f80590811ad63c9b701db92bb3b77a5d63a6dac3c2e99876f512400000003068f79e07bc5d1e9f04826b41532c0187684ba39526c8433ca0603efb4fcbfa43ed25da0d1ed8dca9f2b98124399709798dc4f4c56ebf8a5f7364098deab3bb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2668 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2668 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2668 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2668 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | imageshack.us | udp |
| US | 8.8.8.8:53 | img189.imageshack.us | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | curiosidades.uvaia.com.br | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img163.imageshack.us | udp |
| US | 8.8.8.8:53 | img39.imageshack.us | udp |
| US | 8.8.8.8:53 | img833.imageshack.us | udp |
| US | 8.8.8.8:53 | img692.imageshack.us | udp |
| US | 8.8.8.8:53 | img15.imageshack.us | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | www.dohits.com.br | udp |
| US | 8.8.8.8:53 | www.betolinks.com.br | udp |
| US | 8.8.8.8:53 | www.aglomerando.com.br | udp |
| US | 8.8.8.8:53 | vidavadia.com | udp |
| US | 8.8.8.8:53 | gosteibloguei.net | udp |
| US | 8.8.8.8:53 | vadiandonanet.com | udp |
| US | 8.8.8.8:53 | www.linkbait.com.br | udp |
| US | 8.8.8.8:53 | linkablog.com.br | udp |
| US | 8.8.8.8:53 | img14.imageshack.us | udp |
| US | 8.8.8.8:53 | img96.imageshack.us | udp |
| US | 8.8.8.8:53 | www.linkerama.com | udp |
| US | 8.8.8.8:53 | tempodesobra.com.br | udp |
| US | 8.8.8.8:53 | img818.imageshack.us | udp |
| US | 8.8.8.8:53 | agregando.net | udp |
| US | 8.8.8.8:53 | linkstop.com.br | udp |
| US | 8.8.8.8:53 | betolinks.com.br | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| US | 8.8.8.8:53 | www.gbotvisit.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | jc.revolvermaps.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | venom1301.spider.ad | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.74.234:80 | ajax.googleapis.com | tcp |
| FR | 142.250.74.234:80 | ajax.googleapis.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.74.234:80 | ajax.googleapis.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| US | 208.94.3.18:80 | imageshack.us | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.16:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 104.21.234.48:80 | vadiandonanet.com | tcp |
| US | 104.21.234.48:80 | vadiandonanet.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 172.67.1.191:80 | i.creativecommons.org | tcp |
| US | 172.67.1.191:80 | i.creativecommons.org | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| FR | 142.250.201.174:80 | img.youtube.com | tcp |
| FR | 142.250.201.174:80 | img.youtube.com | tcp |
| US | 104.21.235.213:80 | icons.iconarchive.com | tcp |
| US | 172.67.130.119:80 | www.gbotvisit.com | tcp |
| US | 104.21.235.213:80 | icons.iconarchive.com | tcp |
| US | 172.67.130.119:80 | www.gbotvisit.com | tcp |
| CZ | 46.8.8.100:80 | venom1301.spider.ad | tcp |
| CZ | 46.8.8.100:80 | venom1301.spider.ad | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| NL | 68.66.248.44:80 | www.linkerama.com | tcp |
| NL | 68.66.248.44:80 | www.linkerama.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 104.21.234.48:443 | vadiandonanet.com | tcp |
| US | 67.225.224.10:80 | www.aglomerando.com.br | tcp |
