Malware Analysis Report

2024-10-19 02:44

Sample ID 240826-fd1vasxcqm
Target c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118
SHA256 595b8fa048251a3e3cfd4db67cf534ef466b3d5b6771b26a6ea71569b46d8bec
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

595b8fa048251a3e3cfd4db67cf534ef466b3d5b6771b26a6ea71569b46d8bec

Threat Level: Known bad

The file c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 04:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 04:46

Reported

2024-08-26 04:48

Platform

win7-20240704-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\Total = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430809440" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E05FE51-6366-11EF-AF94-46A49AEEEEC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 scontent-kul1-1.xx.fbcdn.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 adukaherbamewah.blogspot.com udp
US 8.8.8.8:53 scontent-sin1-1.xx.fbcdn.net udp
US 8.8.8.8:53 fbcdn-sphotos-e-a.akamaihd.net udp
US 8.8.8.8:53 fbcdn-profile-a.akamaihd.net udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 s01.flagcounter.com udp
US 8.8.8.8:53 i198.photobucket.com udp
US 8.8.8.8:53 www.maybank2u.com.my udp
US 8.8.8.8:53 www.malaysialoan.com.my udp
US 8.8.8.8:53 i24.photobucket.com udp
US 8.8.8.8:53 enes-sc.googlecode.com udp
US 8.8.8.8:53 fbcdn-sphotos-h-a.akamaihd.net udp
US 8.8.8.8:53 www.yourjavascript.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 66.154.110.210:80 s01.flagcounter.com tcp
US 66.154.110.210:80 s01.flagcounter.com tcp
FR 142.250.75.225:80 adukaherbamewah.blogspot.com tcp
FR 142.250.75.225:80 adukaherbamewah.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.78:443 sites.google.com tcp
US 104.71.143.200:443 fbcdn-profile-a.akamaihd.net tcp
FR 142.250.179.78:443 sites.google.com tcp
US 104.71.143.200:443 fbcdn-profile-a.akamaihd.net tcp
FR 142.250.179.78:80 sites.google.com tcp
FR 142.250.179.78:443 sites.google.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 172.67.69.193:80 www.widgeo.net tcp
DE 52.85.92.81:80 i24.photobucket.com tcp
DE 52.85.92.81:80 i24.photobucket.com tcp
US 76.223.54.146:80 www.yourjavascript.com tcp
US 76.223.54.146:80 www.yourjavascript.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 92.123.142.114:80 www.maybank2u.com.my tcp
GB 92.123.142.114:80 www.maybank2u.com.my tcp
DE 52.85.92.81:80 i24.photobucket.com tcp
DE 52.85.92.81:80 i24.photobucket.com tcp
IE 172.253.116.82:80 enes-sc.googlecode.com tcp
IE 172.253.116.82:80 enes-sc.googlecode.com tcp
DE 52.85.92.81:443 i24.photobucket.com tcp
DE 52.85.92.81:443 i24.photobucket.com tcp
FR 142.250.179.78:443 sites.google.com tcp
FR 142.250.75.225:443 adukaherbamewah.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
GB 92.123.142.114:443 www.maybank2u.com.my tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 cdn.html5maker.com udp
US 8.8.8.8:53 www.123contactform.com udp
US 8.8.8.8:53 mypicpals.com udp
US 104.26.12.144:80 cdn.html5maker.com tcp
US 104.26.12.144:80 cdn.html5maker.com tcp
GB 23.106.61.147:80 www.123contactform.com tcp
GB 23.106.61.147:80 www.123contactform.com tcp
FR 91.134.223.248:80 mypicpals.com tcp
FR 91.134.223.248:80 mypicpals.com tcp
US 8.8.8.8:53 app.123formbuilder.com udp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 8.8.8.8:53 form.123formbuilder.com udp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 34.198.120.255:443 form.123formbuilder.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 8.8.8.8:53 www.al-azim.com udp
US 8.8.8.8:53 www7.cbox.ws udp
US 8.8.8.8:53 www4.cbox.ws udp
US 8.8.8.8:53 www.thecutestblogontheblock.com udp
US 108.181.41.161:80 www7.cbox.ws tcp
US 108.181.41.161:80 www7.cbox.ws tcp
US 172.67.190.152:80 www.al-azim.com tcp
US 172.67.190.152:80 www.al-azim.com tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 8.8.8.8:53 thecutestblogontheblock.com udp
