Analysis Overview
SHA256
bfa36fa0055863b776b254d44ad452810d671fe219e3b04e43f2bc8f32908a04
Threat Level: Known bad
The file JaffaCakes118_f78e178ac6232c6035fad12062eb1770 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-11 04:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-11 04:55
Reported
2025-01-11 04:58
Platform
win7-20240903-en
Max time kernel
131s
Max time network
147s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "140" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442733212" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51216F71-CFD8-11EF-BC71-EAF933E40231} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "307" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "146" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10992" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10967" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068aa7a9ffa552a4bad25495c8783883700000000020000000000106600000001000020000000345fbe726a2d23805b6b1820e231fd248f49c29eb1bd90b513ab52b69c66dc53000000000e8000000002000020000000b04cf582226be3d7dbf8f59ee7052c740958a4eedd0a5e897beaedf01f5a23ad90000000698b7192cfdcb999b9c34724f3257edf01df3a5f378ec8cda8dde500fdc2feb72fc2667885b5186d5f359ccc899764935569225c64b9cb8696d5e2b14c962223664746c9a95beac73e089f00394ba34c2e3559c3bb46aed1fe02f714bf8fc21751ef6e76e5485ad0982e5b8dd543fcfeac7ae6714d1b53899785af47d6b6d02b2a86000ade9acf49422fa12bdc5794ed400000007a856d3f477e3511f010288cb90dbec63faf98cb058538f55e92c28fc248010d665f8f2cd05bde96768158e2f78caa8cd1b614e13e2e4724ddfbe0c23017a34b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10967" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "222" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02ac836e563db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068aa7a9ffa552a4bad25495c8783883700000000020000000000106600000001000020000000963d8f5a5c63b0d251ffacb59bbdb68a1cb52f5c114fe904e29b489e3950fcba000000000e800000000200002000000022f3e165dc3030c93e7ecb29935ed7213a8d3774190f89106ca2ee90f253b60a20000000bf823a519d4f78a38440f6cb825db0a8c0db00a0d4d32e3bc4c08c08a0ddb3eb400000003ca957d240e12c95140c205f3b8ba03f422840e3e7bc1f7325e651014dc004012df9c99517ead9e95632f9227acf2b3398ad1569f944c167929d51f0d72519fa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 1920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 1920 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f78e178ac6232c6035fad12062eb1770.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.logomaker.com | udp |
| US | 8.8.8.8:53 | i8.upanh.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | js-css-image.googlecode.com | udp |
| US | 8.8.8.8:53 | giaoduc.net.vn | udp |
| US | 8.8.8.8:53 | dan14vn.googlecode.com | udp |
| US | 8.8.8.8:53 | widget.adnet.vn | udp |
| US | 8.8.8.8:53 | anhnc.googlecode.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 172.67.70.113:80 | www.logomaker.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 172.67.70.113:80 | www.logomaker.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| GB | 64.233.166.82:443 | anhnc.googlecode.com | tcp |
