Analysis Overview
SHA256
26231a9f83ff440979a263925bd856ea8bd029e394fd5b9f72ac608933c7a2b5
Threat Level: Known bad
The file JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Detected phishing page
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-10 20:36
Signatures
Detected phishing page
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-10 20:36
Reported
2025-01-10 20:38
Platform
win7-20240708-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{831866A1-CF92-11EF-80BD-DAEE53C76889} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3c605b8cc1514b82455712d0bf21ae000000000200000000001066000000010000200000003fd4a30fc1dfbee8e98b64f82e7a3b5138fc16eecd2dd2eb39c31c8686183867000000000e8000000002000020000000d78e9a9868eceb93a3d297b41c833f9b7f7899d0a7a3df413a2f2ec2b6a38e0b20000000e5de985653578478a9a384e8eb5e67d83b52583f0b6f52f110f9b092e268528a400000001e57a4ba742ba42ad67c4c407f3354400bd891ad06573fec38b15e041c865625d8fdd41c5b9326c1fabab8cb1e9633e8e1b68a6059125b99340e7313e9176587 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3c605b8cc1514b82455712d0bf21ae00000000020000000000106600000001000020000000a8c220ff5e3dcc28ce7714912ebb849f05ac16c0e1e0e0fff53e00cf2b4e93f6000000000e80000000020000200000009a84fe910ae15a8199a925e193c928348fd9a3cfd37ad887dcc4db1ce933c11e900000007b1f335624ed5c44f916c2e29953d1502c8069be88b10c78f43327ef99a94e2622c30d4fc34519cdc4140d4fd00e68a9a32302cf428799caf1746b1a1acf942b3ff39c4209292ade3a3592ef1134d8d7ef7f925b2f999671a787bee2c9e79bb0c05802dbfda2a6043af6e5aa7c30ee0bab57319bff5bbe55edbc6685d94b616c52d9d95b940a8ddc6bfeac19248d212340000000808dd4b21530eb8832b8d3743a4f293129e00c30f0c2d7c4ac38816ddd55da24c0f475c540c553e955bb0e97edc96bf4a23c9eae35f071025f9344ac97666726 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442703236" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90562b5e9f63db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | js4you.googlecode.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | s10.flagcounter.com | udp |
| US | 8.8.8.8:53 | i7.photobucket.com | udp |
| US | 8.8.8.8:53 | geoloc1.geovisite.com | udp |
| US | 8.8.8.8:53 | oktri.googlecode.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | masterendi.googlecode.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | p4r46h-blog.googlecode.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| US | 172.67.218.122:80 | www.onlineleaf.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 172.67.218.122:80 | www.onlineleaf.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 57.144.120.141:80 | badge.facebook.com | tcp |
| US | 57.144.120.141:80 | badge.facebook.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| FR | 3.165.113.12:80 | i7.photobucket.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| FR | 3.165.113.12:80 | i7.photobucket.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| US | 172.67.218.122:443 | www.onlineleaf.com | tcp |
| FR | 3.165.113.12:443 | i7.photobucket.com | tcp |
| US | 57.144.120.141:443 | badge.facebook.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 57.144.120.128:443 | static.xx.fbcdn.net | tcp |
| US | 57.144.120.128:443 | static.xx.fbcdn.net | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| US | 8.8.8.8:53 | i41.servimg.com | udp |
| US | 172.67.217.127:80 | i41.servimg.com | tcp |
