Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-sxzskafh67
Target 2fcd591796d5e5491264f3d2255d0764_JaffaCakes118
SHA256 c7acdb749f3c5c6dfb50c6dfa490a297bdb58b577a65e02d1cdc65bc08db3120
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c7acdb749f3c5c6dfb50c6dfa490a297bdb58b577a65e02d1cdc65bc08db3120

Threat Level: Known bad

The file 2fcd591796d5e5491264f3d2255d0764_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 15:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 15:30

Reported

2024-05-10 15:33

Platform

win7-20240419-en

Max time kernel

138s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "87" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "118" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D4862D1-0EE2-11EF-AE27-76C100907C10} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "87" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0244232efa2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "87" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "118" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "118" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d0c2bd57fc9de32536d6c8d10c84bde00d9c465f59a30507c28397f8bba9a1cd000000000e80000000020000200000004d7954ae2947b234d956e2ad8b39e2e352837daea88727f2fc4734da43601b4220000000a941b3fabe69b24c570bfcf5e23593e253d7350d99be64cecba65c3ef901ad4240000000956c0dc0fc635d04023472b34cc6be857f8691c620c9354d4d0c68377cdd86e02ddc304267af48a9ec3ede2ae9956bd9787afd07d941dc63e01a676d0721813d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f95b5c8e9983f3bf6fbc4dfb642834afb19c0d5bc1e3db32bda6796c7d1d257b000000000e80000000020000200000006e35319a0b641ddff81f3b6d93ad497b7e4ddebe02f1c271d912f1ff706672dd900000000ab600fd95fa5926d188ae261e3c31f68c6df8682fe72b5ac216f1e23aa0886752192304c2d283e62af48f8571f64a603c06acfcb555d02b055c7db07552df6df7701fa1c2ff23d02f843427a2933be6504ab55402f6ebe6a6143e8cd636cdfc4114fe604b4957b0e6252b942e262929ca10c13155867bda66362290e51eb265a11f16149e40d22d6a6ed247114cdc9240000000e4c40585771e96c3c2bdfe7408e87e4f6cf192e950ad7707a3441c45fef95624599c8066f9811923edb6d7f5bd002acb03b36a2e8248a9ab1a7d8e7d1bd37fc9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com\ = "141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\komuniti-blogger-malaysia.blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421516928" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 a5.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 a7.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 st301232.sitekno.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 ji.revolvermaps.com udp
US 8.8.8.8:53 www.waktusolat.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 sphotos-b.ak.fbcdn.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 widget-6f.slide.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 172.217.16.228:80 t3.gstatic.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 172.217.16.228:80 t3.gstatic.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 photos-c.ak.fbcdn.net udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 216.58.201.110:443 apis.google.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
US 8.8.8.8:53 widget-40.slide.com udp
US 8.8.8.8:53 photos-e.ak.fbcdn.net udp
US 8.8.8.8:53 photos-a.ak.fbcdn.net udp
US 8.8.8.8:53 external.ak.fbcdn.net udp
GB 142.250.200.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 mail.google.com udp
US 8.8.8.8:53 j3.tagstat.com udp
US 8.8.8.8:53 a1.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 img230.imageshack.us udp
MY 45.127.4.206:80 www.waktusolat.net tcp
MY 45.127.4.206:80 www.waktusolat.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.187.238:443 sites.google.com tcp
GB 142.250.187.238:443 sites.google.com tcp
DE 185.44.104.99:80 ji.revolvermaps.com tcp
DE 185.44.104.99:80 ji.revolvermaps.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
