Analysis Overview
SHA256
cf6d2ffcdc893517e237c9feaf64ad036e0c7c00c1a3f50fca514a4c6765981a
Threat Level: Known bad
The file JaffaCakes118_68d2ffb15a8aadd9408e7a527eaa034a was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-07 14:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-07 14:43
Reported
2025-01-07 14:45
Platform
win7-20241023-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000002d8d46b3b1f7aa481a4f511be3959cc86be328a09b77d75803a528fd68aa3659000000000e8000000002000020000000dd0cf2d96efa5c3bc69818fcdb06f95c15ef90446e991689111ad3e50b9a072c200000003fe55202a084e83f0e2a04638c0f9555ca7f2189f0cfeb567e5a71279551930d40000000eb38ac192d993859ea543b7698632f22d6e4ce4463eea68c15f65f63c5d4d41ebf3dae2a83a45e6d7399b9cdb2ba2c4fd55c9d1b5924332f0a852de6641ea714 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8FF4B61-CD05-11EF-B387-F234DE72CD42} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04eb7a91261db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442422861" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000007aea0b76f2ef772233c48e97ad46acd2ecdb3a8fea24bae2c26cd19332e26f94000000000e80000000020000200000005d2663434e111eb5823ec7cabfef87aa2ed07eb8a6dacfe7dbd002ebaff340b4900000004bf8941e5e009d157d670d8ced662232ce6bcc563b96bd2de00fa22afdf9993cf0e7361f3d7e0a79c922e0127b17c978ee202d4907c34c2967e35fe8658b647f6471bed142de4a3737996f2d20e99cac0a5927d4f37cafcdab6e108417569167b1ee5a15564eb29b170005b63f7bccba786313c01888454763918ae899710b7fcbbd4a0dca78d98dfcde1bcd3de79a1940000000d9f0f26960205f15a6f6caccb08a7233973b336fedac3013dbad2f82ee1b194548f8b4ff6708cd25eec5cc0d218a9f992c779a1dd0a548a12f982aa9c2544e94 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2116 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2116 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2116 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2116 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68d2ffb15a8aadd9408e7a527eaa034a.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | naughtyric.googlecode.com | udp |
| US | 8.8.8.8:53 | daftar-javascript-kami.googlecode.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | raxterblog.googlecode.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i1107.photobucket.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | misbahudin-dcaesga.googlecode.com | udp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 108.177.96.82:80 | daftar-javascript-kami.googlecode.com | tcp |
| NL | 108.177.96.82:80 | daftar-javascript-kami.googlecode.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 108.177.96.82:443 | daftar-javascript-kami.googlecode.com | tcp |
| NL | 108.177.96.82:443 | daftar-javascript-kami.googlecode.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| NL | 18.239.18.50:80 | i1107.photobucket.com | tcp |
| NL | 18.239.18.50:80 | i1107.photobucket.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:80 | img2.blogblog.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| GB | 142.250.179.233:80 | img2.blogblog.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| NL | 18.239.18.50:443 | i1107.photobucket.com | tcp |
