Malware Analysis Report

2024-12-06 03:26

Sample ID 241022-wdej3axbka
Target 6b848790d983327eacfafd4448a470c0_JaffaCakes118
SHA256 c73b9c223f6bb3282f4826b5c2f636098b98ce34fb4e248c978be856cc8bed0b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c73b9c223f6bb3282f4826b5c2f636098b98ce34fb4e248c978be856cc8bed0b

Threat Level: Known bad

The file 6b848790d983327eacfafd4448a470c0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 17:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 17:48

Reported

2024-10-22 17:50

Platform

win7-20240729-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b848790d983327eacfafd4448a470c0_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET87D5.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SET87D5.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C94B5F81-909D-11EF-9DBD-525C7857EE89} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435781151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000426d0ad0b61c9b9eea90436082bca35c218d9375e827a1091ac271af130e75d0000000000e80000000020000200000000378543c88bb4350d2d556f9e375016dc9a89475b86c7fe24f1edf6f060f561690000000800abea7554d78b2ce9e3d29f5209f616cb79a7ad30ef4936a530c75e0567054541703447a1ce76643d891321bb9268d9461ed970f62745e1253f2fb1bbff265a47019a36eaf983f5635b2c550da7ad8d1c9cb3182b2d6b587f0e32dc7f9d02009595998e1b15b57c67dd78ac9e1b82d2fb2c751da407d097ab25de4c6ac6613640197f13acc811efc9ef4adc89e9d9540000000866e5118e4c69fd2e594b6d5125aa41d312585e95a6fe4c669fd357abd8895ae37e4a2efe021f0a0bce652bda60c8348f127a8829db92e74118a3d386e6caa75 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0e55fa4aa24db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000008fed5f1ec0ed76d9fbd69a1e9f6f0e999e311c459462bf93357bf5b65b4e4103000000000e8000000002000020000000d0353a404268f352b6a3798471ffba0abeaf22ffd997e922f5ca5b43bcdd96c1200000004b6785cdf125261d76a9c5a9cf37e618773067bb06f2852bc5e3b7c76ad33051400000000cbb8c9988784c9d78987dc07b464381edd1e195e67bb68499d17b8072f88b88ad8132d309c435597975087640ab742ef85376f48d89980c6e5e99581cb91317 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\Total = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 568 wrote to memory of 2320 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 2320 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 2320 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 2320 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2320 wrote to memory of 1964 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1964 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1964 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1964 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1964 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 568 wrote to memory of 1224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 1224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 1224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 568 wrote to memory of 1224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b848790d983327eacfafd4448a470c0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:537627 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 www.blingblingeyes.com.my udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 themes.googleusercontent.com tcp
GB 142.250.180.1:80 themes.googleusercontent.com tcp
GB 142.250.180.1:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 t2.gstatic.com udp
US 8.8.8.8:53 fbstatic-a.akamaihd.net udp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.187.228:80 t3.gstatic.com tcp
GB 142.250.187.228:80 t3.gstatic.com tcp
GB 142.250.179.228:80 t2.gstatic.com tcp
GB 142.250.179.228:80 t2.gstatic.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.179.228:80 t2.gstatic.com tcp
GB 142.250.179.228:80 t2.gstatic.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 st2.freeonlineusers.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
US 8.8.8.8:53 st2.freeonlineusers.com udp
GB 163.70.151.23:443 badge.facebook.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.guablog.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 www.ohbelog.com udp
US 8.8.8.8:53 www.ircserv.org udp
US 8.8.8.8:53 www.auto-ping.com udp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.187.238:443 sites.google.com tcp
US 104.21.26.218:80 busuk.org tcp
US 104.21.26.218:80 busuk.org tcp
US 162.159.135.42:80 www.auto-ping.com tcp
US 162.159.135.42:80 www.auto-ping.com tcp
NL 95.211.75.16:80 www.guablog.com tcp
NL 95.211.75.16:80 www.guablog.com tcp
US 8.8.8.8:53 busuk.my udp
US 172.67.164.129:443 busuk.my tcp
US 172.67.164.129:443 busuk.my tcp
US 8.8.8.8:53 m.facebook.com udp
US 173.232.92.169:80 www.ohbelog.com tcp
US 173.232.92.169:80 www.ohbelog.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 www4.cbox.ws udp
US 8.8.8.8:53 pingup.redlomo.com udp
US 8.8.8.8:53 img135.imageshack.us udp
US 8.8.8.8:53 www.era.fm udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 38.99.77.16:80 img135.imageshack.us tcp
US 38.99.77.16:80 img135.imageshack.us tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 199.59.243.227:80 www.era.fm tcp
US 199.59.243.227:80 www.era.fm tcp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 emoticoner.com udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 www.astrosafari.com udp
US 8.8.8.8:53 www.cute-factor.com udp
US 104.21.85.24:80 static.cbox.ws tcp
US 104.21.85.24:80 static.cbox.ws tcp
US 67.199.248.10:80 bit.ly tcp
US 67.199.248.10:80 bit.ly tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 151.101.129.91:80 www.astrosafari.com tcp
US 151.101.129.91:80 www.astrosafari.com tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
GB 3.162.20.61:80 a.deviantart.net tcp
GB 3.162.20.61:80 a.deviantart.net tcp
US 13.248.252.114:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
US 8.8.8.8:53 wallpapers.com udp
US 151.101.129.91:443 www.astrosafari.com tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
US 199.232.192.193:443 i.imgur.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 18.165.160.22:443 wallpapers.com tcp
GB 18.165.160.22:443 wallpapers.com tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 151.101.129.91:443 www.astrosafari.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 151.101.129.91:443 www.astrosafari.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
GB 3.162.20.61:443 a.deviantart.net tcp
US 151.101.129.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 www.layoutcodez.net udp
DE 217.160.0.179:80 www.layoutcodez.net tcp
DE 217.160.0.179:80 www.layoutcodez.net tcp
US 8.8.8.8:53 cococokie.wordpress.com udp
US 192.0.78.13:443 cococokie.wordpress.com tcp
US 192.0.78.13:443 cococokie.wordpress.com tcp
US 8.8.8.8:53 layoutcodez.net udp
DE 217.160.0.179:80 layoutcodez.net tcp
DE 217.160.0.179:80 layoutcodez.net tcp
US 8.8.8.8:53 download.macromedia.com udp
FR 23.54.128.33:80 download.macromedia.com tcp
FR 23.54.128.33:80 download.macromedia.com tcp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
GB 2.18.190.78:80 fpdownload2.macromedia.com tcp
GB 2.18.190.78:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 get3.adobe.com udp
GB 2.19.248.90:443 get3.adobe.com tcp
GB 2.19.248.90:443 get3.adobe.com tcp
GB 2.19.248.90:443 get3.adobe.com tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.72:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6837.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6898.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\http_404[1]

