Malware Analysis Report

2025-04-03 14:23

Sample ID 241215-q7gcvswlet
Target f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118
SHA256 ea3c8c87308969cbcf1ab524a047479d5c9dde71574c35d5430f997e9c9f175f
Tags
vmprotect socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ea3c8c87308969cbcf1ab524a047479d5c9dde71574c35d5430f997e9c9f175f

Threat Level: Known bad

The file f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

vmprotect socgholish discovery downloader

SocGholish

Socgholish family

VMProtect packed file

Enumerates physical storage devices

Program crash

Browser Information Discovery

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 13:53

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 13:53

Reported

2024-12-15 13:56

Platform

win7-20240903-en

Max time kernel

147s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\usa-cheater.blogspot.com\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440432716" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\usa-cheater.blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DB76651-BAEC-11EF-8B74-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\usa-cheater.blogspot.com\ = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2704 wrote to memory of 2656 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2656 wrote to memory of 2784 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2656 wrote to memory of 2784 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2656 wrote to memory of 2784 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2656 wrote to memory of 2784 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2784 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2784 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2784 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2784 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2656 wrote to memory of 1920 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\WerFault.exe
PID 2656 wrote to memory of 1920 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\WerFault.exe
PID 2656 wrote to memory of 1920 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\WerFault.exe
PID 2656 wrote to memory of 1920 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\WerFault.exe
PID 2560 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2560 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2560 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2560 wrote to memory of 3068 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c start http://usa-cheater.blogspot.com

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://usa-cheater.blogspot.com/

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 608

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 usa-cheater.blogspot.com udp
FR 216.58.213.65:80 usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 usa-cheater.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 masyhury.web.id udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 dickeymaru.googlecode.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 s05.flagcounter.com udp
US 8.8.8.8:53 b.scorecardresearch.com udp
US 8.8.8.8:53 h2.flashvortex.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 vicahya.googlecode.com udp
US 8.8.8.8:53 www.usa-cheater.blogspot.com udp
US 8.8.8.8:53 i260.photobucket.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 i1107.photobucket.com udp
US 8.8.8.8:53 i1042.photobucket.com udp
US 8.8.8.8:53 i634.photobucket.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 8.8.8.8:53 zfpmenu.googlecode.com udp
FR 142.250.179.78:443 translate.google.com tcp
FR 142.250.179.78:443 translate.google.com tcp
US 206.221.176.133:80 s05.flagcounter.com tcp
US 206.221.176.133:80 s05.flagcounter.com tcp
US 104.26.11.22:80 www.widgeo.net tcp
US 104.26.11.22:80 www.widgeo.net tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 13.249.9.35:80 b.scorecardresearch.com tcp
FR 13.249.9.35:80 b.scorecardresearch.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 216.58.214.66:80 www.googleadservices.com tcp
US 104.17.150.117:80 www.mediafire.com tcp
US 104.17.150.117:80 www.mediafire.com tcp
FR 216.58.214.66:80 www.googleadservices.com tcp
US 34.226.101.193:80 www.reverbnation.com tcp
US 34.226.101.193:80 www.reverbnation.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
FR 142.250.178.129:80 lh6.ggpht.com tcp
FR 142.250.178.129:80 lh6.ggpht.com tcp
FR 142.250.179.78:80 translate.google.com tcp
FR 142.250.179.78:80 translate.google.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 3.165.113.35:80 i634.photobucket.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 3.165.113.12:80 i634.photobucket.com tcp
FR 3.165.113.12:80 i634.photobucket.com tcp
FR 3.165.113.31:80 i634.photobucket.com tcp
FR 3.165.113.31:80 i634.photobucket.com tcp
FR 3.165.113.31:80 i634.photobucket.com tcp
FR 3.165.113.31:80 i634.photobucket.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
FR 3.165.113.31:443 i634.photobucket.com tcp
FR 3.165.113.31:443 i634.photobucket.com tcp
FR 3.165.113.12:443 i634.photobucket.com tcp
FR 142.250.179.78:443 translate.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 142.250.75.226:80 googleads.g.doubleclick.net tcp
FR 142.250.75.226:80 googleads.g.doubleclick.net tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
US 34.226.101.193:443 www.reverbnation.com tcp
ID 103.157.146.122:80 masyhury.web.id tcp
ID 103.157.146.122:80 masyhury.web.id tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 downloads.totallyfreecursors.com udp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
FR 3.165.113.35:443 i634.photobucket.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 img209.imageshack.us udp
US 8.8.8.8:53 connect.facebook.net udp
US 38.99.77.16:80 img209.imageshack.us tcp
US 38.99.77.16:80 img209.imageshack.us tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.178.130:80 pagead2.googlesyndication.com tcp
FR 142.250.178.130:80 pagead2.googlesyndication.com tcp
IT 157.240.203.2:80 connect.facebook.net tcp
IT 157.240.203.2:80 connect.facebook.net tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 static.domainesia.com udp
US 104.26.14.183:443 static.domainesia.com tcp
US 104.26.14.183:443 static.domainesia.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
FR 142.250.178.138:443 translate.googleapis.com tcp
FR 142.250.178.138:443 translate.googleapis.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 www5.cbox.ws udp
US 8.8.8.8:53 i846.photobucket.com udp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
DE 195.201.153.71:80 www5.cbox.ws tcp
DE 195.201.153.71:80 www5.cbox.ws tcp
FR 3.165.113.116:80 i846.photobucket.com tcp
FR 3.165.113.116:80 i846.photobucket.com tcp
FR 3.165.113.116:443 i846.photobucket.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 142.4.219.198:443 s4.histats.com tcp
CA 142.4.219.198:443 s4.histats.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 www.facebook.net udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
US 104.20.2.69:443 s10.histats.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.10:80 e.dtscout.com tcp
US 141.101.120.10:80 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.135.99:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
CA 142.4.219.198:443 s4.histats.com tcp
CA 142.4.219.198:443 s4.histats.com tcp
US 8.8.8.8:53 dtsedge.com udp
US 104.21.14.49:443 dtsedge.com tcp
US 104.21.14.49:443 dtsedge.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2656-0-0x0000000074C40000-0x0000000074CB1000-memory.dmp

