Malware Analysis Report

2024-10-23 17:22

Sample ID 240827-d4318ssfqn
Target c4489cbc061e9050297cc32816a845d8_JaffaCakes118
SHA256 dcf24385ea5b9a811cf078b18b32a3cad55e7b59df10f7109dfeceef40ce8374
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dcf24385ea5b9a811cf078b18b32a3cad55e7b59df10f7109dfeceef40ce8374

Threat Level: Known bad

The file c4489cbc061e9050297cc32816a845d8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 03:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 03:34

Reported

2024-08-27 03:37

Platform

win7-20240708-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4489cbc061e9050297cc32816a845d8_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430891547" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000009bba4cc32c80dd2659df5b6bc6575d5f4399ae3168563cd98e865128dd32e15000000000e8000000002000020000000c6985f5ab03912b4e7525e324691ef52be4e96b69efe52899d628da76bf9ed7390000000b10fff5ccd98c642562e20dac9cfbd0ac08755ab41176c484994c33c0fd0bbec7a4c7df53f1e0223d901ebdd7261a795c0306e35064a66cc90e79918479d1fda2fee4ef129ddcc787c5b192285c5cdd086236098f28c2d318f75709b8099ee7442cd6b051e921537454255b5320c0c8e5951f32abeab2fb853de23ca24dda14a6c3b43bce00c26a10e9d105b4bfaeeaa40000000f1708aaf58b9fc1b5bd7ab42faf8f0315030194008952dcb7369a986c3da17dbd8c1a52d50226a3b89d9253cadd094cc0c69ab316c79da51faeaccc43c2f1954 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000041a595e192542fed70c0f708bd81d8a405992fbe3ffbaa694e5c569b715d767e000000000e80000000020000200000007725d94a2498432a9d1a93fc24450638864e3ab87c95b4d275f1ddae91487ba820000000927d36596f95534b3e4c3467aa6d050cf6658b14832c2490e79c46bcebdee61540000000e1709db2ec7d31b7ffa6a011f4650a0314d824c0e436bbe54e31348bd5e35106ea37e7fc400718d4c5e899e80ed9985e19e9502afaa7c651b747aef70b0f5196 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A2B1E11-6425-11EF-81FA-CA26F3F7E98A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30daf72332f8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4489cbc061e9050297cc32816a845d8_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 blogpager.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 p.simg.uol.com.br udp
US 8.8.8.8:53 counter2.bestfreecounterstat.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
BR 45.152.44.151:80 blogpager.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
BR 45.152.44.151:80 blogpager.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 37.187.129.45:80 counter2.bestfreecounterstat.com tcp
FR 37.187.129.45:80 counter2.bestfreecounterstat.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
GB 104.96.172.192:80 assets.pinterest.com tcp
GB 104.96.172.192:80 assets.pinterest.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
BR 200.147.4.57:443 p.simg.uol.com.br tcp
BR 200.147.4.57:443 p.simg.uol.com.br tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
BR 45.152.44.151:443 blogpager.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.psdgraphics.com udp
DK 157.240.200.14:80 connect.facebook.net tcp
DK 157.240.200.14:80 connect.facebook.net tcp
US 8.8.8.8:53 tavernadoelfo.blogspot.com udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
FR 142.250.74.225:80 tavernadoelfo.blogspot.com tcp
FR 142.250.74.225:80 tavernadoelfo.blogspot.com tcp
GB 89.116.109.205:80 www.psdgraphics.com tcp
GB 89.116.109.205:80 www.psdgraphics.com tcp
GB 104.96.172.192:443 assets.pinterest.com tcp
DK 157.240.200.14:443 connect.facebook.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 89.116.109.205:443 www.psdgraphics.com tcp
GB 89.116.109.205:443 www.psdgraphics.com tcp
US 8.8.8.8:53 fontpis.blogspot.com udp
GB 89.116.109.205:443 www.psdgraphics.com tcp
FR 142.250.74.225:443 fontpis.blogspot.com tcp
FR 142.250.74.225:443 fontpis.blogspot.com tcp
BR 200.147.4.57:443 p.simg.uol.com.br tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.net udp
US 8.8.8.8:53 bloggercomment.com udp
GB 104.96.172.192:443 assets.pinterest.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 www5.cbox.ws udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 tavernadoelfoedoarcanios.disqus.com udp
US 104.21.85.24:80 www5.cbox.ws tcp
US 104.21.85.24:80 www5.cbox.ws tcp
DK 157.240.200.35:80 www.facebook.com tcp
DK 157.240.200.35:80 www.facebook.com tcp
US 199.232.192.134:80 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:80 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:443 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:443 tavernadoelfoedoarcanios.disqus.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 static.cbox.ws udp
DK 157.240.200.35:443 www.facebook.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:80 developers.google.com tcp
US 172.67.201.54:80 static.cbox.ws tcp
US 172.67.201.54:80 static.cbox.ws tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
DK 157.240.200.14:443 scontent.xx.fbcdn.net tcp
DK 157.240.200.14:443 scontent.xx.fbcdn.net tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.105:443 www.blogger.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 a.disquscdn.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
FR 142.250.179.110:443 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
US 8.8.8.8:53 gstatic.com udp
US 8.8.8.8:53 developer.android.com udp
FR 142.250.179.110:443 developers.google.com tcp
FR 216.58.214.67:443 gstatic.com tcp
FR 216.58.214.67:443 gstatic.com tcp
FR 172.217.20.206:443 developer.android.com tcp
FR 216.58.214.67:443 gstatic.com tcp
FR 216.58.214.67:443 gstatic.com tcp
FR 172.217.20.206:443 developer.android.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
US 8.8.8.8:53 widget-content.com udp
US 216.239.36.21:80 widget-content.com tcp
US 216.239.36.21:80 widget-content.com tcp
US 8.8.8.8:53 www.widget-content.com udp
FR 172.217.20.179:80 www.widget-content.com tcp
FR 172.217.20.179:80 www.widget-content.com tcp
FR 172.217.20.179:443 www.widget-content.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.135.105:80 r10.o.lencr.org tcp
FR 172.217.20.179:443 www.widget-content.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:443 whos.amung.us tcp
US 172.67.8.141:443 whos.amung.us tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:443 widgets.amung.us tcp
US 104.22.74.171:443 widgets.amung.us tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4103c21cede21cf344955d79f5f87220
SHA1 27a810c177f163fbf28668bee674c0e865057b0d
SHA256 d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512 d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e26f4a95b2f43856169933870f6a5057
SHA1 d2c696c66c92e7eb01e2e49da4e9989b343999a2
SHA256 8fd745cf5e3e03dd6a29cb7f6fbe1d1618c74151ca221e69579469bfb427c494
SHA512 43c2b07c4d1665a00bc9029d646c9104248a17f4aec1bcfdbb809827888f19e084df6356acbaf7ea8a9bef63cb31b6da9d6cd8b2a2b1ece498f219e635074a90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 6ea3f360d8b4a7eacb90755ac48f70de
SHA1 9279e8730534ef5fa5edb8e1fd02bf790ef0dfad
SHA256 21d99c0a1f964f79caa40b37a04f27dedfaffae750f122c1aae5e57b770a23af
SHA512 7bd992d0781e755a546217dae8a707850565952dd9747526096727539549d080d8424bf898616e2bd3270b0e9b628e66639b066f60d02f0bcab1fe196cdb15ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 463f61f4dc705bd0e952f06b5a77be22
SHA1 ce07040e77d7bda9c78460a4c91e44426e553f87
SHA256 a3d7ce57bbc3da7917be71c5a614f5f491a89312a67a8c82097442a153b53d93
SHA512 eebb7f66706ab9d9322c129848b6859b4cdb13c59bbe8be1069fae734b0d390038124688721248330aa369cd078bc9530b21d7b95abcfe51713c18b4431e0a7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 72bde6d1c35fedc47a854d0764f02719
SHA1 148144084bfda73a05c0dcdd7319188b2ccfe710
SHA256 c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774
SHA512 71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570