MD5 f65c729dc2d457b7a1093813f1253192
SHA1 5006c9b50108cf582be308411b157574e5a893fc
SHA256 b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
SHA512 717aff18f105f342103d36270d642cc17bd9921ff0dbc87e3e3c2d897f490f4ecfab29cf998d6d99c4951c3eabb356fe759c3483a33704ce9fcc1f546ebcbbc7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58596d43cb7f0952cb2dde065344a4a5
SHA1 f957701013e867219f8750c67e4df20c39068da1
SHA256 e9d9a144149296b7c6cf3a60bce44874ae386da8f13fc70eda7e4619df2a457b
SHA512 689e1a89046684d906f6db917229c02cfbee7e52133b9a2d4bb1927741d4336d4dfe34ec7ff78e98d8b3b3e544dd2931f35341bcb4f22a21d05d7db642f4e2d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 248098262eecf30d34bc2a4c5fd4b49b
SHA1 ff27c10fbca567ab0edad32467f537a3c96d4fa0
SHA256 f48375e3b02877825201078ecdad6b74773c3cd6e5c9d4d3c30447be58eedfcb
SHA512 92f54e82eba7b0afbf32e9b72e7aa0b14539a5ae5f310c54bec4f4466d91360aa6b31e106feed39437ab848e5976417192fe5b930430f59b65e07b4af6d67785