| US | 8.8.8.8:53 | dloetz7.jw.lt | udp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| FR | 54.36.158.42:80 | dloetz7.jw.lt | tcp |
| FR | 54.36.158.42:80 | dloetz7.jw.lt | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.free-blog-content.com | udp |
| US | 8.8.8.8:53 | www.clocklink.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | hosting.gmodules.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 216.230.241.100:80 | www.clocklink.com | tcp |
| US | 216.230.241.100:80 | www.clocklink.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.225:80 | hosting.gmodules.com | tcp |
| GB | 172.217.16.225:80 | hosting.gmodules.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| US | 103.224.212.212:80 | www.free-blog-content.com | tcp |
| US | 103.224.212.212:80 | www.free-blog-content.com | tcp |
| US | 8.8.8.8:53 | static.googleusercontent.com | udp |
| GB | 142.250.178.1:80 | static.googleusercontent.com | tcp |
| GB | 142.250.178.1:80 | static.googleusercontent.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 216.230.241.100:80 | www.clocklink.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9ac4d49e95332c0c728066b2d1e0b68a |
| SHA1 | 515584869738e98bdef82bdef34409a2957265e6 |
| SHA256 | 7aa94270721494660d5d17c3cf03260f942e9458398285c9512bb1ced3237ea2 |
| SHA512 | 27ceaabe6b959a944a409753fea9f1a97388eb8889904f886393b0359221166825022bbead67c154a22557b82ccbddaafdc8cb913aa231863e3c0ae0523ca77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 69462b025421e6ae2327a7e8a4eaf2c8 |
| SHA1 | a1bcea53d65ae18b6fbe17280e88c7e18ee3c383 |
| SHA256 | b63095167a55e20e41344ec3cf370739d9bbf77ad1708f3acc00731f3d7c2811 |
| SHA512 | fd2a11f089cb06a6002bbe03298adc2477b4ca61342150f29f72c8adaf7e4cebaece5bb2a81c0608ff0d8e1f0ef1a7566abc47987cb1ee4c6cc22649b2ee1eb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 49db08986243c8ab4ae4bbbf8846f6e3 |
| SHA1 | 3264e1d298e90c22f96a1dedc3b9a72f3f81c93e |
| SHA256 | f4eaa7e46605a4bbfe067e88d58aca28e672335d0f2c66155a63304da6bb0956 |
| SHA512 | dd4ad868e1dada0dbd4ce8b27df4b11d51347c4dfb1a9ac079016e40be4882dd28292b3f54c2f58d5e538e210ef42b7fc49b303559b05c5cbee55da14a16f1b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a00bc7e2c29b2ddf2e422a183ca15e3b |
| SHA1 | c803f808c6624aaf4058cd7b550e8b401279750e |
| SHA256 | 0020cd4c684eb8ffec5e088a0e0024a90d96e4def50e550303a84b3d91b92aec |
| SHA512 | a5451878ebcdc2e4a36963793f654ad63a2a4e2ef9aa4e90cfedfaba12437d0d15ebb49cc24e4b008098e66e0dae736517daa7da14c0c6408abd3bc954dbc216 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 264067542c9e78fe9bf4e52816f981fb |
| SHA1 | 0526b30cf28fbb2412d26666ae1f790d016cd982 |
| SHA256 | 410369a36cbc6be3808472d50ff4c4df6e862e1e9a618a22a01153dfda09688e |
| SHA512 | 45f6ffea0aac4c1a7d49ab666940123dab27b909c72e22157da0b84bfe76c30c3bfda851a161487852385c6f231e8e6c48960cfac0cbd087068879b342cd9566 |
C:\Users\Admin\AppData\Local\Temp\CabBA4C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBA6E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 878e23db7a0a76e2c462074e6141652c |
| SHA1 | 6424e83de5d1d91f7393d0ebd4b20009081a83d4 |
| SHA256 | a0d8f50cb43da3aaf0ed333431919be419f86f52ec8d02d856805cae09b19280 |
