Analysis Overview
SHA256
f5427509d9d57597176e6673df1162a175ef57deccaf840297bccf7ae5a0c110
Threat Level: Known bad
The file JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-08 04:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-08 04:51
Reported
2025-01-08 04:53
Platform
win7-20240903-en
Max time kernel
136s
Max time network
135s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ccb8a92d681224ea2b85b8965d6251700000000020000000000106600000001000020000000e5ad3a5d16e54d159b12df274971c9dff3ffca23c32a1e25b32cc0a017b60555000000000e8000000002000020000000a2677947f27eb32e73e45ab1deac3f50681f2f7362f22ff79bb1aefa4f5d6811900000005e308608b1898f4d844d03e66005152c1b5706cc8f0aabbb6d94499f604e426db220cf157974de106d5ae7d62af2fde20fbce58ec7c09f990e854a7ea2234fc53e88599950afa0c0729bdb34d83568d0fa0603ec8961f2a8f5212764fa5ff592825829af76315327c9105aef278503cb377d8532a3c4230e8585b48da045e0b2e1b81ffff92509e32322e62e7629bd984000000037fc5789fb7b54f91a341645fb8d3052031a92ed0e25759c22af4a0ea014a029c49cd98d61abb8bf324de8f5738a27feccb55aa1973d8987be2ef649521dd957 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ccb8a92d681224ea2b85b8965d6251700000000020000000000106600000001000020000000463cb9fd064f3f018c4fe6ad48ef59478851ae0429a70e62921e26d9e4f272c5000000000e80000000020000200000007185cbcd75d27b0095c00fb92a7660bcba6e651b9177817700cb597b0b127e2e20000000f9801f5be0bb59a0c4053b134b2b4e5204761afb7204274acf4ea4ddd93388d7400000009643905f751ad6e01e684765f08c71e7248c596756c24bb1ebadf474c9a60d71cc6487dbb949354a49972ba4b110fdb843d0f0912e15383cd6f1b2b91ed6ee67 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442473741" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FD03DF1-CD7C-11EF-BA28-E699F793024F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4002be0a8961db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1204 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1204 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1204 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1204 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | js-css-image.googlecode.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | dan14vn.googlecode.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | widget.adnet.vn | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| IE | 74.125.193.82:443 | dan14vn.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| IE | 74.125.193.82:443 | dan14vn.googlecode.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| IE | 74.125.193.82:80 | dan14vn.googlecode.com | tcp |
| IE | 74.125.193.82:80 | dan14vn.googlecode.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | s0.adnet.vn | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d957c2e26b9f550aa081dc98cc3c3def |
| SHA1 | 825c0ddb8d57380f82bfcd3b986f32599dbc2eb6 |
| SHA256 | f52931edc292aaa84656c8e1eb7407caf4d64cb218c2c5c8fb0e83cbc0cab0d2 |
| SHA512 | b546894f635de158f74d26bc6fb7a5b4ac68eb2bee6537186cb47d436a979bfeeac2be3d3eb7aaff2957afe8c64742f8fe9f5d0422756799cbc2936f7d6c6af1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ba0b1a00e1dc69bb6ee9d9a541c428c9 |
| SHA1 | 95f6aae63d3dd44b16473ba22457c4e285b1aefc |
| SHA256 | 52630f94e63a66c6b60beca4570739a877bb1166e1670b2a7a7ef8f0c97a817e |
