Malware Analysis Report

2025-01-18 00:10

Sample ID 240613-qs7aqsvelr
Target a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118
SHA256 a34d281ce2d2a5ca78425def875d50e6a87636fc5b1db140978621781d747910
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a34d281ce2d2a5ca78425def875d50e6a87636fc5b1db140978621781d747910

Threat Level: Shows suspicious behavior

The file a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates connected drives

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:32

Reported

2024-06-13 13:35

Platform

win7-20240611-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61F80FC1-2989-11EF-BEBB-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001b1e821497771ee10d188a8d069ed4e9c4201de9f6a1b3f538e9d28c89894585000000000e8000000002000020000000ed7cfb2ddd9228a47963b74437677f2c6732cb55f305ac4ce63ad5e732ef78949000000009ad6c135da50fbde9a65920bc63c502385d71c7e002e4857e1e91e8a80686143b4e5bff753c836d127954081df966a4615a2d0126e6091cbd9529df4b490162d105df663e8df88be9f844e2285fe2e718a2e33278ed1388610b8d9f168aa9a54359857541410853f2d15b93111e704eb3feae816e9cd63f6d13cc551991d28bfd6816e2860be07fcbcbf73f69fc8d084000000073b3aa86cf428a0d40edcd3c024f707ff21eb8cec327a04e8c53b5b3c8ef5bfeab70dd60983cc3b4a21c9d90db5598e4ae5bd0a1a84156201b74d4c28743168a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447418" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000002a25bcc7abe10dc3d569852ff88f8ee50cbf246629984b40c69117b66c6abe42000000000e80000000020000200000005c1efec7b0147a9e8b85995c9d17da186f831cfdf591fa74214dd3d72dccf50a20000000061205c30c8cbd9790b475208671fbe1354cd7f0424e4a6218212996bafe1353400000001d0c9d61d16f6a8d669fa95453681e30b60a63702373ed78094d57ab72cfc453a1a5beaac9dff6382c0a395a82b4ecc1007ed17ec0239cb9645ef4da0ca62912 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b024083996bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 h2.flashvortex.com udp
US 8.8.8.8:53 h1.flashvortex.com udp
US 8.8.8.8:53 noticias.gospelmais.com.br udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 bloggercomment.com udp
US 8.8.8.8:53 assets.gospelmais.com.br udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 104.18.26.155:80 assets.gospelmais.com.br tcp
US 104.18.26.155:80 assets.gospelmais.com.br tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 104.18.26.155:443 assets.gospelmais.com.br tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 104.18.27.155:80 assets.gospelmais.com.br tcp
US 104.18.27.155:80 assets.gospelmais.com.br tcp
US 104.18.27.155:443 assets.gospelmais.com.br tcp
US 8.8.8.8:53 zadafacil.com udp
US 103.224.212.214:80 zadafacil.com tcp
US 103.224.212.214:80 zadafacil.com tcp
US 8.8.8.8:53 search-blogger.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 ww25.zadafacil.com udp
US 216.239.38.21:80 search-blogger.com tcp
US 216.239.38.21:80 search-blogger.com tcp
US 199.59.243.226:80 ww25.zadafacil.com tcp
US 199.59.243.226:80 ww25.zadafacil.com tcp
US 8.8.8.8:53 www.search-blogger.com udp
US 8.8.8.8:53 paraisowebgospelplayer.blogspot.com.br udp
US 8.8.8.8:53 mural.codigofonte.net udp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com.br tcp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com.br tcp
US 188.114.97.2:80 mural.codigofonte.net tcp
US 188.114.97.2:80 mural.codigofonte.net tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 paraisowebgospelplayer.blogspot.com udp
GB 142.250.179.243:80 www.search-blogger.com tcp
GB 142.250.179.243:80 www.search-blogger.com tcp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com tcp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 142.250.179.243:443 www.search-blogger.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 hosted.muses.org udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 209.126.106.184:443 hosted.muses.org tcp
US 209.126.106.184:443 hosted.muses.org tcp
GB 142.250.179.243:443 www.search-blogger.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:443 whos.amung.us tcp
US 104.22.74.171:443 whos.amung.us tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:443 widgets.amung.us tcp
US 104.22.75.171:443 widgets.amung.us tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 8.8.8.8:53 stm2.xcast.com.br udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 8.8.8.8:53 www.muses.org udp
US 209.126.106.184:443 www.muses.org tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab193D.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e643498e2574b80dacac12a782b2e64c
SHA1 0b65a4b26cbe1b6eb1dc8944d9c1808c1be13282
SHA256 a6529d8bd0c5c306db905518b9931463e95e90bfead060ee439869a1833db1e6
SHA512 617c2d35de5f0b3ab526654aa11cceb59f70c0acffdccea7f0a44b1bb6ba63964f3f10941b43799ea88c9e58887e3d71a5e9b5ec9cdb8a12afb6795a859937ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6f80b4d5e7d14d63f2e5d139249e8a7
SHA1 2c777670331cc8d06b4a9e56508de5ea45995d60
SHA256 d3b95e76fdbfb2a03cdd04d397b0e455905de1981a1b4d468c61f39a1a6b0221
SHA512 db430493fb15256afbaf95e149934bb2123275dc066086093ab4ad4b33574faae627912ef33f99c48ea72eb34ecd0f3607612d2d809fa41c6f33fdd9a3e29eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 61a51e10aa9de789b1db913a02fc966b
SHA1 cffa172b16c723beeea71f897eab0afb4be2f9ba
SHA256 668a44b92f005be5852e8e2cf718fec5d04d323cc530309dffd1072b251d0137
SHA512 791602da3f11a90c4a66c41585744f393d8dcae9884bf7f33f4af3015d6033a866892489b6d14ed95ed3a8382bebfe27e6451d9be592e9c7003d1b351e33c4bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2cd637068e317a9801252482d5d9c3f6
SHA1 b1e69d2cd5c0f25bb611474a3c612a71d3d3d5eb
SHA256 d17558dec91dd95cf5dae9b8cb01e0c52727c806dc6b8a32151d34372cd0f716
SHA512 c8f957a54ac8b7fadaa7289c8800a57953cbf9e21cd9bf0943c2453536102c84b78bef24724ff37b4a8f08cf137abba476b58499c077273369c534ecbce0ead7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\Tar1973.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9127ddfeed586c5945670fdf03e4eded
SHA1 0716d9f368cf676df3af80849dcc009a9e666f00
SHA256 628f489cc471f2b4997106149754b7759aa3ddb03a90d19a1f9434cb18521ade
SHA512 09124721f438f70a320afd3c37b3c715522aa488901b0c2a1f63019272ee7a1091c00ba1844bba97c9d039ac3b2f0908baca9115d3f5229ca38c42141d52d8f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9558f6333063dc6367cbf1b6f7ce6268
SHA1 794221381461b1e56451fdf5924a896d61063723
SHA256 cf8f197ed2c3e3dc61146940cbdbeb9cc4b4941d50ee3dc87397fc5c7ff17827
SHA512 2adcc6002e9d61a3e27b8f8e3ff1c6aff875476c09cd77e1e72ca9d520546b577be1eeb5eb84a410c54cc8e21a9cab1917a7c54c86ebbb272b526137230c76e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