memory/2656-1-0x0000000074BC0000-0x0000000074C31000-memory.dmp

memory/2656-4-0x0000000074CAB000-0x0000000074CAC000-memory.dmp

memory/2656-3-0x0000000074C40000-0x0000000074CB1000-memory.dmp

memory/2656-2-0x0000000074C30000-0x0000000074CA1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 527a5ac66c4f5929c4e4948c37fdfd40
SHA1 42840645301a1f29ef707964be0bde19fd1c9d14
SHA256 441c5ec8d9c116b656403e62d63f31b692e4c88e709b4b84f078d283441d96b1
SHA512 2aecb0595e38f076a24a693ab4feb1edbbd2cd38e2478203bdd479e25559bab13473595354d29b42f48df63508cb19a13dfdd91dcecf31c586181517b979a0db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 16ebacd5ac9fb7c5dba9dcce645ec8eb
SHA1 748733be57ef8e6854fff3defdccd40d379a7557
SHA256 185598bf4b2b1a079393558f46eda2995421e2018e3895f91880988d1f32d93e
SHA512 3b64fecc20a44cd89718a12ecacf689322d63a1433e13a3ba070950b371f7e97a43093ada9ed93e3dd3c1f5eca491780d789b35da744d249fda17a16767cf45c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b8d256db3bfc9b4609a9baa88b0ad191
SHA1 b3e3eda04e914e9eef35d8c7c0fd65baeb07d542
SHA256 7bb8799939cdbe2015b3e602cbfaa9e8b2ec9ba8e4a65dc57ac2cfaec81102c8
SHA512 15ad283b34c24e173d6c220603992ba5bbbf524f9246cede4f9b5b5da50359a6a4279a9d1c893417397414e72fce465ccee45f13201638821647bff11135d550

C:\Users\Admin\AppData\Local\Temp\Cab1400.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1412.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 884a2cac6f7ff847ae7602b923d87738
SHA1 1c7ec35e73ac27462078ebc05662b4058f3f5dfe
SHA256 115eaaf8f319a22c4c0ef91e0483ec3eb9ecbd2838e879a185febaa1d34ecbaf
SHA512 50b25631506bd3337142bc222ceadd7add544491805ca768d40f2e31aac90e409bed5ba0b206a876a4fbb9e45f2674b607bd738e700c32ce4821d84453f639e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1a6f6398cd8896a8982ecd493f876dac
SHA1 48a70c874b51c487692bb0b27132736e7801c34e
SHA256 263085c3b71e5ee12d2739a80f6f84194c3cf6171006ddcc78ae1b9e11284ed3
SHA512 b75b61d2c48e447b30e9fecf5d692566e66d44f58d10840e3b05318866d5b03fe71b6858125cd3925de796be30f2eeb33b8e8d14397de937a9df2de176bc1294