| SHA512 | 5a8257dc27e62248b9b4d7768322d937bf44d7f352fec1e7939d09623f164cce5f2f0f3d74df23588e91c910306a4ffb869b5b198cdfd33386ca242a289716b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3c00c865909bb2e764808296eaade4e9 |
| SHA1 | b5632e591e0625d1f93c03b631b67ce924096777 |
| SHA256 | 305160abd2b0530428caaf3088b650dcf6d7ad98b832ae2b5212959d3b4062c1 |
| SHA512 | c110a3ace3b05650141c25677f4fe7078543cd2697725fb34df8cda70516b56747ec235a78fe218d879af0ae5499b7a2cec864e5b19a76f531557404b5c9464a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a938df68be87ba84be60dba62ab31eb2 |
| SHA1 | cd5ff4c798564e91cb0b19f5161d64ff676f8b33 |
| SHA256 | a0cb5a86f651eddfb23379f69f1edeb9d550d587fc81e7615361b30d3fbf5dc7 |
| SHA512 | 849b49a34279acf183cd3b1ddcb74ae1d3809d5ae173a07db281aa97ded46ca1c97dece153f49cd0e95d02632b66882ade6c2cff6073bb1f8e06af023e35fc9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 1afc7adff5f3db185ad4ddb2f4f3f602 |
| SHA1 | bc070d6a0bd4bd1cced06e43a08ac614faa15435 |
| SHA256 | cf8891b07b287e22a126109241a4ea6487db8dc50e1e95bfdc579bcde74830da |
| SHA512 | 3a7078a1244c0b2830cabab6936653171ea234efc6fcb1183827704608015fca744003c4123dc2749ef1982f7bebee68866389fed99be0f55117f112395bba41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f2ba532306b88505fe4bfb37ca97ce27 |
| SHA1 | fdb6e15ce0f5f494a2529dab30c88b286a32348c |
| SHA256 | 9e11da332c5fc3be1918936aa1e0023cdfb2e729723ce51047f4b29351e42420 |
| SHA512 | 15ea4e901464dc147024809b92c404741a91605b5e043982ab87226e102e75b4fbbe17928f563592ecbb4503541e2d15ddecc46981daaf8e5ec57f2ca5a6d13c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 617477aacffe5a36933c117b6d2eb14e |
| SHA1 | c5bb7a7aedd52adc9114fe66ea47571999564e38 |
| SHA256 | 3672072e0502c58e7ccb3da9010c1b72411ab5592658a6074492936a930de8a2 |
| SHA512 | 30d6742b892be98659f8aef28c4c39b5e775c7a9ebe50690ad945403cc2bf7ca69fc0781ad247a9b2f2f842a841de9f79e868a4f64d53adf40f3b5e840dcaa1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a69585c2d03390d5d2a86315c0ea0ed3 |
| SHA1 | 70d1f3f4d06223a0280b2005613f32d02c68bca2 |
| SHA256 | f0aa8d78ad5a1deff94d794761ec69aa5c4bb7c45976933b439816fc2750db3d |
| SHA512 | 6277fd20c09ce11bec3160501b33dd958d61c26016f0502f5bc08074ca54f91dba7e53fe811670e496c069153fa328ee5fbd17eaccef8adf64fe67e8a5b1d439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_CB0386D01AD4CDBD503575C3CD1660FA
| MD5 | a5922e9da9d2060afa8b7bf0d46a128a |
| SHA1 | 574569dffe3cb0f530cf8a8faf58ce9517b5667e |
| SHA256 | 2731b9dc400304b2c3ed20cd96426fd4f29e09fda27be719bf3d2c245ed510a1 |
| SHA512 | 2c5081da02d815bdf37b0effd75e40168865e2248ddca38fa30fcdfb5006adbd98f0ee9f50d8dbff644d2924d7cb14ff0b6b23b0d090f506ff8bced93bee4b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_449C1568AC7FF091AC6332B7D71A1467
| MD5 | 59d9a21abf020a52a47440a4549b1ddb |
| SHA1 | 2278f6fca77f757d9f1bff60d4e26d17b5c334a0 |
| SHA256 | 98a4170b9c0f81f0aac998ec2715b78a7aa23d671be198e1c6ffc4923e6d7439 |
| SHA512 | 2e7a98b299a5d882fc48c57b08c506fe2fb36b4eec05d590af2f38ca77ac9f09f8a2b2dbc730e0f42eac0a6f38edddc958b86ed023c30da34100557f584f4121 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\plusone[1].js
| MD5 | 3c91ec4a05ec32f698b60dc011298dd8 |
| SHA1 | f10f0516a67aaf4590d49159cf9d36312653a55e |