| GB | 64.233.166.82:443 | anhnc.googlecode.com | tcp |
| SG | 46.51.221.158:80 | i8.upanh.com | tcp |
| SG | 46.51.221.158:80 | i8.upanh.com | tcp |
| VN | 58.187.8.10:80 | giaoduc.net.vn | tcp |
| VN | 58.187.8.10:80 | giaoduc.net.vn | tcp |
| US | 172.67.70.113:443 | www.logomaker.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | s0.adnet.vn | udp |
| GB | 172.217.169.14:80 | www.youtube.com | tcp |
| GB | 172.217.169.14:80 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| VN | 58.187.8.10:443 | giaoduc.net.vn | tcp |
| VN | 123.30.41.185:80 | giaoduc.net.vn | tcp |
| VN | 123.30.41.185:443 | giaoduc.net.vn | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 44462f90044e287999ff56c8f963aceb |
| SHA1 | 131606f25fc6adb3e543b7f9f8417b9a17874cc5 |
| SHA256 | 2e11aac4a0b0fee1ae9717415331ec783af6f15db689563ffe424782eca2eb5e |
| SHA512 | 7b6a97c1bfaecac1bfc77e5d00434d6e7440af3a5d7bf56d467d57027d21b7ca418272e220e9ee2709feeae7b6e665fe0868564bd99cab4b8a6dd972fd7823aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dc1ecefb0cf599e27b2b1a59a3152826 |
| SHA1 | 3ffbc73e7c268ba0663caafc5878c6283d56e65f |
| SHA256 | fcafb7de8ffcf05472705ec76832f5de9170371d2d95306a413f6dc63f3ee176 |
| SHA512 | f62436c6ff88829d54f5d94bb54362a78f1b901fb4c0378f27cddf48a6b0e577f45aa599170ba9bd9bf2acdf44b4d7fb541414118ca79291a94b97950fae83f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 65bb6c64db79f5b8d3b7060723722ac2 |
| SHA1 | 9892c6c56fd3ed486e59eb68f8fce3c1d4bcd949 |
| SHA256 | c79e966e5f597d72dbb28ef8c2d5af9ac0585668e65f595b181f72dfe173e89f |
| SHA512 | 49c2d9a6d6b5ba510c6377ff4abd8f21ed632f3e487a4ead5ea1b8d7e08527df0a076a302da73312bd3ad48844d8545c10c3be89157a2cd5226edfe906be9a8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 80cb0eb1be2d030ef4a4bb9d8983826d |
| SHA1 | b678fadcc501a19697922b0509f4345c2743a25f |
| SHA256 | 2f54c644734c5cb093caeecd320bcc260ba2adf420734f18d84b40db9f033d28 |
| SHA512 | 082f0fbd5a395ed15d98d43a7834f211fe9306f72bd46922dc608b2ab7e6db3870279779f7c121cbbda89ca14351d467fa30e59d0eb715b4833d7e7de74dd282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D
| MD5 | fdaaff306f9908166f3fec130e798df8 |
| SHA1 | 0ab422ed789b50e706ba69c9f787443dd5e6f9f7 |
| SHA256 | 4bffcf6a3521fd5825a18d7fe6eedd7549facf2f7953c6e05b81fd3a9bb81a55 |
| SHA512 | 1b1d4ee0c4d003b072987d0a67efc691f516ad1933b2df5409b411420f33e7692a15bc4b0a4405ae2e558a59effd4da610a49de2cc89785135568bb8ba829e3d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9S89P32V\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9S89P32V\www.youtube[1].xml
| MD5 | 5360493c494fa9802c628b843dd34b31 |
| SHA1 | 802f234e024944e9cda4be035e29f0c8c916b99e |
| SHA256 | 2f50a3ed0b473aa39a68cb7a8c823eeec342d47278e79405afe5503c381e7342 |
| SHA512 | c36ec8e144e3501486cd56bbbff41bf3d7c7a1fbdc6a383f7ab01f10747f642d2f26b96a21afe4a819a8ac49f807622ecf0c513646bde8d28d532f3491580a5c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\recaptcha__en[1].js
| MD5 | 19ddac3be88eda2c8263c5d52fa7f6bd |
| SHA1 | c81720778f57c56244c72ce6ef402bb4de5f9619 |
| SHA256 | b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 |