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 245441e2d9c7b1bbdf556f605afd20f9
SHA1 d7c7f786d111d1781d059d855f4bce4535f04426
SHA256 b11b6b6347a1fe5e95a1d3ed6c80207ce0e23d21761636d5b534d8bbb67e96e1
SHA512 78d20df19c8ba3d66990aeb0802931944968870f1e2042c92e4d1d5667cc3e40386bb45e6e26942771c817e52a5c8a20f2495443a449fa98772310da19e0445a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 90f1d7333b876199d890f968e4c9279c
SHA1 400fa8e2515663e24d2103ee62235908eb467d5d
SHA256 6642a8f5995578a3a6dd2402e7878ab2324777a879084ad35407de903678160a
SHA512 fba3e1ddf9bcd662d9024931300b341399fc5c06ab0531c72ae887556954e5f6311beb8032a6614f358bb4dd4f15176eab43d1e58ef5c6c791e1eb29f75ca201

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 111a8dc16a3b53c769de184a58d39307
SHA1 7ea3bd58ac8cbbe71180380a70d6d9d3dce392ac
SHA256 e06268c487dc1addcc3fa994a875a9c665ca695638a8fcdda1a95334b201035f
SHA512 44a2fc6a0b029c37d303aa4d2e47d485ddd387fec1aadeb9b6ff94dc0c484a35f4b3cea94ae9453a27bb3af7e22e6f27f53e7c72e478382d1dbb2b72ef4963b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 77827a1e299de3d8ab50b491c6c08afe
SHA1 939d972a10e83cd38c9f03c59a47d94ac0fa7728
SHA256 644a3bce5ae954f33c937f4be0defd26f655e1325cac9e0d51befe5f3d1a1243
SHA512 471b264d5f40da69574042901606fa33939f946c58bf226dd7af141475dac436552dc1c3fc00cb0ee96d2973720baf5a13ec429f06fbaff00799f443e27a11f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b8779c2715e6fe53c7e351b8768f45a
SHA1 8e8893458e2201f8d0e93bf60d55fec32520b27d
SHA256 5928c7ac7cd6918c0c6439fe120b90516dd997f71aaca753aa5bbe628d7606f5
SHA512 92fe7a0a4886a5c607c008ca513d263a8ba144e0f8dc92708a03862621cc7e03900840ec66988cdc2101d938395493387bf6598b8dc9bb0b9377084bab9d2466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 3bc068bb8d73898602f4373715fb396d
SHA1 4e947d8e4ee34c705470a62a7c1aa83418665d3d
SHA256 12c807fa47bbe3eb2e963d455aae661ed23ad1c5bc2ef31c8303c8103a24d745
SHA512 023cae293a6588cbdf8b59e802f7578eeb516bee80e58e28f78ecca496bee886e58720c92bc41eb41427bff93696ba2899f16f8d53254eb9c4657ab3dc89fd91

memory/2656-507-0x0000000074C40000-0x0000000074CB1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a62410397785408c771558c88fecb4
SHA1 b8f624e40fd163c67a7554a938de90bb33efc281
SHA256 21a19a28e825d6bf953aa3e5d0828bb90c4944f8799bb86d6fe4cdec854553bc
SHA512 10356ca6ab5cbc36cd1fd989ff62f5adcf27837fa9b644fd224622c8ee7bb00c685fce85859f8a4a3be1f1ee95ceee4b6505c2a748002962b94bf61c5b877de7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 eee631c5d08d5e000e5618314d49218f
SHA1 4a1bbe4f5bb3c6044999af6ff0cce78159017374
SHA256 e6b74327de738e85eaf915d4bcb623b5adadbde4dbe42704da50ba2cafc53842
SHA512 a76b22741ec03c6d79ceddb7100d21c096164300db84ee9b6fd6c95f6a4dba6aff9b2e61b10b4c79845f4aa0085b2649936233cf3d5f4d05eb485f66a611447d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f5fd92b98d3911158e9da3ce1da28ab
SHA1 6ca2da8612f4866cfc346a596bb38d5aab6b75f1
SHA256 5272505b5a223c61cd3aa82cdc98adc7e3d2169e68f85ea6c33bdbe0eb0bcc6c
SHA512 39a21b1c77532154cf0db80938243b6e6e1b210f19457ad5e1a73266a4d05c9ea127608f44ceb60a59d70f324db6cf73ed2d2a6817390e2dbb183ea21a1b8026

