Analysis Overview
SHA256
945ed296b14fbfe13b2d1005308de4ac69c2cc437ea1c52c6285d567fa2540a6
Threat Level: Known bad
The file JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-10 06:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-10 06:22
Reported
2025-01-10 06:25
Platform
win7-20241010-en
Max time kernel
131s
Max time network
153s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49E50861-CF1B-11EF-AAD8-6AD5CEAA988B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442652028" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d046ae222863db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5051be3ee267d4f9a5c1cd39551d16400000000020000000000106600000001000020000000aa747b7d8506fa087ddeaafe75484105a3e37f09d691f2c13bda457d57d05aa2000000000e800000000200002000000008136149387a8b238735c1e7e4169f7fe99362fa236db542dd53b6ea23f5046120000000197b7eaac06c24ec34d6dd9554291708b1bf02a422f8128d95e577fce31ac187400000008a5998bdb68314db4c08c81d203c27ae4380bce6cd5cbd911d5ecba65d64d183d888ec9c06e998d0c23fbffcfa1613ee0ae04829664540a96c7071f206cb4139 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5051be3ee267d4f9a5c1cd39551d164000000000200000000001066000000010000200000006fc6e14ffeabd8cee2c6eb0194dc9cc207677ea93a2ce3f2655cf705994afc40000000000e800000000200002000000054371fd2793a24b5809542b6ad81f033eae08ea37e71e4c3962d5f9ce5024312900000002c9f60e069cf31d270528331c528c7be23e4e813fc06693134288565883f2b5dbbdbe2ecd08eb0b951a9cad65d5f768ad67f983ffb548583c1c3d60a6b9fb2171edb1c711c06e59089d141091a22ecf9e9ade0b1fb91f785ad578a04372b5fd1a31b41d2e616b0367f4ce88f70c042baf9ec0744c07501c21a213fcadbec004ade6b3d995d7e2534e8b321f705fbcba440000000b8844a3373d6d01a0ab884147ab77e56afeefe33af6a7d3c99e9952932f0448ae582b257b486b6667b1845cf8513146aa198679b4bdda526e737fbe2192ab05d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2596 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2596 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2596 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2596 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 216.58.204.78:80 | goo.gl | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 216.58.204.78:80 | goo.gl | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| US | 172.67.39.148:80 | static.addtoany.com | tcp |
| US | 172.67.39.148:80 | static.addtoany.com | tcp |
| GB | 216.58.204.78:443 | goo.gl | tcp |
| GB | 216.58.204.78:443 | goo.gl | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 198.58.118.167:80 | jqueryapi.info | tcp |
| US | 198.58.118.167:80 | jqueryapi.info | tcp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | gilsonimaculada.xpg.uol.com.br | udp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.179.233:80 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | slideful.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 162.249.127.160:80 | slideful.com | tcp |
| US | 162.249.127.160:80 | slideful.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | santoaleixofmnoticias2014.blogspot.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.225:80 | santoaleixofmnoticias2014.blogspot.com | tcp |
| GB | 172.217.16.225:80 | santoaleixofmnoticias2014.blogspot.com | tcp |
| GB | 142.250.200.35:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.35:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.14:80 | developers.google.com | tcp |