C:\Users\Admin\AppData\Local\Temp\Cab672E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3ea1cef81d858abfe8b5143c9a28894
SHA1 5f1a354866e88ee1a24704aed5e2799dfc98c750
SHA256 cc36a6966f82c397f8de62cf16cd2fb1b797484d26432ef1162fc0b2ddd898ee
SHA512 ec462fece98efbd5275bd26d29e72f4eb84e50fe17ef230ad7d16240a72ab3b0f5dac69948ccd806fa4a3a07e6b66e54d1be0d9260e9168974f14bf1b7a094de

C:\Users\Admin\AppData\Local\Temp\Tar6740.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abd041b945f7b6fae0e8f16dbbbee88b
SHA1 151979a32c4afe818e87f4d5abe6faa754076dd3
SHA256 bbe2cc5ee42fb2b510226271fd8a3a25a0294b73437d0189549e7003694603e8
SHA512 c49835621c9c1f9eab3db3fd0d64793d5aa817460766ebf2b6b002b95dae83931ff6c1bbaf40a804a782ad9341c29d5d4c3b03e04ec5dd7a5b63b1f5af7d73b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ef93a31b4f221bde9a8e8c2aa53cd0a
SHA1 6f6bba6d93d0e28b5c46719bc58b9f95bc4d828e
SHA256 6d38b3ce6fc40dd5daa0b9c08af94d2a4d3a7dbd69655fbf78e7c592e867672d
SHA512 27ad37c3408489da79d5f3abdcd7c8c9950a4d27a486e6105f45a59ddc1045f1465a3a4dc0087bc3e62aec51c4c04f60ec79c5c6043fef1a2291ba265e595890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 095dce0700c57e0f5a6944dda3d377f5
SHA1 7a2764bacb1eba3e3e717cf1d786b4d07dc84d2f
SHA256 e8fe63fb8690ef957eb5ea6025c8ff32edca5543270dc3f9acdd719932efa484
SHA512 0614f6a3f8b3a8de2c6cf3cce71d6f502101ac88fd3e2e8686089f5898df0cf3c72d496f361d32ae73eb9f4d56e3e4f53f73f2714930dea5770293e521dc3495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f5e445cbb9b03b066c2f5ee5eadb413
SHA1 b9be506b897a7f9c2708660baca34f67430f918c
SHA256 558cd3c114b260230ab4745217754c4888504b91974545b963a769e1ea7c3046
SHA512 01a0559d274abc44f3d0325d2130f53c606d3d633f75d6a381d929a265e1b08d5cd6b2ca6bafbf2068eac544727a8545ef11d3953fd04bdb1cf26b3bba2b276b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e858bd3d48b7668239bd9bb45a1446
SHA1 6c4bc9ffcd2d8d27dd1c00c6915dea868bd6e41c
SHA256 307a4e97067c0ea75f19635cdc8cf82129fead7e685bb0e36860bd3967e8dff8
SHA512 c870aa28fb591720080e30bc0b11c1ba69337effb29b099483a9505654f73088837ff287bc0d0206bfdfb5a9408db4033fd394d85a3f8f661a56411cb935b394

