Analysis Overview
SHA256
befc4a0a9dc202d3589167090dd3e5215b233b8ff010c3e1ca1bd6fad8529dda
Threat Level: Known bad
The file JaffaCakes118_e93e6ccf5a928c2cc4690497b9fb1c8a was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-10 16:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-10 16:51
Reported
2025-01-10 16:54
Platform
win7-20241023-en
Max time kernel
134s
Max time network
147s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10980" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27827B11-CF73-11EF-A160-DA2FFA21DAE1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109d37008063db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000008b24601c7c29b01929a04cc57c236542c026ddb90dd7deb24e4d2cff6eb4cae2000000000e8000000002000020000000bc6f34b472ca0715428358a835dd4b9f5b21aa9b3e17622e181a0b7aca9d2554900000002ea0bcbaf670d64c5051e8ad3e669f41e43941881c9c6046fd75a403171607019155158e60576b3393d333aa26f8a5f356fd3b5761025c6fa24eb617f9469b755b6f2fb04a12bf4fddf1fa6f8945e5c92c6a22a8bf0423a92dd73af5854f1963f339ba2e14a34340419a8e3af3892eaf1e0fc5c0617cf3c7eee6b5c4ccdef20421dcebfa7d3bb7dd73895886e666f58640000000b9138785313d175ae6dd2e65f0f31c76db9cc9a25c0ac2ffa1163f1907ac075052418bbe6efbad4a0dfa2a170cdbeaa40d4b8b5e37e8a4be686eda761a2bef31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000b815209b3058341181c53715cb7eba0b1556d227afabd13bbf51596d3fc76656000000000e8000000002000020000000e6e5d472c62ec26937eb1300d588c01ca5c5e32c37da316e8a256d7be7c010e8200000005fa59769fbc07130e7190db757e607a4834b16a627f78713b9336936a4ff8df840000000f1a599501eef0b1f91a9dc9774477b1d82e1623073db3cdfbae5a264198b43c3a315a76d68a6a46909f30467eacd664fd35cc4a523179908433aa3b5683d5982 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10980" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10980" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442689764" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2604 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e93e6ccf5a928c2cc4690497b9fb1c8a.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | cdn.euviali.com | udp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 172.217.169.14:443 | img.youtube.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.14:443 | img.youtube.com | tcp |
| GB | 172.217.169.14:443 | img.youtube.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.206:443 | img.youtube.com | tcp |
| GB | 142.250.187.206:443 | img.youtube.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 3.19.116.195:80 | cdn.euviali.com | tcp |
| US | 3.19.116.195:80 | cdn.euviali.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | blog-pager.blogspot.com.br | udp |
| DE | 157.240.253.35:80 | www.facebook.com | tcp |
| GB | 172.217.169.14:80 | www.youtube.com | tcp |
| DE | 157.240.253.35:80 | www.facebook.com | tcp |
| GB | 172.217.169.14:80 | www.youtube.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com.br | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com.br | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| DE | 157.240.253.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | blog-pager.blogspot.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c001c1535ead5d7eac299b31bf5dba05 |
| SHA1 | 047f89288e254e646973e9b4c40cd3811fe626a1 |
| SHA256 | 5efe51dc9a3910007aa267d75c8a257e8bf127284d521b5bea0c8f6d19d402f1 |