MD5 31c72108356bcbb5569409aa463923e3
SHA1 647712555d187d6763bdafc3e9c2ee9645bae56a
SHA256 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb
SHA512 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 daf6d8081f90ecf893a51e4edc9dd09b
SHA1 296bf05e3ed8bf35f19c4269a5a0e0cb842162fb
SHA256 508d7bd6819c8cd9c7299e259ef62a34c7b41f9c57aa5790dfdb78037ff64ba0
SHA512 32cbe45852c6e3a17958c29d5be1b7f6c5bcee8a80b3f49934747572b0eeb81247a50e29f660f73708b2667df0e218495ee86733c8fd93bdfaf8e26bbef02076

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\3566091532-css_bundle_v2[1].css

MD5 1e32420a7b6ddbdcb7def8b3141c4d1e
SHA1 a1be54d42ff1f95244c9653539f90318f5bc0580
SHA256 a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2
SHA512 1357d702a78ffa97f5aba313bcd1f94d7d80fb6dd15d293ff36acc4fb063ffdad6d9f7e8d911b1bbe696c7ad1cde4c3d52fb2db2a0fcf6ff8ef154824e013c6d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\mrp[1].js

MD5 f65f1fc567f664b69f07b132a4568f38
SHA1 537acdef72daf5ec42057a829e5998f7646571da
SHA256 8662fae93778c4706cf756a3ca3847dd55add6c88bdb3984b6d2ac1b538ef7d0
SHA512 ded91f6a5701b14fbaf6eb7cab099b0e54c0703a39eef32552f67b950009adba364f602733d6838f5b5f91709d43dbd01f9af81778ec01ba3e85735eff0872f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\922809059-widgets[1].js