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57efbca05c8a5e684565a85d43c79ea8
SHA1 8146e72c17cee1a593c4e1afbdb306f3ae9beb8d
SHA256 86f2f785776121725a1a6931a72e0b88fd746531979f3ba5acb14a88b249a204
SHA512 aa30823107ad69d7e886381b691bc6713147fd51be74e8515f439cfa8f8620f26eb5b5523960c87f8f455e4ce68d36b7d3f1d0af677e289002ccbd61f43744c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6589672bce94c72a40c7b689c4a698c3
SHA1 64d68cca806ae16db87ba060410b2c13252bb1b3
SHA256 20a2db3ff4ef6df2799f20494ddeced192078f0af26e9c3396ce7daa379c1fc2
SHA512 19a397c57a2f8ca8e87062c36714cf00e174c40578a32c6b1a0b2791ff2ce623a47f4201f1789b67f150c7ed4f25ee0bbd507343d2411350f75b87174176096b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28462f6b513eb2c0958f1b307b43b618
SHA1 1b3c77c4ce4a217a46775929b19f198c66f9c60b
SHA256 9e052cdcad863b0f39a4a0df92d8c9d1b00d42fe44b78e1fbdbc7150329b43d7
SHA512 01a9b600bd35493cd103a8f8d5a66478664f703068143d501047f962eff98af8eaa151b06bb0285df1d8ba85d40fe6285173f5f82a0979d03c7f7abccb4edbe6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c2156736a27761b94adb3726bac6124
SHA1 e439d6bb6a5a7679250534203e0535e7090b7d39
SHA256 4cee172e15e395f3ddb3cd4f15674167e3ce2f7ed2650b2d27b26eed2245e327
SHA512 9f046fcadee6c5edaaf5ba701110756c5f143c221fcb63c808eb1c8c76d746d86efa2cb52272b3e8662bf0027b2fd9567633813eac3230f939102ff88743ef99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 527d01ec3710f38bf261c520d180e018
SHA1 90a23c3ae283f7acbf764e96a23cf9e3d669519b
SHA256 e0365142e8c8e3f44b9621cfbf950f685f0bbfff3618a922dff984b077a4554b
SHA512 beeca501e6595628f64a667b9436e70e469fb0fb4e8ad97bed1a6fac7ae98db9b9873a2a55e0c73b81b7600f5c69f4c1029ad1727e398246fed8723fb28975e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 cbb01239b92669b26a1a4f93af4b2f48
SHA1 b9c1f95d5febe2416d30bfb1b40c17baf72d7050
SHA256 1a7ca8dde8cb673115d0b4866ebadb366261c233f6007fc406d5eaf842a85a06
SHA512 961bb35703a60cb3ee725a8a524a570f87a6b81be24188af320bbb8e2d0866e5db3ab44b2a1f2d70f4c62e1c3d70a9f0da44fd88d658e3d54318e49e7e1befaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 450dc0bbf8e07f9a8b110401eaed4678
SHA1 5e65fcebc3491e4b8ffaa466ff2a70d691a963ab
SHA256 aab791856f85cae786db8a8dd89d1f3b9964a7251f44941ad3133bebc8167622
SHA512 efbe3eb4290addcb52df1c718984042b3472362587c02de591bab64019bc0989e0090cd77b257acaf2544408e038164ea65427916bfd1019bd0da2cbac810d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c68059e87e572c1849be6b6e43a6f780
SHA1 0ac7a347f2ec4ab7d8eddd84c84863c94b1c8948
SHA256 3316809b328791aab033e67559e867a4f69a1df133b8daa11902a7e3a8d6cdd6
SHA512 140d0bf5a7ee27de8565ce82647b461e7582e9784a48dcd719224860609afa529f9750f5d54954bab9c91e6bd699c404bd71de8b0f1df9268daf7454d709da4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a682030edb8bd75b15f94668c0244d7f
SHA1 8876d151d93aca4fb550dca967488f30686f6c8c
SHA256 bd01af1fa57f260bdfb8e0ea385c9757e1ee6feebf47c73de88e261d1149f5d4
SHA512 e882e311d49917156d885ce969bd557d1384d5e2b946c788f420cb4bcabdfcd63eb80fdfba9c5c16a42b28f9b8fcbe78dcc2bb714002efd33d2f2b8bb155e2cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 818ba6f533ced40503583add6c8558b5
SHA1 dc39d2dae9335c44be4c2b3a749de252e1497ac6
SHA256 7c8bbf696f40a5b53eb80993f2a484178cd0e3f1167da4aaa35e27a703e60274
SHA512 7ae3455abb7e6d5bdde2e84c37f30fc4ed36f19d0cd5fc7d8139e9766393733db15c73f77193a79bf98fc510338f381082ae8a51b380a1edb6696a97c3ea3857