| SHA512 | d6780ef286fff2581cfc5729a5ec5c7d8a04b23e64f9320ddcf15f8ebcf08a6f57cb8474ceeed469668d50cc96916d9168f08740bbf6e772df83cf490f115a38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d5180223ba059161e0790d5039dd69f1 |
| SHA1 | 711facc50fbe0c7345058119903a3d2c28c1f574 |
| SHA256 | eca7748104fd92a153deae707860d19ea0f1b6e90fb8d9a1de0f1c9c421d4c20 |
| SHA512 | f0b8ef3eaa845603b0d952f60a1c88b1c4b5403b680f363eac0216983134f610cb614b490af3aaaae299f623d0308f9b50a0dfbe9a418f84f75ded2d317d1859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d7c0b6cca36872fc34fb23317a6d5588 |
| SHA1 | d8f278c57ce31866c0a7019de7838283596466b0 |
| SHA256 | 3cd37e215b43fea19b65b21763f05e384dcc954b345026ff099409ee3a829912 |
| SHA512 | bb72f8c6cc0ce7d10c351b8bf665e07be499b87d95f031fff93707aeb49e9d3803c18e280d748bd3f395a9a18c7855feb2122f552fe89586b7038b548ad18d2c |
C:\Users\Admin\AppData\Local\Temp\CabA0E3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 1d89eabbda9ff56102ccb87b1e1d950b |
| SHA1 | d354a5f5b428779e400d4fd6a5667d3bab1ea8cf |
| SHA256 | 5ccd0560320dc133c0cea5c0d3409ab2ebaa1e4aec5e4c0b49d4c5aa56239345 |
| SHA512 | d70d1745526443b387f12283e6519d7cca4133ad6f344f52bada935699249c0f03288e8ec20e721a383e73f63f70b736f4fe132f1eba16e2d7bf9e89fefba7f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_252B35A0C9E78A87AECDDBB68FF7B1F0
| MD5 | 0fef953a469f713bcfbf1bcfc57855f6 |
| SHA1 | f5b15a04cba3fab24ae41330f9026df7eb029969 |
| SHA256 | 726f2a31be43571fdbd89226e7ff01db5c3d0fc0b5a47bcd4fea771f0b0faadf |
| SHA512 | 34b2fdebcf3b3363a2356b34c116306f96e51578f0be634fe98f43c433b32239e18c9ccc7089daf1aee887dc1dc09a047eabe8a8600cd52a867b650f60f22c60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_252B35A0C9E78A87AECDDBB68FF7B1F0
| MD5 | a5b96d7d49cf49bf29a6b67a3bae7df3 |
| SHA1 | 7b59ecadf26d5e82171eb306fb966c654b3a1fe6 |
| SHA256 | 445be4087ff1d9b6dc1b9e64d2243e18278f662586bdb9e5c4c1ccf7fc1e448a |
| SHA512 | 8e97babb14c6b0b8d766f71f3bcb37399a15b715278f122bdc771e9887270272b4065016124bf8636def35b6f325d7b56d025a492a3b0c21fdf92b3536f4bbec |
C:\Users\Admin\AppData\Local\Temp\TarA1B1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\cb=gapi[3].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | 2404ed7bbd71fa9b250e4fd6c76e0a39 |
| SHA1 | c64797df61ff033eb09193395572476bb165b564 |
| SHA256 | 6831d2aeb7aea7ea06b8038676a9a34227da62c6f52078dac6932164c8e413b5 |
| SHA512 | 69c83746a3ec66b2754d519ef04ff2735b3dcd5c884500706c3b8fa9ba45bc2a226133dee0c1b7c99a61d4f82930373ae5bd3902640b87e2ecd6fe8f2dbe27ad |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | bf6a03b01a2e0551d9cbefcdd820cb61 |
| SHA1 | 834faa98549a9497c2fd4911eda5609f39b5bbdb |
| SHA256 | 4ec56c3a993445a7a26cd07bfd32aafe46ccaa7187bc02a139334c0c63cce291 |
| SHA512 | 8e184186c4db6339147122262b401c12cf10b7078e5764782c9053d14e86efe03ade7f5ede395b793a5579dbb35ebc16cd1829970da53551c401b558b9be05b5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | ca2dc7c60985a9764d78a70628a851a3 |
| SHA1 | 6d156be4b1df3983a07550db2bfe7ad8db05f60c |
| SHA256 | 0e1abc76832ecf54b1c9df58d5add74e46c13b47cf02e6caa15237a875fc071f |
| SHA512 | 2af6e9495fd91595d89626b8187d5b76b3e6f88de35e082017f6801a9342ff66160f06ac9fbb69a25e686cb3882005a073ac01c4530350e3cb9ee9d7706fa7fb |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | 4da06420848f75519f4b3da60233b462 |
| SHA1 | 45b2e5a7e5b35c4c61fc7e5e429374228433568f |
| SHA256 | 8d709898a5aff3f6ddb1063eebfee6740029ef65f3b9bcc6bab9596b91e50654 |