US 38.99.77.16:80 img230.imageshack.us tcp
US 38.99.77.16:80 img230.imageshack.us tcp
GB 142.250.200.9:80 img1.blogblog.com tcp
GB 142.250.200.9:80 img1.blogblog.com tcp
US 104.26.11.22:80 www.widgeo.net tcp
US 104.26.11.22:80 www.widgeo.net tcp
GB 172.217.16.229:443 mail.google.com tcp
GB 172.217.16.229:443 mail.google.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
GB 142.250.200.9:443 www.blogblog.com tcp
GB 142.250.200.9:443 www.blogblog.com tcp
GB 142.250.200.9:443 www.blogblog.com tcp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 jf.revolvermaps.com udp
GB 142.250.179.238:80 maps.google.com tcp
GB 142.250.179.238:80 maps.google.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.187.202:443 maps.googleapis.com tcp
GB 142.250.187.202:443 maps.googleapis.com tcp
US 8.8.8.8:53 rf.revolvermaps.com udp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
US 8.8.8.8:53 code.jquery.com udp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 komuniti-blogger-malaysia.blogspot.com udp
US 8.8.8.8:53 tripwow.tripadvisor.com udp
US 8.8.8.8:53 tripwow.tripadvisor.com udp
GB 216.58.201.97:80 komuniti-blogger-malaysia.blogspot.com tcp
GB 216.58.201.97:80 komuniti-blogger-malaysia.blogspot.com tcp
US 104.26.11.22:443 www.widgeo.net tcp
US 104.26.11.22:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 104.26.11.22:443 www.widgeo.net tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 use.fontawesome.com udp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 t2.gstatic.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 yazidanefantasy.com udp
US 8.8.8.8:53 connect.facebook.net udp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 172.217.16.228:80 t2.gstatic.com tcp
GB 172.217.16.228:80 t2.gstatic.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 188.114.97.2:80 busuk.org tcp
US 188.114.97.2:80 busuk.org tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 1.bp.blogspot.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 188.114.97.2:443 busuk.org tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.refers.es udp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:80 whos.amung.us tcp
US 172.67.8.141:80 whos.amung.us tcp
US 8.8.8.8:53 www.facebook.net udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabF10.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 307e6b99288d7ec1dc81c213dc4babcf
SHA1 727c8710d266427bf596c744415c70cef1a34800
SHA256 2da8e3b75a3237bb1f1a99c60eb7999d9011d6e90628a9404aee900e5bdf3ea6
SHA512 38497859fbe84776feaf0a81a75c247cff240f2915a9f8e8065cadeee17d53c772909fefa7e78455ba64f79f7e351754204f54961d3638d475496695e6e8dc25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 30ba39f0d9dfc242bcf5a13148c65714
SHA1 f35a36a5dd87eec68ee6d1e621224995838f30f2
SHA256 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8
SHA512 bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d9ccc7655c5840f43ae3ee76ade48342
SHA1 6fe63af380372021739ac08db8e353eb60e0498e
SHA256 244f5a855d2f2079fbf269ca7037a086d5ac773ada341b3999ab89835f13807a
SHA512 9c78f2fee56dbd02c1bbce127e09b0e3453b30270b018020ace00496d6116a470474cefe762a39e8380afe7e39441239895460a18bdad1d8a39b2458e594b8c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7af0e17aee1a521cd18d28d006d43abe
SHA1 4e4c17147eeca59c856dd0b52eb004dbb1c7e8fa
SHA256 a902ef80deedf7e0866bf10959b7444a752f25dcb1ce3d93991663cdf78cf7c2
SHA512 b854487ff4ee1ccbf4c33ae01a5fda3efba3eb0585152dd138e896c31905bc1692b3a8f90f445cfbfd744341f0342174fb22b61602de16fb810d6d4e0674a639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ecf735eedf66fa2120ea2ba0d8da16ae
SHA1 626f2fa1c8fe77d048f250a5272b586cb55f3e48
SHA256 c424184e77b418f871ab188a280301dd1b582a49f14daf1f7505e514e85cf2ec
SHA512 a7f5f1f03fc6309782b0d54d04d10fdbec7446777b91cde339b3b544e24ca61e57d6810d0c1e9a481d3c1053bf1c855bb6f0dfe4faee27739f0246899047351d