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d592f571d00cc5fa37082ad5ae6e61fc
SHA1 f5d06799a55c57cb720c13e1eed9e9db8075c1fc
SHA256 317fe7fd9777c2365c5b0ba748a68bfa16aff68d78d61345be3e37790ee48efb
SHA512 416483f1d355d6c62f07ac0801dfb26133fa34a882e0634920781cd5084e7b441fc532a5e2ac538762153d50cc6c36b2e49c53d0f1fcc481ae6eaaefc174aabf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7bf9e3cd8a68e50196706bed3ecee4b
SHA1 a801d2810d21ea9a2308a8b6b5b2f0a8916b0c08
SHA256 82c5d3dd3a353727ca25b646aaf3058043cffe2f5be69b7ef127884a68cb9ffc
SHA512 314c43a168d9b8599863000d954bff3655768c6414ef66d3d969075d159d2217834b07f5ffbfe4aaf5937ff4bb4b5d4dd4f31e9475735db68a680e9a94d417d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\jquery.colorbox-min[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f1a4eef31d3cb4b9ca6cda42608fda0
SHA1 2f58a5a2288ccd19100ab2fe08ad443afa7e1381
SHA256 1f581f7bfe137e5bdd2b764ae16ef1c0db2371814904e64045e1c0c84588abbf
SHA512 8dd62f8834e522e8808f25061d018e6c536a9fb588a537408d3be7799cb8f6badce90a50e214f3d14a54b37271407c6ac83ada6a94a0c3cf0efb5bc058310df9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e5c8335a2c2410212278050843ea6d0
SHA1 bcc8f1ccc3b21a16c119b061bc5f3181d8287b5e
SHA256 85bf21bda39796d1458168b2f62f28696c4b80dfb9732ac6c2c593b5089b1485
SHA512 66819ab698b505dd6d0f688439617762ff18c9970265e3e59221e53f553abc7650f7b3fd0e8330664dfc1c71e41b632f0c5b6fb61aba6ec6b82249736730c345

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\cb=gapi[3].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcfd590c9979540206dd050f846f09ed
SHA1 795069873a869f3e4d8e4016a79d03588ee42f2c
SHA256 a94ab8866c3edb5e12fa96010f8afbdfbfc44308927707498d85424367910053
SHA512 0ddc8bd8eb9de440dfaed2dfbd431d96ba5a0406fe5ef151a2490175cbf4c3040533bf72036bc3b3e320731c2fcec3328d6915f5fe556caa926a6bc4a7a21d40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12cc98d57aa8a18883e32220e934e13b
SHA1 dbd044719d34e2947ebbffcc7ae693e88c0ca3e3
SHA256 743588eed58728cc2e92c24e59147cbc4241a827710fe42adc661c75e13b5e9e
SHA512 d73aa59fa6e4bd8ee92ab19af639390127095e1e0c33050ca7420c96f705afb626f97fc5b491ce01d139fe6381c0fb43d60b344087c5fd6a8fd31875173ee1c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 927fa8023e9e6cf693bd3c89d29888c8
SHA1 8483787fb48f99c8b4cb0802f8851b79ad9e74bd
SHA256 9ad2c018dd22507ee422bc20c8ceb9177069066fdaa073db2c965831743a4419
SHA512 ea8d25e3d60d35d2a4dd61df052b167a1de4db0983dde83e4ac8ca3c6f8b9776c819401947fff2f82159e3f863af082f0333efda6a641d8b31f7399801cdb9b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1424e4ce0254c9fd317e98785e37aa73
SHA1 0d73c7935264f1ca9a1df845aa6c6cc51b760692
SHA256 e618bfc504845b4120b5aeebcaab9f4a9fc4702dce7347cbc9722a4ed856fd6e
SHA512 84d391d3bbb6ea1e86517400450a3d6a5396cb8e0bd60ea77ce04a595bc0b257486c9292d9670727dda8a44ef81162dba7be90be08128e1afc5ec77e614fd621

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7446d4fcf13c9e71cbd1224385e9b62
SHA1 b8fa3af2ff6e947550701bffcaa0b5a87d25a25a
SHA256 a95b7688e937df16ad69324d594b6cd480856e310ca335b65afc4335fbad7548
SHA512 c302b1eb5f96e46ea410a7a6eb604b7b1eeee1ef531d71d3bf40b32e521f889f9a83c956513d581f4cec067eaab2d21e864b6d9074478dd3e0602c1bdef604cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1afbb890bc6957150f1798e9dadd3642
SHA1 794e612b453cfeeddd968bc7c085e20d3ab600ae
SHA256 2718a30473c4f434307d88a75027e6953e2805bd3937c0bf631ab143dab0ee6f
SHA512 40aa564d794b06d173c1e1b94790511e265d5e885233bb625b5cc9abab365af29193421293f240c69f29c1a71f98e91b5cef4fad1abf6c9692be87783b4387ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7adde55e3eaca198b910129d62b7639
SHA1 a7440052539bae9275129763caddd788a0f90508
SHA256 a2f5334ea098410b4190f8bf84fa1ea51cf2a2bff43d1938278e6ac512c2b486
SHA512 d5a784d8447e036a732ed7dedb1a010c95776b71171536cd39c2e9b2c2b46c468741d0fd5c6fcf53dd4a572a6e5b680c313b5e08d6d453fa23235cc90678b178

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5d0af5f218982a8382084b239098e24
SHA1 744c2fee3bb225616f4618dd2ed878c7aa798f5b
SHA256 632bf1eb199fda81c54555008aea9206445c033d9ea882e66c1cffa1628e2ede
SHA512 fe028e392f22e83a57c1e6804bc77ff341215fefa2310b7f61322fd13d143d99694eea8ee4743db3e30a0cbe2ab3c1f0ae7466523dfab32c2435353cf07cb4e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\platform[1].js