| SHA512 | bc529fe4b18b2bfca994b2aeb525a185bd6b8e052db61940f02227348e877bda8060f320ec1607e9b465a980348471ccfd6df661fd0634faa5b762f2fa70f1b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fbe92b05c71696b93e3499373b8fc3f |
| SHA1 | c0819c337b6eacd629958bbda231507b0ea62a5d |
| SHA256 | 0f874cce58bc22a234826942b32126af9249a5faa274fef81936e8e882cc8201 |
| SHA512 | a03e95b0c287cacd284de7b0faf50d31371f5e6e9cec70cfd05fb2ba1bb919203e061b068a7ddfe9f464156bc1fc74688ba96294c08fa3cf096fbad94d69256f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc257e0b13825ed0a0622e3fbbccbfb |
| SHA1 | 8c7d718116d79592b0c51203eb0431d726b51f8d |
| SHA256 | 4429bc9632b018e5fd3ef6bae2f528736f6c656e2001ae659bcf504f8b6b9799 |
| SHA512 | d7521bc7807e7b98b0d50ba2aba83d0ae6c35f092d8e2d5307cea8bf353fd64d5d0f4f94d28ebb403158adf65ee618df66c174de4bae493085b9950c347ab255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b28d4d9458e9a9610d87a88d4e0111b |
| SHA1 | 17409ff37cea090abd7adc6fefc026506e838e11 |
| SHA256 | 3193188d31930b5cc40a15ed575073b86f04f8e136bfe70bf42a94bea020bdc9 |
| SHA512 | 859b456d1680102337d262b0fed24b1778c04c6a5d9f562667be3a1500b8161ddc3ee0188f21144fc5b28eb8edcb465ae1e0f3adf65b969e4e8d3dabd55a64f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93c02640a43485255786015b2324289e |
| SHA1 | 3a1a1600144fd64bace8fb19ba15eded0b82904d |
| SHA256 | 7e364cb41813b22554f0fcfe08e5019464baf93964c34a0893fee7e4c22dba54 |
| SHA512 | 12c7ffb55d9172af67df9529811f5958ac1c0e44c542c78988704ddbcd7855c92653836c4a0a2cb354a300886d3da426ff6e249fd4174436f676795db40edb51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e2276e7f27d3e3edf7b9199d5ed673 |
| SHA1 | ef36a5665f5dd71e65204cf476c6eed87edf16ab |
| SHA256 | 38c239ca1e957e432ea9e6531eed8ec5ae144ad12f66fdc77d5fbd8b64f133e5 |
| SHA512 | db40bbcdbf097803307b30c5e7a3e58673e1a45ad57f5f192756862498a4b0f8e7cfc4a379a971705d43bbae08a0f5a994de692f5a360ce158d2818160e94205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32b003e09741461b2a1b0fc666fee435 |
| SHA1 | 49b697eda6c4eaa90bf749858e929f9ecebbe347 |
| SHA256 | 13ae8bb17eeabbb39b6b4b4566de35f6473fa5cafccb3bf3f5bb9a25f13cfd10 |
| SHA512 | fd9aef9df16bfc728a8291e1effe0052f5164f349d1b323ec217391172d9b8426d831e1803706395636e88e400905041333210aaf2f47507a84e442b6bbf4f0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2982a09ce9bd26b7741cf28a534e05b8 |
| SHA1 | 946001ff9f79f3aaeb97177cb429ff9b13860a2f |
| SHA256 | a69192de686ab158ea9b5caabdcde92291d88d119ac5e5af5ff703418c527252 |
| SHA512 | 8f6220e0381a12515d71ddc9f3fa8ebd2afdc50cd5775158a5fbc67ec0558ddc0aab4fba6b439347df63fd49fc975cae84365828ba8efe90cfab6ffc6dd375ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5c70cdfabd3bdc06ecbc6be255cdfd8 |
| SHA1 | af2ebadaf0b4e392caeb2e57055bfb2ac0a8932a |
| SHA256 | 666148d7d47793d692dc9843bbe6acd1f5279fd0917ccb3dbc5a8fbbf2297f3b |
| SHA512 | 993f1e4745e49c87aadbe002b4ac2fcb3d125adf6975067f30d8468f9dc5edec209da9be535b4556aac320007d303513cdf8e4b366b7bf3687fb0026c0a63d84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea9c0271393be5db38dc4e4a3999d8ee |
| SHA1 | a3d49ff217f980e88cc61e9909ed01a521aa3ff1 |
| SHA256 | 4cbefdd3a98465f62de622c39d83b9177216e9c0b39a6288d5f2532ab54e4f49 |
| SHA512 | fa3f9781f42f4ff5023c1a57108f4e2b82d726084bc082a854f9f5397372421c9cb530503d1ea37f97b961273e08ac65ba5f8acc91924da9575ddd8347666554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4adeeeb7a693a3b9e151b070d4a2db55 |