| SHA256 | 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf |
| SHA512 | 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\recaptcha__en[1].js
| MD5 | 19ddac3be88eda2c8263c5d52fa7f6bd |
| SHA1 | c81720778f57c56244c72ce6ef402bb4de5f9619 |
| SHA256 | b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 |
| SHA512 | 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c |
C:\Users\Admin\AppData\Local\Temp\CabC4C7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC4DA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e50c134f4f394a63870b54fd171f336 |
| SHA1 | 31925e4880924d31e74620d317cae0eb92445cd4 |
| SHA256 | 9eb3d3ac0a6c38526e23acf08e0cd0244478940ed0d53ccbe93bad05c5bf6fa6 |
| SHA512 | fc45850ea9d26357ca0575960a46a9be2a4dd75187bbed3935ff57fc522846a4fcee4b49a8029849a26b4bdf18ae07dd705d6226129ee014b1bd1e35bd7b05ad |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\cb=gapi[1].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58900bd13513963affc64e4db1631ac8 |
| SHA1 | 1bc590ef79545b4c2a83870b03972316c3dd2980 |
| SHA256 | 04ae8dba9e3607b73973d69a909e2269cac1f16aca92021a261f38913d34c7d1 |
| SHA512 | 23761dbc531e9763c27fcaed69793f6a211695dbc0a8f350f92292823fea4060375c642af3fd059de0850c7086cebc5863679142ae194cc056ad3308ce949ff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39bdd32855e717103f41b70f1f624bd9 |
| SHA1 | 4ddc49391c846a9ea6804ac013f0a3037eea6cd2 |
| SHA256 | c4bef9f33b4a62ee8796cdeaa55cdf10dea27fc07e2cc4f50ad4ab916868e91d |
| SHA512 | f12594b503f3c13f2d79acd53bf1194bf09fa39434398bb130d55b24696a3e1cbfa5ca7847608224e7f98dd4b143d9b2c6fe5804c754ad8b3a4fbc200fd3f793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd7b59173739b1959e6054d4536c014e |
| SHA1 | 148dfab9e027c5ac205077bb84ef4c63c7705b6c |
| SHA256 | d4768a867f55160c2069e1dabaf113a080e679f3e2179289959e6991f219ff09 |
| SHA512 | e5e084eaa8ea6da4ae01f9eb83239a0a652338c24efda705bab7bee7982a76bb7a786679de03c959ab840520d53f430812acd100948c4457ae3ffb5ff9a1d8df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5391c6643ad938f2cf03ac2ff85ac2c6 |
| SHA1 | e303c31356f062cfb6d24e7b7043e8954ede61c6 |
| SHA256 | 5454bf70a84fb7a5cb2000c01ca6fd639045518e473763e40c3caffab019895d |
| SHA512 | 305b71980bcbf2c3ff7508ad3a466dad292f29e0c4b62d3cce61ce93c7baf66c3cac311cd07e97005ec12abffe9b61733cf0f51cb109238dde7dfae67f74b840 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3893f894f1a1980f5153f8f079c836e8 |
| SHA1 | 5731e869933789f402230803cd9e0d89593eaf0f |
| SHA256 | 5188e4f97291107bcbe51b987295e6cf44569a5fb7db3a4443417ab815d67687 |
| SHA512 | d6b8c4f5ae93ca1b818866dc733fda47f8ba933621051deb324f5e78418fe6e695a189451f2c3aec59152214c5be841cdb3a443d0dc1735f8f24671c34e14c00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76459d58ac4c170c793dbbd0a356140c |
| SHA1 | 54f5582b629f5fd5777481307c67f152c04a7cb9 |
| SHA256 | a37a2000258a9474f6f393d169ccd35e8acd44f3d9f8c79e6ddd52f8dce6d0a9 |
| SHA512 | b977dff4ded8ded4d2524a375ee8a7498ed96ca25f9cb99408aa2116a85e6e0da3cdb71d6a5333f67d4a4788949e5c012759ef9ae4e8ff1086db9d0f830d03fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07ced95c2eb1a54752e1693ebd4a2dea |
| SHA1 | 70aca9e81639d2430ec41d89ee3a8e48fdc38e56 |