| US | 67.225.224.10:80 | www.aglomerando.com.br | tcp |
| US | 172.67.183.15:80 | ads.egrana.com.br | tcp |
| US | 172.67.183.15:80 | ads.egrana.com.br | tcp |
| US | 185.230.63.186:80 | tempodesobra.com.br | tcp |
| US | 185.230.63.186:80 | tempodesobra.com.br | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 8.8.8.8:53 | imagizer.imageshack.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 185.230.63.186:443 | tempodesobra.com.br | tcp |
| US | 38.100.119.121:80 | linkstop.com.br | tcp |
| US | 38.100.119.121:80 | linkstop.com.br | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 88.221.134.89:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.microsofttranslator.com | udp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.185:443 | imagizer.imageshack.com | tcp |
| US | 52.242.79.71:80 | www.microsofttranslator.com | tcp |
| US | 52.242.79.71:80 | www.microsofttranslator.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | www.guerradosblogs.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| DE | 91.195.240.12:80 | www.guerradosblogs.com | tcp |
| DE | 91.195.240.12:80 | www.guerradosblogs.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | ww82.spider.ad | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| US | 199.59.243.227:80 | ww82.spider.ad | tcp |
| US | 199.59.243.227:80 | ww82.spider.ad | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\xfd7[1].htm
| MD5 | c2157f3553b880c3cbcf7027bf686a83 |
| SHA1 | 49e8bdb67315ee712673d7f697a2f51bcbd12775 |
| SHA256 | 045fb77cf14740d0b9ac0e51e5bf717e7129bf5d3086e24ca711913081994a5e |
| SHA512 | 26b11a25ec87659f24436eb147e8a862d9041b863f1fa7c4936de58a8911a2a34e0356224ec4a02891c014862f56453af815beb4bc1ff2d517c24f6dd2a31ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 3e431954d4b6ce66f09dff9c8bf470f3 |
| SHA1 | 0272ed80bb6d420abce30f3d9a60f241e9419d46 |
| SHA256 | 56541ce30623c8606f7059cea8d85c1225cb87d8f4d0ba2dd2da450b2dba1520 |
| SHA512 | 6755b8c505fe77e88a6655aee556a3bbabde12e60f6591ad2eda68319ff8ed13763c5c002b646e1343da6625dc4260edbdcdf138583e9db3106859f2932824ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 45ca93d77755d53f3e9253d6c647ae2b |
| SHA1 | b8a35a647e0017f3e5715222e8d810ac3931df6b |
| SHA256 | 833e2ae8c94b0a1080dc9bb0418b43e531796414dd24e43352761613c9c956dc |
| SHA512 | 93220f692b62ba4634cf51f047bf00d0b17553487c6ef85676727e41ce85de9bc83aa6f0393e9328845db0022f3c4443d4211bd975e17afdeb0a0b8e45cbb5ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | e192462f281446b5d1500d474fbacc4b |
| SHA1 | 5ed0044ac937193b78f9878ad7bac5c9ff7534ff |
| SHA256 | f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60 |
| SHA512 | cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\dnserrordiagoff[1]
| MD5 | 47f581b112d58eda23ea8b2e08cf0ff0 |
| SHA1 | 6ec1df5eaec1439573aef0fb96dabfc953305e5b |
| SHA256 | b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928 |
| SHA512 | 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\Local\Temp\Cab3D70.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3E4D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b900a70f3535035ce1a8bfb9747b533 |
| SHA1 | 0efdb5d17c3c1779bc470b1e1a35f279530ffe8d |
| SHA256 | fa327e0b01e48755892f4bd466d97a67a5bc4913650c88294f6406f9afccd73d |
| SHA512 | 5e6abcff579757f74c9e8e97157aaeb2dedd4c3024876caf3ace2371c544e40b57a1271a70e3b1dab3a55b38b344712e66aeef1e2708b81f034c56fd4c15b548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed7973f7bb59258e775756790d1b8014 |