MD5 9c971144141aa4a6599b9f0954210340
SHA1 e0592bc9344b1917a2f37f0b4d163eb2a73bcdac
SHA256 fd147b07bdeee3792d9bf29d77d72396488b3bef3c1ef3a185f343192db704fa
SHA512 a33736a08af2836d260a7f9a600ad495739addc2d33713f0d03ec6822ace95d64590cb75df9de7e04c4d55b2aa68210566d44c1718e584a9e460fe41d49299fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11569b8bb13d1588b1bc51151cdb09aa
SHA1 e6a10723bb2a36caad281b71c9ab43a0d6604b1b
SHA256 d8456953049b9a29b806d647ffe26b361739853f8ac299fa8a34cb223321bf42
SHA512 95ee2d70d4b2e504c1b556945631159393425b02a979576bac11c2264ff329e9b496f3bf3e7e0d4a0184b03a5a873829262483e3512966e87be8d5d38a5dd7d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b5dbc79adace43ebc7f0216810b51d1
SHA1 aa1866b17d0b116235b68d3e45e3c9a0d4faec4c
SHA256 efae1d5f62d04726f442f880ff09b721b1ffe804a0ca0e3e34534d2b98c75bb1
SHA512 6ad26378d2b56ffe3c1ebdbd1c525cb53557bc4b4bed5abbb7a3c198474074eaaa6ddc92d50ece24576a35150d73ce4c76fc4667df5ed774c16cc57e1e2b3d5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c54983d07b7e52a5304f471205d10766
SHA1 55d53fc44143cd49392e7f4c28ed604597870199
SHA256 3190f6404793cea55cefcefad0da21bcca3b42290f70903f01c60cbe3a41f69f
SHA512 f5ab5d02c1e492c058992ed1850ed90a1dbf2d288b05f74a029f59ea96fe19c735fd7e70f04afb01bdef3798b9d3caba9749de4fe518c2c1e22dd07ac0c99b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4939503581b7ab8afe0c23911eb63b87
SHA1 bbeda4b2492ce8bb43c08f4a1d5bc397c30ede49
SHA256 497e47dcbeb28d86e2fc378ed81a5b7c1ed9d59f8069f53faf1dc0ec36cd3662
SHA512 e91bd158278912daa9465bbcc6248ebd2d6ee5adfca1cfdcdda3ef56f3ec220f526a2651213356e380b979ce084d58842cb5893f4c5bfb09b628e529929fbd83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50340dd9590480500149cd660e9b4f57
SHA1 67aea4ab36b8e07f515e7a8b0238154391514b7b
SHA256 ba71fa0dd1482288550913f8b243236785ac9acf8f078d46b7a61aac67a4dac0
SHA512 353ec648acc6fb2d369cf6cad7fc20ac2638274202b8abc73a7005f153ecab4b2e790f87f134b99c032016e2d2e37d9595abff9f4df54a66e4bc08cdaae5e88f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449df8163017e6a30aac5f8e51811cdc
SHA1 e8a0da01079d42047319794447860fa0feec950e
SHA256 977b341e1f18be5ecc8dcf7149690243e23b74e29d328cc173c6ef6c53f7951c
SHA512 e29ab3adc060bae7b9ba2f70e2e3494149f7102985ffd24ba3d286d9d5d27346c80b731bc469debe5ece0d6407193d70466c1c7f07b9692fe3fff7297a89423c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b27085aa2d4293df73a2557e2b8bd2e4
SHA1 16f6de52a8ae8f1c2764be0580eae576cee74bf8
SHA256 cdca77e47609a4ee2416d3348dd115f5145d9668ff1e32227cdff63d319bdf9c
SHA512 3d2030988ae3f63d1fc359963088a7ae623e747fa0fdeb00dd5a4f78084d7b69aa146416fa910a0a8a3e64c8bd7fad30bd3f1dea9272799ab2b67aca52c919a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b167a5294805c4945b7bff0f9683add0
SHA1 b47c144cac51332ae97374c972c5462c66077834
SHA256 e86da093b333d280dd524e3702304f15414801b14735a111b1c03441510977a2
SHA512 2417c162f84e6f69a04eb2622a285ddb4462057c1e6bb4849788c0f1997ab853406a0591332ff01a96b7dd6a89f38ba7fc710e6dd1e9899c1b0bdc424af25e4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f82a949a1b1fb767465ba821bbbf46b2
SHA1 83e49d4c2f52d4270b8780e93eab95ccd65cd397
SHA256 09215b32adc7774fc64dda44e094034e9cd8140226bfa327491dbda672919f52
SHA512 dc563b8447c61f13a0430537f724804a5dedd8b346bc7356d955ed7b1e4d7d39243d67fb20c31f2245f6543b66e4f7b5591f29515b58683c019563d2770d3ebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60076f1b20d8b878b0881324b0917b9e
SHA1 1d47bd7a6f5b17e05bb0c35f62af7e942b2a3bc6
SHA256 a48594b64021a00876a8b165a61fa6314a0b40f3166ebc66475ce731f44d2f8f
SHA512 90d5266d8099f9f937fd9757cad22b1c7bcd880475d0f7dc218f923209e998e02b400a32fe2bae1ce210b1b7afcb5350bdbca2d4889aac524932235684b93c69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca7fd1630b814c8e3232bb5938664658
SHA1 d209a1f3e391cc49237dfce5997f52ea051b3d3f
SHA256 d1234cbc99140dc8118c5361c4d795ef946558db4319447aaf9bac39f10bccdf
SHA512 fefae01e0a819e6515412d3b08bbceb8b6b0d7a62a360c8a7d5bebb5ac6794cff7f6d319bccddc7fb1c6d9ab0cea879327e7fcf73013b827cbf34ce9865dedb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f6eb772ce2b325b31ad4447c66ac9d31
SHA1 3a6fd83662f7eec6232666248de1318ee12f35d7
SHA256 1abb77af4fbbea67783294967a467392bd3df8478d5999c209083a7b8d89cd95
SHA512 96e5b7e9de659d323b367b82c68ac391e15a76aa559c8e6a2bfc954287d5964e699a8bcaf04824914792eb5e06e6f323ec2aecc6eb1d416fb263ca28c130df97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42d143d9c3aadfb94865f7328962c87c
SHA1 8cf9c5301b768ef2e68402685361196f87501032
SHA256 6f6c8d08fc1985f03ba586b20a54feb94995363b2e5a770911d728bd539f157b
SHA512 56ed9ce28715e36c82be653e88f49938d502462edbd7b81d10abfba973de835ffc072eaee3f19eff9c893c13ea89f1c7e84890c2a1a2aa2d215d878d33554254