| SHA256 | f638c01b44ed1f0095a99d2f63742aa5271132c400ecc81ef44eb5a2864a8951 |
| SHA512 | 957b2d6f08b94c33baff9f11896a7ab5e72c17da402280294d5ef1fdd4a114eb0a65e4f7817ebc25a4c5cc882b81cd4e43619680ad9e868ceed3f4db6a10d9f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6e90f489b38ea00e5d918fdbc129a81 |
| SHA1 | fc6d737d3ad7fe7fb26f74ab8cc3a32c5d186a7b |
| SHA256 | 7a139785b97f04f226ca157352d0225e904717bf0d06d9c06081537bbeeeb768 |
| SHA512 | 5d0fd24b5b202de30573256dcb399caa901f2a8ef997753ece052a440e64d1a88be22bfc306a44990cf20d33a68826e0e69c0507ee59c88776833d7794dc0de5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c2e93cf913f8021d04cdbd5a37177e9 |
| SHA1 | 8bec22dfa702e9dc582c1960104dbcf555c468bb |
| SHA256 | 3d08f80ceed1c6db3fbe7ce1ec211afff3b863551c8442f9bca46267b6dc6fe2 |
| SHA512 | 327dd446094f0cd5908321f344d3ce5e866795f6e69384c46507c2f30e10fbdcc79e61a9e12312945d3ae7f5694e9b9514fa7363ead69abd5e285d88452d9b97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f562ee9bfa89a27dc708fb3ae630256 |
| SHA1 | 23924aa3fcf18315e0f0f9ea20c523543d227587 |
| SHA256 | 699041d27387adf239fe1ea15b75fc86b06f00d9aa9129fd568f1def4884bdef |
| SHA512 | 89922c875c20fe16771aa4764b4b81ec8d4426b5b2b2ebe1c2154a085359548afe879277b6347796d7be299f8122ade0faf5a554926eaf599c16c1371732a62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8717e6efe9ab567884d5503cf04e9875 |
| SHA1 | 32405c0bd533f903a8eba3514fa7609fd05b7152 |
| SHA256 | 5c3638c93d9adb3fca057f13c2c10f611eec1b519b61234d99401a8e7bc0477e |
| SHA512 | 6458a5e21a1fbf31cea424515a322712a7e86af0e7d9b36deceb71f423a92373f96ee557b427a9ad8a146e44103ca1a948caf7d612679b95a22b9786d1008c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 61a6cc0b932f36038bbc58e53045ad55 |
| SHA1 | 03601c57676397835e6b3815d6771f763d165f36 |
| SHA256 | 5da36f0439f102dfc02259e39e6845b357ac1facaffafae3e25438a2e3dbb394 |
| SHA512 | 3f5aa2fd808947261dc07e6221930347b92f7eb6ceae115a35c9534d35349b3b6b321d1beee35735b53d350bceaf7d567d2763d759401c300139667d1411fda6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37e7fa9d00b97a19497e9d728e699f3f |
| SHA1 | 8bf46477fe69900e778d7b1d51bd3b2653f8ecc1 |
| SHA256 | dbf780c5b53f031cc90a9031edaaf38a88f78bfccb066aabc7476c9185303d02 |
| SHA512 | b6ef490db06ffe6db19d9028f05be7881b11ca0f680197bd0bd118401782b20658dc234e29d31a9bf6818966ad5ced7ac2dcee581c0480e929d2b28f5a2b8de5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afabb136783ef3a6a7c65c7c778325d |
| SHA1 | 5a95b299ae40049666cc8d8642e96e5b0c854317 |
| SHA256 | fe99a37823255e395f4fe2530d70ae1fd6c603e265e5ef466975e3fb1592bca6 |
| SHA512 | 5488589a300dffb81066e2e19637cc23d862d09ad544e1ff9b11c2fd1db516b5ce54129f89dba05948cc23be21424384d5ee27274c41d7b95942c45cac3ed07a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b358389725bb003d7dee4f03a49303e |
| SHA1 | 657ad6381723951bb8700784dbf8f0ec376c0214 |
| SHA256 | 8f814e9a7342b88439c7c8e557ef197e757660660555e8b70934f449763b2a8d |
| SHA512 | e63b27bd72d0ac8924bd33805fdcaace1db8fcc06c497d9fdfe3a721a8b088d84eb56ba087b17c419dc17483bdcec7dabd71d22f6ba6d80a21ab7633d0cefdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c712140db43749805dadd4ce33f8af9 |
| SHA1 | 21730f0692dc46b6ff28b3561e60e1163226f94a |
| SHA256 | 249525378b43ce94910651dca71a3606e7401c99f5f8184153cec4bb59cd3f28 |