| SHA1 | 153e098c428dc1218bee01d6775a0a429cfb21f5 |
| SHA256 | 38955ac4017578db269757c37b7a6f5e59fd0a404340a4f4407eb0dc23f41a28 |
| SHA512 | 56858bcf92c232d87b1919192f131a0b23f13002883642aee1c956d43189ca54860147783b52ad309102511eb7b37f943c523619084307ac3d6e3be62e9034a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7cf8a1de355b501a5d610e3967e5b87 |
| SHA1 | 8bf5aeb3b617886b35eb27f584f4352de954d5f6 |
| SHA256 | 8d3cf9f21f20d669ac149813db109ef5e094394699b37a5efec63a2e701465b6 |
| SHA512 | ff729ed60806d18f825303d65ebd065259ea27c228ab87b3a432af09f02db4dc84fc3b1c404eae6140e296739df5bf0f4977ab9f8b390491e4400569eecfe5fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecab6e8adf6d72d69576ff5b4b6d843d |
| SHA1 | e9db62d9373399a75db4dc873e179a025c26bae8 |
| SHA256 | 247fb66fc126bdb161ced1d8219f40cfc39905a12ce0885cdb2549c1ddcdb859 |
| SHA512 | a64e398c0a24b9354eb76fc96fe488a2a5e99ef7804bdbac4ba4c3b593b3e6d40c62d26d02444471a2b19a8c0fb634ce9ddb380676b4da96138fbc970298c469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab94cd96110fc36630b4bfd240717703 |
| SHA1 | 47eb87f9a6c81cb743455ed0004963eeb06fd3dd |
| SHA256 | 479783f5e3c976ad7acf59152a914f69dc1d45cb72fab4e31077715e237c0f80 |
| SHA512 | 73ee6ff4a3de671a4db910265b28e2667368791aef7d098c1dd1aac8be2d455c96e82cf02ffe4c3e34b54ecc14aa9487946548ea82a1a31ecee6df6b9b54687b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec31fde02dd3c87283f1a72eac44dc1 |
| SHA1 | 7ee2ba1fa3e849c434a2f8f8a666a880f543be2f |
| SHA256 | c3c24a1a21836d86957eb0fbcf26c477dff0054e43ae66eb3bc5042adf331cc1 |
| SHA512 | 402de83da996aa4584e4b90fabaccc0f45f017ce6291cc52ed5b516f4fbbc533e68f43e22f980641ccadbf847a4cc3ff44783f2f0ec1ac649a8e748908c66fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81f7d205ae5c2b855c189cca87cdc713 |
| SHA1 | cf3645f22d0c75c90c490fa09af1d4abda2f06ec |
| SHA256 | 13b387c5dcb35f42804cc03dcc3f0d94686aa1574cd2cd0014f143caa41b1b26 |
| SHA512 | caeb9b65de86f7ed97b427e9f7eb212343a9962d81fa3a217c1d4137e43c92254b483f151691c8cf5f7434b40d0511d5d87c141baf6b58538bbf27fde7f0eb34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4822c7d8c8a78eab0f1a323fa79c1385 |
| SHA1 | 2ded6a23f0837a0e6ec81e9e380da3e42631bacb |
| SHA256 | 530ac89717c7c023a7f36d75571860f766042a8c1760db7c7f0ce87451867b48 |
| SHA512 | e3675935f447b871092a6ea8ea26dbd19d1448b4189fe388ca02331ff8ed818428b52694f10626a9e56036d5e15d735386805d9e9ab8603024df64b492df9e91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14656eae4b8fc43ecee292f5480b4774 |
| SHA1 | 89e7eb09c5a8e278084e289ba9bd3b6e6795da8a |
| SHA256 | 614948d1ca11a40f65cb3a521448e09adc9b738abed129706747f2d9cd25bea7 |
| SHA512 | 3d9b6ec8a851b2bf7a10de7e1cd2be3cb4a239769ea409a023660fd91d86063a59b0ce724e173603d724b40349654c3229cbaff72aae8f997b8a96b7100e0364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e91df74b28cc5ad4cb91b8dfcf0235a |
| SHA1 | 6e740c10d5391d153109ca06100f2bc2df78fa23 |
| SHA256 | bc2a159e0c74e454225a03df876ba24d9471cc26b4d971efbb01fa7cd4662dd9 |
| SHA512 | 484b56318b11891e2a9c49f1f4f706fea4cde8df6a2ece3fded72099be35253713413a6c8ec29450bf34c9cf2567673c8b9ea8740221c45155f978fb043e7a90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74a5101cf4460b97ed668f32f76c1d24 |
| SHA1 | d755b8db618ae7647d1d3f9d203aeed72aadaefe |