| GB | 142.250.200.14:80 | developers.google.com | tcp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.157:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c73fce4429c5f0dc0bfdf925e16c9e2e |
| SHA1 | 77a7bd55386bc1dc2c15a7c880ffa8a757ed91c2 |
| SHA256 | 23c499f655a88251ae11385ee8b19da604fbad4c9c0c5035f092dbb60aa6b6db |
| SHA512 | 55b4506e0daed9dcee3f7680cf200c3330f3d7ac2dbc586e3b95cda856f6345cc9ebae7e5515c835ae656450e27dfc768954356a58d65efe6d20c47a8ce9a7f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 527b8e12a7e3f8cb6665c0bddbeb9523 |
| SHA1 | 6ba060de42eec2c2802b9106dd6837f972ee6821 |
| SHA256 | 2041eb062e0574669e85346e53a801fe819d8c625d6c9d3c6523652f8d1912db |
| SHA512 | b5f5fdd3cc85b4cebea0e2e59ee834236ce0474a83f44f4db57ad8ac5c0d341205d01fa7673cacc67a180a3399f256ca6fbf550aa086dc4ca79c8070ee7d28cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | f0faa4ddad0f78d4078fd79b2a2bec2f |
| SHA1 | 5a6308893b64c4278acaf7fdc9dce55d18b92db1 |
| SHA256 | 1721c5eb2ae08cc4b888b250af144b84d99247a911d7422dfc385fd31ada6932 |
| SHA512 | a8fd661ccfcf914da8f4221bd408b3c095d0e1eefb3b4a6b81a1d9db3794f70e37f9432f6bfeac09448a5c95c9023df7b1b724b92624f22af33587ed71dbcd93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | c36887789fc1d1a86aa370002951aae6 |
| SHA1 | 0c3f340110f1304116f0e7da5f63d51cac144407 |
| SHA256 | 9835ea09e8f3ca263c1d2bdaa0ffa6becc917e784b70c709b562dba82214dd0e |
| SHA512 | 1cde96318b8039fc66c14dbaeda87880d55fabca5c3a85df6de4d0eaf5be8781fe8fb05a5fe88eeb011dd5479296a9ef3f9ad90424b70f5eee1791a9cef9514a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 6a3d57624c7d71dfd560ff8498023106 |
| SHA1 | 1f8e4c2eb8cd1190114b8aeb483fd7b2e444bf03 |
| SHA256 | 4f806391253fc0ce40c06e46697f5686c1e2fba7c36f95faa89217c9e511128a |
| SHA512 | 9e9a196ac87e023a25b98fa6a48d596aa68b45b284a0b8ac474dcb3dfd390744474a946653b569d1a031ebe980804a925c97645261dd899da8452e117bfa57de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931
| MD5 | 6d8395bc944f522748923d969b8eefed |
| SHA1 | 43887f19eec5545d97b804bc2f78ec28785b85f6 |
| SHA256 | 63a8bfbadd1a6a489a8c50ebaaa832f1c04a24e137a7c0b5b92da76fd3c43e4b |
| SHA512 | 69eca6482015ce04d07b4e43cd67009d2b5015a38fbb7016866d26e0b1d902b623145f24274d0fbf8a439925402def9897a4f15527c673b5bbf0c7c923314e84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931
| MD5 | 4f9f97881a5f531f90a8b2c2957b2ae1 |
| SHA1 | e36c263c70f4445d1403932d2b1ca40a9583cab7 |
| SHA256 | 1a7cc98f8293cf603fadf4ad04f7be21fc9bef5c184870bd537058bbf9074248 |
| SHA512 | 66f090e76e134014a8d6e6f50545481c6a682fcc5fb1ce3e08f0d516dcab91174af033da30a164a9c2ded1d80b807a73b5adf0289e102ff890899fd4abf28a67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\plusone[1].js
| MD5 | 2e4a448a27b8a58d75f607c7bdcca6f2 |
| SHA1 | 31cf764c6c2240148eaaa2b9816e1219a273d0bc |
| SHA256 | d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e |
| SHA512 | 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\cb=gapi[1].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854ae14da0bbfe260f32c670a793b91d |
| SHA1 | 5ce6d233d729573711893cdb00e736619b12b131 |
| SHA256 | 720c203736d0ad24dfad73a9144b0b31d9021ef3db4f71a3a60cb6e2b670538f |