| SHA1 | 9e3b0f4f6763f4262ba16d42e07742a3850af12e |
| SHA256 | b37cc9595d4f8db8a4df4c9926364217547c234a32f8689e8f1582961275a0e6 |
| SHA512 | ea411e82e849f39ad610286ddc33630b5b2ada3f8e30b5eac82f5e42b4254ea255ae9c26e4a3685a93e1957c423ba122c243d3ae3518ce46b068842d6937a4ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 643c6837323a5a2e2c086bd4a8c430af |
| SHA1 | 8927757161c37d50caf59fc30a4b2cc5c918da46 |
| SHA256 | 285d32d8bc7baaca3d2987d8fcb1a8a57185435cdafbd362ca337b2ac6673ef3 |
| SHA512 | 20e36382d70234d48fbced7483c3f22dfc6adb1ae92713eed68bf92ee9fa365b9262c17cd8b6822400ed74e3211bf9e21f78765dedaaded139a42410802ccb17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c2188fcd93097ab2f1150499c905256 |
| SHA1 | ac163f200fe4d8e0849beffe13a0a364f9b99c1f |
| SHA256 | 294aebc2c012521fde7e78675096ee1c3a1edd262dc86f1957946eb44994d870 |
| SHA512 | c8d3a4add141d46e9eea53e96d25cf26cafc20eddf2fd0080977fe780fa52bdf8d99528fc7ab4fde25c98e83bc326e96c29ef3cb6787a4f74d062aa0f0bfa669 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6B0NDYFP\www.youtube[1].xml
| MD5 | 7f0b6e1c04d2022db7237acee22f857c |
| SHA1 | 0ee4f96c9c14085f7347f8b4a88cbb9bf36ae14c |
| SHA256 | aca1d433a66d2401589804c2238fbbe791fcc90c9bbec38dde03376f585e1ad0 |
| SHA512 | 198106530241ef122b6d175122533f11e7f905c0ae73ea0b2aa43079c85c7cd9703db0b0756a9a74fcafcd48738d97f73267d6767270c1d5803c4c35e6986f44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa645585e1a8ef41d62261b1a2a65cb5 |
| SHA1 | c5df42d66356637d26c76aa0accb5740ead00237 |
| SHA256 | b9853672be9371c69b21f9b0e8ea6d8bb8b8ef134974d1d9768df17e2f2a8c7b |
| SHA512 | be9648ef179518562636da26b61c5a0e174bda8e4d95b3aa24c59557b85122892a0e64038edf252b6547c6aada6ea0a8136590e3a768490bc754ce2b74e6f43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1d5536ab311fd67bdb3c032fd352bfcc |
| SHA1 | 39fdd66bce1568ef957acef6e512923260793bf1 |
| SHA256 | 2ed54f78ccaa503601c8ce85649cc7bd9b1fda2bef03ad0137de6ed8a1c5ba0c |
| SHA512 | 3762fee6508a628fa3cd34ff12b287d876f90f1fc05652f25a246bb6952e6bedfca8d6263221f75ec44b4136144cac9d09e112b4d2832fe925532b651e3b3a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea375b2d5fc73f7e327b77a1d195940 |
| SHA1 | 83675c744735aadb50174dc7ec4a682e37a6d1c0 |
| SHA256 | 8454a85be37352aa6764b4991d5def90a0f348593afa8d4ad83b97af4fdcc60f |
| SHA512 | 364ec9525b6f79652c33373b22b65747793794ec0ec772446c42f4777ed63aa710c3739f3de6b45d2e062580b54d3ac67c11a2c782b698942f50207a22f3828e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f37ff51dc1370a15861fe84ea4feff4 |
| SHA1 | 882f1a8cee01a64760664cf267435d52dd991b2c |
| SHA256 | b5be3703a4b3b22b5e2139afdca3a7735d5664eff305924bfb45c511e6f6aaf0 |
| SHA512 | 963623b980993f9e5f9d3ddef9c0fe1202c0645058c78367afa609081e492d9be53e24e8cd701a78ff7f57bea87cf712555710787dc05a0210cde6cbdaf90d5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13eb6c2caf98e61087e9d3e16efbfd92 |
| SHA1 | 780f53f0ba1571bec08816c62e8dc487faa9c0d7 |
| SHA256 | b726b3752ed577a2bdad0a0eae75e012c40ec5a6e8b87ee81ac0c9a2b47717f8 |
| SHA512 | aab4a36ceba3e8b062d2842b1674b9e153a7536c0cd89f001d63db105c7d1459ba722f2c6fa36f5cd1fcbbc7dac46c687f6a09f06c4e5a484fcf9853ce91c830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d2bea380675034c79a287a03d47afc5 |
| SHA1 | c782cc8dad5d9d4d9f460c370dc3759b8c011abb |
| SHA256 | 0eac2133b89cdbcc9cd94e394933e6b1a7b93c764bff8e0dbf570ecc1a430e67 |