US 172.67.182.230:80 thecutestblogontheblock.com tcp
US 172.67.182.230:80 thecutestblogontheblock.com tcp
US 104.21.75.228:80 thecutestblogontheblock.com tcp
US 104.21.75.228:80 thecutestblogontheblock.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.21.75.228:443 thecutestblogontheblock.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 104.21.75.228:443 thecutestblogontheblock.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 emoticoner.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 www.cute-factor.com udp
US 8.8.8.8:53 www.astrosafari.com udp
US 8.8.8.8:53 i.imgur.com udp
GB 157.240.214.35:443 www.facebook.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 172.67.201.54:80 static.cbox.ws tcp
US 172.67.201.54:80 static.cbox.ws tcp
US 67.199.248.10:80 bit.ly tcp
US 67.199.248.10:80 bit.ly tcp
US 199.232.196.193:80 i.imgur.com tcp
US 199.232.196.193:80 i.imgur.com tcp
GB 13.224.245.10:80 a.deviantart.net tcp
GB 13.224.245.10:80 a.deviantart.net tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 151.101.129.91:80 www.astrosafari.com tcp
US 151.101.129.91:80 www.astrosafari.com tcp
US 172.234.222.143:80 emoticoner.com tcp
US 172.234.222.143:80 emoticoner.com tcp
US 172.234.222.143:80 emoticoner.com tcp
US 172.234.222.143:80 emoticoner.com tcp
US 199.232.196.193:443 i.imgur.com tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 wallpapers.com udp
US 153.92.0.100:80 bcroom.netau.net tcp
DE 52.85.92.69:443 wallpapers.com tcp
DE 52.85.92.69:443 wallpapers.com tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
US 172.234.222.143:80 emoticoner.com tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 199.232.196.193:443 i.imgur.com tcp
US 172.234.222.143:80 emoticoner.com tcp
US 172.234.222.143:80 emoticoner.com tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 151.101.129.91:443 www.astrosafari.com tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 151.101.129.91:443 www.astrosafari.com tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 www.mbcslot88.com udp
US 172.234.222.143:80 emoticoner.com tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 198.252.104.151:443 www.mbcslot88.com tcp
US 198.252.104.151:443 www.mbcslot88.com tcp
GB 13.224.245.10:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
US 172.234.222.143:80 emoticoner.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 8.8.8.8:53 cococokie.wordpress.com udp
US 192.0.78.13:443 cococokie.wordpress.com tcp
US 192.0.78.13:443 cococokie.wordpress.com tcp
US 8.8.8.8:53 www.themezoom-neuroeconomics.com udp
US 104.21.53.159:443 www.themezoom-neuroeconomics.com tcp
US 104.21.53.159:443 www.themezoom-neuroeconomics.com tcp
US 8.8.8.8:53 www.gulfmanganese.com udp
US 172.67.161.217:443 www.gulfmanganese.com tcp
US 172.67.161.217:443 www.gulfmanganese.com tcp
US 8.8.8.8:53 www.murraybrothersfuneralhome.com udp
US 172.67.156.47:443 www.murraybrothersfuneralhome.com tcp
US 172.67.156.47:443 www.murraybrothersfuneralhome.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0354176a40f048da70b3bea6f0267bf3
SHA1 33c0b0ef929971ceef9447f3ba7a333ee6e0d6dc
SHA256 10e00c5c66af4374fd697706ac5f144ccfd0511a5b601aeb61933065f944b2fb
SHA512 e224bc55953419b5b6b9b990150b035866c475e44ae00349729eec75d3f380903faa838ea795e5cfbbdfac931e46bef2aad7d5673732e8ad7188c468f74bcb52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 36c28093e15de662f68d1625fa5b6d8e
SHA1 0f8ebfce30e800b697dd2f7f1fbfacb0c1569303
SHA256 0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a
SHA512 cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 752c6617bc1693123c6bb893bbc387c5
SHA1 b6f8e4ef36b9940907f6a59f1b7dacf08d7ee8b0
SHA256 15824ea5523e646e7befcccc8c153811745cd503ffe994c1b3eff4bb5266a456
SHA512 a93576348df99a493ae652cf9c8f437ed1d18e42b948f2d05d39ccbb291edbc1b91573d565eafca5b290dc5616e463c1868527c87446e3e9dc63aab6a521057f