C:\Users\Admin\AppData\Local\Temp\TarFDE.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5c28fcf9ec722fc35e7fbe70e511603e
SHA1 9c041e703542145bcd4709574a8b761bd9d9fadc
SHA256 a9198b0db91fde8a74acef6ffbb3cb02be26c7885b824d3ffc9a70a4214b156d
SHA512 08040df5c80c571aabde238213a4c37c24532910c57052a7097a5a516ac0cc674c5a513903f17389da14f8ab42abae12303572ce7caff750080e663e1eac95be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 db9ddbc658d6dedfc8c03277a8de1f15
SHA1 b191335171c6b05e4a66aabaa594cc2bfe59a03e
SHA256 ba64ab7cf3a1379ba426e4b194533c76c1b98122759f70dcba949adae62aa1cd
SHA512 70dcd322bf197b84e0cb9d7addbeef2183b61602dd59ded2418367707fa82cc32d54c88e83b5c62019b26fbf6da46db38cbd9a6a2c938009cfe4608c91710af3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50d8b60888f7a048134916b1fe8b362b
SHA1 2af14ecce54bf98b7ed0e8aa041183a10d6e9cfc
SHA256 398171c47293394771cfc6b0cfa9a623c637e93fe7032d01ca2ca92af01d6018
SHA512 e361aba4b74bf3b645fbb541cce5f924bcff1787749c791d169da0bae3df4088c5b7a291209d588e2e4b4e048ea1af26e0eac0925a4ed8755e8844231aadc027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 469d46e6d36f6ccae2f32fbe0a69ea01
SHA1 de4f9dcfe0f1a174af9cb67abc21ebbdf54f9ebd
SHA256 4bc6e15c77aa9a41610be0608910fe2493f91986a1832d7475497c4a31bc598c
SHA512 9455e16975fd347668aa4c18f5500575637999aa33fd84e13ca05c3d46d1752b0d0ea5acd8b8903533dcb18266f641ca0c4f01e3fef3db10e2b4f3f015b72fff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d07e46805d7cbf4f77cc5858716c5ec0
SHA1 797b9996b7d3408f492cdc2d21d903c55d2d2db1
SHA256 f0d9691a7db90f31075d5bd0b5a13f9aceae4ade686a8a957cfa0e76e9a8a02f
SHA512 ae7d8e067c375c50f912021e77c208b016764d1eca9e3a5a7b60daec0f869086f08c7eae5135442d80f18d8a31de69a9ed7a48ff2693761ba958bf2358605c34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 43ae1240e82a88c27729aa2e43fdcd18
SHA1 d3d075e4a91481cb936b162a4aef36a7ec25ee70
SHA256 e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2
SHA512 b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\http_404[1]

MD5 f65c729dc2d457b7a1093813f1253192
SHA1 5006c9b50108cf582be308411b157574e5a893fc
SHA256 b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
SHA512 717aff18f105f342103d36270d642cc17bd9921ff0dbc87e3e3c2d897f490f4ecfab29cf998d6d99c4951c3eabb356fe759c3483a33704ce9fcc1f546ebcbbc7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\platform_gapi.iframes.style.common[1].js

MD5 7ef4bc18139bcdbdd14c5b58b0955a67
SHA1 afe44fd9a877f81a3c36f571c0fc934324c6cbd7
SHA256 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838
SHA512 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[2].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db98583a7ebd5da5d85705c5b682f2c7
SHA1 5af6510623cb6e6adfdd9cf8062dc36c7d0f297c
SHA256 680fa398b707d530060af702449de20e8d2305f6c096f1a93f737c555166e134
SHA512 1a383f1add1993fc118819e37b53bf29938ba5adae65bc8ae6ca7ae9880069ad897ee47fd00e9175a510f0d71cb97cced7e2cae7cfcf26bab2a337fd371f8373