| SHA512 | 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\plusone[1].js
| MD5 | 2e4a448a27b8a58d75f607c7bdcca6f2 |
| SHA1 | 31cf764c6c2240148eaaa2b9816e1219a273d0bc |
| SHA256 | d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e |
| SHA512 | 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a |
C:\Users\Admin\AppData\Local\Temp\TarAECB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabAECA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\cb=gapi[1].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238267cf3fd3d4dcfc4d9667bf30aa8f |
| SHA1 | 4308a5fc77c2c633feed29febd852b1c79653a67 |
| SHA256 | 67e2c76e23afe203a86cd80ee218aebe8d69f2f140d9a6f02834fbb8f58ac34b |
| SHA512 | 8fc80e0e23232fa0caad62d7ccb7653d257138731a634d7b1a456abc6070db583b7bc0767d709466c0d62aac602a8655bc55c4e05373aca1fa55d3caeaef2cea |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9S89P32V\www.youtube[1].xml
| MD5 | e8147b8461c209788c1f24bce4960991 |
| SHA1 | d5aa2309d96d183516b4e45152eee1b047aa9bb2 |
| SHA256 | f9a8b98c06874218221d56939de370d785e606973dbe183d9942dc09b4d7dafe |
| SHA512 | a7dc30eb79bdd4cd362fa919d26ae2bb413b3eff5ce3d26f3449c9aac12bf5ffd6f2f90814b7668c953152a72566e958b03efbab88431620bfb091be3f2ac09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7426dc3f79e34e59d49e6e65f56f9c09 |
| SHA1 | 4b714dfff1f7c34a2f435d17147c34736ed1dbd4 |
| SHA256 | f6d90fbb84d9964f95e338694ace89eecbad1cd0d43050d36566dcd4fc3f4564 |
| SHA512 | 4c4587a30a05f7d2d035ce42571902415791a4b221979cb83f1efd54b09d2ab933f878f08833b53da4d9102a2b5d8f912075bb63d3ecfe305c7bcdf3795961b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b182517864a007c12edfb81adbb61f57 |
| SHA1 | c544b32e4fb9f6eb7ead8a43264b4b5a16218fdd |
| SHA256 | 428bbac19263214db963ed254fc4e4ea34f3712b6c102b4e36ed8c7d0301fd12 |
| SHA512 | 7d031ff296ab824517f0c1b6886f653fd6bc0160fd363bd801e36118d813984afd1f9a61cd6026fe8fb671715804cecf0ad8d34b698aa25e8d83527ff06aecb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9b507d1f68b04d6d58d7e750979711 |
| SHA1 | cf851c6355e3870da21af7346da9937a3408170a |
| SHA256 | 6483b9c60073cde0c6433a80c636117b12fd627b19fe0165e318fd24ebfb09ce |
| SHA512 | 671b92995b924e733ad802bfe2ca52bddd3d7d0ec8c67a792547e64c8086bc7cd2010e1c2e9427a3e19ca1fa4de31a8ae3c312be6c34ec229eaa787f670c338d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 97d1ad9c80d270897434bc541f80932f |
| SHA1 | 124631a793bcf6a013f92b7ba70a972560445cc8 |
| SHA256 | a958d44371b3395748138b75ef27e5aceaab8f5bee7e3e36898165531d91ca62 |
| SHA512 | bd33c5a541c4c4f1bfd65a9f34a19ab7e144442d718677851264c97494a2c06ee1892a47336b701e209e182ffe25d4a47d860710656dbc25112664e7b3f522e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d23d3f385e55b287e451c71649295b8 |
| SHA1 | 1cfa123987a94b707f3fd3741b3f48ea7d064e50 |
| SHA256 | bee15dc459c17ad73f6d207d4029c6041b7fbf5d96d5e0bffe0779b22d892d20 |
| SHA512 | 61c88ab8bd0bdb7e6b56b63d9bc945bbd7050216a4ca8fee050a4a68baf9bdcb2424158ed839a97ee6aff350028a3db8ea4e967d9d3ad7454465b9f21f1b3eb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e399aeb500d39b13a857738ef872f67 |
| SHA1 | e48ba9fe851a12f98325f3c7637a71f9cc9a2546 |
