Analysis Overview
SHA256
fc32bba627150a93cb6d7ec61b5c38aa39e151dd8fcf03d922f167c6f87c96e2
Threat Level: Known bad
The file JaffaCakes118_555dca777fbf086a5c3f41b3c295144e was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-29 09:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-29 09:38
Reported
2025-01-29 09:49
Platform
win7-20240903-en
Max time kernel
129s
Max time network
150s
Command Line
Signatures
Detected google phishing page
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a842d83272db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAAD5131-DE25-11EF-ACDF-5EE01BAFE073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444305858" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecc1e5e3df755b4e85efa9196f29fe8200000000020000000000106600000001000020000000d7f04f6cd382c0fc3a9e82c6f7d55e1cda3080a8df8720bd1ad82d6b31873775000000000e8000000002000020000000dd4d540fa4301e7e6dee982fa501a74c264370e5f3af5ac54e1f10e82f7456b390000000515c43c784f0dac427b609ed76dc3c15aa2a5716cabfdef619668cfb456bfcc565d03e1fd330b2c3230ebc3a3007d8bf69424edf931908e86b767fd10b7610b49385289b36c0b4a64c46ef86baf544c4dc78f10b60f2daa032d9446866fa497aa31cd0a6f6a97702b6b8f79117744d6e7795a0bfe44e0d92153021cc416506dfeed8a283a31a0fa8c198a88380ac76104000000000f8bdbe9a4ee6a84fdbe7a690d3b5f743ee9f17e8b7b67a7ee1d982c5e1387696dede7a812ea137eb2cba91e26d02a4fc7ce2313045f2f6a74afd3e2c91def2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecc1e5e3df755b4e85efa9196f29fe82000000000200000000001066000000010000200000007ee0c66fd1a2395f288627952ebfd041754cb34c5fe19756a72c0d41bc397b4f000000000e80000000020000200000009115b25403f46f35d3fe5dbed29cd5e08ca2a6ebf79be9bf02a49d832186c48520000000fc3c42c7d967e2e9a707389520df405b2a96b288d3b8728371540375c8b12d7b400000002e31ec30cd20a9316718cb8dba8474662b17071ab01ce968f09408e8a4233ba649c06e4e7d013906999af857dddf949bc3ae366c5021dbfc42b254fc04ff42f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2280 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | al7lm.googlecode.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| US | 8.8.8.8:53 | mezaty.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | thabbet.com | udp |
| US | 8.8.8.8:53 | ajb.ms | udp |
| US | 8.8.8.8:53 | img102.herosh.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.poparb.com | udp |
| US | 8.8.8.8:53 | www.feedage.com | udp |
| US | 8.8.8.8:53 | www.feedage.net | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| GB | 142.250.187.201:80 | www.blogger.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.187.201:80 | www.blogger.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | widgets.5z5.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | dir.blogflux.com | udp |
| US | 8.8.8.8:53 | www.adfreeblog.com | udp |
| US | 8.8.8.8:53 | www.wikio.com | udp |
| US | 8.8.8.8:53 | www.indonesia-blogger.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| GB | 142.250.179.238:80 | sites.google.com | tcp |
| US | 8.8.8.8:53 | www.rantop.com | udp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | xsltcache.alexa.com | udp |
| US | 8.8.8.8:53 | www.prchecker.info | udp |
| US | 8.8.8.8:53 | hitstatus.com | udp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | adf.ly | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| NL | 157.240.201.15:80 | connect.facebook.net | tcp |
| NL | 157.240.201.15:80 | connect.facebook.net | tcp |
| GB | 216.58.204.65:80 | lh6.ggpht.com | tcp |
| GB | 216.58.204.65:80 | lh6.ggpht.com | tcp |
| GB | 142.250.187.201:80 | www.blogger.com | tcp |
| GB | 142.250.187.201:80 | www.blogger.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 104.21.112.1:80 | hitstatus.com | tcp |
| US | 104.21.112.1:80 | hitstatus.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.169.33:443 | lh6.googleusercontent.com | tcp |