| SHA512 | 6d2ecad2d1d4ac86cb875c2ae3e8f2241924b678a768b7c9d0b856c1f7882230453eeb6dc05ba0ee67757840fd224415746c7b227271531933f8362072aa892c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b62f92bfad7d2e2437eabb2e65b95a49 |
| SHA1 | 956df736aa3d235281c7f1d264764010c8a67715 |
| SHA256 | 4ff7b70bad859cd1959958f8dcdb8d692038e85c7a5d89015e6fe8c945dc86df |
| SHA512 | b48d82f5977a485bf75f4eb0ab256bfccba1de9bc08663cc090961b3f2ec9ca37e823a35dd47b1698012a4cbcc5f8b4f2950278390d50cbaa51a78de9ac61c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 62e679200abe5ee7cd1414e31c70be7b |
| SHA1 | 045a13bba0e527f0575d74b9224352418f45b604 |
| SHA256 | a7f0cdc1adaec408fc8cd32b946c722a0409fa8f174669d8ea17a2d656974251 |
| SHA512 | 0f11799f3666e24f7a49f1e11135b0f285df8de2b308f1f4f22d69d2c41052efeae87dad8ce036a311b3eea2ddc12b8d85a19c51ad2b254b4b379adee8fcf4ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6dae9c5bc1c7d20702b0050c75a43ac |
| SHA1 | 241efe809bbac0c711e96001f2a422461e4d70a2 |
| SHA256 | ec3daf0e89a700fcdab22a7a128f469a38845a3ed30b9b9ae46e24927dfa0672 |
| SHA512 | 56ffe3b2fc88d57704ea788b842249ccb861664006e92e33ffaaf50dd90d8f8e3ecfcbb48745328c0881d1e91c6094b30cfbc0f271a536839f1d9ee57c729345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a487f2e86a00dcc747cfb97584fd93c |
| SHA1 | c2b699e09072edf6ff1abcfe4ca9ec354c0e8524 |
| SHA256 | 267b182c69d1df301e88783c32fbee9e5fe6e2c7a1d5219c9b1e0174f10cca64 |
| SHA512 | 81b8ac5e93063d4f1385e61827c27d2f550c261c10dc4b6056fcd4474ddcfc87d6ead115224e2297f5e7c56e411b28d4324bd9b8ccd752a225ae44bbad72f970 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GP4P3HF\rpc_shindig_random[1].js
| MD5 | 2a64803c4545d283d7a51e71f82a64a0 |
| SHA1 | d1e190bc4ab6a900cddff5891650f5ddc390e9db |
| SHA256 | 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1 |
| SHA512 | 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6G4X5UFP\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-10 16:51
Reported
2025-01-10 16:54
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e93e6ccf5a928c2cc4690497b9fb1c8a.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7220569496714932653,13101244386000989275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6408 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.233:445 | www.blogger.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | blog-pager.blogspot.com.br | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 172.217.169.46:80 | www.youtube.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com.br | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | cdn.euviali.com | udp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | blog-pager.blogspot.com | udp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| GB | 172.217.16.225:80 | blog-pager.blogspot.com | tcp |
| US | 52.86.6.113:80 | cdn.euviali.com | tcp |
| US | 8.8.8.8:53 | 151.44.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.21.104.in-addr.arpa | udp |
| US | 52.86.6.113:80 | cdn.euviali.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | udp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 113.6.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.178.14:443 | img.youtube.com | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:445 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 142.250.200.33:139 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 112.27.33.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.179.233:445 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.179.233:139 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.179.233:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | portalsempreconectado.blogspot.ca | udp |