C:\Users\Admin\AppData\Local\Temp\CabDC8B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDCBD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 f485d09b5bfa19e8d5c53bb29bf6386b
SHA1 bfa1877c1538215f0e72990bd55850faf416f6af
SHA256 fbbacae9f66cc369c7acc5ff2f5d5d062965b632065b9a404116d2b842506585
SHA512 a401fbc3342c315f5f2893e01ed5218012ef3225e16a7d17951072aca79cfb6b306f1dfd6ba47dc0d859557aa145ba265316453efcd18f1c8581520e49ee92c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a45a59f48325b0b65512e2d1f0a02190
SHA1 ec3b874eb214457b4be089c17ed601d65862818d
SHA256 554491534471612aae62e16fcea82733f8c0629142395d9f64e47a73b46d6581
SHA512 24d62f45d3fccacf1ec814beca366b139783ae44fd03d0d91f1a2e439fbfa3f554dcba63ddd214ce60e17ee0a04fd7a5e970541a2dc22d8523caf38729100847

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 039f96092e6ee64c278fe7b09ce5090b
SHA1 9eed97447f8aa452d7f2c752071ab5af87f92c65
SHA256 387eb4ae5dfc7bb6cb096689788c4eb11a3df638f69a9285e46e3ace78f3ece4
SHA512 bbebfeed2676a580db5e190cf99a95b7aa0de17f1bbb4ba13bd90b1f1b0b5a7f954b6367c8f42f418e2c92387b1c8b229c678121a5842842cb6f87e5772964ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7b9bb5f3fa7e7842768dbc2e569906f
SHA1 e9004b9307d1d8dbe405d5aae6ef36bbd274e103
SHA256 029bb45b58f5303c4e8289174c7fd8cfdb66256e1ca2174a8083cb5e20cd70cf
SHA512 3a98ab27a95901e3d168953610e37082c07eb5eed944610af64900da8b621ce68f18556f58b4fcddd91985212e6038c008ca1019cab72cf2b5ec4d116bb07cf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 0734bbad74a88f3923d2e0105f96e98b
SHA1 aef7285c5d5b5b80e0dd269f78f291c862344fa7
SHA256 d67542144aff752e97b8e5747792d8e14dcfa9c595cb864a34ce18f5e6eae5cf
SHA512 963837f6b6e16f1ccab3b890c29392bbcf883373f7ca01a467ddcf739f951397adff8473735a5845f93c6d92df77e5d4dc11d6561e4ca566523ffa5f536574e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 671135c1b03e8d363ffa2238dceb821f
SHA1 e03d67b70baf2b28d0bb99d6a768ed16b0b7505c
SHA256 603af73bea0694335b20e604631966d314319865f48c01bf561685ffb71b375d
SHA512 26d2c8b01cc253462a9cb910191c1fd1fa14cc09ead899bc404b20115eff05f2dbb39cd364ab84ebcd0365cce1eed0d94681988b79c713a1b8e3f7989de49d42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 5a18a4ebe1e12fa2e62d88a0d6c50e7d
SHA1 5a4fe259053cf2e823c50b9e30e9465a0a808f4f
SHA256 52d1ad5ecdd976369305b4393f065539bbc700cd278f85e60fbc241ca40facb5
SHA512 a386611176580b008e8570d6d5b1cc087a8bc13f634346c544e1727023211b69a2e7410b7fc6feb333d5378ffbb3110da55d369988d5d572df246a7cbe34e5c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 1c33733bba48dc1da9b3b72aa0d51872
SHA1 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA256 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA512 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08bd621285b0796c447a9dde3c78e87f
SHA1 f3d3bf03203a2fe486f96ba87b0a1bac1d5d2bca
SHA256 11b6e8b772593d0320be780708a227063d7c91e5c30724578bde8b21cc5e7857
SHA512 9f7546fd52f2625a61c2764797d1ca1b754843a94ff8cb5ad3e06b60a6f19141688ed2311084724370c07d366d43b543cf1a2ba41b59fcd26a14b162eb5ef164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df22d45900ef5de2321aacd95e45166d
SHA1 348ef4e6273af1c517e550d4ebae4b2ebbc6c6bf
SHA256 0d05d5f04ad4ce660beb4cf28b2fe4c02bb6d7d65ee12d85c0dfbc51bbbe9481
SHA512 98952088e07aa99fd71ae017fd062b63a2113261062f61244718a1dc78d8072be2ac31be96fdb2b429d1ccd2ab7380e52102d6d029b2d34f15423648659378f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96ee878e1a3ebbf6d4eb656bd80b415f
SHA1 cfa98541b0ad73a9f4b25f5744ddbd426018096b
SHA256 001003daf0cf4e8465c4ed1dd5fd7e338811d9c9e760a14a68a273eb56667b1f
SHA512 fa3a8d63c610c46c6a10d11c07e3252978cb7080d1f8fe18cf98c7816342689ddd4bf26bdf2095bd17f1e40f744a278ceec157bf712e29e101260235d717d14b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4dd2f2e94b10b92ba0d2dfcbab789cd
SHA1 0b44498d834151091aa25fcf4a08b0707b8e9e2c
SHA256 9bf22300a3298333705acac353cc4f4d0d0a0e002e1e72c7f21b52ed093386ad
SHA512 792637e39344a99072d8f494ef90103b81e349e2adabc1f4614e38bbd5b09a54cc362b51fc2f06482958548c210465c5f20b9e560ab8e2e333a8483eba0d6a11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8f59fbc5751f29fd70b79e1e305d47f
SHA1 119d98f2fd4517937a2706f53809e9e2fdff4e54
SHA256 55dffde1c3fdabb42e4b532ae60a3cb181bc3de0b520edcb8fde4acfa2a8a73a
SHA512 234123478df6e0090df20514b25a0455de9276cf17e6903fdaef538f7ac59f3f91bf0c4b03b442dc6be80c7f5b8fa92e48a3765962087d53f83017fbf4a71661