| US | 104.21.64.1:80 | hitstatus.com | tcp |
| US | 104.21.64.1:80 | hitstatus.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| US | 35.168.241.43:80 | www.blogtopsites.com | tcp |
| US | 35.168.241.43:80 | www.blogtopsites.com | tcp |
| US | 104.21.91.176:80 | dir.blogflux.com | tcp |
| US | 104.21.91.176:80 | dir.blogflux.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 67.227.215.171:80 | www.prchecker.info | tcp |
| US | 67.227.215.171:80 | www.prchecker.info | tcp |
| US | 104.21.48.1:80 | hitstatus.com | tcp |
| GB | 142.250.179.238:80 | feeds.feedburner.com | tcp |
| GB | 142.250.179.238:80 | feeds.feedburner.com | tcp |
| US | 104.21.48.1:80 | hitstatus.com | tcp |
| US | 172.66.40.139:80 | adf.ly | tcp |
| US | 172.66.40.139:80 | adf.ly | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| US | 15.197.142.173:80 | www.indonesia-blogger.com | tcp |
| US | 15.197.142.173:80 | www.indonesia-blogger.com | tcp |
| US | 13.248.213.45:80 | www.adfreeblog.com | tcp |
| US | 3.33.243.145:80 | www.rantop.com | tcp |
| US | 3.33.243.145:80 | www.rantop.com | tcp |
| US | 13.248.213.45:80 | www.adfreeblog.com | tcp |
| US | 69.16.230.165:80 | img102.herosh.com | tcp |
| US | 69.16.230.165:80 | img102.herosh.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| US | 172.67.143.68:80 | www.wikio.com | tcp |
| US | 172.67.143.68:80 | www.wikio.com | tcp |
| DE | 159.69.186.9:80 | stats.topofblogs.com | tcp |
| DE | 159.69.186.9:80 | stats.topofblogs.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 104.21.112.1:443 | hitstatus.com | tcp |
| US | 104.21.91.176:443 | dir.blogflux.com | tcp |
| US | 104.21.64.1:443 | hitstatus.com | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | publisher.linkvertise.com | udp |
| US | 104.18.1.75:443 | publisher.linkvertise.com | tcp |
| US | 104.18.1.75:443 | publisher.linkvertise.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| GB | 142.250.200.33:443 | mezaty.blogspot.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| US | 172.67.177.143:443 | www.mynewblog.com | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| GB | 172.217.169.35:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | poparb.com | udp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| GB | 172.217.169.35:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 104.21.96.1:443 | poparb.com | tcp |
| US | 104.21.96.1:443 | poparb.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 88.221.135.105:80 | r10.o.lencr.org | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 104.21.96.1:443 | poparb.com | tcp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.11.182:80 | s10.histats.com | tcp |
| US | 104.20.11.182:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4i.histats.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| CA | 149.56.240.129:443 | s4i.histats.com | tcp |
| CA | 149.56.240.129:443 | s4i.histats.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| CA | 149.56.240.131:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5ecb86fe6a4a235efca6131f806e1a12 |
| SHA1 | c96ec9588ca686550e13090027eb5dd40e5ede13 |
| SHA256 | 52cc1777843ccce2550b41faa7965459803fc61320803284630fb43d8c0569c5 |
| SHA512 | e62c0ea1159dc0c307cc44bcbb1f4afa196fb8362f7686d2338f36b01cde3afa8b5c622813d44006aab59e1fed0a59ed9c9a5b7237b3cc21309e62760a1131e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d62f401c6e1d5cbbcf730eb38c76ad9e |
| SHA1 | 77915a141605d38179391c78eac9cdbfdf383221 |
| SHA256 | b334d2d8067af43daa1fa1b46b005483d6933ba3ef9e4281493b9c7bfd06d485 |
| SHA512 | 45c0d35af2dd51171c59a695fbc620a56bf650d00ea7c76515c16f50c17b55bbed24ae218f19db460eb7298b49761a54231afd373cdb1916925a86074a29c981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 824a42957aba78b385e5088261e1ce22 |
| SHA1 | ec182ccb510862d5bc3f6b8d5fe55489744dfe1e |