| US | 172.67.217.127:80 | i41.servimg.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 34.239.206.54:443 | www.reverbnation.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 172.67.217.127:443 | i41.servimg.com | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 172.67.150.119:443 | arvigorothan.com | tcp |
| US | 172.67.150.119:443 | arvigorothan.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | gp1.wac.edgecastcdn.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| DE | 88.221.110.168:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.26.94:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9BF3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9C25.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e759076640c4ac13b173bb01a285945 |
| SHA1 | ace84c4b160fa8e9d4128cb64c16f91be670a32b |
| SHA256 | eee5279fcfd5a9237b8b816157dece96a476bd2b2fde25636f2dc2e0057b52e4 |
| SHA512 | d1cb8cac54841a3e728b64000dd9bb735b6f7515d700ef92b87c7c3f2d2c5c3a4ca4d91f1b467c336421efd88dccb33ab8ff59b12d784ae023ee8fe2147d8e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58ce949a353415961bdfc7dc43981d7e |
| SHA1 | 73bfcf693e1bee9177b310b73476b0ec12e8f889 |
| SHA256 | 750f4c9f59e8a919710cb6779f554c55353b608878aad96ea3b3e1d74500291d |
| SHA512 | 8ec9672a1b0a6a2adc357c4dbe320011b10f070608e043676f01fa95abf7c532125c48958108084f74f98e4cfee63d2f4c979ec78557feb43d7ca75f9c1e7a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 918b6f8f65524364424a1bb1e8ff1207 |
| SHA1 | e7d9cb25b73d16c53b10584b00b1296eff113cdb |
| SHA256 | 99113587049184ab71dd9739b204d9c4896d02ae87f65f185d28bf4771083dfd |
| SHA512 | 919414ba5415ad7b4b7a7f65bcdfe2395564f29baf807e7a1c2b3d63e7373f54d0cfe95c2e4d284036b31cab65c997f1820623cdb455b39df5db691db50ca500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 92b839135741069b05829b07b6f3f3fb |
| SHA1 | f9f5ce1b773f2fe6388af9d48416827e80964cc5 |
| SHA256 | 4ae12fedbb424da1938e2bf5b343dc175d9cdaafd4123715be68dda9bb2f18c5 |
| SHA512 | c229439b8ae1b6760533115e1e9c70a2aa8aec489516c7245c139a6f2961bb5b8f79d3bf67b71e1df725ee2a94fc355974d297edce4b57b4a5ad2d46f4a0c38c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | bdc7361e15ace8722f4cb2e4083ee8f2 |
| SHA1 | ec42d48b1cfde8fcfb764022f7d94a9a4e5b4fd6 |
| SHA256 | a0314dc99d3e0b4955d20088868ab1cb8083a36fa4d69561c82c7635678928ea |
| SHA512 | 320266e90400156c18f3a927f89fdecf22f5b08d1de7f6a6bd5bcea49d09ace6ca8258559a165322035339eaa9c23512ece036941e5cfee1e939ddd795a2c14c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5ae7ebf75fd33567ad2e4be6e01e1c3e |
| SHA1 | 566b48fa54abd91bb7a60bd446456f9dd7e3ef03 |
| SHA256 | e7b6e539a6f29dc88ee2352051043635be31ac46f4c113ebef2ecefaa24963ae |
| SHA512 | 06a576c3f701140e0fb9ac370389c11bdc15b54e60340959fb5b035be917e0050a23945b82ea36a7f949163a4547f263be28dc6168c9ba428dd6a784f53e5fcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D
| MD5 | 371f07b16890b75f8723a37e4c78fe72 |
| SHA1 | 026d701d4e859df466dde9b3efd68b118ee9ea27 |
| SHA256 | d61ec2de728b78b9e2254e6fe35469cc8d01e08ff761982e67326e0e379791ca |
| SHA512 | 25ad2be6aa11599944f3e92745a15eda33cd51315ec94f58bcbc2a966c3406a687c29123be8b9f81e7a8127e3bfa108aea92509231e699dcc3f102ce5d92d595 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D
| MD5 | fdaaff306f9908166f3fec130e798df8 |
| SHA1 | 0ab422ed789b50e706ba69c9f787443dd5e6f9f7 |
| SHA256 | 4bffcf6a3521fd5825a18d7fe6eedd7549facf2f7953c6e05b81fd3a9bb81a55 |
| SHA512 | 1b1d4ee0c4d003b072987d0a67efc691f516ad1933b2df5409b411420f33e7692a15bc4b0a4405ae2e558a59effd4da610a49de2cc89785135568bb8ba829e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_CF0CBB3D0D6F86153E0774F3F89E134C