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ea9bd99d5369590e01180be4f9458cb
SHA1 66c3ead821f4cdd2945d76279c3665c311a8f0e4
SHA256 5586199751990f6642a49dc4511ab3bf56ad49e6935a9ea952b00fbdbfaee592
SHA512 18164e45d2515659ac23bb95ce2d8e8906c11434f8edb7d0acd99be6ba1400f6c20b39690f45b648b60a8b3b65fef6d65ed5a93ca472ef036c641a3cc7ed06cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f2023427513b1da2dace3424dc9deac
SHA1 b9781399dce696e69f75a4ff5576bfd9afec42e5
SHA256 419679007b09083ff5205421f755be785e8ceb571a4a87155dbc6b7606c30c43
SHA512 52f6c4c7e0fca300dfdb4639b00d954cf7e64d90de2f5d11eec1c7e18bf84672409514eb2a24251193dcc3a16247625defe39cb401501a994b76364e6918c32b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8797f5b77da34171b4cacbd372fbfdd
SHA1 a79e2f3a0b0ba694fe5157c4e7c8fd2571d8babb
SHA256 639b08a094bcac9dab13a673fb095a70b6bdc0b268d94c29cf6c8cc01900bd9b
SHA512 2db174386681c6ee00d68aedcaa6a52754bbbc48b72d75ffc3395866b45b243055e81387843fef58d4d0a8fd701f6d6e6e387b14d8845a162b355916b70da59b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\cb=gapi[1].js