MD5 302781801e83c8b2206545a0bd58daac
SHA1 a8b0ecc855e5c39356448055057792c09978bebf
SHA256 2f01fba3e1dafae4a7904fe01df2289a84f0678f18b3bf281f2f2efedce547f5
SHA512 fdd113acd632880e1984e478d52cbd59a7ff7c644275f0beeeb591e7548f49ae9a3b8e43b44561566c45d66dbf8d724bd98ca96c83d7ad080304d15e8ff1d9e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\v7vy2rkjwnBS7GaGPCj4lDHg7-uqoQBgCnu8qUCxaM0[1].js

MD5 bf735e758a2d6f078e2cf03e6da174f0
SHA1 ebf369b18285533679ea285fa27223dad500c83d
SHA256 bfbbf2dab923c27052ec66863c28f89431e0efebaaa100600a7bbca940b168cd
SHA512 7517b019d5846adf2f8003f43083e93e6e2a8b71cd5b02f8e3ecb693a43b3905c2f30e820936703205f993d464e8840f64196d9cc09f9614dbdb2dec45a03615

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34131f7d72b745cb50c320722046e8c6
SHA1 9bf2eb33dbbe06422cb7951abf74d310d8bee11c
SHA256 8a312d635bfff03a25321168b43ec017b78702bd0aa9247defda0820cef11254
SHA512 07c385133e7e0aed5bd80c3447cf1ab885476d6f3b533a65de42a8052341769f0d2b95b6212286c66d6ea3f15588517fe5d18bef871588dfb5b801e2a1715e83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc2319ac83e35ee2b78c00550bb3519
SHA1 d68996f97f9a35f07bdd72e839bb9ddf910dfb20
SHA256 8c7f326626eb306baaf1790b6c8bb1642126b9eefa03c106d334c443a00dd956
SHA512 cd3fb4ff9b4a4c9790fffe5978a4ce342fd62be8694bf0f4bad084353457b8010c114188a23dffa9fc93ea3dd94b6ad9cce6557f352d0e6712fa5ac21765cd69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaf8e929e1269a22816f905480d82625
SHA1 ef0494846b16199f81e7134efda60987db3b5e32
SHA256 3b30cbff6ac353fc419cfbad421cb5ad61b15a8fef863e6a44cbf543be8499de
SHA512 51ab7636214928bf346232d510d755fd0774d080195507bb6cd1e3795e7d5e435da70f5b949985d0155af329ff6bd6ddd2047a25e0d531b5bae1cf3ee1453ff5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1ffeb3bb705b47bb7ac30ba2be0bcb3
SHA1 e60382c56600b8bd393475279608e6cf2cb87eac
SHA256 77c46cea03546f40a7daf782bb11e2674b673475a925438b256bad3292bd8ec5
SHA512 69c59d37aed40f1ae5eae25d1568cf86a4d3da9da8a14600802f18dc58599435bb839d8113a9824a9ccf8aaefa438c39450a7e95480bfa2b4723d900e12deb0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af1619be077f4806d972794e5c1c5907
SHA1 72abc1ccfdcbf21e84179df308af1d2716e92c32
SHA256 614ffbbb488262558156a01f4af4ca765cb48f4ec4322ebd93b88699b4c5ef6a
SHA512 a44ada4501cc93a24b5f9c7908634cae89d7e9e34e563a0b88071ce1d3e22d8afde9344a86604ebee3253c99601a3adaad60c591cfface277891adab4ccacd8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44674dcfa71f92e9a1a3d6724a09f6a1
SHA1 170afd5149ac8e3a75962d84647a5d3cf27e07ee
SHA256 fc6cd44e7d826871b54338c4c40d17fd9767be99e01b6a790b5e5f527796751c
SHA512 3ab7f4dbfae7f1f685c7f659c4d46c7b3d1e8141b641fc5cee8ee7f54a0c1e08704c2abbe8fb9e85f1ff428842ca77a5c41751cf383f7acb0ac3d7920c297259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f005c2db8997c3330b82ebfd6bce971c
SHA1 bddc1123699426e51b09cce22f5bdc5bcbfdb0a4
SHA256 e600c45b4a18a127673b170f8b6f7fba1e61307809e7c97bfe70e2a0e241db69
SHA512 d21043f2ab2142189660addebd97cd1bb4674345d6b38fe21af6bf3a72fec5af6dec70e764399384939993f4704806169fa4cf26c056ef67e0b30f37e116194f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7b2c88269a389c2b0d5933dbbb6e296
SHA1 57c853093d2cdef704da7a746d01356723f6bea1
SHA256 f8df9f533a580efe0b4b9937bd422ee553145799668261ea9aeb6d2f83d5caf4
SHA512 d465a7772337074d8bf41e8592c7cffc2eb5a54ca4fa38d041e4a8352550eb7bb975d98989f2f1284d865087c37d4f92a89d82d94f9dd7c6289f57ea270a9af0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c523e792b54079e1a9d2780d3584cc4
SHA1 6f789fd2beee172713abc4cf0b293577c55d1e79
SHA256 1684efe6858e9d994ca7de673c1e5487ce26dc4f318005da38524841b06c4cca
SHA512 f6ac601e5552fdc7f281132825aaa8fff9b54dd92fbce2a9db094010411ffc41abc078af3baadb06e71027b2e6f10dcad2b09075e158b7b73153debf6e3bc64f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6f04c8778aafa29e9bc5a84339e7b61
SHA1 e8a02441052512c21dbb974d69339c49c7fed1f6
SHA256 53bfd11684e7e47b663278cb3030557351c1d9c0c0603268937990bd3ce0fd07
SHA512 a26f1cbf1d50e09b619e8b93ce693b476782af47f1ed012087061c7b8f37f08d3852b541d581a03ef6baa1357bf66032b0e01e00b311b49a49835cb1eb5e0e59