| MD5 | 3f59a5a454b23c2c79c06554af88527f |
| SHA1 | 0493467bdc1d9cc5491200f76610b5b8d47781fa |
| SHA256 | 869d9f2340fe6a980f38d328443c5ae6eb1818ce0799245ac20b4bc37efe9425 |
| SHA512 | 53071c9a07ebe826bd29113fd99de3a25d330efd408986c4386b18f25b846278820e8214a255b2730ab8e53199d01faab7711736e406a0c86fd7d134e552ec40 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\tab[1].js
| MD5 | 8fe8954e18b3eafdb2dcf03b218e88f3 |
| SHA1 | 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a |
| SHA256 | ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600 |
| SHA512 | b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31bb6ff2c24e5887cc6c211c2c45f154 |
| SHA1 | c0117a77f003658dffc8dec23a4853db61a4513c |
| SHA256 | 385bfba302178690fc337601aca156aa6520ca652e1726e45c281d8face01471 |
| SHA512 | 5ea8831377519f0769109497fd63282d338752bbe5f31e9a888e042b2c4bdf6f696dac2799d2f2c813c85b0e4fd1a94acd6da11fc8735ecdc842c0b780eb45a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a598196066f46deb6c4dea6b5b71b089 |
| SHA1 | b25954ec63c18f8d1c216d89adf4d2220723f0f6 |
| SHA256 | 38d2ef31951d39ab8d6b491add8816a5d78294074ad96a963bc9f585cfa31c7f |
| SHA512 | 40b5692fd5e39e17acb4373cbea0b532b89222ef761dc152a0e5253cd9555785885cb8ca70c5c950c92354f4a59d398af998d40e19f235ae8b3e4596d85b6509 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70e7f3b58aa2ed4cb0d1e50d68973a2d |
| SHA1 | d88cf1f44aa130466b095be98e0cee8be9e78b0f |
| SHA256 | ce8b7cadecfb37ab940d563ecc437a0d2007d3f2f4d14fd5187eb5c2007eacce |
| SHA512 | 19bb345abbb0bb2afa63476f99bf9d1596b5bbc676b80097828944fcdd0d9b18d7375938e7f252a1ae5641cec93973e186bf561e2c9230a2091626a5b5192793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d400a95f4dc7feac7556cb71dbe25e7 |
| SHA1 | 45210a8a6f1fe1af6fdee1d2bb5d903966edb7d8 |
| SHA256 | 5196b1cfd3e19421c51a4ceaf1dd9a47dd225ddb4ff70eb4217d3a0b161f63bb |
| SHA512 | 6c8c4d66b4777f974dcd47e1f3213078e8e1c9a3b99c3b1535a10977a568b53a7ff383f13fd992593f015e080941d4ccda6be911d83ff067ac227c5ad7b0a330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46bfbc468b7ba3cc0290824e319ba04b |
| SHA1 | 342a31bbd3265ec52554c3c00298da2a44366168 |
| SHA256 | 41dbc6cd61fdc113ceca424d194f1428dcf900a3c37574c7b36cfb5b8f3e2cee |
| SHA512 | 0d7ddad8f782febea80d53c601da558f14aa1573934aa77e444a0b12948fd782bd20c970309d06002eeb20d622b22b95a59337d14016303611186361760a9526 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71354750aa60007f41b29cc975b343a6 |
| SHA1 | 3cbd17783fa853e6de91e36c4acaa37abac9b32c |
| SHA256 | 70d6534ccda57b103b6d67116e4392578baeeb788ab12af52f8b07c182754c24 |
| SHA512 | 1c4cfecb97c7826adc32ee8654c28b5547183f26568089e17aad1f8354e95545e278321ba0131f0308221cd3318b474af7915617c702163161f6633eeaac1baf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33bef24aeff44665a04d2fae890a6916 |
| SHA1 | d2abf419dbfa832280ea8c1a3a09bae20cc17120 |
| SHA256 | faa24306c9abad7f39c2867df1193fceb52aa2650cab310eeefda87fe03e0898 |
| SHA512 | b1432a64e1f34f6966d47973a258e2b61f294e3b1bf3d67901b8a9c105a8e51c392fd26677020753cb068049d12ae21a3e33fc25ec8c91042f00f1dcbf947eb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7af033d6c0966af464b1a0c71edba45 |
| SHA1 | 09571ee059c242abd621694797fb64733433ba51 |
| SHA256 | a6caf0333cc2620a4934fc35858d25297776d0c7db56cd95003aec25831bbf4b |
| SHA512 | a6160b3648f170aa24b7500a9a5815f72f03db186e71e9a7969270787f01f820aa05e9a62eff4e2361f91f1bf10c55a35e6d98650bb8d5b52c7ff87a00e9faa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f557019f72b53a307290795e051318c7 |