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ed471c38855f8aa6a46553ef3e5d9f0
SHA1 9568919afb8611d8c16840bb5d8f4e9a3c0a8ec1
SHA256 fd7b9890c14f40f34fb4020e33c679658f648a35284fe84e641658d5e2126ba8
SHA512 f9e8c46f1765c6a9dabf15942db4aac163e8dec6df9f9a7d5fc76c194da0bb1ca9af297bb06c7099f75637ec10d8c2d8f6c38f5f21e0c07f11d5487da08a42c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 016ef373495bc904823a363a0316560e
SHA1 2af35578cdb3cd364575b1e8d2ddae37f3ef25e5
SHA256 24c7c5f57f8f850b719f5c3f2b98345b02502bc4a71fe65e25cd8b6e2360840f
SHA512 c0ae1d6b635aab75fc5ed21b692889766735e10cc1d6e15dd3385d431ea53f04b1804a81e5e65163c2f7f46c09ec751404663c539f69060fb8da67060ec0d667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3273cfa4d5be1331c5c8667ae1736a21
SHA1 4b16035707374ed994edf26a6e0d46c46bdbae8e
SHA256 3e223fbe5da4086df99f6891fa46a58cce77467e0f924674a1c9551899d581b3
SHA512 918c9b4ee0395c444b78e737e90535f5bbe6b2162a1aba9ded4a8c9c2d1ae2991de8634ba9dec511efcf6fff763e5fc672d7a36a68d6b59f1d3316e78135072f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 1b16828f191c6a8769b51c8d7a97fac9
SHA1 4415cb38cbc370430a2e0998268a31681ccf4b9d
SHA256 6916197b47011bf52f8bf73ee8eb44e0ede5aac8d0353fafa0766dc2af518de1
SHA512 79d1f4e0d057b68dc8602382be27cd07ad9c76421eb70a6b2d65c181518b65bbf6cdcb9ec799332c75f098e77f589a3f3144e17a24c4ac5cc9f35e95d0355e5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0e95c0d284bcb2989cc9e1704bf8780
SHA1 0b36d913aa3242ddb8d19c75c37a3f97cbab810e
SHA256 0f161af59a146e400bc223d7f8e56917d9673d6f039992ccbdf51fca8c10a4e0
SHA512 1d8bc5c911b5fd5a3c762d3ca9e9e086b2e8967fd66b94702dd34fcba5d5fa51c67e098e738de999992637dc7ed09a54a5e0c5b031674d25c05519cf355b9811

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7834a916afc9d175e54622f7539f6426
SHA1 e56d476d344c40be4adecccb7d476f5660ba683f
SHA256 ad404dd553b062414cca8526160e2bb2100159403b440dc88dd056135ed835fd
SHA512 2591f520a379a565ef6a16d4f916a776bc73d43fb8890be211f1ffdf14ef589a78749154b28b71e6de42e65902fbc10515636b845bc2c940f69ae1adf0f1f15c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc8c04f6c745a8a3f69ebf2a693ed610
SHA1 57bce036f3e540e83f51aa46b974b3df57502f40
SHA256 65f52d653a94a43c2e84b0e8200ede2e7981f4f683e00a4da67afc726780e58a
SHA512 2465443cd9ca7a7d2ac7a138e4d3b7bd8a59ce1488a2a3fb23b8021150920f7151bfccb86e327c3d8addb8878cdbafeb28c9b874b79f326eb1a0bdc0aa9ca0a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\cursors[1].htm