| SHA256 | 287f51d015b1f9d9e8459719dc12a2954026cbf452c7c03aa0a281cacd2dbed0 |
| SHA512 | 42ad7253b88c34cba215f727f22bd32dc0d0b2c22522852415e0c2f21b6518968c11dddc7b8297ff7bb7dd7491efc09a57942a43e662b342232154669dc5c96d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | e3ae6dca43f85a5043b9528d93b8e6ae |
| SHA1 | 17b77f56d0184668eaa821e7b588e4e2916b5711 |
| SHA256 | 9de52e8c11f59d46af8a9c21428a65b7632fe54c8bc6d905e4e02ab80e1e6aeb |
| SHA512 | 9d4e5f7c73a0c3ca51675d0c677ef7c70b747a9ade5bdd44ccd800525d770597e4861b36d04e1b256e533a9f97152fd13dc26caf1f2cbba438a58d5eef4590ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | c9be626e9715952e9b70f92f912b9787 |
| SHA1 | aa2e946d9ad9027172d0d321917942b7562d6abe |
| SHA256 | c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4 |
| SHA512 | 7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5 |
C:\Users\Admin\AppData\Local\Temp\Cab5949.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar597B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | be7108b74ed08afbc1349add59fdbe59 |
| SHA1 | 5c6693db3ebf678b7deb58d624720b122af641dd |
| SHA256 | e78ef02d1cc5444df5a233ad12193059bf7aa12e7d96a62cde614cad18d65f13 |
| SHA512 | 8b4b97e5400e13aeabf90fb64cdcb1ebf45c2283fd06d7ce8601716ecfcd1a6ceb38a03e5cf3fb78c8caadaf46882363f52e22e514aa6d5355e59ad6b51274b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c1ab75914e04775dad25cd5a9d3444d |
| SHA1 | 9cf48f4b267395fe3a7a06f497ab4b398fcdddc1 |
| SHA256 | f16b336c3bf1778bf92508881fff9e3fa0aa6cde5690182bef5e27901713157b |
| SHA512 | ced8a4b05fdbe7ca6abb8c9898aede6ad5910909a84477d32a90949b2a749dde97fde264031858c859b710b65441cf3d44bac6891c06f8564316acbb1fe62acc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 69b2a51e42653bcfdd4da138673d4db4 |
| SHA1 | 007ab55e37288cd91fdff7042746bd5c261306c4 |
| SHA256 | d87424aa88fc63bcd5ae2b902eb9b90c1d906079b8ca645f14941187c1e42b68 |
| SHA512 | 09e8635b3128b3dd56c499d7b5463aea9bc872613830593205b24202058b483f4668aabfb686e8096947b5ef3ed0d42b10ef3620a4ad855a913e8cbbe78bbf5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcda21074a503884e6ac19a741e6103e |
| SHA1 | f91d25e60af44a0892cfd047b1e46e0b2512cbec |
| SHA256 | 00d81c2b23647cdbf5c9bad2ba95691e6a8d9cb3a14d4cb432624cd85a53dd38 |
| SHA512 | 0535f8c2cff9662a39850422688a923d88071e3cd19eb247d06eb08ac03c8aaa420c361c0560a9d4edf110d26788e060d563341128d83c86361deb4c0a566ca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 15404d4cc60cdefc1c74566523485107 |
| SHA1 | 416e169847a960eeaa5060784a02cf28967cef04 |
| SHA256 | e5770dbc9a66ffe6b06d50f0b83450d32c2bf6f1d106716a59981d7a0cdcdd60 |
| SHA512 | c9c362b3e42226181ee1dc361ff477e3014eafca465207cd567e4dbe62cd75691a32fe2e2933a8a1db8cce735282a608273d37f3c74666e4c98f4d4cc5ef20f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8
| MD5 | ef40c8c7a39f58a068507083c3ae05bc |
| SHA1 | 17a6cd468dd09fc5d705cefb06a9fb7bd444a31a |
| SHA256 | e2909a0f7743ef47ef5f55f53585d41e743766fb9450ed692c7ef71458913345 |
| SHA512 | 6489514790ba885fe1ec615bb58248c8e29e9ec88b59c181e45557f2bd6cb981384256d673580410719852215b8ed77120877ab8dde47faa65958d7ac66b4224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8
| MD5 | 87be1af2417fb49726281586d07169c3 |
| SHA1 | 9a9776c1375ebcd7874ac60ed3dd2ace6c8f63d8 |
| SHA256 | 9238baaea2c83c4103779ef652ddff67240e23eab7b536bbfba6b81365471059 |
| SHA512 | 4050ce74d6ef4527fa25950ba7ad331e39d3849eae4d307b7b32cc51ba3ba96eb6fb8c482aeeeff244951b8f18b74eb429b2b5f4f0f599d2906219044de49ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8
| MD5 | 144ad617d7b989531b5216d30c39db48 |
| SHA1 | a9a4738862583b20e7baeadab308f285f2fe492a |
| SHA256 | 7d2d31280759065bae203e79c44d2f5bf82b403f965eba18e8876b29a74243a3 |
| SHA512 | 9f44179b659045077db6f0aa2ac620dd7af59b7f1fa984ebb22b3b37a210def7173de21d997188ad7f25f8e638fea68b38d59f39279d908a1b003bfc97187056 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\plusone[1].js