| SHA1 | 5cbc58acfc2aa56e46947cf7ac278098c9f58b84 |
| SHA256 | cc2c61586151966723f0db6baf69c9a56aef08da5528a36dcf62f89e46f325d7 |
| SHA512 | 6ebe83cc31ca240a44617fa1d825c69475398dfbe9850af4ae308a4a4908a0b06df64b9494d56509921925c0ad38824497f98e7e4c999aa4f9105eb2e3ca3faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8ef1b265b340310ef451fdc2ab75304 |
| SHA1 | e4927e740c493417c074ee7d20fc75d3563642b7 |
| SHA256 | ed74c88f0b03f52b8a243caac4c492d87bd9440ec0cf2a1c2a35b97eb80e1eaf |
| SHA512 | 8b3397abd1f678017adf788d9232cedeae10de714aaf8ba1043f79ad1be23871ca22b32891aafba5dbde0f537090fc33bf9aa9686398457e94a18731a85a04b7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\recaptcha__en[1].js
| MD5 | 19ddac3be88eda2c8263c5d52fa7f6bd |
| SHA1 | c81720778f57c56244c72ce6ef402bb4de5f9619 |
| SHA256 | b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 |
| SHA512 | 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a22ce68cf97f3f51cd7f55b766f6efb1 |
| SHA1 | a0bd50ba6580f1b27e74b54ae40d4c78cc764667 |
| SHA256 | 68a60a931b66e67b6035d6c0d0116cd078a8efc2b99d8b4416f505499fe3b13a |
| SHA512 | d1a778340ee76ba86d5495d89003030b3c88888e445927fb3d6cb0340aab5f8946b196da5797ec8dfa43bcbba4c5c892cf6e72f51062a3ceccaea389eea3174d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S57FCR1I\www.google[1].xml
| MD5 | 1dc2fca9040fa8b5814b065129f578f1 |
| SHA1 | 5802736871352a3d64d1e4b918b0a480a18d173b |
| SHA256 | 4e949fee956b1d915da06a987d959c69897eedd171f931767a8489a69d141069 |
| SHA512 | 4b42dff2c9ceb6b27bb28ffbeec7c7c19193fd6076f3bd99a3ad4de4767eee0802929acbf3ce204e8de1cd09b71fb4cf2a709866604229aebc0c3e71f6e100f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d89f2e6fe8be3a776fb21286b3c6ef0e |
| SHA1 | f6ec9837f2faf0bcb0f1494a8c3577d6f4d6efe2 |
| SHA256 | f5a89eb90ad8bd9df16535e36e417d80af30c426eb22757b489d1a22468c37cc |
| SHA512 | 4f3012f24fd152e08657108cdb5affd90e089c7fb32cc8870145a7d154bc596ae07f4f9335a673cc2b550e4b7d490d4359f35f90bfedc5a7765c54f5569f5179 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1a29ed1f70bb7bf8cc6f104a695bab8 |
| SHA1 | 545e175754393c6597a54d926efba279629afb42 |
| SHA256 | ce180a956c19900eae18dd9e003a7c4b4fd34f2bf4ba638767ba45f2cd1b86e2 |
| SHA512 | 3b6abc1c99be182b6548d3a9b0fa587dafb94124795d2564991aed6c4e02f1612db9e718d39c40e7c0fec9f7ac305c15411f99a263a390e6a841d462fcdc3df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73fb5f3c5eb860685d128a7affd51ba1 |
| SHA1 | 361f6548954576e8e871c1d23479f428fae741d5 |
| SHA256 | 229c8498469ec2ee9b991b9be0f9f316868dd9e095a021f798fd3685e335ee2a |
| SHA512 | 1c1d804be286713dd796b3dcb0a186de3f1e985331d677286a8c88b7783b441358fdb5f04ef9892c8361b28dc7ca41a3bdc2b9eaae509d173e872e14be039fb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b756fd6c367acf1eb6aa8d53f38c794d |
| SHA1 | 65b2915ac46b180a15220807172cfe7a60d83b6c |
| SHA256 | cd06421140c69dda05df1932c2b173e35d3b1f1d9a5753fcc0850eaf5f39dde1 |
| SHA512 | 4529fdbf6e066d8a49acb1b0b595d42cf9cf12d55f99edab260a1d1cd77aae556a0b4c57b885dcc0421aeca650126e28a2da3571100d226e4b468f42f0961c9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 767aa205f40631983537f4ee83894975 |
| SHA1 | c0a04baa9a5a57cf58154a6f23aa65ef305bb1f3 |
| SHA256 | d63be61ad30040b1b05e68c43e411625a17667e27e09162fb95aacfcbf13f5e9 |