MD5 10395d197ace1a3891136420925c17dd
SHA1 cc9c09bcd34a368cc3b8b7de8bbee26a48f7eb56
SHA256 bfbbb2d526a2c208d6296a8c0615bc09e7b3134260f4193ee4535b675561cd2e
SHA512 f8cec6452c14b3be27db461343f8cc798e0c78f3944bdf9bd96f29ef9c9ae43f711beb4710761fd8e2fee7f22828bfe40ffa54d18a773d2da4570d4ed6848e44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\Tinkerbell[1].gif

MD5 a498ddf336951bd617e03ac9f905a9d4
SHA1 c51f4fefcc7809cb1e6256be57fdc5a7e911e1bd
SHA256 03c2e2c9f9ae41426e3de7871e3e54f8247a9babb9cf95a726ed45144ffd17ba
SHA512 a62da89aeffa6a0e9bce6cdec6219409f60e6b77cdf3e4a43839b927ff65c5253b73e1cf11952073d9680d1e01be29c0ce6d85aef050037e05733bb675eea5c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f539e28f7ac3c6fec521b7b4ce11e5
SHA1 04d5cd9ee2d55ad7b080c8893ed361afcbeb110b
SHA256 b298e8c498853cb67c25f0f195385c46b0efbefe875f6dd7e58b4f3cd0b42df1
SHA512 2f8cbf1241d5290321b1f22755d51152c144b9a02ddc65ede1ff9554eb34effd2771b8e0bcbb1e842e33cd04205ff7caaa81c1c65e5b57555f9725ae1d0416b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f93f2ba49f80d97382423042af2c080
SHA1 f9502b956e2726c52025b253ef7a0deedc207a3c
SHA256 c859a30314ca98026cafedd06c28657a17cd1642d24eed03940ad956bb222cb0
SHA512 746a6fd6e4412b46b8c53bf2238a2b78550b2449cb52e298d7193febf7a680e88ba1b7a05a555eaad0e09b7796c6453159ccc040f82b98a1509dc2e6677fa53e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 110e7e25fbc75a043826c84bf85a3096
SHA1 5fba41b397118fab41b13768eb85f161306f3c58
SHA256 a649d1176a320ce2941bceefd8d8d8107ec03ff24c3a1de4ec950741a7752385
SHA512 f0f8cfeed5fc4b86e5a3731b514b436a92d6d49d3081454a63895bf03ddaa9aa7e3a0a8cea1a229badf86b636bb6d96c668d151f32d71f311b09c153dea7e51c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84a459cd3e0488576de1515db4722838
SHA1 70a485a9061b21bca345d4cada56d961c880b019
SHA256 2fe806bfd298b49e37932377d55c425e0247686855d713fd07032b7bd04062f3
SHA512 e36781d4f213265ba2631850b7c06644dd2789ceb2e9be01b5ea8540d09035e7374f0c0711e5b4b7abc86dde548136f7c8c80d2d4a5514b1e75e3f75b55064bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0873133df929ec99723affd0525037d7
SHA1 7b8bade4c8b26657b877c760c896c6d883821848
SHA256 4df3e56f940418246e2a09b82ef09f609365270ddc9d60df17b0c993d58a459a
SHA512 f7070b4f728407b2129fafeda99e234b2f902833afc7187f16a9d5722dd5c113ef1363ecbbb62cd101ead00599c559865198f1207e676f38f03a973800710030