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\collect[1].gif

MD5 28d6814f309ea289f847c69cf91194c6
SHA1 0f4e929dd5bb2564f7ab9c76338e04e292a42ace
SHA256 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
SHA512 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3423b73a07c5ac81dd82a8daa7b7d236
SHA1 23fdbfb4a69d1673aa01240ff7965df68dbcc20f
SHA256 668781451acc4a23ff833c2233b5e06cfb46990723472d459aef2a65475c0eea
SHA512 d22fd413e967b96399f627191ecdf4284ee4c4d0c63273d889f746748ea423d9b3fe2b0cd0e52390adacf250395b31683ecaf6d2b0a79eac48b1d3cf8f73f423

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c803ac4b6e58f7d698a4b4517f3eaa16
SHA1 2a469d7e483aa0a0bdac3c0b88d7ac44ac78b7be
SHA256 2ab4aeaa33878f92320c292a551b6b615d09b93acd303b6427b0a6460f158287
SHA512 308d367018ba177dcc61755866a4fddefdd77da96b144e1bf79ab147dfa7ffb4f2792746869aaf27fb38c149e210b0936816b4931f3c514ee71f5390c94a40f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f90739227ae55d02499c046c683fb2b3
SHA1 3aa478bb050c8582933d2d7e5dd6ab034ca2d07f
SHA256 bddcb90900bf9a05a83042433802bb843222f5cbc899fe6d86eb5bbb98c28a17
SHA512 a0d200257657658cecfdc9d0c15c25d3ea4e62dfc0900abc7d881a4dcab63c6416e656f325ab779f2a2ba34a9cdf1aeb52f30003498901ee2b1d49d5e52ad17f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df7041bc8f7f0650e92870e13c304917
SHA1 baf7974f2fcff59a985e997adcc85c6e15a50419
SHA256 9edec97c614e3301e0ad55c98c7dd7042f9b70dbe7751180baba3988412701b0
SHA512 8bb593a195a22aaf9e2f76555c5f050f6d57dd9545cd5e4f03ca69672a4bfb48de3ea87a22033f9edda069787ca1cc4d9a1b6f8ca88285d9298fbb1e7353f759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e697bc7a73ab1ede78c0d01046431d3
SHA1 70ad68227b45f96a871bdfc48bb04fdb1b927838
SHA256 f00376cbfc88204075f9f893f8e92e1a787ca5c6107fce7a49948883d10b2bc9
SHA512 dfe75c4de94effad127614bca5d7438fd031ec5a3547befbea28cdf5a4b9880beb63bd19d446e4ef0614fe51ce0fdc7c3539aa3e0ede1b6c4814071d5ccb60b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2abab435efe06af93a0d9622351b68e7
SHA1 653346d0004e365224f959a790254ade73656a53
SHA256 2ede4e20a84573adce2ffc75e68ae3d89c5c8505ce0c71f4f96e2b9db2a2b4cb
SHA512 a734ec5dfa142d0546a41ee29ba15eae83d1949861d8ba1c1921c2b3c8e4b97643ae7750d42e1adf2b77b7faede09037b7112c2ff8d5c2dd42603dc07290f3b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e3369d2b74bf871156f313266732bcc
SHA1 74e2a60d6e9d4112491f1d424c4a05cfbbcd6ae3
SHA256 d551572e48b818748c988a3b6635d76fe09e33d3da052a1af00bf4db7b073cfd
SHA512 dc8b2ff397720d79e53f80a4481866080bc63fcbac0e6f2077448b6550e68b73f95f73ebc8f9152946684ac2e559b21c06782b19e212785736eac230c683bfcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87ebafe6fd3c6d25018264a6f8937f72
SHA1 d1e6ab26c559f60220f3081f7ea04d48540a6b92
SHA256 9c143685cd21e93137dfa8b13a8b2d0f29ba7ba7735b4835264f3e3675f3156f
SHA512 cc0849222bee275f132b20d398ce3da187414913e9218c3a623d6d5b0b5b356a693fb56bdb43a22f2a622dd187381bc344501175c28bd9620c1e952ae60433b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2abc2508b8987400e7ecd4b1976a1661
SHA1 0328a020143a3d72714b9906be630603f5304a72
SHA256 3ec47cd93e69a6a0952541557bf1ea8dea233880aa319aebf52ceffe21936a4f
SHA512 308560e120e52640261c25778c0a4083619eb2db79d55035b6ccdbca056d08064e2554121a2eaa31399d6ca5b34e4f82b58ae303b46d9845bd141b18a6832899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2927326b7847b647d05dc89cb6824bf
SHA1 241a5b1130e2455b1598d3a8c63785b4529c7b36
SHA256 67918d3d8f4876ad0b1ef39977f4c33c8bb4bc021f559c134f7f0b476c6c0819
SHA512 8f5d5771b0c8359b8ea1307b1304980fcaa3375c6aff024a52b36923cbcad6d41923366ce72538eaf275e5216146ceea47f810f5842e4cd4c93715e1ea133fb8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:32