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c86033fc3cecf8fff03d69c409738366
SHA1 724ef3e5104e070e2d9723bfd71ebf29cd6ec0b2
SHA256 9e1beb8a43e909dff6226cbf84a6e67aa6cfa9b3a2f6386424fb39a8f09cc77b
SHA512 22406845f0f220f4b0175ab49e92afecca45903d16632011a72c806d6756e35a774f4718a6fbb946564576823bbbc48fc95f3daf7c46e41301e9397e5ac0cf89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfb91d359b4162cf4ac9e1f36331c740
SHA1 89e19d7bbd10cd049ac00974f1f736a8ee4ae7ff
SHA256 0c9bdb2d27da52e355f02008ba00206a928524fe8f2cfe7aa7f6e0a083a300bc
SHA512 ff72fe31281903e16881a0e47365aef7d37c048e6d697f7581e60c3d101e17f7aad6a5c4ba737d33ef208871992219138a147fc83c8b739f036f4ae915264ed1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f27d59db165ef0dbffb8542c758515d
SHA1 f7abf6e90c2289e9299752a558e9f0db830ad4f1
SHA256 76603b8f2f65455089f2c0807780e7b2b084cb04a4a6e932d1dc67f211ddf66b
SHA512 ff0b973690f7d506bf825081e423182df7053ab43c164449e794ff9647ae399ac02bf7f6c3a7777034152f4bad650710223d04fd345d3f8b51a9f02449c15a29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 9d44e66b13c3237b1bd729ea2850006d
SHA1 eec692dfecf5272ebb9595e49172d8d4d749bee2
SHA256 5b2e1bff84e7fa9432c1a63be8885e3736d733796758ea5d86179e1167bff8a4
SHA512 b7e0bbd909ec5fe7aeae52ce9ab217370743be1bf1867540e7c9ed5415211fac8dd4f95fb08c9fc4f46bba0d9b51a0dfbc833f7d56776120de06088192f135f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 738032857b0b2616d8894e6d1c281633
SHA1 11f8fb2c9367fc5d8349d087450c6d26b495f37c
SHA256 c7a273695157bb2b246548d5f520881a9aad8b85bf921bab8e749e4440a8e6c9
SHA512 8e21a0056280017b01e5668f827e160648d1a4558b3e2b0cf6025a439e546d2670becb786bc1e9ebb27e283dd00041c82644ac7f020481bfa18ca079b8249f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 ec7e9763224718ca381a21d298cc9452
SHA1 ab4491295bb3d6fd2116454bf8380c171d45dca4
SHA256 ae4fdc9859e0c1b4b9d9df9b5ad7f2528409b83cf0f933fcce181c3b397b0b12
SHA512 bf1e110ae759cbc5f5390d1da74c5a1de34cec38d2a6b8f800d89b722527d580c4a982c97950fd824fa98658dce75dfe745cc4b2bd504fd68169d71ae195607b

memory/2656-1314-0x0000000074CAB000-0x0000000074CAC000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 a808b0f6b4a5e7e08b4e1388a456b4a6
SHA1 5c276b5ad89767e302c1722483379a85e19ef536
SHA256 127d428097cd0aef50c7ad43ec91beeee05acff30083925680d06c1d520ef4db
SHA512 f228e52d4feeb359e446126bb62de350bfd463e9385c44b281623f9c10bfd854a67dca738c1f8bdd69a9c9eedf9c4846306fce30afb0347086b08201ea909bb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 2f20a9a4e98b9f88d00f06a8eb9cda73
SHA1 a88555ab70c306dac73d12b1f71eeca1bd70988b
SHA256 80fcefba04e3399f69dd0fa9b28f39156abb538bb4e7588d485a3065bd54875a
SHA512 5a4f82b897419e4e4378e75a958641af96f222ad78fee8783cab266c09c0239fc061c5d6002e2a9c878f52181a53ebd61e8d7e6d8562e19a1543383387e29f64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 1a164f437559f9e0148221743ed3f73b
SHA1 bfbd4ae311530e91558a9ac19fc5e8a3201ebd8e
SHA256 d3fd226512f62ae0901fc31831dcdf8cba5b63e2ef15a104f07b4e1641b79bf4
SHA512 abb20c78e557c2f74c75931c97dd6798213d1f7e484cf04ef23bffd834d8fc0bdc8f8d6e1b9a805f8c5a0af01c347c73e87589693741e00e8e8de520475c2822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 deff2ced2972a68fe968e6e54985d14a
SHA1 af86564807176e22cb89ee7d32acc0546963a5f5
SHA256 355899732d9dac428ed1388c14cf64486affe7a63ad67479b3112aa8d1b67ff4
SHA512 c8652fabd48b149c0fed62ca2e667a39687504e31a1750e3b9f0478c15bb71c6c05062544a889f73eeee2f2321c6939342ce3304c6feb7857414896b0bf57abe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 80c40880013e520f8dda709b2163cfed
SHA1 312cbcd0d3f5f64751e856c9699188fa398293af
SHA256 098386b76bddac82f83c0a03eb345a46bf66416870820f00d6d613d032de98e9
SHA512 e834f074b9542d31e3e2e75cba83dea2ec5b1fc4e49f566e9a99029463fcf3b323c513ce51bcc71cf2bf575f1430ab7fa72c9f26ec0afadace67e77b4fa17ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 6b1c04100febb096c9b4e97cc6044ca4
SHA1 928a74b416c3a76a6f1a324e0f59f2f35acb1086
SHA256 d67744774eac6bf2e3aa8ddb3bd5c027c8608c63b9a59d42941a49447e917f4b
SHA512 efe4d569ea2962eedbcbd066201abd3d82125b02f00023bf9cc100bc14af9d3b7966a5e0eda192272fee774181f280f175001379b3e0cd65fc61e4779fdf6089