| SHA256 | 2e2c5eb88d5420f9885039290320a391ba959b19e14cbca977c6f1336a04ef9d |
| SHA512 | e6352ad5392b44ce7ca09380c3b10308bab3006c308638fbfb91fda44a18d5a366dfb4f43d1e621132afeee6fec9009e05180a002487b0a634af9ac68eefd111 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42f859f92a617e3c22e654ba94cbe6d5 |
| SHA1 | cc731c027d33b858f2cbd3b263bf9c339280e8fa |
| SHA256 | 7789a96266d520e10f748b78928e70190995800b406ea96dc32125fa384358f6 |
| SHA512 | e2c52fb16dbfbd36632659b265a0cd84ceeae410ab7238386c8ae9feed153fa354548769bcfa0dc0ea21074813d74e9e1ba6be74ca24ba3c0d9a4bcf013941bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4d891b4b02007d24a27c0ae9e464370 |
| SHA1 | 0dadda2beca714d0665d5d30b550616eb76b3ed0 |
| SHA256 | c445a18b82c9f09bb3dccffff02b3f8522ef6ea6ee462db0d201dd6a17363769 |
| SHA512 | a9332574058e0c8d59f66cad9d4fac48f533a92ab352cba95ced6fc5377b81da034b1ee523c9bb9e72f1d6ad2861ae23be5884de85d8e2d10a88271c9634c729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 8e1edf183bb46ac4bba440d78ebf9cda |
| SHA1 | 3810d5f22ea509a3f968380586af2792135d5b9a |
| SHA256 | 728c62d2876e5db6ffeaf7ff19efdd0864ecaac9d864c7bb478083ba29de1157 |
| SHA512 | 9e8d05e586663e2fb99bc0f1b4ca3f46ef4d58da6cdd468c88b6d349ee6c26c9fc4d6416f42fc7e8cf9d3e55fcc4c8be72f0574812a5cf84d02f128778096587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85a948c7f75104ce89f59845e880c755 |
| SHA1 | ed7b53c74a662d9842ee7ec4441f2404788c2adc |
| SHA256 | 38462fb9078adc24caa8af2ba7a4b29297c9fa6100eba254a564742188c46f62 |
| SHA512 | f7d2b9c60c9accb10bff355ba3572ff26fb9f40b2065e85a7cf652d4861efa55f9a465dbc95872e55991f499370ad4ba550556db73cea61dd2d6da6a9c8fd93f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf80e36a14468ba91e46d0ab2170fcaa |
| SHA1 | 2bf4f45e1a9d3b012e6bad079bebf242d5dd1f45 |
| SHA256 | eafadcfe58bfb9512141d5c5d36642d92a18eacd0586483bd194e65717ebb51b |
| SHA512 | 7be3dd91406e1baa14ee8ad057d5fd88d7e63f185feb7f7f517796e7c44bd3c7db3eca161920960ec223fe548c8f7a9a3f48c6d1c1268910029d490e6a996bd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55185631076678f1bfdb9ed59263bc11 |
| SHA1 | eae9b04fe43ebd34fe42ab92168437c731e74e2a |
| SHA256 | 1987e38156f286e69f11d7395ac011a7f63a06ea857019c45719a5b2b3ffa811 |
| SHA512 | 04c4fe83c8dff5e873b8a3bd85f3eeb3af9a2bca617d1b4ec22ebd79676cae77f422ca61919f6a55587bdcf19a17039e50e1824b1139f41f8347c6d53645c340 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f759d3bca0e466852e30b25fa5644e76 |
| SHA1 | 9013084cb0bdfa82e470c4e73a99a4bd7d18dd4e |
| SHA256 | d052c28a734c3ed8d505ae6a39970d301c46f55c9580501ed9c5a8ffa2b62861 |
| SHA512 | d2fbd89f9153f3c89f76f4aebb740786f0682b0818dabe6d159a407065326965aed8d02c30fbfdfdd1004da61eafe6141258635c3fd5f52f7518e06b2a24bfa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 412e0b9560de94a29b1098b32fdb45d7 |
| SHA1 | 11b31a92172616f40c09aa16c8c8f0635e8b9c0d |
| SHA256 | 023620116ba36b6f51dd786bf57a13be7e12686d6465ab847ccc05a95de1c7ea |
| SHA512 | 4cdc942e4f28d80130273eb2a89df0da553e6453c5e6838cb7b3f368a4c97611f45f25e297c3265e93d7af3ba4bf1705a423de5ec6c19c283e483a3b0eb95b7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75ad88b951da0edec186ca304bbc400a |