| SHA512 | fd95efbe2309c8b12df17dbc4763eff55f549cdc5d78f2c367eaaa6006b6c7063155d9a983e305fa736a968edb1cdbb4772876363e246d2031cc1ace4d983772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0069fd4c2a97554b0b371df1107520e |
| SHA1 | a13bc02579c68e6499cc27ae26af878f324e4848 |
| SHA256 | e95b42e4f13dd7b9a36ea169ee1fa7790c549fe83b3b98faf50851f1f4412272 |
| SHA512 | b91650089c0697fa1e4c95bb1de5c72055869f344686e94e602402ba5e3e4613296ec51227c20c975a5b4cd98b86a50bfd0deaacd978ad0b9f5d9a31207eb0ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d96a740f1a0973c751266609aff91d8 |
| SHA1 | 5550ef163683c95359744d34feb483f3a8b5f222 |
| SHA256 | 1e1d6b4fef798b82068a2e097b0a7016ef8b3136fc15d117df6d3256db5c31f7 |
| SHA512 | 0378ca201d5605cdade538db825a68551567f6337c62dd2675d89b76950939d76190edeceba2e896f3f4d6d8057d1642025bb76be62cd97cc8c4f1a1b2c2ba82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e611163a1a64329519ba975e834c8acc |
| SHA1 | 154da24ffbad2af29988a5e28ba73c4cd7bb3230 |
| SHA256 | a02c35fe12f1b286a36ec849a90de72a8f022d93804663e6eba17a64051e5a33 |
| SHA512 | a49fd5520dfedfde59a887767f5820b0d172fbc55c207da7729de8d2303b0ac7a2826497d90f5046328e167ddd8f25da7e970731732670249b57bcbfbd2cbc14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bddcf4ce59a934c4982ea46679259e6d |
| SHA1 | bc52fb4fd63336b8f37ccf7ea265b011b3226cc6 |
| SHA256 | 88eb3a05df3b190b0192e5c802ec45aec410187f356d9fbf09f2d53a034a6849 |
| SHA512 | 4164279bcb0e783d7fd14479e1ea195390f21a00ce8369af455f7e2b60cc27815284296e1e01cff97d73bc248838fb9643e3b5c508c87485173a2c99d2d5dbc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d5ae804c4c2a33fac2e43f05b6e42b5 |
| SHA1 | e4428bc468a0d94c28e911d3446357ce7e465443 |
| SHA256 | 39f688b869ebeccccaa336da7697df0e78026d37cd93829384a1344b0eae55ca |
| SHA512 | fb0436791dd65126692468b93aba4b6ea537816213a31478da6805260ea35e79ce651d5ff592058cfa8e881d2ea9defa0a1343c55f06759eb4f29896c1f2d457 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1090543a2c6cd42563651ba21807a515 |
| SHA1 | 492a36ba0cfb1733ebe10154e4e912dfd8e3cd08 |
| SHA256 | 27a3a807b50e188e9ed08b1db269b4700b172a447726a66214920b0eed99ab8c |
| SHA512 | 2acdac48d814c715a6c1b25e21fe59c0a2c6c3b1bd02c842785b2be2e6ea544c2c817d64255063a6cc19f7fcec31885cae6448d856d384e6fa8055dfb2af05d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49ca8846d62fde22a3089aa401f8095d |
| SHA1 | 6638ee2f4db89378fc21e4ac3dfe7fbe6e240af4 |
| SHA256 | 0b7b167f32f2b3b7cfc11a57b44e7fd9af7c10d7c1f63c2d2c2ddfa17b8f313a |
| SHA512 | d0a99957c31083e25855d50b01219a5b6970d42a251218329e5a410e2e90191d2575391b2f52fc4c3cfa83b1b87724370c35e59252255e514fef8176a366d059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f216bbb5eade41bc0fb4f4eb30dcaa7a |
| SHA1 | c49e11f59ce4b826fe15e1e3c2ec705b405a58f9 |
| SHA256 | ab2aebc90ba78795715a343b919b3a3f3c5a6c9ea0a801ba29c8028b3ff69492 |
| SHA512 | c900a1ab0407edd41e84a0068d002a36c7c10c1a409a578b323ade3a857549ddad6e2fdf817c39d0cfa2598fc8b642cade73770de7cb5254c5ab06cc24e85061 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8fa107ad57f858be1572a513f065d33 |
| SHA1 | 8b6a84146c75bf1f1763906e7149652a765bd3ac |
| SHA256 | 194f8f94413dfc5eee8d10a4555974f309a4f43575059ebff7ba178210ca24c7 |
| SHA512 | d4bef4b9513e8fe466330a02924010c2daf1f4d19cf28b6f74166c2a0ed08f1518867ab75f321820965bd82a809c76408b84d7cdaf85cc591acb6135254705d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a3ea78dc11230f270c15a3c5bb53463 |
| SHA1 | ae821955af28ed5322104ca46ccb0688cbf05b02 |
| SHA256 | e936f264e90dd2d93a1fac71f3098e8e43121b787dff1171f8b39b6123a6082e |