| SHA512 | 22583c8565ad51775236464b05d5df19e95854595e8555c4e2ab5f1c662c1a684196fcc11f247570ad91705368df5656754527e34494a3b3286a70ee02a96541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ebb2ec805c94552282ce9fa12b45364 |
| SHA1 | 125fdb29a73a4c7323a394dd533b9ba37551ab7f |
| SHA256 | 1807b4ee5cbc81aeb22c29c479570ae57b2534a3829ef055a09244e916fb5e01 |
| SHA512 | 484aa4f05aa59129f8f67dd6f48b1b5717ea696a6a87849e90b8dcec951a35b1e1e6b35b29e1b20f52fe859422cd53f21d8cb15d54bfddb322b72a3f6f5a8ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d926ea933ac26bac2f18ca6e11466d |
| SHA1 | 80596c078694f4feb3cac0b3292c8a57b98f00fb |
| SHA256 | 8abf6b4e3288bbe62f5487ace024444cc31f9ec033b70a45626b9d13f172f638 |
| SHA512 | a6adfaa445a3f6f271644da4ba190577272535893c0a284a6e5239b7dd7d877e4c20f07de8a1cd82310989018fb19ccc2e0cb86b6a2358023418a473eb2736d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 47d31ff5883dbc40235071aba216b2f7 |
| SHA1 | fe1e885285d551bd50e2647c69a0640a3ed79e2e |
| SHA256 | d973c82558b41a787b91ab7c3ed87314af73ab75f6b7bbb9760db20d0f0f1079 |
| SHA512 | 24345fca31d3c4e9741541ee4615b1e9526cf7da981e7248cbd155bbcc6ea9066095f60fe946dab744761236c73d732b24763f35509c978d96c95fa55b51cc11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f90ff56ce0885ec1ae12a998676ba1dd |
| SHA1 | 4562549b8d9df5361e3bcb640cde1e62ae49b1a3 |
| SHA256 | 048fbe682d4fb9e3c33aa24e10e1cbed8e0a4398e1e05af7ae2c0a40354840da |
| SHA512 | 109e63832dd75902f1353d3dbd84dfd422f42f1e45881e59e5fb8aa6efa15f23ef136aa250f08928e823f6dc649a950fb683d82894bdaf8ba10d765077dfb851 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48d69b55682094b200e5304e04c430ed |
| SHA1 | b30a3e878a20f10a2fa6e84cdcc522613fcaad00 |
| SHA256 | 2045d3b99484fe9f4dc570d91c839ed41c6f9b796961bf5f77769305de1e5525 |
| SHA512 | b3870515d0d96c045de46b18727ce660061dc0987036e811e5afe1ecb1516ac836f872e5126d91451a686cd1b0aaab6203e2a618e3d0d8d54acae2ad017cd4d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\rpc_shindig_random[1].js
| MD5 | 25879c1792060210aabb2cc664498542 |
| SHA1 | 349848a5e88088b22fb4762ca2a619d1a7f40d97 |
| SHA256 | 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79 |
| SHA512 | 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-08 04:51
Reported
2025-01-08 04:53
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.42:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.200.14:445 | www.google-analytics.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | js-css-image.googlecode.com | udp |
| IE | 74.125.193.82:80 | js-css-image.googlecode.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dan14vn.googlecode.com | udp |
| IE | 74.125.193.82:443 | dan14vn.googlecode.com | tcp |
| GB | 142.250.200.14:139 | www.google-analytics.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 82.193.125.74.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | widget.adnet.vn | udp |
| IE | 74.125.193.82:80 | dan14vn.googlecode.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.14:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| IE | 74.125.193.82:443 | dan14vn.googlecode.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.adnet.vn | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| GB | 142.250.200.14:443 | developers.google.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.204.66:139 | pagead2.googlesyndication.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | phimhaynhatvietnam.blogspot.com | udp |