| SHA512 | 7bf782641cfe76929a8c052cce9ed89a5c990d6b34d2c854a70a3286ae9be47250aa3f92ec4c60ceb56f70593955930a512c49d84aaa08325c2ec75d2b686a9a |
C:\Users\Admin\AppData\Local\Temp\TarFDB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabFDC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fa2ddf227db135dd5bbf1efd1c91b54 |
| SHA1 | 085368d6295b285c545dca39aecee995c3ace5c9 |
| SHA256 | fdd911a83ed03774fb731219da2768f1df27557f3b044d26618f3220af6c6d9f |
| SHA512 | 9ba6b7f1d67bbd573987bad95529a7f94565cc6e0431cd8919501138aedd592200c383894229d7c185aafb1a556bd722670ee366f123958f14c8cb89cde311a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21083a81f3aafd3a0eee7f914c08e623 |
| SHA1 | 6bcea6048a052e8099c9593a8248a43e56a74316 |
| SHA256 | 11385415ab2c6e4ba94cc4c1bb9ee8e735016f2c1a00628f5c5bd258a58f4902 |
| SHA512 | 8d8f2c800b772325ed322c08e91d6a5b2f02470f6e93debbbc69fbec8be17b6925620f31618907417fa0090660281a35f24b644df1042d2ad99f2e85ffade844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d8179da8974ec86accabc214d6b6e1d |
| SHA1 | 1f69d57547c9d46d064026a9d5b5e193f1321361 |
| SHA256 | de69406c34d74aefa7aa8e8ec253b81ba6567d06b17858f36b0c8222f25ef863 |
| SHA512 | 85bad56e7e27881e04feac623cc3adc9b9b0fd53160630c2fb6f11aae5b2e0fede343bcf2ec1c7a574431b4c26aca4030cc6c917cdfd5dd5a968ed6e94b0484c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03dcff2962dbadc3a1a508abdeef1dd6 |
| SHA1 | a2dfdbd5a2dbc9365a9d169f48d5e011d77e6daf |
| SHA256 | 9582efcc2b5f18d28bb41c967b146355041ee950b572f026033cef454931ba20 |
| SHA512 | 68aff9fb7a35f5cf24749baad600fddfe06befd0b5faed3bde9070ff9be7e5d72e7856f1e765d945d8a4a8942e123456365799679abcd073442fcb0e33c24b6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfdffc7dcd3938af202241b3299b182c |
| SHA1 | 7bbd2a52c4fe4dd25ad41151365f5ac872a318f9 |
| SHA256 | d34bdfb2ade76add5310c524860b2b430a4b3680a0bc940ad2232d6e315c7c2a |
| SHA512 | eaff2b1947a9905fbfeafe2a72273bbb6377690ae3fc2eb96b151edff97f1b3293099a6f701d17276ceaf39cf98d2663a64c4e812a96bd826b733ba32eefff52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28235360f51252f63d2740dbc606a8b8 |
| SHA1 | 04196528964d560379c1f16e3720cede4b125c55 |
| SHA256 | adef43182210aaaf17a5b390620a64c51438388b7d1c1e230dcd41f029c6c663 |
| SHA512 | cf1c5b0f45290a339d8bc9789fe360f5707e56acba97258da34760703f0ac4b1fe3e5e1a6de753606045791ab60d323d355e755fa04fa4f610fd1c50239b6e02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98f8ca7ba813fdc8d2aa826c3f8580ca |
| SHA1 | 1c9b0089106ce233df1b570ac7c0f8c22e69c7c9 |
| SHA256 | 9de05e4a11e64dc1b057e2a14b37d316c0d94f8f3e41143f7675dc06f114cb34 |
| SHA512 | d2b5d08e428cedd445f57c85abfcd779948e0a21a223411a41ce71e04fdee1503d7e8077b51077cba4c001115667c76378bd9d3994756eff8e2c1fbfe0887e94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cab36afb228a2a809565e62362c7bef2 |
| SHA1 | ebf4a5023ddc7f78e7634193e11d20a2971c9cb8 |
| SHA256 | 162c18ae000e0898927c03bf4ed7ddb2d0095e6e9115be446419a49ff70fa098 |
| SHA512 | 2f43e9e8c531da8d1747db6747c7362e7ab5d462de37cf50a6574337d25a9f9f72bc946c6aca75c028f422f3b942a0163256c67b6b010c93b6927e2b73a18bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9097a1a5d53fbdb3f787b30bd6a005f0 |
| SHA1 | 682a2f02ff64077bc77a8024c7c9e61c7489a566 |
| SHA256 | 4d31a3072b42318eb74cae4b245bcd097c95afd38a2427022c3806f5598c1801 |