| MD5 | 2e4a448a27b8a58d75f607c7bdcca6f2 |
| SHA1 | 31cf764c6c2240148eaaa2b9816e1219a273d0bc |
| SHA256 | d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e |
| SHA512 | 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\cb=gapi[2].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 056d1c0e1a2c8db8d2f282fa4f76110a |
| SHA1 | a90e9ee32309e0c7698bb9650903729099f85438 |
| SHA256 | 77b94e3a2ca275342cfcd03bca1d649718c01de781c897e5d295db4d7d2278af |
| SHA512 | 7b32bb440a19542511564fb6129fd084302e60a0d4c87baefc68a55e6276b42af00305be796274fcdb8b68377b51d650731d60c7f875c5c73a38cb558faa471e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 342e25dd539869e9c411cd600b0eaaa9 |
| SHA1 | 07018917050c310c5b80b0aa66d952c2f90846a4 |
| SHA256 | 3bbd8de3733909acccc625a23e02453fcb1705a127d18cc0aad5367839cea9d0 |
| SHA512 | ddcff823240290139b6e40d706e5507376031d3f83f12bd18e2c56743d9b6e5f9b224493a74e6af31870a48b1be93e74ef23ff3e337dc1b9880de7b69470f849 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2741a311d9d76996936a1c6825e1cc9 |
| SHA1 | 6fa2384de7968772d0f8cb758020754ec65c34e5 |
| SHA256 | 692e658c24a4a6919748ee1b8f5f0e98ceed51450a9261beebd9254aeccfbf35 |
| SHA512 | 0c6a0d411680aae97ac2eca7716123afd215821122bce985a7d9f4af711d8564f880aaa17a0921b415da72c3d0c1c1a3c22fc6b0acf9fb63ff8d593a3cfea3c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06891fcf46efc0eab8d7f544e5ba3032 |
| SHA1 | a55d440943af75524d88ba21d981f0b6a3a5f0f6 |
| SHA256 | a66b2ef6a41fce4c11a7d17f0c620d18689b428552b4569862664ddcb2c7ea19 |
| SHA512 | 22d2b4641f557bae6155a5e4b0bb90eb0d98c88a8cd2c466d254e85afa9ea2989ccf69e54c8d9cb746621e3e308677f7db25a657f9408079aecf8d1d417e9d53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c8abec0a8986aaeac1d4b9762592457 |
| SHA1 | 1e060191c82463226272fd8672d7f3e14d92b5c3 |
| SHA256 | 749e9d8a8b3924bdb710c260f4e99b3e10dea1a01adb8a5bfc24dad6473b142b |
| SHA512 | de79c3cadcd85380725d84e057e69a32a149c2b35d45fc66cae1d554c75cf0e781ff22cb204d55f86262bc5624533f207909d84f47fc563ce3a016d531ee6bd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77465583e9e8e593bf25fee2234e3cfe |
| SHA1 | 3e0fc5c6dc453c597473edc6fe782eb25185cd1f |
| SHA256 | 6ef19626f217aa7f0eb3120a726712621b3f53993ffbf97eefcc013639057c7e |
| SHA512 | 1e644aa7f187466f7c96f815caa4daf57db1fad4e8fd89cf8f107c1082dafdc4f328ff01743e33bc5de844042b87e3b2bfb6172a952c326a387fc4e60cb6ff11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a0261fd590c76afe48e7afaa77b8367 |
| SHA1 | c34b4f1cabad017222795705c66312b4d5d5a251 |
| SHA256 | 585450e30180237fb77bfad922dfc7b78771a08505d9047fcb8207e3a0321944 |
| SHA512 | 9cc5f2dc10881dd9333738cbb6992a2ea3acce6b055c7f11265c238b327e57a5ddcab7f006fd4d93a8a30cff24e782b32905f89165b3c1e0b910e53ed0034b07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb541077075f5be5de971efa3a00a2d |
| SHA1 | 3a8abef6b6b6cd254b90bdbefb402e2a87038f96 |
| SHA256 | 7c8856936f1d4470f8ddc90f817e7d2df962984175198ed3c5a2d3f097946c48 |
| SHA512 | 493193d752d3f2796f30685d32f1ea7929fb847a16f3ef3e83647b9c9f74aa593aed75190a60683e0eea2c5f1caf884a7848e915cf7a44e99e3e181dbab63de6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 596269c9baff0b87d083abe51462f6c7 |
| SHA1 | 0c11c643e42cad544a6de812dec9a69dd5b3fa21 |
| SHA256 | c1a2c46a879e2e060277b6835445b6ad56424a67d1eb3da3d0328809fa5b29db |
| SHA512 | ade219a2cff86f45f6203e13ef2d3ab4852c99648b260cdfdb799441f0b5c6f2c574c2fe44b71c7fede9a17d5498fe791dc4bd17d073e25b72ced5b822c42f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ee6bce99c791c898e17cd3d917c6b24 |
| SHA1 | fd132606b65b944eed318f4c145b5e7512007059 |
| SHA256 | 61e57e40ece8bab52746ccfa6b4f28a3ea6e2111cb2830422a142eb4f1751c1a |