| SHA512 | e65cf02dc9cee767cf4f738fc9dab709c6ef1632ac0f45f741e260e91bff8d988cd0e046b617f39582ec85cd40fac6749485d2788d92d219994567738cce225a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931
| MD5 | e283ef04d99be6cdfb892ac5db642765 |
| SHA1 | aac9560cf9f439d62b9e5f92e648ed2026f485ae |
| SHA256 | 281eb805ac0ce176e909025b287d312812eaec770e9c0cf233456773f974e49e |
| SHA512 | 82cfd45a3deb860f171b1313e77b1e9e29171c70992f95e9611b9b7391bf766afe3ab989aa3dfca6d0fdfa9e18664beb234b260ff27e74d20d42fb47ffd9d242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec6d0da5d0d8fca0f5b97d779eb2550e |
| SHA1 | 4719edf8d2e83f64efc08159b07ef499f723a82b |
| SHA256 | a6a0e4306f75faf36fc54f40a5172a18696744fe1a7d38899acd95d0728b764e |
| SHA512 | 1978f6af565bbd976f4cac37e5fdc558834dcc391da2642993a4b7492a70642b7c0862932e57d2db7ff69affa4d772bdebddb47539f5f563331cf9c0adcf9367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7d7aff96f1670380591aea569989290 |
| SHA1 | c2ba1aea613662472af9c8a9c2b2a3a8d086b75b |
| SHA256 | e697b504421048bb0dcba07a5c633a80719155d679e81c761c7c85006f69c935 |
| SHA512 | f42df6a6922f583973d1a36d978cb7369b133db7b7cd4e1b2074cc1a3960f0efcc21db2198e69d8c5021f893652a2a9ee881e39919eb8268569742b4324fb469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccc7b607371f2d5546fc658f589cc2be |
| SHA1 | 4294c34b3fc21747cd0f3ad0cb166693d54b15f3 |
| SHA256 | 8097046f6bc390d8fa292ff1a7e9e3fa81dd4b8ff01865199d40c04e95981943 |
| SHA512 | 6a97c460bb792e1f334cc3fb99e5b0838e6b599585f7de680afe2d59edcaf07e2296036af485f8c27f107c89c9bbd58d5c19f2995fed3271fb4a03413fffc8a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31f4c22d59508ec12f2e4e85dce836d9 |
| SHA1 | 476fd15b1ccac5fb5ae837dbbe28a11324171010 |
| SHA256 | 92cbcd300d85ed5b5c350df921b5e5bdc9b6081a67c12da00ca22b27d1b5f0b9 |
| SHA512 | fc787c5849af69143e9dc0ed41949a693a3f0cd968184d9b071b5bd08d4476bd6fa9e574b21fd79ddb050168073cbeba72caa114955ef7b2feac06742473ab37 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GP4P3HF\recaptcha__en[1].js
| MD5 | 19ddac3be88eda2c8263c5d52fa7f6bd |
| SHA1 | c81720778f57c56244c72ce6ef402bb4de5f9619 |
| SHA256 | b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 |
| SHA512 | 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GP4P3HF\dnserrordiagoff[1]
| MD5 | 47f581b112d58eda23ea8b2e08cf0ff0 |
| SHA1 | 6ec1df5eaec1439573aef0fb96dabfc953305e5b |
| SHA256 | b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928 |
| SHA512 | 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\httpErrorPagesScripts[2]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc0c42536d37d0994f2a311f967b95b |
| SHA1 | af84fcaac1d3f40cc91be5b326f2ffa5189e40d7 |
| SHA256 | 377c0a535497ead8b4a43d7f1d2b695e06b980662de5ff671692f54511824853 |
| SHA512 | c88faa3f026a2df0fe8b90961f37af5b1bd82c79eade3faac65a1af964ae1d1065db5d4bc7488368300eeda7107940e5de8f0b32b1c58a29c6dcc52d7ec0f220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d478fcf7a1412233ead896e7d4bf0338 |
| SHA1 | 31e33492dbb0b08bbd406b79feb3240ba0c3a0aa |
| SHA256 | dea71590c07171af1ee6240ae29d0d27569f05fde319bfc8e0f485b788a0c215 |