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 96b91ea3fbf761670360a87b0b902df9
SHA1 6ea9f9062b626693adf2838c7fead213274414bf
SHA256 cd3a6796259993c6b6b53b2141f5cf608bc2ce4ff4cdefffe2b773419b8fe569
SHA512 57094288feadbb5d5698809b44556f6eb2271744c7cca58687d973fd3f1cf96c24a78b779a37666dc25643634c82103e36d2e6b815339dda6ae45c874851fde7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\bullseye-ani[1].gif

MD5 1373a6c5a4679f2e7fcf1d297de1ec4c
SHA1 68a2063bfc6f39c7f6a8969df8ce5e1567248db0
SHA256 e0159f058a71d2b65616d25ba35d93b1fd04fa379d947d5057a838db3a032e41
SHA512 5c8433f75f9f94d7bd91b1787b7475ff27f6d51d6de941bb0e4b6fce5e03a97970a3284e4c5e4bb58a13221804e73042a994d7d7c56b8ed8ec61d2fce3dcc0df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2089DVM9\usa-cheater.blogspot[1].xml

MD5 54dbb27e00d6486bcd36a6476240181d
SHA1 236611241cb0b2d0db526e5eb36b28392855193a
SHA256 e85f742bf40500b38dabd9a79c1f3473fb45ebd04d14ccbab43170a8d36c6cef
SHA512 ab68bef0cbe745bc45567669e7b9d1a1006cb9c21ac9aae08a4bca8e6343571a2f795583197695b6c35aa6e764707438185ed8b78b8c3dd9970f4c0a7f862318