| SHA512 | 8fde99a166e22575f933afb88674cbb74f0164e38033cd170d260b34ec7010eddeb3894a367e8266bbb253b2dcc90fc20bd09e3d96356ce15509666a42198635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8310e784f638503622d0191866454a8 |
| SHA1 | 074899473d7b19472390c9d8c3d6a873cd4a74c9 |
| SHA256 | d328ebb48951191443be438313af99f764640ba84eaa29296d8b380a79ae529a |
| SHA512 | bb1000af6155de90439b72951f0963bc867d2e0f7825505d3344cede1324eb2264727498bebc6f0d584b45c8805280cf732e9fea1534bfb6f1fa7397652168a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c4efecfde343230000382d6677e52a58 |
| SHA1 | 1e3c9c62c7bdb94bb3a2b5a894c03977baf358d2 |
| SHA256 | b319b5a8b3c3c8fce4e2230d9b3558026f548000056bc02030fa49e2d4c7a426 |
| SHA512 | 73e918837304d86d88c6f022f1d19a353eecad47f77769c9c4fcc3cb23247767561e9e9e6aa6f97f47663d30d32efa0f08e3064690434eb8eb4db0b7bebe72c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 19a2fe3e2996761ceb88dcd61a31a291 |
| SHA1 | cd0b65eee386bf32b4c55c1b570cb01af83df43a |
| SHA256 | 745fdf596260e8e3f4f0287e61b43f09f858722ded8135733d50da5296bde19d |
| SHA512 | caab7375a898fcff8d049aaff2f132d41933167239191e5d74edabb16517399058a31d80e98718f27db4cfb70ad58af7c21028bc6b4e64fd54178fd6d73e7dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7449fa178930b06ee823c28a0bf97b1e |
| SHA1 | b00c89d80793236e10daa9b9139a815a89d0962f |
| SHA256 | 2b96554d204e1bac5b5241490d94785b5aa7847443c3b66baca5237f657eb578 |
| SHA512 | cc1d637f4cec9347bd5bc102423280c3f780c23eef2b4a44a4b98eb9e7bccbdb9a5cedc7b207b345884c1be50fc7a27e77b74e3f44bb044ca10116c3e64159fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c2bd724b8c9ab824bab1364ef245924 |
| SHA1 | 2986b81d10f4dc472a96d69a365b729d7b1628a1 |
| SHA256 | ddd1d9a1ca3203954a5e8dcd8c22764720506db737566b40430c54191aa996b0 |
| SHA512 | 72ef9c7cae166f3f2391ff8b9a99a4466a83b6d6939e6da2a9cb6b8af40d5fdd2cd76e750ac9faf804ddb0643b6e4542c6d4145801d45254c596ed81f44eefe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d35005e3a2e8b80c9014491e8bde506c |
| SHA1 | b062ba914ac9bccead899dc3480f821800c0fd6f |
| SHA256 | 938e19994896637fd9e9b93ff0510b8b7cff4d2f91a6890abd48162e596b9c63 |
| SHA512 | 2d378e013be7031bfd4ce926229fac9e3c32a17b9329bab4c8dc731238cdfa8ba1a0aaf245f034ed2db9728454aef7c12cc494c2a1efc5f74f09d8dc61e2242b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b478384507fd4903ea80dcf627bde4b |
| SHA1 | a60b387a5aa99c35ee6d2e7f0d661fc5b7ce60e4 |
| SHA256 | 64dd8fcd6fd1b3955a4ba50a9d67a7297d9cda79a0ba53fa44484f4fbbcf69b8 |
| SHA512 | 9c67fff1438050251179fab09ac43ff49a1ca13d2242a353cc2072739ebf2d18215ecd7a2aeefeadf6f98aeb93b509c425aa232c4f3bb686b170d6c280eb21ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b1f8f655ba54b58a0e76acfce27bdfd8 |
| SHA1 | 688bab04f1368f3286de493d81197a79d951d5b1 |
| SHA256 | 16c683e72601e7f069c8852b1356265e6c4549ed0ec384aeff05ac5302bf7dce |
| SHA512 | b9c680ab3a5f50604f4f9eb3eb55d0c7018d084ad0e3da5a85977d8a9062d609a77068a983fef853b416ca9700cf469a0d306dbd9de0af79a88ad200bc86ccb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61dd5cf1c34e2d3d1d57d37e35c44aed |
| SHA1 | 0e483cea990939f8e4141534ecf2ba8d2ca2070b |
| SHA256 | f300566e88b203a257d2f7be984952c76268be6c09719d210b19b64e86e4aa74 |
| SHA512 | 602c8c8624147c07000f1bc9d3383de837cf088f3c96d780fdc5f55d30462366f44881a54b9c74dc9a550d58f7a445a4ee63ce5f6406f6ab7eae0e30d9339f97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d9d8f6d0d69813dd899aa2c280e29ce |