| SHA512 | bbd694ce79bfcfe002ff0a2cda8081fd74ac69625383d2e39227d4e9fa2e82161519e61619401670ffc234329953ce45b056e01e75704f0f5b389c8a735518ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c4c081c851b6c2af03ea6e07fe4053d5 |
| SHA1 | 19176ed264ab0b83348d11dcb890cf6683e57f9a |
| SHA256 | 97d0374c220cee47e26b2d1826ce10e43e26daaadf3cf6b2847b585efb7b8cb2 |
| SHA512 | 46b13035b94c26c10700b44436fc18be38790e6039d59659aed03bfefa55968e53a8fe9356e965282cec3d205339c0ecb5518317290d45dfaa6a2241d1fd2d85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee37b1dee06a858a0f688a31c5044063 |
| SHA1 | 77090373e39770143322881d0913669c12081da3 |
| SHA256 | 115d7d29a083001ef0d3c6821f29d87849278e64a6849ae1e10190ed7d0a255c |
| SHA512 | 760bd592e0ac66ca988044f724cfab4e35da61ea00243ba4ed257a9ff64391b98091dad7503021acf9a608c7d7b47ce5d1b9bd159b3f7f32f43c451e6c2c5a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeec2e4f31a60d1652d75f051b1552cd |
| SHA1 | d4644ab8515c1464cde4bfba255e58fc823d28d6 |
| SHA256 | 3acb4015eb9772522affc39bd2386f55a061eda3ce1ac34e10525d86581c018e |
| SHA512 | 1cc59fbd367859e3591089eafa756fe65d3b4960003130ca522bc319968d9717064f62c88c33e30522d466fab8146e653ce2e2f11309a4995c9ae5f7f32a1b18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71070b3020182ba6db86f4624ea14931 |
| SHA1 | 0bd5b3d885dcf9f4ef1b69007aaa7e9e88a2bc03 |
| SHA256 | 4b6d3f72a43e9c85cbf794059ddb07bfba94b7d8c6948bae06a40a1033dc4f61 |
| SHA512 | 60e61a2e68e3bace8f1fb2e7a8a4ba5a2f6acbf505332a5bab0908ef848dd15d9bd085b0e95f37653ce8896e7c8701d299e418986a97cf70f4ea332da6da80ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51ffc86619fa7386820dd33acdb500df |
| SHA1 | ad531c7992ba8d419efda90426ab2f4516de759a |
| SHA256 | deeea91b935c0a95e4bf3f17b491995e61d91ca51fd509b8f3f620477b7bbb85 |
| SHA512 | c537649fe10e41fe682edf5b04cfbec33510f2d2194101535de540407c869e672d8446faf34152290c45d17bee2f871e7511a97eb577c7b5f33d227691974fa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e51280e68188d541205e652df3c201c7 |
| SHA1 | a9b7aabbea2c2df687c8f79a25885046e6805663 |
| SHA256 | 954c8c240a2ee93df877bf20856e991a29994a2b63f1cc80528fc84ff6ac7957 |
| SHA512 | 29a85d954daba94400cdd793e858642b3bb8b4832db9edd21f2a3bc80886e5b728b9c7b7acad5e2d5dc1c9ebee93304bbe46630aa16e5b0d44ded3aa7d54cec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6d2074d26b9203fb7cebbd859747837c |
| SHA1 | 2c48776dfc6b79f37e5ae4975041ddb0f9241a7b |
| SHA256 | 6de1390416dce30378147f8520e465ce93e321f55740b48e6072044120bd8d6e |
| SHA512 | 3428da094452f45791c1e62983d4523ce310a48fd8836c9427bcccbb6943410545c4da9f5f5ba9627a31bae52cfc275f1a702f24b1e31ba5d9bd944ab62a5bc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e4a1a917c45a9ae29af27d719a9b9c5 |
| SHA1 | 85373e261e73a07c0cf3ef145c7730176dd77369 |
| SHA256 | 1d31ee813016e0ba76f56a40932ea7a9098dfb83c77501dab5abd41441002252 |
| SHA512 | ae7fd4290a59afc20bcd3703c711fbc2b3c058cb78f089eaf726b46e86042ff0a4c8982ffd3b9e83125bb3dad91991a2f860250890b3b9b9a1e293a12f28366b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23ae50ad4d34d42fbe884688f245e70e |
| SHA1 | b7961e0edf94dff0ac2aa0263264d33202ea2f25 |
| SHA256 | 26b592447623974dc868fcf0d2f4431459c76db97d987a07914e4c8e3808a92b |