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d02398a36bf96e62256143711da905f
SHA1 04f6aa0c3e7e848b27a472de5556272e255d5bf8
SHA256 a8e3f00b2b97d77e62ff10ea058f28f17e900aaf818e3a0a8ce7e92373182657
SHA512 2ff642238fa4f627ee28e70bc77a89f1989e604cecd6da3ac8ed7ed2389407344504b72c07956c49f01f9c3338a91900a531be2eb6738252434dc33ee673e21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 998b4a1cb3ad12b8469548e1899afff9
SHA1 d0e451e6878f30808cfaefc7795a7d07bdbb28cf
SHA256 dcbd95993cea156c34699d0e0ece4db23a24fc27db5722ee474731f95dd14413
SHA512 154ec1ddc0f1c37e3b51863d0674cf164dd915068622e8e573d49f70c068ee18554814b0dfd7a11bb7c4fcde4395de636ec6eb9d4c3311a5a04a17c50f5c3e98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3884099ccd3b87a720526a73107123b9
SHA1 b024c6b7dc8c615fb0bbd6bb95f2ba30c1e096d0
SHA256 04513a8fb3b0aaba7555342af46ae2e4e4f2f23dcf1f44952081fcfe60ed0518
SHA512 ba9782327ce3c898b0a719ccc0f975d275a6cc936c5dc81567194c52679ade497cf730ee11b296fa783ba8879eba131c80ae9c139fb5de2e1184932f06e3b567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15c53d97494aa394fb93a951a6e4d5ae
SHA1 44baeeb6f972ab33673bff92c1b4638be3dfa426
SHA256 901138387f99bea00261f76f52489b3bf3caffdeec62a816bb47d01cc06d1dd2
SHA512 caa2d2a7bc82409051ecee9f52889d2340780d51245da9091a57318f93b713e3ab8f0bb0593e368a197366985d42237ec8b564c850562fbc9b6f2e601a8a78da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38ed576729cfd70ddfdc6c9247d83dd8
SHA1 47c8bce9564b39e1db3247102b2c7e10f91a2c84
SHA256 801abec4d8ee55a2260d56079f1d51a0ee0606a6c014932c9c7d584eea79f18f
SHA512 4fd992bbcba96eff821d1a4edc3ac6fbbc12f5162320629f30b041a6a381746102432c3d010e1b8b804c830e915df858d513b05cdd14bddecf355726300f04a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc5a0dfabcac37b54c2a3c6607ea9cef
SHA1 8f8aa0c317ad8eedda7a3d6d6886d1c35be3be34
SHA256 750948c9692ec3a3d1872a2733ad15c4df79a367d022ce1a0a73398f0d5496fe
SHA512 8f9768a3eba8c74f4baa77c6e85e5ce5048935f7f2ca2b6eca3f22d0bdf375e0b859b86ed3e9ee13d1d564221bf14f709959c4e66d22903875337f7cc767dc78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b247a22cd97e0a66ec082570fae83053
SHA1 41786a5756a6ffc9b81a672f23222939a35460f4
SHA256 d2de579e0f4239d5725236622c60eb4ef018e98555510a3028d90330084532ce
SHA512 d6adb7bd3d25bad8069d7f4996f2767aaf654a8c795400194c4e892eb218f04e277eaef4696ead53a28ea3106ca59ff6d04acdca15f6364afdde1b0822382773