| SHA1 | 70f5e2dc4a49d83981a30ad37e3a49154e7c5c37 |
| SHA256 | 9a658f80a11ebee0a092a3989dcc84e990c3efdccb22a0bb5227f1c746b69adc |
| SHA512 | 444bc9561f83546e1294da3d100e2b1b3d181977d7e2602660b3804dd17694fcdc392167ddcbd9b659588bc70765f8edd65fab01f04a89156338ae94b29eb0ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 347d7d3b279db959869d6f6e772de7e6 |
| SHA1 | 27a9f36759e7d9b9a8639c082b7a186d7a8d9ce7 |
| SHA256 | 0e56b222d0bb834dd610b7afe50091c77c8060f34993ed21fb166b2d7394b364 |
| SHA512 | 92a38c8b1fe3b52c3a21e7df06f32e4cd43beb713eada9d85a07fcd26ebdaa7a34e9fbf101373b8d499f411668d83cb721cd3893edb4d3e1767e69e59a789182 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db9575720bc34d0a31a284f4f9523111 |
| SHA1 | 9036c34c16f34be82e3eb239974e2fbaa6193c5b |
| SHA256 | 26d3b190ed4f2611ba024ff8591197301f0b1c228acd48bf581b5a020c98a95e |
| SHA512 | bc6a8c6a0c42ab2af7fb1452bcd70b994b1e870490c01a8ccb446ec4d29bd0746ffebd954dcd7324cf436820413533bac923e4e8e163e58537b1c2836eab6506 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\rpc_shindig_random[1].js
| MD5 | 2a64803c4545d283d7a51e71f82a64a0 |
| SHA1 | d1e190bc4ab6a900cddff5891650f5ddc390e9db |
| SHA256 | 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1 |
| SHA512 | 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-10 06:22
Reported
2025-01-10 06:25
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 216.58.204.78:80 | goo.gl | tcp |
| GB | 216.58.204.78:80 | goo.gl | tcp |
| GB | 216.58.204.78:443 | goo.gl | tcp |
| GB | 216.58.204.78:443 | goo.gl | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.22.71.197:80 | static.addtoany.com | tcp |
| US | 104.18.11.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 216.58.204.78:443 | goo.gl | udp |
| GB | 142.250.179.233:445 | www.blogblog.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | gilsonimaculada.xpg.uol.com.br | udp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 45.33.30.197:80 | jqueryapi.info | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | 197.30.33.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.44.152.45.in-addr.arpa | udp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | slideful.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| DE | 157.240.253.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 162.249.127.160:80 | slideful.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.200.14:80 | developers.google.com | tcp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | santoaleixofmnoticias2014.blogspot.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 162.249.127.160:80 | slideful.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.225:80 | santoaleixofmnoticias2014.blogspot.com | tcp |
| GB | 172.217.16.225:80 | santoaleixofmnoticias2014.blogspot.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| GB | 142.250.200.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.127.249.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.253.1:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.253.1:139 | connect.facebook.net | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| GB | 142.250.179.233:443 | www.blogblog.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_3828_FBGYQWJUSKESLLSC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7782a0bc853e893def984275ea50189b |