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab84c90917fbd3c935339bd00e817c45
SHA1 6ff0f722c216c93dd8e68437590492ce47d2aa6e
SHA256 496324fcdfec87214ecc32c6976608a1fd936ef1b3a858c1f70c48d4949147b3
SHA512 2e0028912e66cf652e684b8af59913a222d3adcc09e4a31a19ffb8f3c10ab0f77de290b08e4b84f2c1be39cd354b828faeeff0f731208d515165bbb6b5763b3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88d56f52dc91a6ed86e20e4e765bdbdb
SHA1 43c01af6d1c454955f4e0f9c5b1237b9430b5212
SHA256 8bd29f75da54855c23e950bfda255ade94f4d70397ce61234dd724f263c83cf3
SHA512 1e4b76227f446d6d0ce2913b11c590815254e03cb4a2df15033b555203ba491148e075f367b8fefb195b5f91c569a6380f696ebbc84f460b65937ec3102c13fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 409684e153a4380e699f43c43e260a43
SHA1 c9a2880718812bde8ee5b95325e19b6bbffd18fd
SHA256 8e0f40b3fc1bef7c6fa005cf02654354d0c0dc71d2f6db6227242eb1ca5cd640
SHA512 8e098bbb2dd454fbf51372b21e0828307e299eea46a98657765e6e2cacc77add5a5a350a15e52d5a3849b8bcb5ddbad4f625f2e8d0a19f7e2e50783a13e94298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f8733d4f85a821982dd5b2de173fbea
SHA1 a8f9224928e9b5f0edd0a53d8026fd12c4dfc7ac
SHA256 69a520b16a762eb53c49526e165f750fa0b2ea1229b1b7639f44842db9950b39
SHA512 6ca5d10db6c11f62391253dea1ea2551dc9a5e046769eb6b91b7088365c11da6e63522be04ed3e6f911e2fdeef851cb59f80c3d310bdc421bc8708e618b1e19d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\jquery[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NQROPEEE\komuniti-blogger-malaysia.blogspot[1].xml

MD5 5f732a9a0be42ca1b5144748eae35ec0
SHA1 a2f8ba7e72cea8582179acc5e4aeac874d27c0ae
SHA256 907520607a15b99723afead6cadfbd8cb2ace6c8146760a4b196cb0e3e8279bc
SHA512 2e8ad7452f75b80418ce59c94007dea2838280c1587a0011da9e0ef808cee9fba306b59fd9bd68b69febec8aab0a5d5c4060ac143f42743a4afbad3bf7ea8403

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NQROPEEE\komuniti-blogger-malaysia.blogspot[1].xml

MD5 25e047ceb7a6021032f473222e119a93
SHA1 6cda48c4fc4cb830b666f091684f55a55a9c3c61
SHA256 98edbc9c9c30195dc323172a54ef6a3c54a940812a8e0c06c0174076ad6a8e80
SHA512 b7f0c38988ba9ea640feb2ba1513d573456e6cc60548ec69afaf5c1755622ebcc07c352b3b5662564453c1b1d930b433df68e0eeedff97554a5623eac70057bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98663ae8dac1f886d7db20389dafca19
SHA1 704c91c78fa399e2cf7af7cb91cbe04694ef25de
SHA256 ce06bf93becdc27652a272f659c28c5ddd60646d7eb4fa2d18f10e912921a2d7
SHA512 ef7af91e74511036337524a6e08e929c9e799a1d80a4889fa6f1048574c90dbcdc867de9791a1ea21d8e16482b692c623b8d9024b7b44f56614b08207441198a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22d684258f810b2b1c6c0801c37044b6
SHA1 211376f085b6db351deb52f08f0af1b64bc267c4
SHA256 272019a737e1d7e117eeae10b7240eb23ff64a30fe8f60cadb51b8a83102e3ec
SHA512 b8975048133b2339cdf9c53ababa2f6440592b97465f500f6ffada9f11e3198314c60a505523524734129cfbf81fac00224d99ce93593e1b0e36cd1a3250cf71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca4e1207dddf8c5ebda7a2f917cc5b39
SHA1 57a7ade168546c34d44d2202746253b93f509d30
SHA256 de87145f43fbfd8687d594193e341e776b6b8771130b1aa9db4e5a85be77691d
SHA512 d1b9e625726eabab87ecc1cf5648f1321818a7fa546e6c0b2252b0f2b094a7d5b6668df25d43d8cf6ba5b6360a6cae9491eb1827dcd684b7c8d77ed2891207c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d753a527a02192bfaee58e28af0a9ef
SHA1 53d91a19001d49071cd5483e9bfc7e1106900f24
SHA256 2b37ecf984120f69b022c66679b5ef944cf6b7ad23fc38c2d2167a8e04f6e956
SHA512 485a6b115ed96b2001490b21d9cd3831a134e6c4b3a0e14e048d25c782153fb10e402b2f797e7ace160111a9791748581cf4b31f096e13d5c886e49815ce3148