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ec6f2dd07a4cf9df9add196f805f30f
SHA1 cd8341f38ddf311614aee7cd01aa461fb6454d58
SHA256 1770b04509fc533476ec1558cad98db9832ac4f2879737d4144ad78ef641d878
SHA512 185e212af379cc690f8fcd3cc60374b5ba4913596ec636e3d24c28a676d761d50630e20956acf4cb70a59470679e4730f428833274ff379eb32a8263515718e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57dcab5b93342b292faf172fe74ea1a0
SHA1 38a763f56d67d3f1e36538d5912c0a6f73a355ee
SHA256 8f9dbe89f8642998a3144a01210ef27488e6b3953b67e260a4ad1102f7071917
SHA512 48025e424d33d61d98a515ac878125bba8d977fcaac9c5dae9dd9685031b6763e749a4e2f8cedbce004693110cf1fc2d4e13d6ba53b4bb586e58587dc0f52525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d35070488cb993904fe8e9001616c5c1
SHA1 71c75b4b6a5caf1b4d6120b8f4bbfff1b67371ea
SHA256 e2b8ffa6c11797ce8bf54e3a7ebb4df3cf04d191fb8a411faf17846f2d400eb1
SHA512 03e9275cf03709b97de4529bcee7ea26df8568044960b34b15098d747f47fa0ed2448006d5493409ca31e5ee58584f198c4406c063d7f48296d5e2fb2e2d4587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69598d5c9fe2376be00f9c4720aeb714
SHA1 00b910ebffa7e41b6ad5ba798de8eef44323c02d
SHA256 d8900e44a35f53cdf6378b101df3998ed5f272f81d3acc46a977ebc6eec58167
SHA512 11dec1f0e972b86607fa61d03899c6802326e70bf208bf438d470e0d6288bcc23b120e1cf37f014f75388d8bea3b2dd872610cdbef946f4da9ae9f7d2fdb8c6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 590e95c9475fb292ae5aba792c256703
SHA1 6ded5c5352073c19d21ac28336f20ac8b94f6631
SHA256 4b4ce342beaad1a5e58db9fa29ad9842931959107e5b996d9e25ac9e21772460
SHA512 cb9c14a152e0a5fba59a8bd525b55a8bfd8ddc5b589037d52504e21c89ebc444b23010a491298e1b0a597e056a01628cda4a51ad04dbce7e921969600fed3455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5dc7b89236b7985975077fa5b13e0b8
SHA1 01a51a776cae6dbbe04e413583b41b263caa25e8
SHA256 0e9d57e64bca7f8d1992daec811e8b82210df4280a78510f988c63bff739982a
SHA512 59c8ded096b0ba492c3471e0046a65046a5c7931deb48355c1a8297fd48b510e8979268f76605b68387fe347135363cf71ec847279d58ffaeb6bedcb2733d8ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39146f01219483ed15038e22fb713a7b
SHA1 f32bbd202d4aa881bc06003bbb9bd906a70bef8f
SHA256 3635e19429826bc0d17dd4081076671ce7df2a15c1fbc6bbcf376b7dbaf02ed8
SHA512 e0271979c0d46eea1ccfe8353b000e3d3700b685bb9b17ce268ac6af675af5afebafc08c2b5b0c88ad595a9997fa95212650abb124b46ec93084af1bab93cdb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4eaa523f2ad6aaa6d0e82946d1154a5
SHA1 1e36c976ab4efaa47667d6f410f27640e2ebd26a
SHA256 376976a8b3f375b175e4601957e6123c38e5f5ff3a98fffa612370cc37aba5ee
SHA512 f72075756563414604cbf4e06a91bc71bdaebdd546874f5c4fdc79914b0e1f760219ee9f9a438182b9a19efc225dce5d9b321db50458f12c1a7546652904e484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36c717578f6727c9428bb7de4bfb2ce0
SHA1 3b36b9270210f4e6cf1ca16b48cae939d5683884
SHA256 411831ab5c6689d09dd1f6d3aa5a973a8cbb9a746c312801a06fd9a97e67e6b4
SHA512 28c04c29eddb29a7846e874ee3fccea85fc9a7c0141d74834e9b33802b6b0081502812a060a42c6a27a13d81d37b52d1e90552322460fc7844dab9c7d38abeaa