Reported

2024-06-13 13:35

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4436 wrote to memory of 2224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 2224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4436 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf5cf46f8,0x7ffbf5cf4708,0x7ffbf5cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 zadafacil.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 h1.flashvortex.com udp
US 8.8.8.8:53 h2.flashvortex.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 noticias.gospelmais.com.br udp
US 8.8.8.8:53 bloggercomment.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 104.18.27.155:80 noticias.gospelmais.com.br tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 assets.gospelmais.com.br udp
US 8.8.8.8:53 widgets.twimg.com udp
US 103.224.212.214:80 zadafacil.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
US 104.18.26.155:80 assets.gospelmais.com.br tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 104.18.27.155:443 assets.gospelmais.com.br tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 103.224.212.214:80 zadafacil.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:80 lh6.googleusercontent.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 155.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 214.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ww25.zadafacil.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 199.59.243.226:80 ww25.zadafacil.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 search-blogger.com udp
GB 142.250.178.9:443 img1.blogblog.com udp
GB 172.217.16.238:443 apis.google.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
US 216.239.34.21:80 search-blogger.com tcp
US 8.8.8.8:53 www.search-blogger.com udp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
GB 142.250.179.243:80 www.search-blogger.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 paraisowebgospelplayer.blogspot.com.br udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 mural.codigofonte.net udp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com.br tcp
GB 142.250.179.243:443 www.search-blogger.com tcp
US 172.67.205.76:80 mural.codigofonte.net tcp
US 8.8.8.8:53 paraisowebgospelplayer.blogspot.com udp
GB 142.250.200.1:80 paraisowebgospelplayer.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 243.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.205.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 hosted.muses.org udp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.187.196:443 www.google.com udp
US 209.126.106.184:443 hosted.muses.org tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.178.9:443 img1.blogblog.com udp
US 172.67.8.141:443 whos.amung.us tcp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.98:139 pagead2.googlesyndication.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 184.106.126.209.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 209.126.106.184:80 hosted.muses.org tcp
US 8.8.8.8:53 www.muses.org udp
US 8.8.8.8:53 stm2.xcast.com.br udp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 172.82.129.81:7494 stm2.xcast.com.br tcp
US 209.126.106.184:80 www.muses.org tcp
US 209.126.106.184:80 www.muses.org tcp
US 209.126.106.184:80 www.muses.org tcp
US 209.126.106.184:80 www.muses.org tcp
US 209.126.106.184:80 www.muses.org tcp
US 209.126.106.184:80 www.muses.org tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 23.41.178.41:443 www.bing.com tcp
BE 23.41.178.41:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 23.41.178.41:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 41.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 209.197.17.2.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_4436_ULMTSIRZXIDJZTUQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca3183b3a6dbf4457ed30d6dfa83c7a1
SHA1 8e2f2287f024de064c9203aac3bb67b6bad3acb4
SHA256 ea97d6139e9fd19f2efbd3d1e5936abd18879981668277bdfd3f17a67b09bb9e
SHA512 f185a2f22dff281f56221b549393fd2eb337108db0824e8e1f3d6ff5e4b1475007dd88cd77868587d9720e6f1f042310a36342789a5110f73bb00206320bafd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 7bfd82ce71aeb85023d4e59a441da916
SHA1 fd6be3c264cac8aef008eff3c74a7cdf3bc4a42a
SHA256 90175e0d4c5e92bc761823c3a38399801ffe90e1a9a4937793269c476799fe83
SHA512 9b770c06daaefcb2801089ff9e0866f43d649f44b236027efb62e110434bfd8d30bd18af470caae4fe077603daf46314415f57d1703df162518f52f23b0e3951