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bce3f82a5511c45b2fcdcaf73e929bb4
SHA1 bc758eff997c4e25204b749c6816f632899675a1
SHA256 b5d7efcf9de12ea37dea2fc2be0fad4f0ece10cf0cf776671f3c547d538b7b41
SHA512 2a707ca1f134ae72de0e6f6124fff4eaf90583e6eb8b0ad357eb7fd10777a84f772b72b57ecb0b37d6c1f03dcd78dff102d3dfc754afc04b61f35cfd01f8752a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 891b9c14082d0d1c5009f359ece9c613
SHA1 9f40fb71d30fdd6ba16c263fbd73c2a44888bc84
SHA256 0dc7b5b9e79ca03f03a93fce9b8e14b18f87f54380dd72d4c0b3c6ec166c9bc5
SHA512 76a5129eec4ed6cccd973766596ff908d3be9ef987232d5f8f549a813341525eebf321f7f1b72706e9d8454ddfa3aaeaa575590f08b5a186351e2097b2bce9b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df42b724c8eb6d2660506bbbc71549c2
SHA1 b2a557b31bc02fbb50dea0a3d3898c612a04307c
SHA256 a9459a30c0ae538c1cb50600dbdd79f54b007818ef4ab5fb901aa74466a83196
SHA512 8aa101333ddea7915b5a7c5b30de09abe6b60b1112a5c8e92f726f9165e78b3018869b3e81f2528cc83fb5b1acf6a198bec17c1f4a3fb07e7457e4070c6f4a4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31eca5e95046986a14472ad5e17e04a8
SHA1 4bff72823c9c2024bf4125dc9ff1c9f15e3413ae
SHA256 155f7adf34cb0fa302ea882dd74ea9b911bb2b1c0cc97dfcfa9c9501f1ee1822
SHA512 f1758f460866ade73ed2a7dbc5241c1bc35e692b33942ded0a6ed7f1548e14b0349b246ab5a3e2225583b13b823da17aefef9102b50f8cb15efb41b5e4655b96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c584a101d19dbbafd32fd84fd04562f9
SHA1 3012e7dc2aa4eeda28a7fa33e09d8d0750314cb9
SHA256 b8f77a4cb5cfb55ddb9c1c82989100553ee53f91cce083a3f48575d956801ad8
SHA512 e08e24972078b74e28bc4313378d5da5bdf62b397adecc85121d468c529a24e7279446d17ccf36c96d778171e31d31696be4324ec32a2a40da70f7ab3bd67893