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c48a8ef2dba5f97ccb573c21b1758c4b
SHA1 6df530ca294eb0e6a2f72590234669ae11e3e613
SHA256 a91aee7a3b863b6baaa82402086cf8a55f6fee60b8eb3a7680c47abcd9bc9c5a
SHA512 b001cee751de7772206d2b2a1a2566a394842e5379f7fafd1255b5e347e4446495f6ed6566a6e42fbd14b962e39346ab07a748672596d8992fa556dcf4d2fc97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80443dbe288f9f3d1fcd53c092da02b0
SHA1 11add893487a60245d5c89ae95f43e6139e3e2e4
SHA256 afbf628b72b7193407fdaa38eea9c8a33cbc9a4bd0f3f51d136762023c50ed87
SHA512 2ca94282f9e4dbdd3c3e0ab33c017027cc2ea3fc3cf4fd51c59773f95868aeabbd93e06008fefd261e534fab4d1f542270ac51afe8c416784ec174119831d9e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe3f9016ae76e51e83be7fa2b746e04e
SHA1 1ca9358599be89be847ad512a0d77c4852d773e4
SHA256 3b59254c189772c7d064116bbd09d2a53ff6082dcdbcb22c337538dd8d201018
SHA512 2dcb99913a7842302be1a0ca1d1ac37c1a48efa92dcd8cebfcec6fce8ec1992804ba3d954e60641e9d433d50d474807ab3651acb058fc504d505de6029cfb651

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ab73bcb074b72e0f1bed838a6012b01
SHA1 068eaa6141b0313d1f0a7dfbf06deec822d9953e
SHA256 36455252254cbdcc14828f0c13fe69316cc2fd9917159e27ddf8dfb7907d4e22
SHA512 885793db5c325d999c749ce7de31b8cd18c7912c8ca43667dd765d37c5e06a4cdd3c9a201ade3c8448a03281692423ac31a66c9908c75aeb4c3e2545571b4011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47014b9cfb9b5312d8eb5b5d44200d8f
SHA1 b5011fa01c42059e2ccfbace4bb25f6855cea032
SHA256 2c88649fae2a03cce9aa264c1edebed745c900f843c58853d1679a5b33709d05
SHA512 3048aca85a0f2b40db06c58f613643d64b41666a670a0269aec33e61575970f76bdb4435406d771485af4b5c24a12288b1ae4709ecb806ade801db6930b8eda5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4bc7afb56de48adb6f7970b6ddef0f94
SHA1 1076ac21b2f62fb2222d28af142c0fa0da245e31
SHA256 9b8a416a273aa2c1f87e0b670621072532ace5a51f16180efe5593a636cd1818
SHA512 22e2424de196e4809be70fd3da55c2be40a5b2791005f35696e94b22e7d915a2bf2030552fed6c0772a84ded77fc9bdd7885f7be6603f15326299b72447418e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76eb98cf6fceed29ae124f027c499d4b
SHA1 5f8924c2e3b592033c835d9e4d8394362bda98f8
SHA256 93997398c41fcfd8cec1edd29ec6f28560811084893e98eb758469898c8dacc0
SHA512 96e35079b2eeab755f345cac98031bb6efc3117875ee319279eafb1598ac4b05d4a3ba130e91b4b12f52a29e035b07646d4402e0c1aa24248dc0df4e083476e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81c26ef76a505e49ee40887f83c796a4
SHA1 b54af1f9089a76c6777f02653a354ad255e05a0a
SHA256 14618614e5e469aea6698febaaa9980773e523f5e6e5f5bf9961957b95aa1b51
SHA512 282f09ae49a751f0c9211501e1af208bac156855a2760cf444eff31208c9479b8cb8fb51a6c0e2c85d0f89c6decc1f3a6a6673401657489f4467c5a72b17ca3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d33cc27e4d899834ad9e79fc7764e1ba
SHA1 44adee7fc358b04360f53f594308fb974c2c7f24
SHA256 e47892d961834fdb4fdbc45c4f0240833d31fd3c16e5bb59817ce605a6b4dc61
SHA512 4475a3d75ea548043a736cdb7d87d80b8093af376d0bd8a09de5f3335d0b9efa8388fabd3ffec3d4da43a942b3ea64be5dae1573df613e46549abfb7dab4633a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\1380534674-postmessagerelay[1].js

MD5 c1d4d816ecb8889abf691542c9c69f6a
SHA1 27907b46be6f9fe5886a75ee3c97f020f8365e20
SHA256 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f
SHA512 f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\rpc_shindig_random[1].js