| SHA1 | 1e2938bd0e26f4c291edf95ddc3682cb52609c60 |
| SHA256 | 6cdb346417d51875358f5498b58cf4ce8364577d9ec581da0f7b6b89360fc2f1 |
| SHA512 | 2f8da9511976895c704a299039956f7cab31bb299a0059fcfb569bba3051d8084c24ba1f3191621971a902a10daec0d4ce91fafa77d4e7900257e7a6837c3fcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1acebbec0620f0a6ef60900148329b |
| SHA1 | ca24535acdc554aa92ebd15835afd3cecaa5c8fb |
| SHA256 | a92df35ab445237a27b2b5849691b6b1d6460376349b3c648f764d6a301f2c89 |
| SHA512 | 1311334aae3e3edc230802ebf71c350ae1fafc63e4f1c532c6b79a2f8cea36b8ebf176b987801c61180cb656e7b6405a4230d07d0f656dcf9c5f2e2669707dee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 089ca790ba910272143767d738ec7ce0 |
| SHA1 | 4e65da2181416cc19711ee852b52c0f8308943d4 |
| SHA256 | 56cc1065f2a9942cb8d0c22d7be27ddd762a498284c8f3de2276fec04e693cc2 |
| SHA512 | 12696cd25362364c3be8ef07f1b9427405f50398836088c6508a8981a640179bc0f49b0d4d7e1a55b18bc6398ccd14bd73eb0f0da22312bfc7bdf7249104921d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43953526cc622bd8304b081afc146d8b |
| SHA1 | a503619d501584a1c70196f82cd1e104e79cbbd8 |
| SHA256 | d68f3f80643ba2afbdc4e5d799fb5bb6194130a63f197f55cd085f33ea738cac |
| SHA512 | 1c609ea6231f1dcaab8a2410b3b85805f85d1d402da135b14eacc54816fa0d4b4f1077d93e21151f0e26c317e80df8a6d4afba7e393c4e597c51f18d4b259b5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe6ad27333ddb62baa419c1de44f52f0 |
| SHA1 | d159a4574314f3e22050fa4aa20d8cf32cbf37c7 |
| SHA256 | ad1d7d49046a58442aab4efb606138c298d2dc38ebf2ba152399b4e71cd7e28a |
| SHA512 | 50772a1c1edd744031408c2278083ccf6d919079154fb4092276b5ae894e6a763b5324b31970b1ebc5b654f8a5c9fd324b5b5ee375ef4e68d63858bbeadf9546 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89073ef7176606048283bf8a633993e9 |
| SHA1 | 073e7a4396d010240d9a7f9aa4b86fc54e8a6b8a |
| SHA256 | bf585b3c7e783ad7f6786bda77f117d1d16657b7cae57a4cb95a1c42d3f6a0d2 |
| SHA512 | 7ad98eb56ae65b9adfb4ab0d9dc6952fdb0eef91e234cd46c0880aad4915401ebc5bdfd9a14d003468e3bc12f2c2f7cd474a92dfdab57595875d47fd47263f5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98640f164c8aa5af9025af7015e805a0 |
| SHA1 | adbef1981dbf2477b9170dbe8e6d9efa35726ef5 |
| SHA256 | 0a77f50c619e2e01d8272c819979e8dfa6631f456e26be9a338785d3963f3251 |
| SHA512 | cfd46d0be8b3298bd49c90a788be19bd135ed82f76d75f0cb11926915a5de6977759494075039560db8df9479bd2610f0f441bc89c22658f86bf0ab29ee1e73c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eda537058b3b68d69de4eaa55f4ba58 |
| SHA1 | 72f0358aebe00b542e1478561f8ca0a40a9409c4 |
| SHA256 | a40acc2775ac97aea59bbbdeca12463061a3744a311ce144fe326f0750339d98 |
| SHA512 | bfab99bd26c68fdbaa47aeb6732bd8714848a11788b9cafb94e14a4d8a9f04ff6c86b55cbe361503b15d14a16fee36437936ddc1c2b55ca8c1977ec488d068b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed19f078fc03fe4d7816d1f1343bc561 |
| SHA1 | 9cff0af05216cf1391fff27abff8fbab8eedb71b |
| SHA256 | 4a311326bcbb3a365e32a70e6ef17f48f0ff146b4dad4faf3f90f20f00855d33 |