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 267754d6642e93b1bd59b190b4349470
SHA1 d3e905a759a699ec8a0a4bb8d3fd70718ca89f16
SHA256 5e0d1d26690c26e16ec56d9e87d2691a4272d36e9e96a7e6c47990147d7e810f
SHA512 22efd20071e7d823221e681528b93429f74fe58e4d339771d6d11ade847115d6cc37b04b636a0580a027d2872ea7ef95b96efd64ebaa4756b52b16c50e0b0495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f800927e101fc135d83b34a0c144525
SHA1 e04a920a2443c30fe31c36cc77c5c5630fe5a938
SHA256 b10418f923ebbe0d2e1488e9f20df7a3e911db4779ddcd79dca099ef2aa80254
SHA512 a297d931d1c4c4c16f7554cc16ee7513739e58ac8890ec9f492fe5efdbe5e9fb8f31c8a864f424629c35351de05f6f3cdf5d079a43388ab7dc2b8f936f0cc165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f444c6e3c086b6af783bf6177260ab8d
SHA1 26fe6796af439327f8508c9289be1576670476a3
SHA256 089331b878f9a671e3140c5eb7bf853be2c5e90f776afa47beb333850249bdff
SHA512 9b48e0dcea1afcb7be980dd004b1af435e000962fe07a84fcec0a33a4b0e604388b172bc974567160d3d471cd97397e1fba774d27a4a3e9a71242d947a2b6dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e181f751c448c09f78a3097b5aaaddee
SHA1 fad533b054455a6ac3e5d592b2a3ea2f8de7a969
SHA256 8920e2cf89c8f410215da886a848ee1f66785d15816bb80e189f86a00edfef0a
SHA512 28a3ae4e0d34b936006557de4a089c3dd0d85e1334248e22021e9c21527631fec9bc347f427cb6696723e0298d29e41f58856b6b4de4d34a26e0c738b903ebf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f832c0a337e81d5415ba735afa280013
SHA1 c5c59abadb31db817ed6a8005a5f6c43036efdec
SHA256 c027c4677148a9ad8dc342ee6b2603fbdda7b3c794a49bde5787e9dca3c4581f
SHA512 6d357842cb3a1e2ef101c132870c11c82753b138745771ce69db2cb4b5dd3e8fe97e4a57d2f38d886a1ef6eb9c8bc7be743199bf0c2ebc9126426eccf7754f3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef4c24d841b9de428b234108f4560d98
SHA1 c5e253edb7e096cc22ede4d11da282a0ba6a40d2
SHA256 43961c16aba79de7b40dd2c3e4a5a6c3664068fc180fbd11fa4ed2282a8e1ef0
SHA512 3f729f3922f37e7fdb0e75c517da99fdb4b491ce3b19ce842b24679424593a6a901cc58421eaaf7d2e06a7e7630037340f7156a57acf5f94a6a4d7ee18e365f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8501f6b7daeb763230a2d9134bcca18f
SHA1 1cde03c2b888a40f1219d1cbfaf08c36151e8b42
SHA256 ed8cd71cdce2b32bf114c892bec622c94913ee3b153f9c1b9a22487dabe8219a
SHA512 878dbb59b30e9facd9ab350bf9d480ca1f14931c89897b30f45c0ea376cb00769bddc8a517e805a146843f6d0995fd3660ee39dfed3facfb3a27c76be7d2e0bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b954cbf8249c6452120bc8d01325ebd
SHA1 e4da1454b2152201edc3f8b14088b6d7f9759300
SHA256 ebed9b1783bf976a644dd461fafbef74181e6eb43a377c824dc732106adf5a09
SHA512 0c16635dac34a0b491abfecd853f4f65ee91ad872980e8f7bc23d3963179083f5d8c380c4db066873350a934c68bb0364168f7f4655834cad3325b45ea59daed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08d3845c55aed0329f9a2fdcb18fdcbb
SHA1 faee759d7009152ef440d2dec48a69830cd8ab92
SHA256 aff4f469719aaef06609797afc97ae1187e3ae3d0e34b99752ff4018e9772fac
SHA512 f076b59f99341cce3c8401d3758dac326f638b5e613170923daa4e7b359f1412130ec7eef778a279a7db6bdca9603f022a29c2b7118845d81a4fea2a679e1794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9d463361bc42c6f6db01d25bb914d65
SHA1 4df8195c93c4d30b0d4715b5c79b0860740a5bd0
SHA256 aa4d9b7f1a149d52a31e15dfe970b260b08608e64cab7fd9777dc0447bb7c3fc
SHA512 75007b701854a3953891a052918f3443489b4cefaf6d739a5e029d458f9bf7774b9b00d014d36973dcaaa51ec7101f41dac2beab5e46abe43099489d150b2442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de6651d94fbab7ce7d3343b3caa5533c
SHA1 5f2e1ea1ef4da45fe631951cbd47aface751bbfb
SHA256 090b6eaf7a24e218baecf4a67eecce686f6d1e39b75ed21204095f1c1d452265
SHA512 0d79b35e32989757bbd0a6fbc76ce46d41b71c957485075eb327ae5c0d935194b663f2f39da8bc9de3fd7c370a54b14a55b15cbe410069e9f988950fa3377fd9