memory/2656-1629-0x0000000074C30000-0x0000000074C38000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ae15d8c49a5804e196ca8bbe0ebbac1
SHA1 92ebf1130be07c05ab530a7e6ca73ebb98bd3596
SHA256 aab5d45bacc78e09b8405f39ac45a332f2526480a3191cdef0eaf3668416d5cd
SHA512 1a2c0b52ea0d0fee88019723ac5aaf833146eca8afcd2ee0565a247b2eab7db8ef4fdc6488b9569a68c358b988f61080b91870607b995c421d6f1fb918e8608b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b2b5d03ebf27c9d59926f8576b4213f
SHA1 08817aa6237f1c1dd89d801864b29136442ef119
SHA256 8735ae31af8851c031ac12164f83795dcd734632611361b4fa83551d694a2ae4
SHA512 dc0d3114de808385253351e77b98d8f9215c87cf1202a5ed123805b653c9aefd11661212278fc5f046db4e6ab548af128afb1cf311febee6037d6c9b31801c0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d75e44345e4fe40edfe7e8929a871f32
SHA1 eaa1ca28ed77e8f3bbc65065ad6257aa5991f0b2
SHA256 280ae4dd5d62a5761aeacf65636faef8ef50b55f955b3c302d4890c06b62476d
SHA512 b94736b5e26e5a026bab9c03be518add18766b20cdc51440d54594864835dc2b3484183d894bdf8bd2434b10b564359e6179d23252ab57ace4739f7435315cdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4caa67af89a5547c21a461672c50d3f
SHA1 36205868a4ed6fd3d3d9e28a4f2c9a1b6e8deb85
SHA256 423d533aa32b4171fa482c0f9fdb5a7383458c39314c04c3cc64408e5f1c2877
SHA512 db6cd1dd24e137eb9714b2b8c800d7c11203abdbb3153b8743b7725820de1e7015aefa5e11f100ccb93c8cfdd398cc266bf2263b9761dd9a984982a9da051bbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b246a14394f2b352ed360215b2b38868
SHA1 6af065ab1eeb3a897a2ebb31ace2b29a89fe499d
SHA256 5916bb0bb222ec21c45a3e25afd2f9027aed09006f78bd1036957e887c8de304
SHA512 75f608d88cdde8ca3ac00b703e3d63821453415d8cfc332358e6d36b9a210a4655d3df2d7c879b4ec131e13b237ff48d973c62a2fe9cb1013dce1180c27f2956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6931c586de45e1a2aca589e5944412b1
SHA1 9344313a866cc0b8d44ee8cd075d8b51ade33a46
SHA256 46c8592aa47da3acdd87dec73786af39a3291e88fba2bc884eaf65fd8d90befd
SHA512 c131dd793a1113152e7e377fff2d66281a9139d4808640292195265e5c631c202da7445eada89419952ccd42ff8bf9ed588d06f7b97de0c172188d0b097873a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bd96b98223780d8a5dfc2a8674a1192
SHA1 59c27b80be91ce9b30a656abbc97374055dd0770
SHA256 f975e038b18909ab083aa02acf0a853e70b1476be80cca4c47314ca4e532bb0e
SHA512 fff0932f552232abe2fcb00008dcf236fcf70f93d8faed6dd132e3ea3773a96236fe7514542923111b7d26f367b7da12ed0ea7af8262ffe021ac83e8926308ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eed53a60d261a200408ea07e66bf39c1
SHA1 9eb53a5e815f190e66115af76b2e0c16d0599073
SHA256 6cbd5713e3483cf0c687082fff42e0c1a6803f176718e96fad534c94de5613de
SHA512 36522179eeefbc739b041fa48666dfdfd95512377f4c4ca4322c9fcc9d2f051e2fb82f7533ff63443ddcc16d56532ca7330082a669acdaafabdb457d8e709786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 64db0af0616938d1205978254b1e4822
SHA1 4b48afd5b144382cee53b6e8c7202b1cde312f6e
SHA256 311f34a9877006734ccb8ff444f7e01eb3789a565e5e7a4b9f230b4b99e5b5bd
SHA512 7e98c0628333174add21f77895d0e4aa31956a4e0106d0270bdf37ff30878b3acab929e8c0418676f648ed6346cef0375353d7e7007a1858edf771051622ad83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b69eac97cea7e6d249de26aa1faad44e
SHA1 9b715ab1ba05b2c13bb46a9cdb54bfd89b3d0c37
SHA256 585af3c5c90ffbbec6875fdd076c8f30b6829834600192496dfca626060ea9f7
SHA512 34ee9540bc2db42614630ef77dc5c766b73ac9b9d5d9fa92b57d2bc6257055387a88a6545aea69dfa9fc4cb0fed49df2567cf4d43d9c9e54ea519859d9861d4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34e02a2a274dc8ba2e5d8482557cd014
SHA1 2d9b5f35e40959fd64011ed36fbd1b744758448f
SHA256 bc4a046cbd6806c36bfe63c50fffaced7d8cc70716ac931d0056b8f999a4918e
SHA512 91b7d8d7c4dc150096d76ff51495c71650ac8f7f3eb82a2e6df17d9225150a5395994f39d3f27eb0e09350e2ad9129411e483b64bf7ec1c88d88357114330caf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 777aa3e6af11b56c68030aa503ccc31b
SHA1 57d24aa500dcded5ab3cdde20beea2e4b31ef19f
SHA256 23b67df7a5f75404063d154a40e2cf13669db35c982ab099d4979c4627e3c368
SHA512 c326f36a4fe214e6384eda70f7c6e10cb8df0958f3ccd8d416090a316437e76e41b49725955f6d3f39d25fb286a66af0e5ce1d56e239c0a0038111aa7ee5708e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 13:53