MD5 9e5f0b21584389dc1c7b5da4a900879f
SHA1 191b84e0f5644398ba99e0aa141a6778c14b83bf
SHA256 3e21bdafa913fa25276358db1269238db3012ffd8748626cdad442f838e890e3
SHA512 c1720a420df680bcc46625355ed6d5c35ae280a813692a0fa293f3ba113a023808a781f1b8c9dfeb3ffba29606e1f4bb4be4233983089602e2d2c20786fb0427

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 03:34

Reported

2024-08-27 03:37

Platform

win10v2004-20240802-en

Max time kernel

146s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4489cbc061e9050297cc32816a845d8_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4200 wrote to memory of 3976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 3976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4200 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4489cbc061e9050297cc32816a845d8_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83a3746f8,0x7ff83a374708,0x7ff83a374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17175070506014127515,4220888666396880279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 assets.pinterest.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 blogpager.com udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
BR 45.152.44.151:80 blogpager.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 yourjavascript.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.psdgraphics.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 192.0.77.2:80 i2.wp.com tcp
GB 89.116.109.205:80 www.psdgraphics.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
BR 45.152.44.151:80 blogpager.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 205.109.116.89.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
FR 142.250.179.97:80 lh3.ggpht.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
BR 45.152.44.151:443 blogpager.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
GB 89.116.109.205:443 www.psdgraphics.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
FR 142.250.179.97:80 lh3.ggpht.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 p.simg.uol.com.br udp
GB 104.96.172.192:445 assets.pinterest.com tcp
GB 104.96.172.192:80 assets.pinterest.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 104.96.172.192:443 assets.pinterest.com tcp
US 8.8.8.8:53 cur.cursors-4u.net udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
FR 37.187.129.45:80 counter2.bestfreecounterstat.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 connect.facebook.net udp
BR 200.147.4.57:443 p.simg.uol.com.br tcp
US 8.8.8.8:53 tavernadoelfo.blogspot.com udp
BR 200.147.4.57:443 p.simg.uol.com.br tcp
DK 157.240.200.14:80 connect.facebook.net tcp
FR 142.250.74.225:80 tavernadoelfo.blogspot.com tcp
DK 157.240.200.14:443 connect.facebook.net tcp
US 8.8.8.8:53 widgets.pinterest.com udp
US 8.8.8.8:53 fontpis.blogspot.com udp
US 151.101.64.84:443 widgets.pinterest.com tcp
FR 142.250.74.225:443 fontpis.blogspot.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 192.172.96.104.in-addr.arpa udp
US 8.8.8.8:53 45.129.187.37.in-addr.arpa udp
US 8.8.8.8:53 14.200.240.157.in-addr.arpa udp
US 8.8.8.8:53 225.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
US 8.8.8.8:53 www.facebook.net udp
US 8.8.8.8:53 g.bing.com udp
GB 104.96.172.192:139 assets.pinterest.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 log.pinterest.com udp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 57.4.147.200.in-addr.arpa udp
US 8.8.8.8:53 84.64.101.151.in-addr.arpa udp
FR 142.250.74.225:443 fontpis.blogspot.com udp
US 8.8.8.8:53 www5.cbox.ws udp
US 172.67.201.54:80 www5.cbox.ws tcp
US 172.67.201.54:80 www5.cbox.ws tcp
FR 142.250.178.142:443 apis.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 play.mob.org.pt udp
US 8.8.8.8:53 spaceamigos.com udp
US 8.8.8.8:53 rolz.org udp
US 8.8.8.8:53 developers.google.com udp
US 104.21.85.24:80 static.cbox.ws tcp
US 104.21.85.24:80 static.cbox.ws tcp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 www.acavernadodragao.com.br udp
FR 142.250.179.110:80 developers.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.dmvelgof.blogspot.br udp
US 8.8.8.8:53 www.dmvelgof.blogspot.com.br udp
US 8.8.8.8:53 www.dungeonist.com udp
FR 142.250.179.110:443 developers.google.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 tavernadoelfoedoarcanios.disqus.com udp
GB 163.70.147.35:80 www.facebook.com tcp
US 199.232.192.134:80 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:80 tavernadoelfoedoarcanios.disqus.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 199.232.192.134:443 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:443 tavernadoelfoedoarcanios.disqus.com tcp
US 8.8.8.8:53 54.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 24.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 199.232.198.49:443 a.disquscdn.com tcp
US 199.232.198.49:443 a.disquscdn.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.novaerarpg.com udp
US 8.8.8.8:53 www.minds.com udp
US 8.8.8.8:53 www.twitch.tv udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtu.be udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 49.198.232.199.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 img1.blogblog.com udp