| SHA512 | d46082632d01748eba803a3549e337dd8c77a2f9fd4a6ddca5e03eb0ec91f96b158afdb3943fdd2231714b06b43d495a1caf3b466b4db9b7fd7f85ba69dafc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b988b23f8b0d76b4e5aad625754cbc7 |
| SHA1 | 143c121590a08d2fe2a19a0e59bee0bdb5d4e5e3 |
| SHA256 | 05b57e52081bf0d1cb7bc3c57a0a91458cc0fe17d88dac1cc2e5a4300879a947 |
| SHA512 | ddc9f946008aca88946e6554087b330072b02ddc778fe43213f15423bc931edb83e876f1bdc41c55936014eff673fd9a35d52790d1157b21a5a4debe4bc2fb3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dde7f372a0c93da53c9f71a98d6c1bc |
| SHA1 | 8a9ebac013425b25c7db9fea8306d461601cfcfa |
| SHA256 | b69e2bfee7d4d179b02bbd9d6d338ad5b5fd9da517bae37af7b166d39b24e094 |
| SHA512 | b012ce08c05fb7c3ba72c12d2e7a7ed77c00e334a449f6bd9e9f812be4ec9d682c026d45360c0b7c338a2050ac4a3e15bef53a210292c0e7420a8bf24a1cdf91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c303c70f7afb697b878b3c6f8f55a30 |
| SHA1 | a7661fdc0ca5a4d6fb1e1f47d3ebeae1a129eaf3 |
| SHA256 | 9448fe9f6bf5e0d09799804c1ba0a0eb67a5dbb554b92776527a40b1d7fd7a7b |
| SHA512 | c5d5e0018c1e4e088f1cf857ade194f0fd08ed4acb26448e7bfb2b11072822140a89e02e5c10774f3bc729a48528ce9d5a6b0e249b3727584b19a722c722dccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | acd757b1ae30c1761ff91b6f676cffc1 |
| SHA1 | c91b4cb61dd24028a8d696ca371e695b80b61251 |
| SHA256 | 85bfa500c23bfad36c7eb62d6952bf7dea1168fe77d738054cd8370fb5685581 |
| SHA512 | c265c4c077654ea16301abd50a71489c1d2b52e601e6441f978ef65ad12d27d93845d8eed4a4abb52375ce52ef935504881cb08cca98171e415a955e66bf61e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95ac50aede95c02308afbcc991981828 |
| SHA1 | 0736d1f35047480a24ba5eeabc92b227f0fe2ad1 |
| SHA256 | 12dbb6ed7b0a630a1be2a37facad99069cdaa949d9292d01c3e0cc574a4b766f |
| SHA512 | 0c28ca6512cf076bd63f8800dd217a7bd44918d7ae7736b8710c86aa4664f2c8abcf3d7bac5859c3263dcb0f36093eff024eb221e40d12307a02495eb881cd63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 643da44a40a54d0404431716cebd59f7 |
| SHA1 | 062d4c4a7e253ca5a8e67aa250c10f218918f6f9 |
| SHA256 | 5213ecba8092dd71a7854bb60328279f29878ccbcbf5c80f9d369d70299b1947 |
| SHA512 | 6878088d9041bbfb016441df526e707af2982976c50d8f745cc550e243f47dc6b260254cfaa8c67f6da3d71dc581d39aba819f471f5cdb81453d036db7da14f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fef4f4b88949d23679b88bb01630171 |
| SHA1 | 00b327d50f70637ac24fee21fb8b461a746f2bdd |
| SHA256 | 78f39415b337cf2ecd4e8b3e44b3f189d3451cec9aed88e46af5b3261fe7cb81 |
| SHA512 | ddeb502d43214b448533c0eb61e9b5259383f3c8d3fa1dbd0be1d733a9620b135643aa50f1fcd834c6bb239b55ae7053331e3db05633d27a06de9f839291acb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 274804a13cc7a6f1e982acc6d2619c01 |
| SHA1 | d2c59c390204bb54bd2bb7937ab7038d8845ab34 |
| SHA256 | ecb20e29bf293201bae26e44d335696e0780236dcdb41590d0856fb691bdffdb |
| SHA512 | ef887298dfdf850ad438c13fae536cb8a0740740a1c70eefc63b702c69183d86b2f366d6f27672833117bb4888f8ac4cc0b9c1b853bdd32c2ebb5ada8d5b780b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e769c3c27824dc750a6562d62689b8e8 |
| SHA1 | cf21c9554fd2be6846531d673762cc40b8e1ff4e |
| SHA256 | e35f08d1a22c18e28827864edb9e106262deb3b94fca0621008f88f3152b8778 |
| SHA512 | 1995f2ca163699965f3731670d33034c9a3846cde7a282c38b51b52e5687f8858cfa4f31a7d26f3e3412ce989be7fb56de12fd72657a6f6f1bc529deeaeaf178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 39250bec06503bbb43714e09988f3328 |