MD5 ed72d618fe48f6fc42c19a4b58511e72
SHA1 80a2da4af91d56ec81c7b672afaaaa72c83a4414
SHA256 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0
SHA512 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3d05cb122226356dbb3421d08fed349
SHA1 08174ddb27147f5e2b243423823bda5492e8a530
SHA256 6301d20637137534acb60107a6bbf202c9559c89e7fe7bfabb14ab3cf808d9fc
SHA512 07ab7e6e1f563fb7fc8ed7045e7fee013683147b3b59b1e6c547598f2bb9284414f27c8f8c2dbc2e9afdf62ac9291a1bbb9c32e4d1624bfd1f263608cfbe8bb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75f6061077d8fc68c034d13dff341dfd
SHA1 10ec3953264300b77ed4b4f99ecb9b2e1794922e
SHA256 722beff8e656a4e04ec226ae4233fc6f9ad0071a6ce99ae90d0f27229b5a4dd5
SHA512 cfe248191d5049ad491329c87c79f61963802144b9e117f59fe6cda2798b2fb865777bf24272582f579798bb146f2de19743caa0c17371eb3cfb5e1e63432f37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66776560600d9a2aa9b32fb536f1ccca
SHA1 900dd1bd5cd9dc6fcd4f36efe88b61c23d687c4f
SHA256 d10e602201bebcf141a12d26f11a78dab3b88df0b81209700869b786959060f8
SHA512 26e50f04e17d5fb05c0b88dd09c9ba3c0cf8b98c194ba08839552bb4f8667d45b1723c70550a309a362056cbb103b862c48751da519bb49e4510bf412a231ce9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95428a289e3bc2354300732db32e25d6
SHA1 70afd01387a36fd74422cc82aad1fbfc679328ae
SHA256 6bb097391c9d45afacc455d0771eb432bc982a2990a361ae9d94fddf95ab420e
SHA512 b1a83bec78f5fdeaa9d611e30aa3faec6dacc71363239a9b9a58e10346b8ab05f5441e744acf5f9437677b8cb9d7a65d9902f177689bd744d71ea46d686ccd95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9ee215dfa1a0cd58092bd520b7c5dce
SHA1 f0076435d162a1f2e6ff5c84a11898caf8683ace
SHA256 233fb2cfe3f9df736bbb65bef157eae6a1bf2a076758d15ebd31f3b16a23275f
SHA512 732a4c3dbb6ad985a03db990a9d9d7a93dd23131379a901c4fcb0ea37da6a60cf460f8ca63de23bb8bd36415035e9f6986ac50ea0526d47e56abb10091100fc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\1R5PRVV8.htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 15bc74e01f35155bb733d83cbf1789a2
SHA1 8273612b10bf90f10d00786b91b2f2b637f7528d
SHA256 73f71e48dd8b8d15cd88b916312c5642871e044d64486e5fc2d0c264ab3ee936
SHA512 a096baa36c6f6d76cf3792a0c2be63a0d20207a89ee9f1fb33a5d1ec9d13b93bee74d820f70b1712419d34754f9aac6a6c856d02e08b219a81fa3cf0c376df2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e97f414bc017d68a277c1128e0c0b4bb
SHA1 76051815697484275d484797c9f02fd53e6021e1
SHA256 c894ce3b0e97e1d25e360f77bdf0247e4a39a5a0e74fbf24f9ef867d65bda713
SHA512 97430785ea3464b17e504cd44c36c25956728d9e9df54cd86a9b8e68d4710813624fe3470af8f3384a4ee61c5f6eb58e8786e92eaf21540335336bea3a450630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\1380534674-postmessagerelay[1].js

MD5 c1d4d816ecb8889abf691542c9c69f6a
SHA1 27907b46be6f9fe5886a75ee3c97f020f8365e20
SHA256 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f
SHA512 f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\rpc_shindig_random[1].js

MD5 45a63d2d3cfdd75f83979bb6a46a0194
SHA1 d8e35a59be139958da4c891b1ef53c2316462583
SHA256 f7067f1d01d9c60618becbe4df3d61778244108459226e2e8a818cfbc2c18ae6
SHA512 cea9c9eb8ff0c43048ff371f135148438fc1a2614bf8bbc3518cf430c37778edba3452ce92b4236679cd1a4123af0ca320f530b1c20cedd0883b545209c048cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bef8b838d94cd5e5a92f139235a3e78
SHA1 200de5df870ea81787ee33585054360496470935
SHA256 f9cc08d2d2a03966c1d810b2617963f19b15ccd82f38f70bc533362e4e882ebd
SHA512 3dcddd0253f630ad27ba4a1a3baaf61325f341a7bc425b0bf262d68533478c2e71839380d750a2af2074e7ef2cef5c56906b041e1a64276e3bf4d6286ac9b3b8