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 15:30

Reported

2024-05-10 15:33

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1496 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 3364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fcd591796d5e5491264f3d2255d0764_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc53246f8,0x7ffcc5324708,0x7ffcc5324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7627413943451319032,14802031671976967796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2576 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 a5.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 a7.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 st301232.sitekno.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 172.217.16.228:80 t3.gstatic.com tcp
GB 142.250.187.225:445 2.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 ji.revolvermaps.com udp
US 8.8.8.8:53 www.waktusolat.net udp
DE 185.44.104.99:80 ji.revolvermaps.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.200.9:443 www.blogblog.com udp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
MY 45.127.4.206:80 www.waktusolat.net tcp
MY 45.127.4.206:80 www.waktusolat.net tcp
MY 45.127.4.206:80 www.waktusolat.net tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 142.250.187.238:443 sites.google.com udp
US 8.8.8.8:53 img230.imageshack.us udp
US 38.99.77.16:80 img230.imageshack.us tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 rf.revolvermaps.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.187.225:139 1.bp.blogspot.com tcp
GB 142.250.179.238:80 maps.google.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 206.4.127.45.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.9:443 www.blogblog.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.revolvermaps.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 badge.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 sphotos-b.ak.fbcdn.net udp
US 8.8.8.8:53 widget-6f.slide.com udp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
US 8.8.8.8:53 j3.tagstat.com udp
US 8.8.8.8:53 a1.sphotos.ak.fbcdn.net udp
US 8.8.8.8:53 jf.revolvermaps.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 maps.gstatic.com udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.200.9:80 img1.blogblog.com tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 code.jquery.com udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
GB 142.250.200.10:443 maps.googleapis.com tcp
GB 142.250.200.35:443 maps.gstatic.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
US 151.101.130.137:443 code.jquery.com tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.200.10:443 maps.googleapis.com udp
GB 142.250.200.10:443 maps.googleapis.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
MY 45.127.4.206:443 www.waktusolat.net tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.187.225:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 komuniti-blogger-malaysia.blogspot.com udp
GB 216.58.201.97:80 komuniti-blogger-malaysia.blogspot.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 172.67.69.193:80 www.widgeo.net tcp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 yazidanefantasy.com udp
US 8.8.8.8:53 t2.gstatic.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 syoknyatv.blogspot.com udp
US 8.8.8.8:53 www.refers.es udp
GB 172.217.16.228:80 t2.gstatic.com tcp
GB 172.217.16.228:80 t2.gstatic.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 tripwow.tripadvisor.com udp
US 104.21.26.218:80 busuk.org tcp
GB 142.250.180.2:80 pagead2.googlesyndication.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.180.14:80 www.youtube.com tcp
US 8.8.8.8:53 photos-c.ak.fbcdn.net udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.21.26.218:443 busuk.org tcp
US 8.8.8.8:53 widget-40.slide.com udp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 photos-e.ak.fbcdn.net udp
US 8.8.8.8:53 external.ak.fbcdn.net udp
US 8.8.8.8:53 mail.google.com udp
US 8.8.8.8:53 sphotos.ak.fbcdn.net udp
GB 172.217.16.229:443 mail.google.com tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www.facebook.net udp
US 8.8.8.8:53 whos.amung.us udp
DE 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 104.22.74.171:80 whos.amung.us tcp
US 104.26.11.22:445 www.widgeo.net tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 193.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 218.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 cdn.tynt.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 172.64.153.173:443 cdn.tynt.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 172.67.150.119:443 arvigorothan.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ic.tynt.com udp
US 8.8.8.8:53 glakaits.net udp
US 67.202.105.33:443 ic.tynt.com tcp
NL 139.45.197.242:443 glakaits.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 sr7pv7n5x.com udp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 my.rtmark.net udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 de.tynt.com udp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
NL 139.45.197.236:443 yonmewon.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 173.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 119.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 242.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 33.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 104.26.10.22:445 www.widgeo.net tcp
US 172.67.69.193:445 www.widgeo.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 67.202.105.33:443 de.tynt.com tcp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 67.202.105.33:443 de.tynt.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:445 www.blogger.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 67.202.105.33:443 de.tynt.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 67.202.105.33:443 de.tynt.com tcp
GB 142.250.200.9:443 www.blogger.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 restoranbasha.blogspot.com udp
GB 216.58.201.97:80 restoranbasha.blogspot.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_1496_FFPLZYXILITEANOY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd3614cebd67c45b05197fbf2ae28ae9
SHA1 034fbed6cc518dc19aeb44d1f24210d287c460c2
SHA256 b51824df13bea1a92e0eff827ae1bd55690fce988ec07822964e392c619d4597
SHA512 dc61b9278e709b7ca05e4b68a53c0a200d0575c030477a60751937c952bfbd855cb35c24b84285dc6637c5c96d3fe32e9e8866e17d52da73a3aabdeca51b0365