| SHA256 | e611fd2f17f896cb0a49bc96d83cf0c816878a43eb90f6167372f432a57729fc |
| SHA512 | 198ba3242211b1dc774aae22320fb3bc1e92800b28d2c7d5d223e9a1db45d7d231dd868a3ddd58acd29ceda19e4b8d9160f8f992a518bc2711015d39c3e573ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89865662d55f2c05cebcb6e79ff6078e |
| SHA1 | b701d4d61f59bc75f16833c44cf312e636969a33 |
| SHA256 | abbd3c61e180b1e2353f3f7b20bc97f3519d6167a7b5fd9cbfa2194d2830672d |
| SHA512 | cd6c1db439d334f516643f80e9cbb9025396d7815ba304bb3d42437b7d8a3e452578aecca19bf322ec73379ba20e65aa80ebdf409444e1ca40ac5a3ff2db963f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc6d4323169fdc10e9c8dbd1ab7ca5a4 |
| SHA1 | 465598ee562b5818b9ef25a2beba8c310aabddb9 |
| SHA256 | 3aeab68ed01f00bbcaba64190b68e69fe4c8b28c518e2a989841611fc470e3cc |
| SHA512 | a46e5a5b3bced70fa84527e59943fa0178d20536a508b3488ac53b3f8f98c8acf8d0437e0f9bc7027abb0c6c6ab8d8254372dbc38640ffbb2cdbf8de7e3bce5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e175e81196569e147d2164e818914d8f |
| SHA1 | 0009f6e9c0b8d011a601fbd71861765c1acfcd24 |
| SHA256 | f16a137b61407c409b153cd668d30cefa92637612da9ed23429601aba5b38e77 |
| SHA512 | 1dca185396db3e805638455859ae120a97b70cf46b3e5b3dcc1ce54b60b8df20eb9cf2980e88783ae5a142d13e85f15378cea38a897ff0e1fce95215fe7fc5e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3da77c2894a776bb8438855e9bc0b3fc |
| SHA1 | 2281d95e9129af43394baa935464b1d50af8d777 |
| SHA256 | ffc8205ad111d432e1d9febb00d785cbbcf7e3a0b450cfe69eebbac4b023bd38 |
| SHA512 | 4578f9c76bb951a5f41972ff3195a5e7f3943471c7ba329124bbe5940abfd0ecf89ad88318f96e1d25e66cfe5ae5cfc691906d20c345aec47a6ce6de1f946ddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556f40098d4da739687556e5904db342 |
| SHA1 | 5d0e92bb9a773c3fa5c24086afa35dd5c5c8aa03 |
| SHA256 | 855fe169e5a6055cec25505e851e2ac5c941228af3c9fb35e5ced9e12752a4ac |
| SHA512 | 489524063ba980506a6ba32483a7226ddcf1603b60170d1729241c5ac68515faf33a1542d37795ae1dcb8c15a13204374aed8afef11abfeda37a5df950096efe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1ffc74263f7f8d43553c790a5797756 |
| SHA1 | 00888d5837e52154105aa905bccaf18389f8c430 |
| SHA256 | 2b1724413f1c08af064ae75be86fdc90ce611839bca6d61a0bdeebc24a3f4096 |
| SHA512 | f3818b94b2199c45c9cc84d6fe6d5a4a9db8db9bfb420eb09a8541b826568a9d6388488fadcd3b19cfe2f7397fa9b29622f91f68e80c6b48278f995f87a77afb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b709bf03880915dc89988709a58c9ef1 |
| SHA1 | e825a2c54db5cb34084bcf1c5b27e1511da6eecf |
| SHA256 | 072bd0974d84e016e14efdfdf97cd34137a31bf1c80080e9028bda872c87a4f9 |
| SHA512 | 470c91faaeb858e73de96403023679a3b785aa374aeee9d74d13215f21c7b767e432e0ed423e85b28c95ca59d2f2b91d7cc3513cf9ddfab6083124ee103ba4bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8d998a4aecd4a0106e454e6a23fea6e |
| SHA1 | 596beaa7bd94188da45c1e85c5d934cb1cf7ef56 |
| SHA256 | e89f52639daf89601d7cc9d43105fb7760740377d084e579c3d5aec6b2cf3e49 |
| SHA512 | 1539e9692b21775d822728b97d86cbf105761ab6fcac35e480b7112739761f43f7bd58dc3e0f839b6c4b3fd6e048766ebee3f0d5d69336c09c35d437e850c1d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe89c13275efe7db47c29e99fa6885ac |
| SHA1 | f7ff38c57dd284f02f0069854f0e9e055a0269fb |
| SHA256 | 6f90cc40388b945e96a59a16bc16c9287c9ba7a4aa592bbf6902b0a100e885bf |