| SHA1 | 3e74c77aceaf2cdcdcfd179e5fb9924116459a87 |
| SHA256 | 0479fddbf709585554bc611aef5a3ce0f4eb911caf13317c9dee1c513ebb6fb0 |
| SHA512 | 854ab5c5fda36f0d440ac27ff45a427a8f13350057076eb04554f9195e22343bc03e14f46a316d6902bc6db3085ee7f168850907557a37e490e6e8da52165640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cdec475507e01bcb40abe88640298aa |
| SHA1 | c245242246a971f11663fb7346cac5ea06c5b22a |
| SHA256 | 0024f4d018e789310c588c71202c827012cb8bbf6d81912ebfa433c171a72c1e |
| SHA512 | 6694a8602cb88e56132f4422f62591212f585f2cd8ed0f9e107442004cc85252ed2a83f6a0f77eb6dfd71851dba660ac40e51815466476b3ca17317fb65357a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ecfbee887b7659d302dd4a2b507b20a |
| SHA1 | 4b308932be6350fc30e9e559a706e43d967e8af1 |
| SHA256 | 6817d3093b938acaa55c0927e03ac261901bdbc497bc5236841e446bef7bef14 |
| SHA512 | 0106469d57ad64286f087b02bff2f3485ec16dd1aa743a4914abcdae1d9cbd6057fc92ed2055bcee24a26439c3a26a556544555347f801c8ae60046ef32b9faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 127c2cc5e681b805b906b835415fdb5a |
| SHA1 | 8d234414b86582f6029645aed4d577da7e958a59 |
| SHA256 | 70c63e464b1fa8dd76c1f9ca4fef5045deda501d7fc7d99de47aa4388544e599 |
| SHA512 | 58559d4371c823fdf67c786f6875aa0e5ae6ae0b6425b40e9b7fae1e7511070c6198361172678aae4f43622ae23a0512379a0ddc04320b97e7bdecfd291762d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2141c18cfed492a6fec9d2fd96046790 |
| SHA1 | 0b22df65b330725b8782b186fbf7572422ec8cf8 |
| SHA256 | 586a120cc9d550107c7a04d490f122090e3ccba0a21fc5c0a595fbe34e034f13 |
| SHA512 | 68c91fb66e64de649d73d18a10f988be96069271036ada9d3428a4edd9b2a6241848f2b3952b5b7b08de319b63468ada44180f975387912e17d5bf72bf87ed0e |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-10 20:36
Reported
2025-01-10 20:38
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x514
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 104.21.51.21:80 | www.onlineleaf.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 104.21.51.21:443 | www.onlineleaf.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | js4you.googlecode.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| BE | 64.233.184.82:80 | js4you.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | geoloc1.geovisite.com | udp |
| US | 8.8.8.8:53 | oktri.googlecode.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | masterendi.googlecode.com | udp |
| US | 8.8.8.8:53 | p4r46h-blog.googlecode.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | i41.servimg.com | udp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| US | 104.21.70.7:80 | i41.servimg.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.21.70.7:443 | i41.servimg.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 34.239.206.54:443 | www.reverbnation.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | s10.flagcounter.com | udp |
| US | 8.8.8.8:53 | i7.photobucket.com | udp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| FR | 3.165.113.12:80 | i7.photobucket.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 57.144.120.141:80 | badge.facebook.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.176.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.206.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.113.165.3.in-addr.arpa | udp |