Reported

2024-12-15 13:56

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

154s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5080 wrote to memory of 2940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5080 wrote to memory of 2940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5080 wrote to memory of 2940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2940 wrote to memory of 2688 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2940 wrote to memory of 2688 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2940 wrote to memory of 2688 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\cmd.exe
PID 2688 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2688 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 916 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44cee38b8aff02dadaaddf3ff652c9c_JaffaCakes118.dll,#1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c start http://usa-cheater.blogspot.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://usa-cheater.blogspot.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcd6b546f8,0x7ffcd6b54708,0x7ffcd6b54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c start http://usa-cheater.blogspot.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://usa-cheater.blogspot.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ffcd6b546f8,0x7ffcd6b54708,0x7ffcd6b54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16378590559110413479,10020752096817989854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.d00966.com udp
US 8.8.8.8:53 usa-cheater.blogspot.com udp
FR 216.58.213.65:80 usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 usa-cheater.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.214.170:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
US 8.8.8.8:53 masyhury.web.id udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
ID 103.157.146.122:80 masyhury.web.id tcp
ID 103.157.146.122:80 masyhury.web.id tcp
US 8.8.8.8:53 www.widgeo.net udp
US 172.67.69.193:80 www.widgeo.net tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 122.146.157.103.in-addr.arpa udp
US 8.8.8.8:53 dickeymaru.googlecode.com udp
US 8.8.8.8:53 hacktohack.forumid.net udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.102.82:80 dickeymaru.googlecode.com tcp
US 8.8.8.8:53 h2.flashvortex.com udp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.179.78:80 translate.google.com tcp
US 8.8.8.8:53 vicahya.googlecode.com udp
ID 36.50.77.66:80 kumpulblogger.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
FR 142.250.179.78:443 translate.google.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 www.usa-cheater.blogspot.com udp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
US 8.8.8.8:53 193.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
FR 216.58.213.65:80 www.usa-cheater.blogspot.com tcp
NL 142.250.102.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 a285396e.linkbucks.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 adf.ly udp
US 8.8.8.8:53 static.domainesia.com udp
US 8.8.8.8:53 s05.flagcounter.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.sharebeast.com udp
US 172.67.70.200:443 static.domainesia.com tcp
US 172.67.70.200:443 static.domainesia.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
US 172.67.70.200:443 static.domainesia.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 zfpmenu.googlecode.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
FR 216.58.214.169:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 200.70.67.172.in-addr.arpa udp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 8.8.8.8:53 c.gigcount.com udp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
US 34.226.101.193:80 www.reverbnation.com tcp
US 8.8.8.8:53 free.grisoft.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 us.mcafee.com udp
FR 142.250.178.130:80 www.googleadservices.com tcp
US 8.8.8.8:53 www.avira.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 www.bullguard.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.101.226.34.in-addr.arpa udp
US 8.8.8.8:53 www5.cbox.ws udp
US 8.8.8.8:53 www.clamav.net udp
US 8.8.8.8:53 www.eset.com udp
US 34.226.101.193:443 www.reverbnation.com tcp
US 8.8.8.8:53 downloads.totallyfreecursors.com udp
US 8.8.8.8:53 www.alexa.com udp
DE 195.201.153.71:80 www5.cbox.ws tcp
DE 195.201.153.71:80 www5.cbox.ws tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.oktri.co.cc udp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 8.8.8.8:53 www.f-secure.com udp
US 8.8.8.8:53 www.kaspersky.com udp
FR 142.250.74.226:80 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.netqin.com udp
US 8.8.8.8:53 www.pandasecurity.com udp
US 8.8.8.8:53 www.smobilesystems.com udp
US 8.8.8.8:53 www.symantec.com udp
US 8.8.8.8:53 img209.imageshack.us udp
US 8.8.8.8:53 www.cbox.ws udp
US 38.99.77.17:80 img209.imageshack.us tcp
US 8.8.8.8:53 www.trendmicro.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.153.201.195.in-addr.arpa udp
US 8.8.8.8:53 226.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 142.250.178.129:80 lh6.ggpht.com tcp
US 8.8.8.8:53 i1107.photobucket.com udp
US 8.8.8.8:53 i634.photobucket.com udp
FR 3.165.113.31:80 i634.photobucket.com tcp
FR 3.165.113.12:80 i634.photobucket.com tcp
FR 3.165.113.31:443 i634.photobucket.com tcp
FR 3.165.113.12:443 i634.photobucket.com tcp
US 8.8.8.8:53 b.scorecardresearch.com udp
FR 13.249.9.34:80 b.scorecardresearch.com tcp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
US 206.221.176.133:80 s05.flagcounter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.150.117:80 www.mediafire.com tcp
US 8.8.8.8:53 i260.photobucket.com udp
FR 3.165.113.12:80 i260.photobucket.com tcp
US 8.8.8.8:53 34.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 117.150.17.104.in-addr.arpa udp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
FR 3.165.113.12:80 i260.photobucket.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 i1042.photobucket.com udp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 3.165.113.31:80 i1042.photobucket.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 translate.google.com udp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:80 connect.facebook.net tcp
FR 142.250.179.78:443 translate.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 translate.googleapis.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com udp
FR 142.250.201.170:443 translate.googleapis.com tcp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
IT 157.240.203.2:443 connect.facebook.net tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 www.facebook.net udp
US 104.20.2.69:80 s10.histats.com tcp
US 8.8.8.8:53 i846.photobucket.com udp
FR 3.165.113.12:80 i846.photobucket.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.2.20.104.in-addr.arpa udp
CA 149.56.240.132:443 s4.histats.com tcp
US 104.20.2.69:443 s10.histats.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.10:80 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 132.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 142.250.102.82:80 zfpmenu.googlecode.com tcp
US 8.8.8.8:53 fthemes.com udp
US 8.8.8.8:53 www.bloggertipandtrick.net udp
US 8.8.8.8:53 www.couponwow.com udp
US 8.8.8.8:53 www.premiumbloggertemplates.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
FR 142.250.201.170:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
CA 149.56.240.132:443 s4.histats.com tcp
FR 216.58.214.169:443 img1.blogblog.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/2940-0-0x0000000075490000-0x0000000075501000-memory.dmp