| SHA512 | df53bbcece88cea8273157d1913374e0b661428a218c23eb7ce5cf8012aac0c39e362ef4dc8f6c5d9a2cab2b9c638b77f2b7c25bb90bd0ea82b67032c1549bf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e2b7f878e60cfce9ca967a74ea2eeb5c |
| SHA1 | c64efd4bd770bef3b3bc8dc33374d69d9bf7b8a3 |
| SHA256 | eae499672adffd024bd2aa286fe932229e9d65fa3bf0ff6fa10157019abca7e0 |
| SHA512 | cd3e3a46654458e949243723e338414b2d1ccaac81be312ccb21c6a18564e2f9c634887e94f96ea83866e57cd6e81f4566d8f797b3487265341891db1e496a1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c3666e784712f1ff8e96d236e9b8ced |
| SHA1 | 9d1d5feed5b08f194d2fe23d78f9d6c853df6f42 |
| SHA256 | f9dc587a5b757f4fbd66a80db25c805a9d12ca894b29b73099ab6524ebb516a4 |
| SHA512 | 5e848087ca5bc4d6edef2afa94f00433d2b771061529e5c301ac2dc490de183537ed1e8111e29bb834b51021929d80a39e4acacadcd4af84900699e06f655c83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2230bfdec0f358873c88be823a50d564 |
| SHA1 | c0985c72c238407ed33bacca19368f8ac513e7f1 |
| SHA256 | a4022cc0547c4520a24a1ac2b1bd67880c9fa9d4df662a31c917d635092245db |
| SHA512 | a294a9991a0ec956d682a27d115e7b99e62f7c6a67a4312b37e4fedbe23b50d0b7ab786092d47d013402711c212725ba374c1635fdbbd4f1a2fdce32b865d04c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-18 01:21
Reported
2024-12-18 01:24
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b7646f8,0x7ffa8b764708,0x7ffa8b764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 216.58.214.169:445 | www.blogger.com | tcp |
| FR | 142.250.75.234:80 | ajax.googleapis.com | tcp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 8.8.8.8:53 | betolinks.com.br | udp |
| US | 8.8.8.8:53 | gosteibloguei.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | imageshack.us | udp |
| US | 208.94.3.19:80 | imageshack.us | tcp |
| US | 208.94.3.19:80 | imageshack.us | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 208.94.3.19:80 | imageshack.us | tcp |
| US | 8.8.8.8:53 | imagizer.imageshack.com | udp |
| GB | 88.221.134.152:443 | imagizer.imageshack.com | tcp |
| GB | 88.221.134.152:443 | imagizer.imageshack.com | tcp |
| US | 8.8.8.8:53 | 19.3.94.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img189.imageshack.us | udp |
| US | 38.99.77.17:80 | img189.imageshack.us | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | curiosidades.uvaia.com.br | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img163.imageshack.us | udp |
| US | 38.99.77.16:80 | img163.imageshack.us | tcp |
| US | 8.8.8.8:53 | img39.imageshack.us | udp |
| US | 38.99.77.17:80 | img39.imageshack.us | tcp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:80 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | img833.imageshack.us | udp |
| US | 38.99.77.17:80 | img833.imageshack.us | tcp |
| US | 8.8.8.8:53 | www.dohits.com.br | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img692.imageshack.us | udp |
| US | 8.8.8.8:53 | img15.imageshack.us | udp |
| US | 38.99.77.17:80 | img15.imageshack.us | tcp |
| US | 38.99.77.17:80 | img15.imageshack.us | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.aglomerando.com.br | udp |
| US | 8.8.8.8:53 | www.betolinks.com.br | udp |
| US | 8.8.8.8:53 | vidavadia.com | udp |
| US | 67.225.224.10:80 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | gosteibloguei.net | udp |
| US | 8.8.8.8:53 | vadiandonanet.com | udp |
| US | 104.21.234.48:80 | vadiandonanet.com | tcp |