| FR | 3.165.113.12:443 | i7.photobucket.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 57.144.120.141:443 | badge.facebook.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 57.144.120.128:443 | static.xx.fbcdn.net | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 8.8.8.8:53 | gp1.wac.edgecastcdn.net | udp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 141.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.107.93.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.77.50.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.220.184.93.in-addr.arpa | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 104.26.10.22:445 | www.widgeo.net | tcp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 57.144.120.128:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | gutockeewhargo.net | udp |
| NL | 139.45.197.107:443 | gutockeewhargo.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 104.18.18.184:443 | my.rtmark.net | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.18.18.104.in-addr.arpa | udp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | d3e6ckxkrs5ntg.cloudfront.net | udp |
| FR | 3.165.113.113:443 | d3e6ckxkrs5ntg.cloudfront.net | tcp |
| FR | 3.165.113.113:443 | d3e6ckxkrs5ntg.cloudfront.net | tcp |
| US | 172.67.69.193:445 | www.widgeo.net | tcp |
| US | 104.26.11.22:445 | www.widgeo.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 113.113.165.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_2372_EMAOEJIMUAKIJRVW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adce36f20e8174b7eb7ad70f3d40a052 |
| SHA1 | 43fbfa366d49c5beb648cb5d426fcd8cc47973ca |
| SHA256 | 558a883f15dbf950bc2bccba1c5feb6d1bc21ddc4040484b53e1d5c115e6f94c |
| SHA512 | 1fa1b2b2c1de215035f988d7278007f31aa30d3a90aabeaba1579a815125d5257e825cf971dc2612134f0ab3c4ad8dfdb8b040205653f21f2bfe954d9483c1c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 3117739648aaff9ea31d9b9002f83eb6 |
| SHA1 | 3e9d21e65730d58df6b1085305def7c453c5893c |
| SHA256 | ebc7f766e79eacc28034cf2cdf6e21d6c0692bb522471b5cee90e85107c8cf51 |
| SHA512 | ee63bd9f7c22561fc9e1a24740f40dc46b26eaa9f9f05f39cb6c80214689a992ac37d49d8abd5f66fd51a58a7659a42e920dcc8ee431e5ad770b547c84a0ec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd28720f09abb9fa8f2c211405694710 |
| SHA1 | e865e374da25a4fc6d5685d7349b7d8388bca27b |
| SHA256 | bac85d4e4d80246b9ce3c522753d9b749c4b67222f3b87c8a3385e391c08a22c |
| SHA512 | 45ee66f4ab9da2ead6d5cb62954c87dd411d3eefa7daf65e09cefc4b363077f4a7ccf36b5c92b723ef4255dab77574164a2c5a983d981dc73eb18d274e7d05a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4752560dc4c7e6b9cd2702a8fb8f206 |
| SHA1 | 023eea29491a2d50613ed31dc96ede1e9a94b099 |
| SHA256 | f25448c4306fb9f117f57f08db4163f078a4e2f2dd0f231e99370416a45ba055 |
| SHA512 | a61e2d8777e174a1ba285906f44760e027960d5da93321c7eb7e7d3b361007e7a27975813de588f16d8534aa80db394e57aca4047f8050f6ed865a9b8ffd2bb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be69371b2cb7b378cdf4af58673c2a6d |
| SHA1 | ffa2fb0d6dfd960390f886d913a9ef751414e318 |
| SHA256 | db2c90609469ee287d1761b3f1586b7142d27f7c06807c06a6ffdcdd8227ffcc |
| SHA512 | 88e4b29c41a8de8c2da7aefcae8239ed0eaf114a6ea89dc043f1df78be598c557ac20b86ea89c5d9a8460d91c7d064a2e112d728bd6469418caf0549708637f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c673ecacea27e6ba8191a9ae453d28a8 |
| SHA1 | aad42f0c1dc440635af5f12509d18bfbe67ccbad |
| SHA256 | 0b05884a76ca85ea66b81ad402f1222ce54c15ce3a00de6524ddac0946403f69 |
| SHA512 | c34fccd400acc0df30e97b9ade09d4b892ef942ab4b9fb517748574c693cb8a2015c148944d4b705e28e65be00f6125b4a75312150599764b4026d8f43267eed |