| GB | 172.217.16.225:80 | phimhaynhatvietnam.blogspot.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_4700_GNHMODPFERDVJGBY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3eb80dfd7aeac6b2695c3373a77c8486 |
| SHA1 | ad88898d935e57424933bfca2fde8af5db9b3487 |
| SHA256 | 3a742fed1e1be6b705b4bd0f176b39e54faf8cb97513561eb264a8e86b08d0d3 |
| SHA512 | 9d8fe591de76f443a0b913ec86479fc5fd7b233da8c74595d78da5465a89e17e6eaf48272139d82e14c779aec787ff620b1f189c538ba0dd9f6d4bcb678af912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 680398ad5ea85e7f4f2e11c471664fbf |
| SHA1 | 89c6896a29286d5651b59d4cae716cf3bc3b1fc3 |
| SHA256 | 2cff296c46e92a5c88a7830c8b8fedca856c561e9d4e487f0575a422243f4fc7 |
| SHA512 | ae6138b8d351bab5920a6547b2dfea3b5b5e21c3af50e16aae68f4a1dee05a8dce23bdc13129991757176f2451543c3e0ebc9d77e7895dd16ece389d9ce66b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8dd77e1eb2e4252c239ba7df0dcae19 |
| SHA1 | e024a8a4491df21ae3ab0e6962f620e76f95967f |
| SHA256 | 9e965a280fb271583ceeccb407c40a5070d6a4f530ff7a3a5f1db718d5918719 |
| SHA512 | 05e9546c8c699effc5331b3b1bf03a830edc196262cd0d29c225629461203eba1b805ee41a77e310b80752362174d99ce3ac95025b0415e2e5c3f207cfc45d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97b7e52915ba51a70ccca751a8570fcc |
| SHA1 | e1a797b398a0e48e1c7a8d84d60401d9a8a74aba |
| SHA256 | 3f86dab6b95bce29a969f3e804657b614103ec045b6b347f913fcfda91e29fdc |
| SHA512 | 973d32a23641a497c81699862df7dfed43486e0ac1c8edbcdc4cda61ac2f55f64b4b519cdd359345efa5a37571bb6de8d461e09a25e81ec1be0d61c7bd0cc8a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 108bae0889eddf7b5087e5b3adf11b1c |
| SHA1 | d73e25e3f1c38ec1af66e212e7a9188a9eecdd52 |
| SHA256 | 7c6c5d31d5618a2f596a5f72982eb2c2e65326b4c5e214aa9a64a1ff30f06739 |
| SHA512 | 127e1c214cba1698273149a98386b34c9c35673eef9df1f19ee82567b501e537d2e339c53f0af155bebf65262ab083bce8793575bf23f9335efd3f8ede5cdadc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bf60bb4b497da34ad60bbe4e798806f1 |
| SHA1 | 42df39a5c153220ae076325b89971b3d11fa44dd |
| SHA256 | 9d26a1aeb9e53b15654f0cd0100809c5abe203af2785a6c113677e488064de03 |
| SHA512 | 0fc51166f629a20b69ca035f0902f7fc713f8dc4ad0009f3ee7906ad42893215664f16e0fea9edce1c056bb508bcd41d9c3f1ee124e3b8e2052bdaa4fca7bf36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 012333089169addb8bf5c470b3461dfd |
| SHA1 | b9c33fec3f2ca6ffcdfb8b8b72242aa925d9d6a8 |
| SHA256 | 71009f4a559672eefb9d69b8ded8e61862ffd98688802fcd23bda800406fa886 |
| SHA512 | e234608001ce75ebe4b4e24181a4b92509fb52848fb8d13cf7a80c5580aed76908c7794cf50881e3084787eba2416891e59030fe70815bc2d13d57e3a23812b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb72d9e7a292b9e3d7d65bc6a343cf94 |
| SHA1 | 9f117ad71aa13feb04184fb0d1a147e84390e645 |
| SHA256 | 1aa7f883a87bfccdba981aaf73dce68e2954ee5b9da5695ae71ad1df165d5f22 |
| SHA512 | 4d2e46a5503f2f57cc8f4cd66a3b538a45eec91c0be2ec4f00541e19fe46ce275e05a3f4d56b5078b4da07fcab5a74573a1f9a79affbb847b1328c0dd2bab578 |