| SHA512 | 51cc808345f45f844c29a3246cc5e5fdcdda0efc3100f8da035a2a5310270139f49c3ba1838c3682ac7e4a6d9b2721a71fcf5d59f0d3e896146f4b57b7a53199 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\rpc_shindig_random[1].js
| MD5 | 2a64803c4545d283d7a51e71f82a64a0 |
| SHA1 | d1e190bc4ab6a900cddff5891650f5ddc390e9db |
| SHA256 | 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1 |
| SHA512 | 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-11 04:55
Reported
2025-01-11 04:58
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f78e178ac6232c6035fad12062eb1770.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,10666766402610461350,10084521355361604276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:445 | www.google-analytics.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | js-css-image.googlecode.com | udp |
| GB | 64.233.166.82:80 | js-css-image.googlecode.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dan14vn.googlecode.com | udp |
| GB | 64.233.166.82:443 | dan14vn.googlecode.com | tcp |
| GB | 64.233.166.82:443 | dan14vn.googlecode.com | udp |
| GB | 142.250.180.9:443 | www.blogger.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | widget.adnet.vn | udp |
| US | 8.8.8.8:53 | anhnc.googlecode.com | udp |
| US | 8.8.8.8:53 | www.logomaker.com | udp |
| US | 8.8.8.8:53 | i8.upanh.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.70.113:80 | www.logomaker.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.14:139 | www.google-analytics.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| SG | 46.51.221.158:80 | i8.upanh.com | tcp |
| SG | 46.51.221.158:80 | i8.upanh.com | tcp |
| US | 8.8.8.8:53 | giaoduc.net.vn | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 172.67.70.113:443 | www.logomaker.com | tcp |
| VN | 123.30.58.47:80 | giaoduc.net.vn | tcp |
| VN | 123.30.58.47:80 | giaoduc.net.vn | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:80 | www.youtube.com | tcp |
| VN | 123.30.58.47:443 | giaoduc.net.vn | tcp |
| US | 8.8.8.8:53 | 158.221.51.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.58.30.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| VN | 123.30.58.47:443 | giaoduc.net.vn | tcp |
| US | 8.8.8.8:53 | s0.adnet.vn | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 142.251.173.84:443 | accounts.google.com | tcp |
| GB | 64.233.166.82:80 | anhnc.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 57.144.120.1:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 57.144.120.1:443 | www.facebook.com | tcp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.120.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 8.39.21.2.in-addr.arpa | udp |
| GB | 142.250.200.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.180.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | phimnhanh23h.blogspot.com | udp |
| GB | 172.217.16.225:80 | phimnhanh23h.blogspot.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| BE | 142.251.173.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_1336_APMKRZNZJESOFHLS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3e1b5454-d656-481b-838e-1d04fa5d1b81.tmp
| MD5 | 64988075c2e11986a62098ea39294161 |