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 17:48

Reported

2024-10-22 17:50

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b848790d983327eacfafd4448a470c0_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b848790d983327eacfafd4448a470c0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x318 0x444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,790897018360920716,9527732984304281033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:445 www.blogger.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 st2.freeonlineusers.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.187.238:443 sites.google.com tcp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.guablog.com udp
NL 95.211.75.16:80 www.guablog.com tcp
GB 142.250.187.238:443 sites.google.com udp
US 8.8.8.8:53 busuk.org udp
US 172.67.139.115:80 busuk.org tcp
US 8.8.8.8:53 www.ohbelog.com udp
US 8.8.8.8:53 busuk.my udp
US 172.67.164.129:443 busuk.my tcp
US 173.232.92.169:80 www.ohbelog.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.75.211.95.in-addr.arpa udp
US 8.8.8.8:53 115.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 129.164.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 g.bing.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.blingblingeyes.com.my udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 172.217.169.73:80 img1.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 t3.gstatic.com udp
GB 142.250.187.228:80 t3.gstatic.com tcp
US 8.8.8.8:53 t2.gstatic.com udp
GB 142.250.179.228:80 t2.gstatic.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.92.232.173.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 142.250.179.228:80 t2.gstatic.com tcp
GB 142.250.179.228:80 t2.gstatic.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 badge.facebook.com udp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.ircserv.org udp
US 8.8.8.8:53 www.auto-ping.com udp
US 162.159.135.42:80 www.auto-ping.com tcp
US 8.8.8.8:53 pingup.redlomo.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 42.135.159.162.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 216.58.212.234:445 ajax.googleapis.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.180.1:80 themes.googleusercontent.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 142.250.180.1:443 themes.googleusercontent.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
US 8.8.8.8:53 fbstatic-a.akamaihd.net udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.187.238:443 sites.google.com udp
GB 142.250.200.10:139 ajax.googleapis.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
GB 172.217.169.73:445 www.blogblog.com tcp
US 8.8.8.8:53 www4.cbox.ws udp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 emoticoner.com udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 ainkening.blogspot.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 kisahcincaibuncai.blogspot.com udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 nnaaqua91.blogspot.com udp
US 199.232.196.193:80 i.imgur.com tcp
US 8.8.8.8:53 www.era.fm udp
US 8.8.8.8:53 www.cbox.ws udp
US 99.83.138.213:80 www.emoticoner.com tcp
US 192.0.72.24:80 cococokie.files.wordpress.com tcp
US 67.199.248.10:80 bit.ly tcp
US 172.67.201.54:80 www.cbox.ws tcp
US 172.67.201.54:80 www.cbox.ws tcp
US 99.83.138.213:80 www.emoticoner.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 img135.imageshack.us udp
GB 3.162.20.44:80 a.deviantart.net tcp
GB 3.162.20.44:80 a.deviantart.net tcp
US 38.99.77.16:80 img135.imageshack.us tcp
US 199.232.196.193:443 i.imgur.com tcp
US 192.0.72.24:443 cococokie.files.wordpress.com tcp
GB 3.162.20.44:443 a.deviantart.net tcp
GB 3.162.20.44:443 a.deviantart.net tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 8.8.8.8:53 www.astrosafari.com udp
US 8.8.8.8:53 www.cute-factor.com udp
US 104.21.5.95:80 www.cute-factor.com tcp
US 151.101.1.91:80 www.astrosafari.com tcp
US 199.59.243.227:80 www.era.fm tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 151.101.1.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 wallpapers.com udp
US 8.8.8.8:53 cococokie.wordpress.com udp
GB 18.165.160.22:443 wallpapers.com tcp
US 192.0.78.13:443 cococokie.wordpress.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 151.101.1.91:443 www.astrosafari.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.187.206:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 71.153.201.195.in-addr.arpa udp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 54.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 24.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 44.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 213.138.83.99.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 95.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 www.layoutcodez.net udp
DE 217.160.0.179:80 www.layoutcodez.net tcp
DE 217.160.0.179:80 www.layoutcodez.net tcp
GB 142.250.187.206:443 syndicatedsearch.goog udp
US 8.8.8.8:53 layoutcodez.net udp
DE 217.160.0.179:80 layoutcodez.net tcp
DE 217.160.0.179:80 layoutcodez.net tcp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 179.0.160.217.in-addr.arpa udp
GB 142.250.200.36:445 www.google.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 216.58.212.194:445 pagead2.googlesyndication.com tcp
GB 142.250.179.226:139 pagead2.googlesyndication.com tcp
GB 172.217.169.73:445 www.blogblog.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_2908_DCXLPUBVJHMYWCMA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79929d06a2808dfd7819c4307aa037a0
SHA1 90ae26a92a778af3f08ac08cffccdcbbec7b44c5
SHA256 1727a55768ca5160589d70a353f90621bd46f1eff79c36bc746c0564ad36eb34
SHA512 8d4eb182913eaac763c2195e54acfb46f50bb5d16adbfda26c6b9e5ac19a6071aca124f72c85f01dfcc7ce5c15643e18fdcb67ef98a814208f583c832854e8d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f0822579618159976bd3b3e59213ac5
SHA1 4f883dd166e68e33c9515800936d843d4da25c8f
SHA256 c1b3334e434df1689319fe54c71338136ed8cb16d876930bb4cb30dfa2705ce0
SHA512 9b32a0f3e204ebec278e27b65dfd65f89bd192a43baf8c3b8a047583cd9d78b5fa3dc728b562abe69662e37f0270e2761c9563d72106968d86476818b9371cfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4383e0809d693d027350876fc58d6b5c
SHA1 96ee88ebb3b6676834935d979385cb8ea5a0e1ce
SHA256 fd47f98806df6ed2b61ad7a0e20b3829ca8f4bc04d1afec286ca7b42e0c7fbc0
SHA512 136e50b17dfc0afd25d2bfe04f6ac57902171974edc25a54b2da76625e6b49de5aa105402a9f73eb0e77dce3b990703bb5c9d8b9a142c3249c93bd23f5471fa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ae80e437df232fec8443a81800397ff4
SHA1 08760e373b7f38275757b35c52ee9a6eeab8eab8
SHA256 b8eb3df9832d9274db1f2bea3d9f832ab23029db81ec31cea57af6a491521ece
SHA512 5dda32c5339d1f1edf1ed23688c58180ab7b1e89f62443d2b5a622c234246bd4437e9bf62669a95550f1ccb776481a2c9b8e90b9beba1118cbbd5bda1a9d5af1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3a8ad4faed410aac795260b49572a70
SHA1 54883ba8ae8b41356c3beebfb104833491fadde3
SHA256 65bd17530492b24bd50a7c0564910cd08cfe353769c224fab5f55f22b42c90d3
SHA512 f63db6b568c29c2035b3884522a4653f0ea60b3cb03ab998ad0108191b162a985c98d54b742052de1b67cd86eb2fe4cc1a3dd0467eb603f80aa8abd9af995aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bc46.TMP