| GB | 172.217.16.225:80 | portalsempreconectado.blogspot.ca | tcp |
| US | 8.8.8.8:53 | portalsempreconectado.blogspot.com | udp |
| GB | 172.217.16.225:80 | portalsempreconectado.blogspot.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_3356_KEJRNNMLRUZKMSBS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3543941208aea0e798d002c75c639051 |
| SHA1 | 85af3938c1ac66f0cc3d14ddd4bdfdf6c11a9b80 |
| SHA256 | 8a0c033cd2013928b24c20b7465571693c9bc14b2a2fb690f206143c8da4d0cd |
| SHA512 | 8747f4b156157175410a1397f2a79f3ef1541f9abeb15b65fc1a1f6ef7db656a361b9af55685d4b0b1eab22d1f9deb6058faf280241a98f21027addab3602d0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 366a902f9f4c5d709847bea8b7f5e392 |
| SHA1 | cc53c7cdd1a2c7ab7bd00fbd9d009ac41560126f |
| SHA256 | 08871236892a3caa81e0b2107a1a55f50b6e12faff8e90d6c4e018774a9ca776 |
| SHA512 | a385454b649d999acb647b5b7e7a70182fc265432bfde3e2ee55a7ceeca378069e2817df50e7219ad87b99ce78a4327bafaddc4ddcda513249ed83f288966209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad51a87c919effbb5c6fd8fc95798d1a |
| SHA1 | 737afb461d6d3da22634856e10d873febe1c46d1 |
| SHA256 | cf2f5b402246d441d983cd7990ee03dd4fe6794625a5b7a3e3527cd30b66a6fe |
| SHA512 | 2505fb824d6a2b7b6bc9697585b47b1be5c3c4ababafb083ea2489ad0242b6fef0ff8416b7049df661abc14c60a52f14467bde87409213065636183af538f482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 597b20485dcbd88aadc1452a2dc4ed83 |
| SHA1 | 706552b864b58ace425c048740c25b01fc1d8ae3 |
| SHA256 | 1d831b08dd93c7c43d972dcad286b7235137120a10913e36434c9380097bde14 |
| SHA512 | 56de4d401f8ca396342f74846b7eae225f6003089c771213cab58da320703f67bec9f7a714dcad06bb4ccd12c688f7e8d9e1d521c4c8f6bf2f449f0642074a51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d845415e9a4bb2e9407f03c3aab3ed37 |
| SHA1 | fdb517034574842cb7151c925e81bd468c66ab84 |
| SHA256 | 35629cc7e4e9f776988ef03e860c31fb2ff53b8974bf32901ecde5016b7d842c |
| SHA512 | d34a1b216bbe473457684a74c92585c687066e451016947bb3717e6b99c92b9801de0c7954f6080ed39001d9d19cfba621e8a55554a163b6c2162825f9cdb78f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 243f52621628790460fe244be48538b6 |
| SHA1 | 27698ae56cf6d04c96130aac2fae12beab038d39 |
| SHA256 | 0d47aad19f4ac0d24f98165fa3c4370700535e770d5cfef2b568fdcda3fdd0c4 |
| SHA512 | 7a1a5362b7a10b74c9f5ed61a88cb5b885c300576125367eefe1857dc1170106ee3d22bd94acd4bff7c5916c80cf42a7be91e60ef0d48610f19f96348b20a16d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c4f613873ce27bd2c807878cb9812399 |
| SHA1 | 973d7fc2bc6e5fc9f831767d90ff5da7c79ad106 |
| SHA256 | 95e8f0f03c6363b747dd8657216ac07d2ca31f7d52f8bb0f8b813c3bf12236d3 |
| SHA512 | 1f81a22732b93903d09654a48a6f644631a43a57277cd3e52ceb04575f0bb07eec3a31197ead5dd77824009649290e46d520937d4775c0104e530f11037f68a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2e292908f8409c3e68a51729f633b10 |
| SHA1 | e1eef3f1880affb262e7c38ead1e3642bb434372 |
| SHA256 | 31dd9afbbe7664f0af5fa70d07ff97c378edaf0f4e3c7622320d6b038e87d1e5 |
| SHA512 | ed484627e3a363e8d20311a1ec2258b2586bed873ae1a75f93c1c2e94c4a8111f6ca0bd7f415554b782706e01d756907a62c7aefcdca5fc359174ef83e4fd8f5 |