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 04:46

Reported

2024-08-26 04:48

Platform

win10v2004-20240802-en

Max time kernel

146s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3300 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3300 wrote to memory of 1200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24f2e64c935cb3defb25e516fe84db3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4c846f8,0x7ffab4c84708,0x7ffab4c84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x90 0x50c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5924066078163011811,7399732883674631609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 apis.google.com udp
FR 172.217.20.206:445 translate.google.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 48.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.106:80 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 adukaherbamewah.blogspot.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 enes-sc.googlecode.com udp
US 8.8.8.8:53 www.yourjavascript.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 cdn.html5maker.com udp
US 13.248.169.48:80 www.yourjavascript.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.75.225:80 adukaherbamewah.blogspot.com tcp
FR 172.217.20.206:139 translate.google.com tcp
FR 142.250.179.78:443 sites.google.com tcp
FR 142.250.179.78:443 sites.google.com tcp
FR 142.250.179.78:443 sites.google.com tcp
US 104.26.11.22:80 www.widgeo.net tcp
IE 172.253.116.82:80 enes-sc.googlecode.com tcp
US 8.8.8.8:53 scontent-kul1-1.xx.fbcdn.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 104.26.12.144:80 cdn.html5maker.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.123contactform.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 23.106.61.147:80 www.123contactform.com tcp
GB 23.106.61.147:80 www.123contactform.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.75.225:443 adukaherbamewah.blogspot.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.78:443 sites.google.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 fbcdn-sphotos-e-a.akamaihd.net udp
US 8.8.8.8:53 scontent-sin1-1.xx.fbcdn.net udp
US 8.8.8.8:53 form.123formbuilder.com udp
US 8.8.8.8:53 app.123formbuilder.com udp
US 8.8.8.8:53 fbcdn-profile-a.akamaihd.net udp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 52.0.181.232:443 app.123formbuilder.com tcp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 144.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 147.61.106.23.in-addr.arpa udp
US 104.71.143.208:443 fbcdn-profile-a.akamaihd.net tcp
US 104.71.143.208:443 fbcdn-profile-a.akamaihd.net tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 s01.flagcounter.com udp
US 8.8.8.8:53 i198.photobucket.com udp
US 8.8.8.8:53 www.maybank2u.com.my udp
US 66.154.110.210:80 s01.flagcounter.com tcp
US 8.8.8.8:53 www.malaysialoan.com.my udp
US 8.8.8.8:53 i24.photobucket.com udp
DE 52.85.92.81:80 i24.photobucket.com tcp
GB 92.123.142.128:80 www.maybank2u.com.my tcp
DE 52.85.92.107:80 i24.photobucket.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
IE 74.125.193.84:443 accounts.google.com udp
DE 52.85.92.81:443 i24.photobucket.com tcp
FR 142.250.179.78:80 sites.google.com tcp
DE 52.85.92.107:443 i24.photobucket.com tcp
IE 172.253.116.82:80 enes-sc.googlecode.com tcp
GB 92.123.142.128:443 www.maybank2u.com.my tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 fbcdn-sphotos-h-a.akamaihd.net udp
FR 142.250.179.110:80 developers.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 232.181.0.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.71.104.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 81.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 128.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 107.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 210.110.154.66.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 g.bing.com udp
FR 142.250.179.110:443 developers.google.com tcp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 badges.instagram.com udp
US 8.8.8.8:53 www.facebook.com udp
US 104.26.11.22:443 www.widgeo.net tcp
US 8.8.8.8:53 www.al-azim.com udp
US 104.26.11.22:443 www.widgeo.net tcp
US 104.26.11.22:443 www.widgeo.net tcp
IE 172.253.116.82:80 enes-sc.googlecode.com tcp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www7.cbox.ws udp
US 8.8.8.8:53 www4.cbox.ws udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 www.thecutestblogontheblock.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
DE 157.240.27.63:445 badges.instagram.com tcp
US 8.8.8.8:53 thecutestblogontheblock.com udp
US 172.67.182.230:80 thecutestblogontheblock.com tcp
US 172.67.182.230:80 thecutestblogontheblock.com tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 104.26.10.22:445 www.widgeo.net tcp
US 108.181.41.161:80 www7.cbox.ws tcp
US 108.181.41.161:80 www7.cbox.ws tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 172.67.190.152:80 www.al-azim.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 172.67.182.230:443 thecutestblogontheblock.com tcp
US 172.67.182.230:443 thecutestblogontheblock.com tcp
US 8.8.8.8:53 static.punchtab.com udp
US 172.67.190.152:80 www.al-azim.com tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 108.181.41.161:80 www7.cbox.ws tcp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:443 www.facebook.com tcp
FR 142.250.75.238:80 www.youtube.com tcp
FR 142.250.75.238:80 www.youtube.com tcp
FR 142.250.75.238:80 www.youtube.com tcp
US 8.8.8.8:53 nnaaqua91.blogspot.com udp
US 8.8.8.8:53 kisahcincaibuncai.blogspot.com udp
US 8.8.8.8:53 ainkening.blogspot.com udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 emoticoner.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 www.mbcslot88.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.cbox.ws udp
US 172.234.222.138:80 emoticoner.com tcp