FR 142.250.179.105:445 img1.blogblog.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 142.250.179.105:139 img1.blogblog.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.shorte.st udp
DE 64.190.63.222:445 cdn.shorte.st tcp
US 8.8.8.8:53 cdn.shorte.st udp
US 8.8.8.8:53 tavernadoelfoedoarcanios.disqus.com udp
US 199.232.196.134:445 tavernadoelfoedoarcanios.disqus.com tcp
US 199.232.192.134:445 tavernadoelfoedoarcanios.disqus.com tcp
US 8.8.8.8:53 tavernadoelfoedoarcanios.disqus.com udp
US 199.232.192.134:139 tavernadoelfoedoarcanios.disqus.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 widget-content.com udp
FR 142.250.179.105:443 img1.blogblog.com udp
US 216.239.38.21:80 widget-content.com tcp
US 216.239.38.21:80 widget-content.com tcp
US 8.8.8.8:53 www.widget-content.com udp
FR 172.217.20.179:80 www.widget-content.com tcp
FR 172.217.20.179:443 www.widget-content.com tcp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 179.20.217.172.in-addr.arpa udp
FR 172.217.20.179:443 www.widget-content.com tcp
FR 142.250.178.142:443 www.youtube.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:443 whos.amung.us tcp
US 104.22.74.171:443 whos.amung.us tcp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:443 widgets.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_4200_MZVMVQEHTMIEXAUX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce3685a94b4ab9fcf6a51a53fc3a447a
SHA1 531406865e436d93cf72a0d7270a17601fb73bc0
SHA256 4709ecbb19fef3590822fdc7902bf3c978f67d874f5ee9bf4203fb764caa96fe
SHA512 9b066dd76aa26a4eacdff6f3a2be825a745496da58ef99a5beaffdf7c1c0e142f1704e480ed4a68f8dd3653c927d65ca7cc3e37be2c91ac2b1cfb71bd3e76f52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a706a7da0b9ed42e08c95d53584ca9f6
SHA1 0e014d405ba1fb5790df304a55eb81ea9cb007b8
SHA256 a36a5eaabc82a3f95d36ad85743cf4814c45905bdde84d630e0161f4911daf1b
SHA512 f951001ba3fd0d23dc5a30985f89db3e691cb6351a891a28e440d329df126b310d3a979f0c1e255de54f084d35bc990db2de3d2242225e7c3d87bd6a7184aa15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 910cc03ba4612ad37b066e00fe3f8a35
SHA1 3cbaf6f6284cb370ef7d2a14ffc0250a1a59b8bd
SHA256 c66a0503d61146df009bfa8671fded2324d3b16aeed8f8340a486cca1498576d
SHA512 e71aef8358be7cca94134e319e94df33d9590cea41d8dc569c871adfaa62cb573bd944108975eb586b2be82f60c049a6db1e959062c5d47302da1b9d759cd3aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6956e5ffbafecb198fb76d87dbbc6ef6
SHA1 536e69984b7b3ce27cfafbfe2f60daa749213336
SHA256 e7e85269faf46a71f9ca7b2dffc58483a63725d99b7919c00acaa1f73c529f49
SHA512 7fa6358be0a332f6a090e38c6975301deeacce5a2fab08b43f3d2433a52beb5ce8257e5156e623661d68289b2fbb1055b9b72319ccde0fa0c14075485b2207af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 b4b711f3e747704ffe02b49791ce8cac
SHA1 ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89
SHA256 f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1
SHA512 b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 89f908ef1b96e9794a8fb80ed307065f
SHA1 fd03a1abaa0ddb5c2abc70d94dd188d3ed8dc99f
SHA256 88b81fa54bc0c22b46a65663f23ba2beca943a0b4833350f6f1dbb5ce7cf8b02
SHA512 03c184369a606d6ab20d3261931a58c33217b29938da756ff492a02d009caeedd04a1bd0780ee2e89a22a7060b2d97ad6737a725595f04f409ea13b268bf6fca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 78d07bd80b000b953ed03a6167793d07
SHA1 569a00813a3c46e2db8ebc477188bac9201c1cc3
SHA256 878c70b10bd19d3939247dc27f1163a2f3fc007e1abb379273ba4df8c1d9d246
SHA512 c4ff7b603aa87bda236e5366f3528fcce63009dbedbff80bdb4ef406597be5699d9ea5f04a465f207b27bdb64f8b290dae79b1df0dbe7c6097d5b156210bcca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 dc52475756e1c2cd28a642483362cfea
SHA1 f3ac327ef03dcde06f67e14c832fc8192720c5ea
SHA256 101e409217ecf85114a73cb222e256680fed2c01985839796fd7ee33abba9f2c
SHA512 51d10255550361a1d3bcb0ddda3402e7479c7babfe109982d6fd0143df08699ddcf6119c09b6f3ba357419a6d2828815c750a362c67a7e10b3159df8702af4a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 373a1a8dcdc7fdd6c5e5d7ad857f58a1
SHA1 918175424c5afe5f391b3db3c42c173941e84dee
SHA256 9713b2c0a19c983f3a774bf53823e628c58ef378cf32855ab7f476c46d119f40
SHA512 7c8e4c590fe6d2e65062cf44fa1b5e72ca03453b3a4c54e3bd1df7d2b2df024bd189ea58affcb700c67b29a45fa1d94f1009e89599997438e831f27320125730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7291aece8705b4e678931d8663c84c74
SHA1 3689944ec8d3d87f54196e9a23e1050dd5cce8b7
SHA256 fa4455f8570232bb2a539f82d7f4df8acc3e48caba40379c3c083cd6c189f41b
SHA512 8d6126eb7a0f522c7c52279887d019342b461fa6e8552d13de01ec5e734bb6481617ca372792478063b7a026509e03fce368ae2634d9c37e2f54b825d0d27c1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 180c1afa19b1479183e0e0550df11f80
SHA1 e432ddb55835eb461861ecc9930f9dc3f5dbe211
SHA256 fb44d393a9747a591e6dd97c990e94e9de10eec6d08257af0a7d186590d4a1cf
SHA512 f235746883491313888df9b72f220e6a5981cd01194d82e91552dd992f3928bfcdfb123022009a440bc4b86e4ac81a175c4d3405797c9ed65f5abe214fbe95e7