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 b6c8122025aff891940d1d5e1ab95fce
SHA1 a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA256 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512 e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 88477d32f888c2b8a3f3d98deb460b3d
SHA1 1fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA256 1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512 e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2946d86702152219694800210c005237
SHA1 c2a26540968f44c9a9061fe8ea3d8685e574581c
SHA256 2c157218c54dbc17f8a72d4555077c04e5d84edede0b0c4d81afa9e0beacfe8b
SHA512 d02e81a61073de0f4727bd2b1a8c617c86ba0eb022d11f4e6113aa10e92c1fe7ffecc184b1506388faba374527f8098650d8ac983e136fb643cc877aa8422690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb707888b0c167430bc6ffc69a1f7e4f
SHA1 034a7d1f50c2d26964d2e38d763d4537f08eb7fe
SHA256 882e3ec5e146b7201105058a1bb8ef20683b0b892d6b6f00362cacf74a03a92a
SHA512 0ee668b979871475fcacce2bf5dbac301fd30050e0c38540d8841c71a761a99608d54f51a512e6f7c392d420d69df84456ff7a7dd9ca07e58b3463001c53055e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb0b3ea0b4b52e9dedc5e12779525426
SHA1 cbb1da5546df2f59088e92699fec1da4b186803f
SHA256 ae3218235c360093c33c3c3636636dc323bdb099f6491a3cda5562a7c40b6deb
SHA512 9a06be5cd4687cf139651e8ed326ed6328e2b5d420f3bad66a29283e0ff94359c0763761e74dfacd266aba321d38871f4c02d4a934dcf4b797ccf423e4d94203

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0ecd2d61c127283ef1c1df9bfd3410b
SHA1 934344d492da66d1e84cdd37d6792907f3ccef7b
SHA256 99426a52510e5419e90b02a104f38b09ac79409781f63dd9ddc6b66078766a7d
SHA512 c34552e7a559c2703b15712b916760c34a29a95ff3b5cc8ee1aa1d8625694fc71e2448ec0b808bdded6cd32c1c365fb62c7c0ee1103dfad9bea56a1d7ec75046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b4af27c253cc77ac41369bb27bfe0b1
SHA1 0a2f8b4bdeca164d0374c9a5d930386f42a2bd2d
SHA256 50d24c98c1dd482e8ea6225a0f18f787434eba4079fdf45414dfc6c2328b1a33
SHA512 3101825be98c9e5ceb81b120d8ecbb91cd5784456a0bb54df2ef701a4640e28842b92725771aa5de4bc3dacb15ba898b8cdfa085dbc585ad37ef4125d10b93dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f0baa970cde5524337751bb3ed990a12
SHA1 3a3f89df900910e43b4a619c1b8ec9124238ebb7
SHA256 623b8befabd52fdc5fc5f758d73866568006013cf3eac533c11a731e37bb8992
SHA512 bfd5c020dcfedf64bb8c7592ae1b0f5ebf4ffd793a1b195d38ae3fa1f02d32ad4d610994e88c4affe80ba7a8eae92196d3b6e14578d0ce55a3cb8549be238fa0