US 192.0.72.24:80 cococokie.files.wordpress.com tcp
US 199.232.196.193:80 i.imgur.com tcp
US 172.67.201.54:80 www.cbox.ws tcp
US 172.67.201.54:80 www.cbox.ws tcp
US 67.199.248.10:80 bit.ly tcp
US 8.8.8.8:53 grautcho.net udp
US 172.234.222.138:80 emoticoner.com tcp
US 198.252.104.151:443 www.mbcslot88.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 153.92.0.100:80 bcroom.netau.net tcp
DE 18.155.145.86:80 a.deviantart.net tcp
DE 18.155.145.86:80 a.deviantart.net tcp
NL 139.45.197.245:443 grautcho.net tcp
US 199.232.196.193:443 i.imgur.com tcp
US 192.0.72.24:443 cococokie.files.wordpress.com tcp
US 153.92.0.100:80 bcroom.netau.net tcp
US 172.234.222.138:80 emoticoner.com tcp
DE 18.155.145.86:443 a.deviantart.net tcp
DE 18.155.145.86:443 a.deviantart.net tcp
US 8.8.8.8:53 sr7pv7n5x.com udp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 my.rtmark.net udp
US 172.234.222.138:80 emoticoner.com tcp
US 8.8.8.8:53 www.cute-factor.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 153.92.0.100:80 bcroom.netau.net tcp
US 8.8.8.8:53 cococokie.wordpress.com udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
FR 216.58.214.182:443 i.ytimg.com tcp
US 192.0.78.12:443 cococokie.wordpress.com tcp
US 8.8.8.8:53 www.astrosafari.com udp
US 8.8.8.8:53 wallpapers.com udp
US 151.101.1.91:80 www.astrosafari.com tcp
US 198.252.104.151:443 www.mbcslot88.com udp
US 8.8.8.8:53 www.themezoom-neuroeconomics.com udp
DE 52.85.92.18:443 wallpapers.com tcp
US 104.21.53.159:443 www.themezoom-neuroeconomics.com tcp
US 8.8.8.8:53 badges.instagram.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 230.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 71.153.201.195.in-addr.arpa udp
US 8.8.8.8:53 34.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 152.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 54.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 24.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 245.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 86.145.155.18.in-addr.arpa udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 151.104.252.198.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 66.133.67.172.in-addr.arpa udp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 182.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 159.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 18.92.85.52.in-addr.arpa udp
US 172.67.69.193:445 www.widgeo.net tcp
US 104.26.11.22:445 www.widgeo.net tcp
US 8.8.8.8:53 www.gulfmanganese.com udp
US 104.21.42.119:443 www.gulfmanganese.com tcp
US 151.101.1.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.murraybrothersfuneralhome.com udp
US 104.21.48.205:443 www.murraybrothersfuneralhome.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 151.101.1.91:443 www.astrosafari.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 t.dtscout.com udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 119.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 205.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 141.101.120.11:443 t.dtscout.com tcp
DE 157.240.27.63:139 badges.instagram.com tcp
FR 172.217.20.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.182:443 i.ytimg.com udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 142.250.75.238:443 play.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
FR 216.58.215.34:445 pagead2.googlesyndication.com tcp
FR 216.58.215.34:139 pagead2.googlesyndication.com tcp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 142.250.178.131:445 fonts.gstatic.com tcp
FR 142.250.178.131:139 fonts.gstatic.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:139 platform.twitter.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 badges.instagram.com udp
DE 157.240.27.63:445 badges.instagram.com tcp
US 8.8.8.8:53 badges.instagram.com udp
DE 157.240.27.63:139 badges.instagram.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_3300_KLMNDLIOKMRHWQMR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58abd29ded1cd5f11dbc3fbfb3f899ac
SHA1 c41010360643cdbe3ce7368dd07c88d73fd7b49c
SHA256 c262687b935f27d1e825b1f0c5180a4bd316393765b52b26986b79097cd1f5cb
SHA512 dbbdfd1ec25e1e5c09bcb9c00203705ef8c16ec22dea01564e10b573b9ed21b6093958a43c7465d76deeb39b7e491fdca8415be850e8506e43e533a217904dfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1 092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA256 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512 b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08304b543758f5099f938aaf90cf07a4
SHA1 19a0f68a20d322af47c0fa9f03bfa6d02e394f31
SHA256 fdebd1b6f76b47d154945a5817cb0a08951088b347edc57700f4f0f844f9bb68
SHA512 742442bfeefa899c51086167156e1b9b212a014eab12b5dfaa3eba9f50bb14b2a53bffd6ced5ab15b30a828c562d0a2f2f36fb93d08940604246b105a7c92973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a86e371d72496c10c56f60d70421293
SHA1 15dc034e88a55b05dc8ef9786c78dddb8c3de612
SHA256 e3968ffe88062229132dc12728b41ab61185cb1ea6e2b9920153855352103b75
SHA512 430e0e64bcd4d4b3955598e11d7d046ebd0ff1524637479f5c51626fe1c6a9cea63848ed8c1de05564463bea72b17683eb3b3a381c7a86e5913f720dd7acf10e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbd7c4d5ae65013a23f34dc99a669f8f
SHA1 5032c26652bc4793bd0765fe8f72847859cd8f1c
SHA256 7f1108275c79ef5f4663c745a56a115769a851cc3366b9586b79f3eed2856da0
SHA512 927ee4484ed111cc760b0eca455d3342e50e794d5358c95fed78e1e24bdc21a8aecaff37c57cf2de0ef52252733f115776cf49be4e24821f866d1f2d49b661a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aec17a9b716a05fcaeda9edc5bdd3933
SHA1 ea12a145b036e78876743841110187de8484f37a
SHA256 d82ac7333502e80865e4a8caa1703dbd562d0fe154c97f423dfcc8002752d6bb
SHA512 291798b6c2ab88e2fc1aa9a79eed85a2620dc53f0ff11370c5e76f7d4a5745289c9c0d59f898e77a82167fa68a21eab5f7d0120a2e539e70c9f179b8e458228a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f889.TMP