| SHA512 | 2f33b36f2042cf4aaa3c73ddbde05182ab50180abb7db565d1448538a6327a7a02ef9460ca7c3fdde412d036c07e9425b0bd82216e2574548440534ee43b88e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b116df72d0f670d1a554ccb00fd64b2d |
| SHA1 | d8bf2ab20f9567884f820efaa490d1191c5d6a0f |
| SHA256 | dfc9a44ccff53e59f66b21179f909689b4784394da82bcc3a3760d3f23c499cc |
| SHA512 | b2c9685d0fe8f11731ec50f6d81246f4b8559b946760da8f399becaaa7f3257de1ff33e98199522a3ca5680e4bb25cdeb08f3abd1347e3ef107317c956a802b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbcdc2039a603f9dc4de2ed58e15c096 |
| SHA1 | 8ef13c2e74c59c22a9de4c8beacdf055604fb26a |
| SHA256 | 5e953ff12645a1a04bda5da606b28d2da33d380aec20273634b3d192943ad144 |
| SHA512 | 585295a6230caff8fe50e4cbd697275bc59fb720bc5cabece95fb94ba5dc8a97b30173f4fcf0ff9820798719023cc06cc57d2196bf7c70a55ee194687836e08f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cea7fac8b89783fd9b30120dd5200ede |
| SHA1 | 7abd9ef78d34197810297bf2a1948915f2d7e883 |
| SHA256 | 8a0603cbd357fdcbe651a71f6055a4a3b59585c26823191c308e5912ef830dc5 |
| SHA512 | c586292666413f9e176514e22852f1797baed4c565a8d8f8227502b103be4da31d8461be68261b0799b3073c438de19856cc6f7e3a4b20ffead425476c11c5e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf2c35f26b3f4c268629fbdb9212cca1 |
| SHA1 | d8182eeaf4595e1a74d9c11363eb940e3c8c6ac6 |
| SHA256 | 682d08d8a8e4125f046864eb54470b79eb8893993b8a720e570fc3ef1a33cbb2 |
| SHA512 | 6a83f2cc655ee0a61b2a7dcff0396154ddd8de73b55d5444707cc230d8822e54d7b0ec4eedce99893142d640ab683820a2774accf9fee203c1ce59a155cb6f65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fec2bdaf81ce6b0098e8fce9967c1349 |
| SHA1 | 82edbbf69fa2a8e854b40b165db24487ada10bef |
| SHA256 | 47bfe947c0fc86563bed7a12f70354abc3b87aa99d7dbb424a585120d5762a9e |
| SHA512 | 7990e1950d9c1b803565c402b0e2eddfe1510d82a44cfe0a30d6fe39b9efbbe67066d90cda9391876966e8d27f8b29edfa96102ede04123e39791d668a6ed5aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01dec38c4a466aa1e530aa39990e940f |
| SHA1 | 7bba4010ea709ab02d75770128d1a4b816437a49 |
| SHA256 | 0dfdf19cb9d85a3f2bd85fd3f022a6102cf34e1914ad6460fad0d1f54c7a5a64 |
| SHA512 | 3bd5cc0b6fe85f9a7805158f125bb8f9ef177be4c62b7802e530c7e19dc57e9c31b4c1f4a62e5a78b4b456d51c91d0edd8f74bdad38c7ac16bd262da44a326bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8105d86edc742c557af9e97f2a98c5e6 |
| SHA1 | 94a162eba8c59d54794851083df61851566c6f71 |
| SHA256 | ebe63763806e6c0cd661926e6e122b7bcb929a94e9a3d58012d2e7132a22e2ba |
| SHA512 | 13d3fb6b7f009586b6b5d782387b7cb6fb385042dde5ef8121fea7a8903a5d5c9b35338016d22aa8cfa40f9b2b7e8f3fdf2180bfbdac6df6581b2e571c3b143a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 442b0c7850088a96025e71e386b00d2b |
| SHA1 | 9de71dbb09a6bf78af02fd188adfceda6b5a9f01 |
| SHA256 | 0e0586060ec65e6bc41a2b79eb2b97ba6936932b91012d8530d5dbbbd9054d8d |
| SHA512 | c102d8edee21e4bc816232c39b5d0199a31af4ac3c8863d245d7cd9759d7788cef6a26a47ae33add0a5ce143eb76d264eb89054912aaa6905db2bb46c0323835 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bb40f0919003c006baca5c0ab85268e |
| SHA1 | 10803b203f80708f002e9d97855f6b21b86c3ad5 |
| SHA256 | e8900e4d330009551e6d4d66b22d53046e70e40f1241a913cff9bde082390850 |
| SHA512 | d423ea15d429ed5b889d2c588a67df244ca40caf09d535ae644a212e97a89421423e9d3fec0de094cdab056e32e6a19135e218bcba04603a97da130ca47ae68b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\rpc_shindig_random[1].js
| MD5 | 2a64803c4545d283d7a51e71f82a64a0 |
| SHA1 | d1e190bc4ab6a900cddff5891650f5ddc390e9db |
| SHA256 | 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1 |
| SHA512 | 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-29 09:38
Reported
2025-01-29 16:20
Platform