| SHA512 | f7ea4e7c718430ab9a6331b39e079fa047c2988cf17df3b64b76bb2e9f9a8d7cc68e86e36cddca3c838266d8a70112b669841d37291bcfa3148bc52f79e0d5e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e9ea127accd10c3f32ffb56324e7e1e |
| SHA1 | a79652bc1bf17556b873480aa4f4311f90ece3e3 |
| SHA256 | 24d654737c7e5652e9d34eefc3179625f97545ce68d94bad09e4d5b33023912c |
| SHA512 | 76d8f2d6b637fbdd15816ce32c68e4ba45e80939de841c266cce05ff5e8872df28d7d591565bdce71488bd945afed35e5cc9ea974f64ccf1084bfc3fb3ffe763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9fa072e69810a486216b86ff53da66b |
| SHA1 | 1cbc7fc91030397d9758f5ce37104f92ffbf5f66 |
| SHA256 | ee341f3f301b44fcec2daefcfbf49b868db75d92f13de40f96644894c345cd2e |
| SHA512 | e7b635d7ad9da9a3975d870aaf4bf5bc6e86e7671a61aea390ac3cb42b84f6879ca9b5bc2f57edd224c2866c3a47b5c6a4661b6b554435990e08cedf0f5bf40c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42be7e7062992b502f3fb04bc1721004 |
| SHA1 | a3beccd5e538de1a8b0ee649762c33511d511e0b |
| SHA256 | c6ffca4d9233be6e59fecece6732c8b11517280dab905279b6ce68a551280ac3 |
| SHA512 | ccfeb93dbe29f2021aa918c1ec6a20de670f79c91ef73e137c47bc13ba5ee9b3d8fe4945d2ac890304a57570b08f82195dcb3c4c49b5a0e6e77ebdca64aa7438 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32d2f71fb9914d33c03e222707b9ce1f |
| SHA1 | a7d05e6fcd74be1da525c0a021c0e858c2c6ff10 |
| SHA256 | 807f3acfa2ece478b5b4252f15e26b390f123a9e21939ddc08dd2b746d5fabfd |
| SHA512 | e1c23e32b4309232577f228102709ab4e7d3a3da77a1b778433546930afe3881d7ddd5ac7f4c736a1fa7fd13bfd8705ce630f9cd67c39973a5448a97d0fb9817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1d1b1457ab7eaaa55c32ae3d7970da9 |
| SHA1 | 42f05aaeb255c94149758011e859671b08a61e10 |
| SHA256 | 6d255611f4dde94f8701c156128c51ba000150f1932c7545a94d2bbd27df8123 |
| SHA512 | 7be2d5998020f719b575d97c62687edc29db07ebde3890a42c1ac83b8fab4f770392aff1fef1a9bd6c0401be3d75b75ca4d4f774caf5a33311c574ac7b8229bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaee929a030900466b19e0f0234f6ee9 |
| SHA1 | a4b759ac114b529a53d2ad20c846ee793355303a |
| SHA256 | e585c985c73171380c1212428be12d23725dcb05fbb61d05d206fbfa99e4350f |
| SHA512 | 590a2587b239df69835eabe2e9f2b512b7be5d5e78543f19ed2d47d724f802a692c06e59ff16fbee32b3118c8c26a564b1bd043dc464ab8d3d69b807eeb4bcd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa037d0613f35e26ecc8e06f4c00086b |
| SHA1 | b74574f9977612659a02d085ee05425a6bf9ac9f |
| SHA256 | b37bda583dd4dddedd36a36fc29159d2f26da457de3311107617be1dd846a915 |
| SHA512 | d26d7cd229044b5a8bf43c22ed2a3cbe19066be75c7d52d242f3e38e754b50db9e0f6d86c9acdd2c85e476549a8972eebfe0dd33dd4656cc9151628cb7ff6f4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed1e664fc7e2fcbaea5c05d377afa80 |
| SHA1 | 0ee9e95be861af7d4c0205c702eceab9fb16f997 |
| SHA256 | c6951fc9a090c4fcb6de87d908344f70ded9bfbeb01d8051617e8240aa2d5798 |
| SHA512 | 585a25f879ff4713cbe8079e2b5c2b94e11b702f62d64aac8f265bfe09c58054c3035583601dccb3715013b0bc01d31e5f5f56c57b6a0c364dc93b9df221659b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21e4eeae668811bab2f706303267805c |
| SHA1 | 70d33f9b107317f6106d7652f695858853145821 |
| SHA256 | bf4c2672d3d4c766220bb63c365a460186a153881b77236790c64e9051ed6fbb |