| SHA1 | 926caadfb899b4b6e354565a320c4a2be62d476d |
| SHA256 | afe6196879cded05bd882bcf3fb851aee94af6f2f7daa33d6241d886faf7182b |
| SHA512 | da24a09e3423a5902a5d940ff1cdc90036e982b761bf982846d89b2c34c6ceb4b1e0274f2402be9871d4c58247e3ba060151daee81a46abbf662c6f07b634793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 47871ccd3e8f322d1905b80f66a7e81f |
| SHA1 | da2087ab1dcc1ddcf655da657c7b2a57d510b442 |
| SHA256 | 4d8d68f3682730a8346f39c006831370cda878ddd5645b42ecffc8b5766aa17c |
| SHA512 | f7bda788c5271041ca9a75abc5eb3e951b643b9f89cfdc693e8aad3e98d8c0c348f93b19aa33c148996bd0eb4be5cdd8c06dfae3b42357e17f186fd6946f9749 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f4d8e0b1ec5eddb612362aae0b21c9a |
| SHA1 | aab38d69e8fb09a73cdb8fa7c29ce8a48fa8aef2 |
| SHA256 | 769e0b7b93701041753aae1899c1dca901fdfc68626c72fcbd9f1adb428589af |
| SHA512 | 25ce330eddb6ed881e0f754767549c3b1dff32cb564baa61dc486f20d5aaeab03dbd4ae89954a420e017856d6635af7d06eac60d4a00ec2c31733e5bd94fb272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1755b589937c3afea2e858d5645c6d66 |
| SHA1 | 4f24a03a1dfb569e2213820e6f0441eb4f70b0a2 |
| SHA256 | 1d001866fb9765f6cea5dce8646fa68b9d30ab253a328ff6dbab2fddc839c6a5 |
| SHA512 | 8cf2ccdfce19c9807950aebf277307678ed6b884905587d8e502055e43aad6abcda9c67ac27d688f33e6a8a7857327765b38a638f4459e442f30e30c88240548 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc27.TMP
| MD5 | 2296ad3a2b83b82598d13d8a0977ca04 |
| SHA1 | 62434c34ff58648a5697fe2ae79bfe711f2f1c0d |
| SHA256 | 3dcdf81b7bfe3bda435100a6f7a9b5753d3f9fbfaa1e477772cef5ad5fc4656a |
| SHA512 | 8b1dcd75fefae3c7bc947f93e2d95810facf6ecd88dc3d600c6a661f017508153e9785c5bd5d9e958b2753d471edca13ea78931588ef5cec3215fdad07202a66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b58fd3f7b3baba315bf3f5d6c1121cb |
| SHA1 | f8a4376de8f1c8ba5d070998acb7e61ce9ae356d |
| SHA256 | d973f0a959afc02e4ea5e87fa1b821f778ecdbceb52c4994cc04ca4e4d9a1c53 |
| SHA512 | 5ed43000eb21f4133f3157656dd2d79250d2e811ef0960454e51fb9212f2323651fb46985fc63f38907958bb82b76a8172dbf7eee28f6ba8a152ec337a03ecb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3f8e57d0a47daea39c8c3afb373a048 |
| SHA1 | 55f1b2da3eed399b4b2dedf8f4becfc37b6aace9 |
| SHA256 | 14249dcd7ed14ad2b2d90cfaef686d6eaf9dd9cf05f92cba472f4a1c3bc19a09 |
| SHA512 | 11585eae23f339fda5e3f57cee7073120ef7bb7cdc7fc243689e9ba22221156cd10ec8976ccc33d174d9398a596ec417e839a47fc786cf8826abc94d21bf8b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0840f024ff64aed1229b654fc49d7d8c |
| SHA1 | 41901565f1a232eb2a9d94595c81a9ed83f20899 |
| SHA256 | 6e680be6aa33b3ca0409ab69b0bad4c7f18de96fd8747fd2e9d0eb164a20d9cd |
| SHA512 | 6863da6c618036ca3cb3e903097fefe47f8166d8fdddd9f75041bbbf8ad94dc1a315f132968c0650abfad6ad806e144866d8fd9221dba1edde1302f8058f1b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0cf9d42eeb734c6bc45c35d9c067715 |
| SHA1 | ce781d222a8df44a5264a618823f1de16cf3ded9 |
| SHA256 | 12c567f69ca53bf131448fd42281c748b83f45bb13a1c8fc9c514b44194f5a53 |
| SHA512 | 68a6652a2aa849ebdf03ce6e081faa18571411d9d4b46241caebe2a0c6971b3e23044127487b89510e6a176b239b4c81d9032f51d681ccf56fae9728a7c6974a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |