Malware Analysis Report

2024-10-23 17:23

Sample ID 240828-hcrakszenj
Target c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118
SHA256 440563f9aeb6d0d90f5134be32edf0885e722a81699a08a773f56f6eff69a90e
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

440563f9aeb6d0d90f5134be32edf0885e722a81699a08a773f56f6eff69a90e

Threat Level: Known bad

The file c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-28 06:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-28 06:35

Reported

2024-08-28 06:38

Platform

win7-20240704-en

Max time kernel

132s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04926ca14f9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430988818" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000015d87ec8af19223ff4ca626a8cf47284e193401b15442b854f669bd33826c49c000000000e800000000200002000000050f91101e405aca375270002b9b08d967172c5dd1586054ba3f912f0a5b48b332000000060a0b826c53d8ca9de2b270ded90947789e302859fa605f0bc97fcecf9bcd8fe40000000fba92b64ef6c7f97367ba8d671e4a50014b1172fa92ca0b9b4f61cbfe8595a8dbb0481c4eb96f105068bac606468b0b70c875a35328bd13997d6b1a88c8f10c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000a9f46874cd869bcf6dc0085b9e1702d155c2bde81cf54086234bb1a896c80133000000000e8000000002000020000000821e396b0bab07d6766f18a2287e56ea2e80426cc167c25d131fe638ea784fa990000000542e5591176b6c77f71b09da225b088c819ef9572b810d60ae3e25471b66902dd88eeca61d85e24744044e29b27ca402be0c7b14abda3b14ee9a58fd8c208b3b25f904c45bf3789296c9a543d44012f390a9ead41a547c0305262744bb616f7b875b273b62d1453fc7e6a8e3a4c458d8719d3dfc6939e8c00b88c45304ae750ed02648d73a22aff7c2d40b0a7ac0febe40000000698c3b099e5c9a6a8626138f2ba7fbce6c9c03ae8efcf74f7503cf40621c56daec684cc4803baf28d91035c53f2b5b747144a03057c18d5967d53d9dd67d630f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3A38A11-6507-11EF-ACB8-4605CC5911A3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 googledrive.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.thetouchofsound.com udp
US 8.8.8.8:53 www.imotiv.ly udp
US 8.8.8.8:53 dubdsb3u36ja6.cloudfront.net udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.apesal.com udp
US 8.8.8.8:53 www.jomniaga.com udp
US 8.8.8.8:53 pingje.com udp
US 8.8.8.8:53 joiriah.jomniaga.com udp
US 8.8.8.8:53 ping.busuk.org udp
US 8.8.8.8:53 salma.jomniaga.com udp
US 8.8.8.8:53 www.clocklink.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 www.auto-ping.com udp
US 8.8.8.8:53 kartikel.com udp
US 8.8.8.8:53 pr.prchecker.info udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.carimember.com udp
US 8.8.8.8:53 i68.photobucket.com udp
US 8.8.8.8:53 www.activesearchresults.com udp
US 8.8.8.8:53 blogmalaysia.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:443 googledrive.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 104.21.12.42:80 www.apesal.com tcp
GB 172.217.169.78:443 sites.google.com tcp
US 104.21.12.42:80 www.apesal.com tcp
GB 172.217.169.78:443 sites.google.com tcp
US 216.230.241.100:80 www.clocklink.com tcp
US 216.230.241.100:80 www.clocklink.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 67.227.215.171:80 pr.prchecker.info tcp
US 67.227.215.171:80 pr.prchecker.info tcp
GB 142.250.187.206:443 apis.google.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
GB 142.250.187.206:443 apis.google.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 3.165.232.110:80 i68.photobucket.com tcp
US 3.165.232.110:80 i68.photobucket.com tcp
US 3.165.232.110:80 i68.photobucket.com tcp
US 3.165.232.110:80 i68.photobucket.com tcp
US 104.21.26.218:80 busuk.org tcp
US 104.21.26.218:80 busuk.org tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 104.21.5.166:80 blogmalaysia.com tcp
US 104.21.5.166:80 blogmalaysia.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
LT 93.115.28.104:80 kartikel.com tcp
LT 93.115.28.104:80 kartikel.com tcp
US 173.236.138.253:80 www.thetouchofsound.com tcp
US 173.236.138.253:80 www.thetouchofsound.com tcp
US 35.168.175.109:80 pingje.com tcp
US 35.168.175.109:80 pingje.com tcp
US 104.21.26.218:443 busuk.org tcp
US 3.165.232.110:443 i68.photobucket.com tcp
US 104.21.5.166:443 blogmalaysia.com tcp
US 3.165.232.110:443 i68.photobucket.com tcp
US 154.197.239.185:80 www.carimember.com tcp
US 154.197.239.185:80 www.carimember.com tcp
US 67.227.215.171:443 pr.prchecker.info tcp
US 173.49.115.115:443 www.activesearchresults.com tcp
US 173.236.138.253:443 www.thetouchofsound.com tcp
US 8.8.8.8:53 www.domainmarket.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 172.66.40.121:443 www.domainmarket.com tcp
US 172.66.40.121:443 www.domainmarket.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 92.123.143.169:80 r11.o.lencr.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 3.165.229.26:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 salma.jomniaga.com udp
US 8.8.8.8:53 www.jomniaga.com udp
US 8.8.8.8:53 joiriah.jomniaga.com udp
US 216.230.241.100:80 www.clocklink.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 tr.nuffnangx.com udp
US 8.8.8.8:53 www.jomniaga.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 widgets.amung.us udp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
IE 31.13.73.22:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 www.jomniaga.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 79324c62f831ccd1b421c50c0925143d
SHA1 abd692be93d2489fd8594569db62b02dc0e535ea
SHA256 dc8ac1b5d54dba4e5b4d49bf56e42ad29a14950fbc13fd966013db4fa316fb79
SHA512 33b8f7727f85184bd86a7705c7352a6fa9795af8f973bcf31dbbe25a1ce9d7f659e564b040def0b45ae88429eaca75ee0913b7374379574ccd88dff5f94e4a4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 19505bb31c79cc1a7db2996333def5bd
SHA1 60430231312b7beb8dba1f58370a7af8d559fcfb
SHA256 583a644129508f37946dc725c9d5c11756b1b34787987bd3746477a0b5bcf4c2
SHA512 f7e2659a83eee5d4d4e843d83b86afd9f0d96c1e75f8014c129fc80d8459f5f19793e0029ff0fa86fb41fee090c522243c9639b2a8548331cfcd5c9c49bac5be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d791ddf91d5837efe265d3c7b91e8c9b
SHA1 c3ea5a046e1cccfaba55a46610045a284dd0c1be
SHA256 92f022b74599321a95c91752ae924aa5c735f469ff64be88744331c77509c911
SHA512 49197fbf74523caddb9d6755bcd8385c1b0967e44ff43f77dadd50119cbe832bcd69c4e6fc3def72698982abd54c02cc25b555508fda8faa853d31e1a3c6caa5

C:\Users\Admin\AppData\Local\Temp\Cab83D2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 9d70dc955dae7cc2a1bbcf1eefa766d3
SHA1 a8a102d98c26d10a162d22b13adedf7a266e3c62
SHA256 3ab098dd4c78c394e2e593a3a31027db1d7e113da5f2aaf75ac2a1016b3ea6b1
SHA512 dea2840a79a1e9af06bfe80d2a61a37e9fdd3bb0d2f65b7fb04b2dd51d53865ea48b1cb970b69f1a13d05ed7d49236c0dbfa033d08538760816c427635761d43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\Tar83F4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 819118ef0fae763d1635501e6069b129
SHA1 bf872a5a9a3867588277f660dc2170d0c83b1244
SHA256 8807a6291f1b00c8463cd17af9ac7d75017430195b2fdcb21c7063bd4247f295
SHA512 a31c0a43ae5cdee4947841fdeabbb1317b6f16c939706b733c638087ff0fb04e30b8f258fea11b94c6970c3818e775471ccbd630f4851c65fdc75336a3464d86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 310b0a3e9f518a2e6c654df9b03cbd36
SHA1 1cc4016757d91a5a9930ab99a737451dd459bac3
SHA256 4dc4132c3b6909997bb1149730db9a46792401f51d52570b2dad51ad0ef08cb1
SHA512 a7f91ebb782b6194dff096f342cb6567d29b7b803e44d83aa134de4924cf15614499b24e2eb1526412e078df74bea9a2cc0dacfae49cd0f83880bb058ea86251

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3032a3303b2be2e303ce0f5867bd4823
SHA1 ac9b2830e26ca4a56689bfeb17c85730f94ed666
SHA256 16ad016fd54d7b1b4002ccb3fa96454b6542388d9e3f636f9e4d6a434e5e7d74
SHA512 cd2e8bbf9ca089f6615954b9c399d8467a46278f4e35c7b9c81f0c67e5b3b0d6a78c2ae7848b29bac9557ec90bc1c972720079fd6e7e01c70ca0fb2e30f40935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5ab814f5aa528c74e42155385e3be49
SHA1 441428f6c38ae7fc6fe965ca22ac112116a83b2e
SHA256 08952b44490bd0ebf6897fcec676709304ae225598cefb228a8727ba89c6d4c2
SHA512 9032a5d1937889ce744548d2094db44d5f657d12e6b1362f3038e5527d1c7c43e405c9236cf0bb7c263aa9fd6550d37b40d9ebef77d9a0fc8b9e4997506cf62b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2878d7228091d1c7d27604075f32e1bf
SHA1 89a075420d4eab046f091aecc522c91efc0c07ab
SHA256 c4deaeee65f3a33a7611d4480d81cba95100bbc17724e93755b8b5249effbbb5
SHA512 a0faac8c7e2a4e73b26e1a351b8cdcf071de6b6b28d4f69c8613e9b09a111a06ba3a4f447dad0d16032cb91bbe75f13197eb6164fa95b693f580216aae8871c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69P6875H\banner[1].htm

MD5 13d4e6ef14c144a5732c8a16f07d3ce5
SHA1 2ff71998fe3f628f0e23ee13accaa7d4da661d05
SHA256 d82245c9619e575516401968aebeb93342e781e1a36fdd034a5359ef74e0de25
SHA512 dd4c4a8e9b52c5a01535a02ec174b18e19dc35ef90012ae8a87307480e3c1f192c533b2615e7ce2b86e1cf2bc82907ec18789252961952410948923b70b8fc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f580ac70a5ff65f15e114a8306aefc66
SHA1 2000f9dacafc6176c507f55eb3e675807f0dd101
SHA256 9927c864a7a8da58d364533ffa1788bafb301381c6af3d110142671cbbd963a4
SHA512 2fb7129ece57f8312c1f34071c8bc1c24bfd4f4f2350c5b24196a053a8b42654e0749ceb3df251e5f9863409934832b5a5fe981b3cd310c39b87e2e87845e18a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae0be9bb2c63eac21eb0c89399989fbb
SHA1 3568b2d181a838a6ab3791efc7c0c4af1f58fc17
SHA256 3aa94e2bcbf594c647abf0fb0909aaf9a94e8df14cedba9cc2bf9c64b51533ac
SHA512 68f24b3c473666c687cc1bb28a1826d0c92f2f2a5c6ccb33dae28268f6b8eb7833b3363dd970135a10ff4ddaa74a189f427a1be6bedf33c0d9b73af7fc18efc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a4aa562a8209d4f08d8414653dda698
SHA1 84aa4e91199bbd3c58938274534209681c37057f
SHA256 4abcda056fe93a9663041977cec64e4d3197e64a1ea0c0917ee16d1296186f10
SHA512 40d4e314bebea4f1f5abb7b19f1b7f3f243f5eef4200d24e3a6668e6ea8f6e3e4b8fad8b3aaa85c5793256838e6cebbaa87bad23af141d5e491a4b24535f8335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 86e10af7f3207359d3e5d616edf0ee7c
SHA1 91ed86bb2bd35d1e9b504dfe113bbff9fff7f0da
SHA256 b2de51451203f202cf3d6518245c6395528e93d3ebf2c04cd11293b5bd00ef7e
SHA512 a6fb07fa78122994b7041d7094c245980929abe22cfa2d95b9cba737bddc29d9742952ddef2131a5b9f1bb39ed5daddd1175ad6696222391f6bfc8ba1dfdb069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64458b461679a10e6873446366463764
SHA1 663f05b6508597277ff955efeb0e67b3eea4a4bd
SHA256 e4b8d2e6c9c9607c94f37a20eabab73f1e811030b0bda5672d403969bbc1aa34
SHA512 74175de456efed898438a09d7efe25667220ba2a863fce8d9877f271f722e8a3ae9cc119554258597e98584fed9ab5d8f10b21f2bf40ab821499e386efa767ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 9f265e06a118520f1445b1f3c87c2283
SHA1 b20f16c38bdf90f23e46b7f4a5c942fe48133e6c
SHA256 b2114c1ed72f0e2c406fd28dcb88ea23e13f37adcf58c5e550486b26bcdf494f
SHA512 322a5f5e6c46b362b7bb378b0be13e410c8dcad6f5c9179431e0bb014149567d10799adb569813bf9cc9cbc92ca66eefad6ba5221c1811c4dcd75da6a597e601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc5bc67260142192501150614c7d1a77
SHA1 3daadb58e545b8fd5faeea72859210e78754666e
SHA256 cf61d4014f1c8209f3a683a260bb8604c742b38a074f81cad424a94c8d30dbbd
SHA512 63b46228a19069fbfbb4b0bd2ca1c0a94f935c048c2b67cb8638d189766055b4ff69f58adf005a50acd4b2bc214940c61cc570bbdba9e8cc5a58607e4fb56acd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a4b928e2fe7e188bd8b3cb811265230
SHA1 d049eab23443ccf3d4432d18d5e4581b1f3d3bef
SHA256 b843928be0e0e62b579ca1d56b819ef2bae475ccc59913c2fee26e5eb50f702c
SHA512 79748c07d15acc7cd81077270e0be4ae664e9fa908b1dba044e1d79470e4f54a9e1736487305bb9a99277561cda8e765852a1636a9b25742f529b11177ae27a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9b2d644672aa1ede2cb6656ace2847b7
SHA1 27c431bc194cc555ccb112195e835a7d069428a9
SHA256 8b3f45a0086249c582a2c17beca1654a727a2e8a716bd293c196101c4fd742d9
SHA512 ec67d9932a144ca75a10f5d63a63c6bcaa967c151bc0a8c2c3091da89aca0a28193186e6d5504588f74870ac241276fa1bb1a154f3486151634aca1a5087ebc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 887c141a8e6afac6e9849d227419e6c3
SHA1 a8dbc7fb12494162faedc97537cdb57079a55d45
SHA256 3e1c406dd5e91e8578765c912dd50df15db23364cec6e03c524e7df6b0798398
SHA512 f6ed4f020ef4dcab5f6e7d4724cb9587c3cc46e3fa3279b5d47ccdbe3f1d06c58630dbab83cec1a1be79c65f328c2a98c537c26a13ee7f0d197a4d7834a8e08f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 618afe8974dcecd926a53b4655464483
SHA1 d6e241ef232b87a867dbbf927ac70d3dee21ec95
SHA256 d1240c7d75a3075e505f6a13666446c55a6691eb1e970aa9e2c588038fc9edad
SHA512 0c7d6e5b6d947ecb651fdf796c6c1b2ef04c56fa2a2afbf53f97e269c4da8ae81f2271fac3c45cc6d62ff3873c44dc6be22b5ca6e2ee344e62ecd657a342ca5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db30c8d3fc214395c97e1c9644899a38
SHA1 4eef755b10115d200002c39c94d66062ba9fa895
SHA256 6fbf7a6cce098f5b52a289e01386b6c2bd1e4060370fc3fae20377bfc5fc41c5
SHA512 91413998eff778ee36b23662bbc7e2706317a793967a10075230e67e4fffa7d623cb429398d5c47cab0dbf87271c5383a1b12ef72cb86481e245cec21588140f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 625d371b35469f174ff0f90448e312ae
SHA1 e5e50b5bb274ace25c3d27f185aa006b9b407fe5
SHA256 584c0e5b3b99c8ad286873e9e1e313c1cd4b7e5679e931bf0a24195eaec98b47
SHA512 3e50a9f3b0c00b4b8dea36f4caf1713f3608cdd564667e57ea3b2f533ca6790e6502ee2dfbb2cbcc982b720fa308a8a07bcf438b2e9f84cd10011a3155e57d1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3808a16b541f07ab7488efca107bfb31
SHA1 cb027b4a2472731624d7cbbc43cd251506f3cfb8
SHA256 9ddfcb3035366311134b84099e6297438250a6d15d61911bfb00d0a4cd003759
SHA512 3f3ae65f8a3e9ff711729f389a5ed4bb45b7c3ee68e81f382fe6137536d4e72ee0147cf6d38b161a2ed558bb93808d42dec82bcb51af86ed0ebaeb292822bef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5b7119ed5c3b4d83f66a6fb86445c9
SHA1 33cc59529804375cb63985dba51580d3a2e6ba1c
SHA256 edc004395db5a4755475c8ca48b2a8b2c6076bf31f7c0f837e8680518897d428
SHA512 cdbe0a718ba08fe49e4b6b619828e1630f2f0cc04237a92addddc62b6f5e1fb9b4e67c2fa29ac8daf621f317b2b7741b818a9676224f0c5c9f33b38564066174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 73a07e6f5c5586e6846bf26bfd8ab3da
SHA1 12db505187779859ac5bb3331fd1a8ebad25b895
SHA256 c48a49a046f13641b0a8d7d46481db6b060ffc92e53b74ac3fcffa06e10f9c7a
SHA512 d6613c389550bf88d8b3fc76d202871c6c763453a4654f276d83e7301529141b32085df0936a6be21f80fd77adbe600245f8ccd0963f4bae735539602dee8d3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae5873a3e4e56148adc543f85aa718cc
SHA1 7df75288e9ca36b35a0235922fea17e94906beb3
SHA256 e00be1c2964cd81f83e951aa8bd816b94412a549e67adb374a16280947910e35
SHA512 6b3dbc1e9ff10421d3cc697f2f9ab624b8a7a00e220ed764f1a682ac7c136f518814992b5ec9797ef19e25733c45625b973bae7be7fe95abbebedb8327b4b90c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edde6b42f642742b3872d91d369bc555
SHA1 cf7eaf180766274fb1dcd5eddfd1239fe7ced704
SHA256 9d57b8df75be7176049455b4f86023619948da9162c1942103047c3b36a4ff47
SHA512 379c5ad8b98318a1cf4455fe945b54e05cf978b004db3e2c2521c4c596a525cd2bf44ee7a067582e46582a5c0882472ab2014a594274ff439fa6ce86ad9ff2c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f7b970b33e74be7db68cfaa885008cd
SHA1 ccbae61da6765410464ed0bac31a2d60e19d7312
SHA256 e5a20a5624ac551c44d6cc9bb6ff0d6b1f5590adc3bef42b624d025191155c0a
SHA512 e097afc50b05bfdac23933ae88ac2064e4b7832de97d51595bf67a7304752dbec8098c9b0acf348dfbd62f2b1e891c37ee8a9452de02a67f648fa93bcf68d2ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e1db71bc1c109cb44ca39467d32292a
SHA1 5d07d2a54a0e461f6236578e110805debc03474d
SHA256 0d96952fecc3cfef85adc690b6bf86ddd1072da6f756d09d0616760aa4ffeed9
SHA512 314bea37e466dd7917dfa293df9064a5240d4a997835e3dd0f9b3fcf09bff603d48545ee24fabbf1c747b80efc8e15e5ba572b062d60e5a41e0869cfc21ab8d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdfee974185c859c23c112b076b9bac3
SHA1 5ea721cce061d2b93fb86f7d041c7e5f9efad4ec
SHA256 7c42559d1dd5eaff71de99b441ee65503a4af3c5479eb34ca94cf1be334aa9a5
SHA512 8c4d7ee2c2b390e4fd2620b0f15fb16819c9e8f8ec68dc68d7a9ad9e8a881ba3b80b34ecd7994fd691524ead9cac85050da7b66016b1ff6e21730f329f0d0cd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 721f878849fdde160749de97e3e04e89
SHA1 7080098df689165f305cc6fb96a53bf7e54f1452
SHA256 329ff1032cdf3a82565fc729566468dfb6eea04489558bfaf5355548a67d00d2
SHA512 815bbd4a0c3eae80c08413b9510a11ee4eda54ebedf3fd6fdabccc78a0ead10e3efa8f31e70a8edd8336461f6765b0263daf93d7d4a2a61daa03ca7d544e90d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9344015f4c03c316b34dc23cd4a4addd
SHA1 73e445df31a41228a285f04c14aac06b0b3daa50
SHA256 969de76e08fdafabd03791431f7a070ae81d55bfe1a59061a6f747a3714ec8fa
SHA512 d9e614a8220dbb82441f77f80bd9780ce65b336171505a95dbf3fbf151adebdd782ba64b4e1d44042843f7fe7cb0d5e1c964cf67ea45c8d6710f71e94bfa15ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17715867db71d71e39f2a2d7eb8f7ddc
SHA1 3cda4b4d655c714f55fd8022ba72b972e37b59d7
SHA256 cd24dd4de4eb8e3b0adc6e45ce4efc6b22ce6e877fa9b89fa21b5f3f592f0325
SHA512 761c543f5095d0177155e8fd0206251358eb9c96b56032a3251d3bedaa70084a739bb51a443b1930cfe0f64bc8172f5b43461182ff3d18b0ef6a6c2fef594fc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eb7765f6a949aaf18792f957004ad6f
SHA1 d117d394cd7e0f5bc06a838dfaa9025ea5841bec
SHA256 7522cf6df2c33d590553373700c28bcddfe943a706fe3a987a454cd8084c4820
SHA512 b615b7b6560875d697f0715104ba54a8dacb36b1123b9c0c1c15dfce158ae86df457a2e241d0c9d79e0e1ac32029b9684ed1737e6636395068416824971851c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d24dd55971f5ded8905e9080d33d8a8
SHA1 ab1d6b07777de9646790f88749b8ce84b7edb628
SHA256 9d79f2470fd2cc0734d0db7d90d83eff9720d1b383672730267c9d85a784551d
SHA512 caa228fc6b25c140d11c2d35808a60dc85d07d0e98627a02fba49199c92eae6be216997e10037cc9350d17356bc0221add637a2b2e2352d5ba6bfff5fcf5439c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de74c4cc6a3413e86245d1e138961a76
SHA1 fb68179b409774678059a52ee93d9293967a6ec2
SHA256 207e4d5cb8832564d08b30ce4a843cf0572aa2d10eaad8ba5d768fd09751475a
SHA512 d139621ab49e401ce289e510fda2b5fb21a2dd543b54bf5c700d37ded686605f5c7bbfa319480aaa4f98e0cdd184d2cded8aa1cafe2d4409db60152e0215a016

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09cb7dc462b6edfef58d29bd17d439e6
SHA1 ccc35b3312c45dec7714c62cc1efb0a48757dbf2
SHA256 9b553d72171666a8c1fe34ae242af4f67cda282c23176fdbbc107f585bae75ee
SHA512 69e5a101f7b53842db5716f81151b698d86aa4cd55845f49d6d8bfab650d3d2baeae4ea8b169698bd60b8ad5091fac2e5d8ded3eef103ad5a94e5606e7184d6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af469d71cd1bc04a0ea62ab8a025215f
SHA1 9c5fb9bcbb2f0933a43a87e8c4183077b480da8a
SHA256 c54bef18d45591cf78d0267ae142f278efd967cbbfc7c6746fdb89fbd1fc3c77
SHA512 199432a0058c11a73bfe02b7c37ad96fa2b902e20cd773ad7ad85c2057aae4be5b47397df87ecb6a6fbf80e813e23d7910af796ddca18e281805acc2fcb69d39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 926f6ba2e82cf1fb43e34cdc64de1cb0
SHA1 f919ef3f051a02392f572704e27b8bde4dcd0bf1
SHA256 edac0a6a1df92208603639acf0c0863c9772c3d1508cae4d6e181ac8df5aa9c2
SHA512 1f5d96411e5c1a7b44a613941e6930c176af08df2879a4595efea4d4221265147dca279cd453c0bd4fcfc0ef390d8e99a4281b8a34c7dbafcb57b09749d1998a

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-28 06:35

Reported

2024-08-28 06:38

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2248 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c65cf841e6e1b1c31f8f9af22a418559_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb6b846f8,0x7ffbb6b84708,0x7ffbb6b84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4773191825296512173,15707163396886897327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 googledrive.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:443 googledrive.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:443 googledrive.com udp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.200.1:80 googledrive.com tcp
US 8.8.8.8:53 www.imotiv.ly udp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
GB 142.250.200.1:80 googledrive.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 142.250.200.1:80 googledrive.com tcp
GB 142.250.180.9:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 pingje.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.apesal.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.clocklink.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 ping.busuk.org udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 104.21.12.42:80 www.apesal.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 216.230.241.100:80 www.clocklink.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.169.78:443 sites.google.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.thetouchofsound.com udp
US 54.83.203.203:80 pingje.com tcp
US 8.8.8.8:53 dubdsb3u36ja6.cloudfront.net udp
US 54.83.203.203:80 pingje.com tcp
US 216.230.241.100:80 www.clocklink.com tcp
US 8.8.8.8:53 www.jomniaga.com udp
US 173.236.138.253:80 www.thetouchofsound.com tcp
US 8.8.8.8:53 udp
US 173.236.138.253:80 www.thetouchofsound.com tcp
US 8.8.8.8:53 salma.jomniaga.com udp
GB 172.217.169.78:443 sites.google.com udp
US 8.8.8.8:53 www.domainmarket.com udp
US 172.66.40.121:443 www.domainmarket.com tcp
US 173.236.138.253:443 www.thetouchofsound.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 busuk.org udp
IE 74.125.193.84:443 accounts.google.com tcp
US 172.67.139.115:80 busuk.org tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 172.67.139.115:443 busuk.org tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 42.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 203.203.83.54.in-addr.arpa udp
US 8.8.8.8:53 253.138.236.173.in-addr.arpa udp
US 8.8.8.8:53 121.40.66.172.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 kartikel.com udp
US 8.8.8.8:53 pr.prchecker.info udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
LT 93.115.28.104:80 kartikel.com tcp
US 67.227.215.171:80 pr.prchecker.info tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.9:443 resources.blogblog.com udp
US 8.8.8.8:53 i155.photobucket.com udp
GB 142.250.179.228:443 www.google.com tcp
US 3.165.232.11:80 i155.photobucket.com tcp
US 67.227.215.171:443 pr.prchecker.info tcp
US 3.165.232.11:443 i155.photobucket.com tcp
US 8.8.8.8:53 www.carimember.com udp
US 154.197.239.185:80 www.carimember.com tcp
US 154.197.239.185:80 www.carimember.com tcp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 115.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 104.28.115.93.in-addr.arpa udp
US 8.8.8.8:53 80.218.130.94.in-addr.arpa udp
US 8.8.8.8:53 171.215.227.67.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 79.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 i68.photobucket.com udp
US 3.165.232.87:80 i68.photobucket.com tcp
US 8.8.8.8:53 www.activesearchresults.com udp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 8.8.8.8:53 blogmalaysia.com udp
US 104.21.5.166:80 blogmalaysia.com tcp
US 173.49.115.115:443 www.activesearchresults.com tcp
US 104.21.5.166:443 blogmalaysia.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 185.239.197.154.in-addr.arpa udp
US 8.8.8.8:53 87.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 115.115.49.173.in-addr.arpa udp
US 8.8.8.8:53 166.5.21.104.in-addr.arpa udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.14:445 translate.google.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.14:139 translate.google.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 tr.nuffnangx.com udp
GB 172.217.169.78:443 sites.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 www.jomniaga.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 widgets.amung.us udp
GB 142.250.187.206:443 apis.google.com udp
GB 142.250.200.1:80 googledrive.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 t.dtscout.com udp
GB 142.250.200.1:80 googledrive.com tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
IE 31.13.73.22:443 static.xx.fbcdn.net tcp
GB 142.250.180.9:443 resources.blogblog.com udp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 22.73.13.31.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
GB 142.250.187.193:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.187.193:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.187.193:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 cerciterpanas.blogspot.com udp
GB 142.250.187.193:443 lh5.googleusercontent.com udp
GB 142.250.187.193:443 lh5.googleusercontent.com udp
GB 142.250.200.33:80 cerciterpanas.blogspot.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38f59a47b777f2fc52088e96ffb2baaf
SHA1 267224482588b41a96d813f6d9e9d924867062db
SHA256 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA512 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

\??\pipe\LOCAL\crashpad_2248_ZWLAYAVUELDUELXF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab8ce148cb7d44f709fb1c460d03e1b0
SHA1 44d15744015155f3e74580c93317e12d2cc0f859
SHA256 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512 f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8152817605055ddd39ce89766259ca2
SHA1 edb62c23a81939d018c8173c9a7d3483d309fda6
SHA256 f9525fbccd60dc26979900e19bbbc292a1b00b71be49bb5097ebf74eae3a955c
SHA512 a68c4aa14bd7eea8c9859668809449f853bd5908cd42453f2d735da01e7b71634597b91d245e00f6d666a03c41cc83e64c5958449b9695d654863144f8de2767

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e703a6820bdfb9fd6722dc941e0842e
SHA1 ba41805496da2573fc8df4150556669a98543211
SHA256 120d32afa23286f6fa03a23bcae9d301968783d3966561b8904890f8a09c6078
SHA512 9b2ffa93b851fa06ae6cea4d6868f7279fc5bbb7d7070c1cde15af9de15947a58626fb76f575bb065da9d4e8a3d40dca69c062cd89db0030f51698f0a324837d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50469ff4ef6952d1231afc00a80c0607
SHA1 03146267bbecb8b3af0634c3493b00050bb5e0af
SHA256 86065799705008e4c49c37ecac8e034d305f4ef970bcd83991a5b9b622da2bbb
SHA512 2994aa2b10677f6da039287b29bc837345095907b60d8447400bfeac1f759468bbadca69e76295658697443c233e22af70d42c88e6c834f7c3b4274cf6f98cdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0129814c92f659d2b61aa869c71b5296
SHA1 e7678c53ed69730a151a8fadc870a639dd0613b6
SHA256 f2136b70fc277d6e0480e1e4bad84fcdf0bf0cbc379b7f0103ab190b6d207a13
SHA512 1aa33fcd7f4ca786fd090d90f3d5f53f7273e0d21e799ba41ea68154142278452130c148ff13884972386e71f1a3c9a6fe7bbf4c868d6d028d74868a9b246944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2b55e15cb8fd94fb7735ebad5cf98d68
SHA1 38847f094bbbf41e749d833450d2a001f8f5d0f5
SHA256 758d6aea9cc9ddedcf4f6ca358c8f52810e7da6ea61fd13fb488dacf48a60c63
SHA512 ebcae0581b160e59bd6167c7ffcdaea93a77349ba55d82be983d8602ec7e3c83599a8a14cfd97dfd746554bae081df3673347284090c156d947c26fbcdf8a5f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58be1b.TMP

MD5 30119643d764beac7d2ad54ed9b6b9b6
SHA1 c670901cd4781a12dee7573f0a4e036034c30e41
SHA256 bdad41d04a3899f670b1730fabf7d6c49cae02ab07241bbd6083d905a90d7549
SHA512 9854423ba6a9eb2857a5cc7631ff41f078dce1d06b0fd7b80df696e20b7c2c85f0d01ce11360f850e2a409512a4e82bde3553594d27485ae86d1d3fc5a35eeb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e59878e62f9f76d77a662058365a0a11
SHA1 24ebe378489087838cb6f5f111bb3a74b9084141
SHA256 23ae0b83bf15884fa3c5507a5f22284d357b57259b72cba463143f47410f50c3
SHA512 7507a7fb1a316fe8f7eae4aab5d44582b897bc0227d0cc024f7b9ab07b26a0a667e965741d82310c48819cb794340afc8b3f61b0ed8e2e0996863a9af225c32f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 995e5f4e5809660e098370cea7057dbe
SHA1 0de572e15942f7c7977d13ae4028f5e5724ca4e6
SHA256 56c2bba237d54dd547dec0dcc399e6f7dfbd8964248223f252e913902541151b
SHA512 fe684b520e48e5945a62454ffdb1002f223f7ad15eb4c5a4f7154058ee641c96da3a4e0637015448aaccac617547eda5598ec0fe57ae3cc5f080d9f01288b82f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 240b22699b2dae45fe91dc9817e05673
SHA1 1fc1cc9175c89a6f32291c8d273052754ea8ea3e
SHA256 785fd57b829b24fc59f4cf04a66ffd20dc160945151406b8663c523332eb1413
SHA512 4cdf24c911c8c2cae310d0924c0b20f756925b3a3fe270fa091744cb26b97534a4ef58995f1dc70a74b82c644344384f7c1460c433ffe2dd6a2a42fa67b1a7df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8fae1c03391f3dd3feb942b97e819fa
SHA1 4e398f8fc3829e9239e85f5c92adaf0d04971775
SHA256 c3fda913e86dd583267939a3544843ef63e2afa09ebddc060b3a6aa703c66510
SHA512 983f4e85a1aec82cd84e34bfd9f9c8257c95d8e540fda41ec4203b7cafddbf8aadec3c8bdf0056cf85fb3a16bed8a82c929fa4a2e97ec31311f1af8b23bc1e2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea8d3c8b657309dfa447543b01be47fa
SHA1 94cfe592bc24d098b61a87bc2522979b33371f37
SHA256 8433e7088ca6e5ade92d93a7e0b638b258d231cfe757cfcc95e925d2b0f4cd05
SHA512 c92446e0d1c3498ab9c66b9d4d9b4753df489f6aba76af98ed168bfa3438982f46b7543b1456501290b77680dd25a8380526a2312b36a704f21bb1ec1fe6ab1f