| SHA512 | f4542e0f6601b2d340ede1e6e9569c30a0445d9e7c15333d25fcf91fc23c17b888b933448f3d2d3365808ba68a464ad2d0ad73653438cae55f792b4fad0c33f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9ff7527395febae9d749292d0e3bc90 |
| SHA1 | c669f3d52e38e1ac155a0ecaf8deabc00cb9dba7 |
| SHA256 | 28bf3499e20dacde7344d4cadca9af8fe9cde42e9eb901ae2f1ac1f1d1093b7b |
| SHA512 | e97155bf70639fe04ee10864ecfe3aad56b8a04c14bc2d2333df7e806699c211509e537ebfb1e347c70de07e8308be6dc0ff44c92a9debcdf79a1bd2cfdbb401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c0353184510f921d5a3a53fbf009993 |
| SHA1 | 41e5a3553cbc7da01e8ead3c05edc82bcec7ca3a |
| SHA256 | 04c80082c6658c92f0384e79a079c42d9e22cce7e324104e125116e527394351 |
| SHA512 | dd335cbf26791149a42dc2bb7c842cd85f55b9ed8c19020a586b0ceea57835c1c96f2f35d50e6cb22ad3624f67b48f0da4e31cfa68da229c1e0d8d628227f7e8 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-07 14:43
Reported
2025-01-07 14:45
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68d2ffb15a8aadd9408e7a527eaa034a.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80db246f8,0x7ff80db24708,0x7ff80db24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14399672523288657878,14061916237570068994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6572 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | raxterblog.googlecode.com | udp |
| US | 8.8.8.8:53 | daftar-javascript-kami.googlecode.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | naughtyric.googlecode.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | misbahudin-dcaesga.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.238:445 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| NL | 108.177.96.82:80 | daftar-javascript-kami.googlecode.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| NL | 108.177.96.82:443 | daftar-javascript-kami.googlecode.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.96.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | dloetz7.jw.lt | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | i1107.photobucket.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| GB | 142.250.179.233:443 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| NL | 18.239.18.50:80 | i1107.photobucket.com | tcp |
| FR | 54.36.158.42:80 | dloetz7.jw.lt | tcp |
| GB | 142.250.179.233:80 | img2.blogblog.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| NL | 108.177.96.82:80 | daftar-javascript-kami.googlecode.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 18.239.18.50:443 | i1107.photobucket.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 108.177.96.82:443 | daftar-javascript-kami.googlecode.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.179.233:443 | img2.blogblog.com | udp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.158.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.73.13.31.in-addr.arpa | udp |
| GB | 172.217.16.238:139 | translate.google.com | tcp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.free-blog-content.com | udp |
| US | 8.8.8.8:53 | www.clocklink.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 216.230.241.100:80 | www.clocklink.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 103.224.212.212:80 | www.free-blog-content.com | tcp |