win10v2004-20250129-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb443d46f8,0x7ffb443d4708,0x7ffb443d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6940 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | al7lm.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.201:445 | www.blogger.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | mezaty.blogspot.com | udp |
| US | 150.171.29.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.201.15:80 | connect.facebook.net | tcp |
| GB | 142.250.200.33:80 | mezaty.blogspot.com | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| GB | 142.250.200.33:443 | mezaty.blogspot.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.96.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.29.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thabbet.com | udp |
| US | 104.21.112.1:80 | thabbet.com | tcp |
| US | 104.21.112.1:443 | thabbet.com | tcp |
| US | 8.8.8.8:53 | ajb.ms | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.poparb.com | udp |
| US | 104.21.16.1:80 | www.poparb.com | tcp |
| US | 104.21.16.1:443 | www.poparb.com | tcp |
| US | 8.8.8.8:53 | 1.112.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | poparb.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 146.75.72.157:80 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.179.238:80 | sites.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | 1.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adf.ly | udp |
| US | 172.66.40.139:80 | adf.ly | tcp |
| US | 8.8.8.8:53 | publisher.linkvertise.com | udp |
| US | 104.18.1.75:443 | publisher.linkvertise.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.200.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 139.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.1.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | linkvertise.com | udp |
| GB | 142.250.187.201:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.169.33:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.200.33:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 201.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.200.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.169.33:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.33:80 | lh4.ggpht.com | tcp |
| GB | 142.250.200.33:80 | lh4.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| GB | 216.58.204.65:80 | lh6.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| GB | 142.250.200.33:80 | lh3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| GB | 142.250.200.33:80 | lh5.ggpht.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.201:80 | img1.blogblog.com | tcp |
| GB | 142.250.187.201:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | img102.herosh.com | udp |
| US | 69.16.230.165:80 | img102.herosh.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.feedage.com | udp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 8.8.8.8:53 | www.feedage.net | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| DE | 195.201.124.255:80 | stats.topofblogs.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 8.8.8.8:53 | www.blogflare.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | 165.230.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.124.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 35.168.241.43:80 | www.blogtopsites.com | tcp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | 43.241.168.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| GB | 142.250.200.14:445 | translate.google.com | tcp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| US | 8.8.8.8:53 | widgets.5z5.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| GB | 142.250.200.14:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.adfreeblog.com | udp |
| US | 8.8.8.8:53 | www.indonesia-blogger.com | udp |
| US | 8.8.8.8:53 | dir.blogflux.com | udp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.wikio.com | udp |
| NL | 108.177.96.82:80 | al7lm.googlecode.com | tcp |