MD5 022dd1f40e10a27d3f9e3e9576f4abcc
SHA1 775ee8f242995add10fa2e757506d084645313bd
SHA256 e777d0d3fa8bbedf1b57d4485bc91f489f2765a8e7f8e294fad5a5c713be6a91
SHA512 005f7c78b411a8b264d48ab4f217fe2339521e544a12c6b8929334286f360ab434b5a2a0940e4e68548c89402cd918ea23dccfae9a8411d18baae8b5bb3c43f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 78d3e017654fd59ab15ec07a968c64a8
SHA1 e9a825c31e895972c3b0e0f72ae5e280c4899d88
SHA256 667371d65c03a3c2bd8a0580992d25d466b2c65899dd95efface3229dbebb199
SHA512 4b6dc20a810a77c93c894b4f4158a8da35d107deee7d653bf861ab93418215c064b8ca2314d2433af9558dfa58f8c5e9d1765f6b6b29197696c893ec02207e82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 056a13da69ce4a4c4498004fc86c93a7
SHA1 7ac38d9575629d93e15352910f1cdecb09e57d1c
SHA256 7f8ca483fc2076b6405c5802312bc6876699e35b64804623554100e377bb0467
SHA512 04aa6267603ecaf93d4809721188f4be05bf48d213e9e556a5a6ac67d129ab9506c94b36f191ebd17258d17b08ad40db962cb1e7ab05115640185e04965935c8