MD5 3b263acd14303bb646c0901a7de8ec27
SHA1 9f97b927ad85060d7b2ea84cef032a51038ed40f
SHA256 1fcb3e1d715828c7f3317b10667bbbc5edde4d8160e3eabd1274aa41087c25b9
SHA512 cdd59010804c5399b6fe22ea60908e4317ce07f5334b82994bc05383bb8c84363e1aec9659f8adb056b4bdbae83f4e8aa78c1d7f80686f0973d63437e813a3d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f179ac6d2f3a1365acbe165040296cef
SHA1 a84d2f36d420c33f102f4e947b9563a171852a12
SHA256 89e6a52a5c0148c193310c11fd78d55f17e0db26c02fcab8a4e3b448ee7a4ffb
SHA512 abadb764bcc0b215f11a265168bf548b696debb64ed6c1a9b387f0f6c6130f3c661e9632c8fee745a9c1021ca13b5fdc900486b08a5c052f91661557d3484ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f1ce066806d6d10e47bef102baf734ee
SHA1 e3705a7f8d1e3dc25c04e753a4617cd6fe31a3ed
SHA256 337c98b61eb25dcffdbf6d2339543bf245c587a0710bd230e29de56e37412bc4
SHA512 82ec768eb9a6c2628783c224f8180d936808b2a945511c56ab690bb88fb2367cb7c61ce1f6139e288ce313ed28cf44bc1a39e6ad93a8ec6d6a70bc037d27e96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad237e6a2339632738b3c02a751980e9
SHA1 3d5cfe918b18ad5a0c3457cdf97691f28446afd7
SHA256 a4c25991527625e38b644408785cf21a338db61ff6c61bc7a6a6b7808415c813
SHA512 22f9f0b346342dc85eee8f5ee181c9af1c07aa147ebca6a49f2d9da2022a4cb0cead8d75698f4960003949dd80f4ab0b5f62479bda4ebb7f9f54d1757f7393ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7daa047afaa73fd51f1b45922d3bfa2e
SHA1 7995d120e97872adefef4cc601496b2e7693575a
SHA256 ee7f859a8409bc9be4d9fa5c25702b9ee40b503d1a9ec6def467974856c3d324
SHA512 29a9a21fdae3109ce55b46c19acda9d1569e6edf9957e51deecfdf83a7b3b898654ec3137dfe90c3dd784fd17abb7d16c6bd7aa8fbdf7501425e4566b05f208c