| US | 104.21.91.176:80 | dir.blogflux.com | tcp |
| US | 3.33.152.147:80 | www.indonesia-blogger.com | tcp |
| US | 76.223.67.189:80 | www.adfreeblog.com | tcp |
| US | 104.21.95.51:80 | www.wikio.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 104.21.91.176:443 | dir.blogflux.com | tcp |
| US | 104.21.56.47:80 | www.mynewblog.com | tcp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.rantop.com | udp |
| US | 8.8.8.8:53 | 176.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.152.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.67.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.26.98.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.18.12.8.in-addr.arpa | udp |
| US | 104.21.56.47:443 | www.mynewblog.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 8.8.8.8:53 | xsltcache.alexa.com | udp |
| US | 15.197.204.56:80 | www.rantop.com | tcp |
| US | 8.8.8.8:53 | www.prchecker.info | udp |
| US | 67.227.215.171:80 | www.prchecker.info | tcp |
| US | 8.8.8.8:53 | hitstatus.com | udp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 104.21.64.1:80 | hitstatus.com | tcp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| GB | 142.250.179.238:80 | feeds.feedburner.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.200.14:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 56.204.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.215.227.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.33:80 | 4.bp.blogspot.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.204.78:80 | developers.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| GB | 216.58.204.78:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | developers.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.11.182:80 | s10.histats.com | tcp |
| GB | 142.250.187.201:445 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | s4i.histats.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| CA | 149.56.240.132:443 | s4i.histats.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 182.11.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 104.26.11.2:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.11.26.104.in-addr.arpa | udp |
| GB | 172.217.16.228:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| NL | 157.240.201.15:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.syndication.twimg.com | udp |
| GB | 146.75.72.159:443 | cdn.syndication.twimg.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.72.75.146.in-addr.arpa | udp |
| NL | 157.240.201.15:139 | connect.facebook.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.213.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 102f253d13f1fcbd58ff7ea07502d0f9 |
| SHA1 | 17fa9662f4778117d415f7821ad2f9eb549832c1 |
| SHA256 | 6d75e75b1174af3c7b730d9d4a397e5c1b53c6935f7c4ea675da4e42a9f6559d |
| SHA512 | 5401a9bd5aab0b6add34e79e644916c3869198b3310c47aa8a845ab2d4d566d973c2a56e888c675c96bd04d2e1cbc756189f9122d6ce4b88cdbcbe1186ca7eb9 |
\??\pipe\LOCAL\crashpad_3640_UOUUPFVWVQVTLACP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d071abd21ba95452bd70e7274b2139b6 |
| SHA1 | 75ea5ccc5ad04b9634e377b286fc99c448f07891 |
| SHA256 | 973e07a348e7b2dba242b74f59a5d3d690842f19be76dd15a5e693992f08f142 |
| SHA512 | af42a390439b837dfffa305f21fb573b6f2028bbf767d7dcf239900fbcbb8d4e7015d37a8c52bb513bad60f6f5039d4e699acf8b5135b24e8d0e26a1d96d9b5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8d8d67852ef756a95681d191939887f |
| SHA1 | 3c55a3e9c9d25a45912e48148e48c48ed53bb6b2 |
| SHA256 | 64f615df6eabc70bb5388467abf92045a085f6319abf796ec6c0547ec4d34ad2 |
| SHA512 | a37bc6076de62852b20c68396ca4610341467fb64363263148f7f89dd56c92d533f1565dfa639efe698dba2ddc4fb5c4a10656a15ba47125ed586fa3bde80932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 542158eec2bf85ad52259fee6f211909 |
| SHA1 | 65a3f879c05c792e1f6f63ab3246ab8b006445dd |