| US | 103.224.212.212:80 | www.free-blog-content.com | tcp |
| US | 216.230.241.100:80 | www.clocklink.com | tcp |
| US | 8.8.8.8:53 | 212.212.224.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| IE | 74.125.193.82:80 | misbahudin-dcaesga.googlecode.com | tcp |
| GB | 142.250.178.1:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.178.1:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.213.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.179.233:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | partyfatal.blogspot.com | udp |
| GB | 172.217.16.225:80 | partyfatal.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_3156_AWSCASQHGAZQOPNS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86fa2137d28ef829bf5374e7fc523efe |
| SHA1 | 6b0a4a88000c3a37425224c538580e38d9b6116a |
| SHA256 | 4aff24dacde454211fdfc7fd6a288da315c997f7f919454c2c96cc1257646d9b |
| SHA512 | 6e7f723b4d2dfc89b16a73d5c5d3e49229b52bbfda59234ca4217bc03183bcb4010dedce7590f3cbf65bc7c752c9d2bc7f081539d55f6444e7a06dfe0e8a1acc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 11dce2184204e422fb0ce9e95eb5be7d |
| SHA1 | 6d92eff8e3214ff1976518eb14ba17dddcdc425a |
| SHA256 | f6144836f5b0cfd936b1be15b1b12d882b8a131c577d7748c10cf1a9575cb661 |
| SHA512 | eb1d14900127b07d7b1b6e95c05f83872dfddec1c99dc336147f5a293ab04eefbcc7768b30fd7761f52713622085669c713b03fcab57a2effa5412b1974c3271 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 525dbeac0ca42e3f672fce13d2300dbf |
| SHA1 | 1dc4482c4cc67b2882a630f2576005a11e9e3535 |
| SHA256 | 0bed69484fbfbbda740bd8b5dd306385dd6a611af909a8bd6dd3f3f865f3cd2f |
| SHA512 | dfa1e5b64fbc337c0e7220390618c5b10bcfab4fc81889fcd063ae7a7d74c0cd1753c123f008ed2654fbfa07dd5303044d16aee46f21ebe1eab7e3148d2400af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b94a8649e5b84889f0760607af550c96 |
| SHA1 | 378063c87ed867b62df820bb7809f3ddc8860168 |
| SHA256 | 5613f93c5340e254aad251b458d5ff4dd7baf42ede80c3be03ee170f3716694c |
| SHA512 | 30e34da5dd8d00d7f574db40e7c1ae24462fefc5ea8154a69f548b7c36196abce1e822c4d56f45010499c20217ebda8d70ebc497d5886ffade81175b4979aef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8ea12c49892bebf082e9b945fcbeda04 |
| SHA1 | 682e10d9db03933edfedea2989c93b2bac34a327 |
| SHA256 | 44f58329e0956fad7cdfbb050663668ea632ba751664ab306cfc591229c30119 |
| SHA512 | 9141a0efb496154209f40e21d4d8555c1cc34ecb19bbed1f47d788f004b17ef23a89338721aeb12c5377aadc68627fb554f3f606b151445bbed851fad73275e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9089e8d939fa9532f994181c04bf4db |
| SHA1 | 8d2263f2cebc32dadd551a834cd161a4259780c1 |
| SHA256 | f20df2301325c2fe4aea29943c160164a605f8388e584297348e19af3a96307a |
| SHA512 | caa7c473aece5c56db5bfbad56aa8457e878760cf7c5c111329118186aeecafbeea942b82eb16c63441278d1046f88f41b6a2d7e8ec7c46c2ac7bbae7e7a7237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 14735a2325eab6cfb8351f3d6d606573 |
| SHA1 | 4e77acae55b65d5594d94889da5edadddd7a7cf2 |
| SHA256 | ea161ab7d79ac26f347a639ffc94629da29828a64925816d697de662d0e435a6 |
| SHA512 | 73eced11fb5b9ea954a6b9d4e563c196e577e26af71720fba6959166971667d394b2ceadfad63a6fedf911eaf0f7f7f0c58347b3e5262781a9b06b8e4b545a65 |