| SHA1 | 39e6983bfcbe09cea5cfee6c5a2fbd6111756e00 |
| SHA256 | c50b47e93c519437d15afafdcae118e700cd99bdc0d8b61dfd39edbcec8ebe09 |
| SHA512 | 390f707753176d5760b64da976f9d5343f397e433a511c007b4aa16e00d501094ea6c1658eab5f7a204b78a426ffc3f9aa0b66f46fa0c75a066b1fd446e9c319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a73a006149702ad7630e5ddb22fb2261 |
| SHA1 | 2bef02d202167d1fec11189130012bb794dcafc7 |
| SHA256 | 5141bcc8a2549672d55e295b17989daa78c0c03a1840c3cc9299136da982fb8a |
| SHA512 | 2d3931ad5f223256222d1aa78b2ae4721baa47cfa602aae0426926091cf883e0d729dad02e03255fc69e6456f2f4e9beb3930df1a5aa3e7d67e63d267e43962b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 834d13db6490b7c00eddbdfc655356d9 |
| SHA1 | 5a8f986ce25b1dbc6297c3bce0cf71312a0b6503 |
| SHA256 | 00149cf9e4967b8cb8b9967f9597a32c5f4b89dab5875421ac4559abfb0c2fc0 |
| SHA512 | 6d0eb684174c24b34d1ed7cb06d649813c534f77b78299a104d7b0e647d2994b4dd0f46b2d0d5922cc7bce81b8fc26d337b7b29af4fa0f0b5455cbf761efb6f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e92614036a3759016298e274ddcc2973 |
| SHA1 | 3661d53c0d8adbea0a3ac9ccc0fc680b125f0f54 |
| SHA256 | d0802fe99207375aadf6848986455e33c1a0a1129d45fcf852e6f962cb6dd4e5 |
| SHA512 | 536dac8af0f41229083d17f29100b1cb49def1487bcf7203d3f33e590af4ca226ebc022a68545d0040d950ff30c4340f48c4388db2844d057174e37a233e4709 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aba15b613e1457541d441fe4f4c6718c |
| SHA1 | 7d6798af1fe78e0d4fa4aeb8669885d100c62488 |
| SHA256 | f5c08880d2a875a322fe952e9b7fb3d103693c87c959719e95e161cb00fce2eb |
| SHA512 | 976e8e2551c4628734e77a717a79ba2fcc1335cad4dae1567096f3520140d30c6ee8d758c9e39416c5a41cc4b62648cfe456a1dfe1ac9de5a0e8f41dc43b4ba4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6a7dd4011bb1a912391df2c1583767e |
| SHA1 | 0737273b1cba44bb69bc5c83765d8d925359f4f3 |
| SHA256 | f559cea6dbbfcbce2ee3c3e352298e6395725b25d06c3d7c15e054cbdb6388ba |
| SHA512 | d43c9e6120f50c856786ff19029e8d75deac7dd825a03eb049ab0f72d78015bd537200fa129a25b92b119ce82c39f7e092c7bcf9cf68a79b31ccee1067d0cc03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0aa577542449e37ccdebfc514730719 |
| SHA1 | ddf24ccae889102b5d61e766db529d8ba2b44368 |
| SHA256 | 5f977f1b7a13231832eeeb19445572f4d83cb7a322114a34c12902642bfc381e |
| SHA512 | 6eed41ff617af5c39e955d44edf2d07ddfb8a39277ac0fbd0b870c0aa86d2f95a56daeab00581430af03a44f6c28a0bea544af754311c0af95c5c456531c0793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3d52dca94bd0b2d014ea1dc1af1f845d |
| SHA1 | b17b4435b72c115a221b78b10dc16e33ba2e7b49 |
| SHA256 | b852f8a04e6bdfeaf6b35c72e98b7b3b245e8912dad575b4b227d228fe153723 |
| SHA512 | 0be902aad432ca3bd4c15fc4663bf59afa6af3dcf5469967d6e772c3936629b4f78d267b740fb938966dc6a4aca68a88bb36124f5bcedd7b383443976d8f1084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc6dd85bfcb2a8605260965161588476 |
| SHA1 | 61ee30a11ad404747a79e91bacb0a56d744ea365 |
| SHA256 | cf4c28758e74fbf6a46dfe9fc1f8a469345acf8294ea78283189b527b87fdc08 |
| SHA512 | 1da478163655151d1d78d54049dd05e0640282faf711a95c60a009a7061b2486ace9f9e6a9f8dfbb266dbf5e45cd5a965dc5d5ad3e9b6ad461a416134b23a27e |