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 02422dd4fbfd3c96db7ea70010178124
SHA1 95abbd6675324aafd9a70a0faafdf80ddd8e3106
SHA256 2c4774d4dd6684367116a8144f51f3ca606dd2eb061b94408c647c8a7e5ade74
SHA512 b5e1c90cab104e8ef7b381cc4c6448e193c917898e98f4d88b9422fa361b7f301ee90ae9b642256d570ca0b45e3659e351d212269c36052d09374a7551ededed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5cc3ec4f44396c1cdf961f2c4864e6a
SHA1 4146cc4e54790c82d52f0130205d610478ec5c8b
SHA256 465981674f5e114ed53e499728f5ec69fa4aa05a2a971541f5129cb7399f2768
SHA512 fbb938a1871310b78ce877e52f89246544cc7781d58d356d5a7afbc880f4e2b31583329d0f423d0c5bd20f4742f5e8a7ba380880101908275f25f09f78778bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 97185dba0b7a9f01f9771fc8821e4afb
SHA1 2feae3db95dc73ecb0f3b00cf20b90e7152711a9
SHA256 4943baee6b62567fd8ce08e873ea715e24d593e2d02dd7e414dd49820b24e244
SHA512 904071da94aa71802339ae46582343d5c3c3283fcc5245281dfa983f60b4fb846b5b965c8ebe571371a98f931500aabaae445da8165689f1fff22dcfc454e4a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be292fac00261198c93f0d68afe05fb2
SHA1 c39f3b5ce5f942aeee50c47d4e7b62a4727dc3bf
SHA256 5bb74ba684edbba49c4a0224ed3dfb13acf342318edd240e37ce106bd8e08c77
SHA512 d5feb8c66373c0c7ab981e067cdcd0e929e555854176a0d8ffc39b2dfd9059be966ef02ad75dc309abc83c296e6103bc709eb4740717f5e3a497e131153ca307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e26d0fa2d19788bd9b6e55362280990f
SHA1 bd8c54a9f4abf3c5f6a68ea79aa4ca660cc02924
SHA256 ca452f8588dee1a6df9f7bc1a7a57892f3e6769e6323378919dedabbcbb9348c
SHA512 57d8c9a0def2b2892db60978acd8c30741850fcf0a9e1d4b62a74b2221547599bc08762019b54469a7cf39a496ed7fb64ae54284c1046bb192516699e1028fdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e10b00071531a7d95ce8c002e2da947d
SHA1 12744fd7d13f97fa50dca0b36a253427d22e7654
SHA256 d8455aa8d6eb37822d316048d89ac70e704099d9fc37adb7876445b8056f78c1
SHA512 b92adf90d7adade016a26ff1efd953cc43db738b3e34dd0d156de85c8d065f8e6e2906c15faf98e7c5b1b3982bde2856e5ed51e3670ed6b19187e44ad30c0a4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5eb8650f1885fe9df6552ef4d8f4c7dd
SHA1 213004c147051b770dc458a215fd24e04bcaff48
SHA256 a49413832c7521de2ad72d74116150136190b4dc053a57acf84fe93be30ea6fe
SHA512 6bfd112986fc2a0434561f323a14340db971e2b39f76cd80a9d31212e8abe7dd079f1fe2fb7603f75aeb4bdedc9be993280bcb89ebc3ee33960cd2deb407c0bf