| US | 104.21.234.48:443 | vadiandonanet.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | 10.224.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkbait.com.br | udp |
| US | 8.8.8.8:53 | linkablog.com.br | udp |
| US | 8.8.8.8:53 | img14.imageshack.us | udp |
| US | 8.8.8.8:53 | www.linkerama.com | udp |
| US | 38.99.77.16:80 | img14.imageshack.us | tcp |
| NL | 68.66.248.44:80 | www.linkerama.com | tcp |
| US | 8.8.8.8:53 | 48.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img96.imageshack.us | udp |
| US | 8.8.8.8:53 | tempodesobra.com.br | udp |
| US | 38.99.77.17:80 | img96.imageshack.us | tcp |
| US | 185.230.63.186:80 | tempodesobra.com.br | tcp |
| US | 185.230.63.186:80 | tempodesobra.com.br | tcp |
| US | 8.8.8.8:53 | img818.imageshack.us | udp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| US | 185.230.63.186:443 | tempodesobra.com.br | tcp |
| US | 8.8.8.8:53 | linkstop.com.br | udp |
| US | 38.100.119.121:80 | linkstop.com.br | tcp |
| US | 8.8.8.8:53 | agregando.net | udp |
| US | 8.8.8.8:53 | 44.248.66.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.63.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.119.100.38.in-addr.arpa | udp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| FR | 172.217.20.174:80 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | www.dohits.com.br | udp |
| US | 8.8.8.8:53 | www.gbotvisit.com | udp |
| US | 104.21.3.75:80 | www.gbotvisit.com | tcp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 104.20.6.134:80 | i.creativecommons.org | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 8.8.8.8:53 | jc.revolvermaps.com | udp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.215.227.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.6.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 104.21.235.213:80 | icons.iconarchive.com | tcp |
| US | 8.8.8.8:53 | venom1301.spider.ad | udp |
| CZ | 46.8.8.100:80 | venom1301.spider.ad | tcp |
| CZ | 46.8.8.100:80 | venom1301.spider.ad | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.7.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.8.8.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| FR | 142.250.178.138:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| IE | 31.13.73.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 67.225.224.10:80 | www.aglomerando.com.br | tcp |
| US | 8.8.8.8:53 | www.microsofttranslator.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 52.242.79.71:80 | www.microsofttranslator.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.guerradosblogs.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| DE | 91.195.240.12:80 | www.guerradosblogs.com | tcp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 38.99.77.17:80 | img818.imageshack.us | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 67.225.224.10:443 | www.aglomerando.com.br | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.sedo.com | udp |
| US | 8.8.8.8:53 | www.namesilo.com | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.79.242.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.110:443 | syndicatedsearch.goog | tcp |
| FR | 142.250.75.234:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ww82.spider.ad | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 199.59.243.227:80 | ww82.spider.ad | tcp |