| SHA256 | a4000825bd17a0c7093c18056e2459d2cd6210b3e7113ecfb3c28de0b909ef85 |
| SHA512 | 3249dc35b566743b05a0d5b71843b9acd7b08994295e603be78c537104bff50389ac3ff46775139d453ef00e09c939b01750f2bbe13f14a9809a4a740e67e413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c672afa43c4d92ed912a7cdff86aa7c8 |
| SHA1 | 178a0163d4ccf519ce2ec1bd515652a2a80b869e |
| SHA256 | 19d2925e545134809cb9e6cb76f55928961d23e5b7dd2a519e86fa25ae5619f7 |
| SHA512 | 97eb1dd9f6d5c307f1dc2f0bf7e74793743706ea01376b6c6463c47540f5471b5247664786d50aef32b486342caa9cc914b4c8d21f3ee467efa856ad26dae5cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879bf.TMP
| MD5 | c94a76b36ea51a576d67b7d8e4004989 |
| SHA1 | 30b65a7f487ac3fcf5710dd6a07ad8c531d0be78 |
| SHA256 | 2ca591f0d20d245accdf862fa95d94c2abc61392fb7d241dbbb7e337a1f9fdef |
| SHA512 | 0ed35c2418d8485269d1945010bc0d58d4bba6672f1417c1ed3bb90fcdbb79c2a5f0da40107654fff5dd413a9adfd488cb59fd8d0cc06e4493e4c79252962640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4795db68e259f93e439ef3b00230f25 |
| SHA1 | 9f60740a4d222754f519522ef017f607e9bdc3eb |
| SHA256 | 0bd7d25181ea0d351b6c2153a4b264e174bcf3ac9f7034679d40bd3c08732b67 |
| SHA512 | e257f5785ee7d7a84687a6ba4ad4ba974706317819c1731fe0f676df59bcbb27eed9e05590a9c6fe8404435ba5a3a59db3010f6750c8956b64d6d829e078bf73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e482a696cb123d60ce1e1d00630358b |
| SHA1 | 68668839893ebc9f364792e54a757c64f4400309 |
| SHA256 | 5e2b85126db5723edbf043ad412d00c9b166345e80c4ca5faeb74d783ca7d7e8 |
| SHA512 | 95afa9869b08ea4cb47042bdbb52d61f91fbd9d7c3cfdc642f9c2d0308cd76c04a70eb8c10b52aaf8930a56178d4074d4a271a6effea05cfe8467aa19a6d3292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d2352ff00d159d32038e94bfd71288d8 |
| SHA1 | d40b0de4a34ec408b039694fa607399f79795117 |
| SHA256 | ab0aa151b22c7fe98787baffb2589c12e498b6467aeaf19008ad572e7d5bfc6a |
| SHA512 | 8eeb693dadabb153ca2c5a7b15f058dce2929cad8b5e4c774a795b5061d2817d6686ac168d75bab92b5c4156a15cdbadd750f9f145cdc056ae5c9f8602a3c995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc9080f7bf158497d820828bfc253f5e |
| SHA1 | 747c8a2ff3805acc8dc4c543352e026adf649f04 |
| SHA256 | b4bd3d57d7620a46c1f20f6c7ce56f0234ae8d718038beda074d97f347632ab0 |
| SHA512 | 17d54a3c52566b14f87491a939f054b9f19ba5b9a6bdf878f95afe097038f1b46b304631579752be12c5113e0824c6ca348feea488dfa2aeddf53e3de3a02a1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69b1de380159df8a607366aa66d3ffb2 |
| SHA1 | f3f3e2051fb7f04d01eaaff2d1b632d7d94b27c2 |
| SHA256 | e9325c5f2d25d3d1e2007501c246917fe5e213cf3239df691351899b06024b54 |
| SHA512 | 2a1f35df9d3f56a3d24b298e2012b6694c77bcb4361688e81369a59eaa61f71c83b8478f964ac5b0ca294bd7ba7f75dd5b935a39f0e3470ec21d579aeb3c146f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46bb9ae98130fd8802d1b8c95377c232 |
| SHA1 | 1bf52df7740caf1faad3324a5a3151d2282716a9 |
| SHA256 | 431b72de3b4d9910ba8753a31d24fb66a05b3abe417229f4ed70bcc5918af74c |
| SHA512 | 1d1a06ce16d2e5f24198d645e906bdcd1f841587da837ce293ba96354fae6d50de3e6ee002ecb7166a512b117ead76da4594ec8a73c0851eed9262f03165c09d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9318ef3823386248f730f7522c862ea |
| SHA1 | 0d8af4a3db1ffb05e4d38d26ab26f04a9d39d9aa |
| SHA256 | 47a2797a2f357510775e071bae395c4abb86c7530cc72f734222b370274c2572 |
| SHA512 | 575a44fbf8af81bb7da048581422cc6270b898a6dfa0ab240b99977b8e6a59c7d4ca0497da74f3cd1b4dfaa44bf59255af66925a063f0cd09bf0fce622c3cce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 98bc50b5e45a426cef9e1d1713cf87ce |
| SHA1 | 193b97af82b897593b2cb3f3aba0b3d3f727b4f6 |
| SHA256 | 4f9278ffd8f5769632d9f73ff427302c784c6be40c66320fdc56a965c67ff272 |
| SHA512 | 5f15e559414a2024cd3cc4c3b62ab7205bf9b76a289d8a5ff31fac0a16960989a9d3ec2e7ac662bf8f0fcd5861bd386cc5f9335f2fcebc5b3d1dd569439a6332 |