| US | 199.59.243.227:80 | ww82.spider.ad | tcp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.73.13.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.243.59.199.in-addr.arpa | udp |
| FR | 142.250.179.110:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| FR | 142.250.74.226:443 | partner.googleadservices.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 226.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 216.58.214.169:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_2172_SURJTPFTSEHDYHRM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5ed5a0e25f137fb4c091a81d49c7cde |
| SHA1 | 9ed527895e7b9279ea4da1f9e231f0950a19c78b |
| SHA256 | 8541cd11d5bbab403bfdffee6a085a6bb9e3acc1759def7334ec5507ace4b545 |
| SHA512 | 27c666e0e4307dc21ab9e6b3b1e1c74b4c826740a1c719387e47b85a1e3ea8d7f94b35e1f3d856e2e17ac1ca667e16a57146c05e80d30d67c96e683e2b2a90f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | deba05067a6877e890ac846f422cf5ac |
| SHA1 | 8bf1aaf604ecf037bfb5d5b0868a17c85714cef3 |
| SHA256 | e46a1eb55493a433de45706afb2f679fb255550f9094499191a683d9d98a2f9e |
| SHA512 | 6d4bf82bdccea82ab2d7dd440135c8a89edb4a9475180862f86c0c1c80be4b339e50347020b34ccb4dfea548c3d63080284672886d818f07ae9e630801100d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 560a7af378b4401f6fe71749bfdb96d5 |
| SHA1 | e9713ed4a6a3309f7bf347f3e9d5fdb55c6f8fc9 |
| SHA256 | 707f9fe05638f56d0111cb18f1000bfcece5243b499969c31c77a5833447ca3d |
| SHA512 | daa842b3fb07b258c884f30df0dc29fa457ecc2f01d03ffd11f97a5950f330856bc6e6bf3fac36867fbfa391c81f6593b57f293f07cba6d04cda425f92d20bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f60052e7f57e07e57fd9f3d5f9f0b64 |
| SHA1 | fc5bf41283d7c1a1ebfdde97c8b0221f3721af43 |
| SHA256 | fdc623d5dbba67e10d0ab8aaa1ba3c17aff15b6f3a04be9a9a812b1a664d068c |
| SHA512 | f9e03658872bde167a71736af46017d2124e014a8ea8f148609b8409560601699637110960bc231e9b5a1994bb01673d774c15704847720c4ed1c10258ab5b96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800a7.TMP
| MD5 | d631f0d9d539e9a125398a317c341d7c |
| SHA1 | 0784571dcd097b2bcfbade8d6bba2f55202b71b5 |
| SHA256 | 4d1e9f288d5c0bb7d46c2b7888b57655612b8e095a3f7ab07d5b037f9fae30ce |
| SHA512 | 1df5bed40f1fdf6b6d14944baede504b3db0a1b5297d1cb155b310b2ec3878a285583b7a129661c3481f3451e7084b95000d7571bbae8098f26fa7516d7b11c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41c0ee0190922969416632a2be9a8256 |
| SHA1 | b6b4b6065e879560c532d98ac00cd1a871531904 |
| SHA256 | 0174a46cba6e9121b341da34a4a43e59ef6b84872581140500b214eaabd5138a |
| SHA512 | 1afda272ef32f5c4e3ee98b40cf3e00f53fb8ac628dde9b63aab390dbdc0b1dbff249c2fed56c1774ddcff06f8785ee7cfee40cd89b2dc8ced197b0c662350b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6c7c2a7ecf11e40a5b74333243b5ce79 |
| SHA1 | af0da7be98f6aff847644503a154745a2a286639 |
| SHA256 | b18e17298d20afc789ad26e57998b7a36fb0ff7e4661ff452800006686c2c735 |
| SHA512 | 424e459b9a56b0214fa4a027c04671af32217ce3a8c59d3b73545201e89c5641d5e412c68b92e1c4198b8c224c0560aa29f8711b781d5f1acc46f3e30ccbae12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094b9b041c170b4c428dbe38ee75741c |
| SHA1 | 89dd09618d97625b41de03d4f8eec322be9b3db7 |
| SHA256 | c5ab9654b831028b089a2722ea8c2b78943528613364f7fde303c7c24bb63d59 |
| SHA512 | 2fdf478b6ebe5047a3ea4fad1d700e80ce78e6e2c41203265d31475be0e2f6ea3ddce83c7f1d3f2b0efed948235b3b7fd1512a8f7ea7a7a23eb242cfda08ee6b |