memory/2940-2-0x0000000075490000-0x0000000075501000-memory.dmp

memory/2940-4-0x0000000007070000-0x0000000007071000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_916_MJMKRJVSSGUPYVSB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f684e3db9a026334a322e1b96dcccbc2
SHA1 e5d31661150c4cfd157492d273d75934076af635
SHA256 cf7d0b31dcb44c27a9fcd7a5685d951cf6dc8c99bb30d346c99866a0ec6a5c84
SHA512 30943423ab30939069357c06797f8d2ce4305960edc1ed56cef2771725ac2811c54e0052b9413f764b3b99d393bacf2a2eff768d965d89ca890008762ccda9b7

memory/2940-36-0x0000000075490000-0x0000000075501000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 504c509e7ccec111dcb2a0736c9a5ba8
SHA1 6af2353a0d05f0c7ba50f0f93d90c241cf89c146
SHA256 27129ac0d6cfe983d48b122664cc88738ca59225d8d352486d680d926e92614a
SHA512 3ee36476c101cc14f23089435038575fd2a86100d2b88afb061728e84d9faa428eef8a81a71c86992096f4b7bd3c0aabf5d0867766351eb1466306459d1d0eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 52fbc590d85f7cd9704d95084c450d5a
SHA1 d6409ac1bd333946fbefaf753c050d1f3540ebcb
SHA256 552b39d882d8800c64ed53a9015aba5ecf846f42e7a1084a29b7287dd91152da
SHA512 223c407246a20bccc306a96c3fe30e06e0e3a86115a3b1ecadbb98ab9b4face99c72fc10281e2e33d89e5302823667f655fc1dd9d0c81e1f7a0850e590f29562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6ddfe2db9427550cb41dc73d9d619f5
SHA1 8260f0f76e12d9c302ec3687992d86d2a10855d3
SHA256 79aebe0a70adc886a4bf59196c27077cf6192aaf6faa1a3c32468df4ce350401
SHA512 6ddc4e29b5ca30597e9d66cc1fc54bd6de27a060254db9cec527004febe6055eaf4f0396d98582d50289651f24dcb5697ef5e678c1202e46e523f68f2e238969

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 4e1a7edbbef5dce98faf8f4c146eeef1
SHA1 8633e36f7ca391c4588a4e6dba5516516ac2271e
SHA256 83d530c54487b746a57d2ef71a0fa057969096673d46976e190b8723b7e0fab6
SHA512 85d406d96ba3950ac4c9506bd6f9e6699b46c114ba4edd8edacb13ffc1600500b62183409bfda3a7299d5fe9a35d668741321a71dead9745ef5f02d0e413f91a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9bd1344d2bed96442eb093197e5c2d74
SHA1 d0b87a0a0df78e478e80c00394b09bfe6d6b3f23
SHA256 c7a964244ce8f4ce692c368fc6b3cefd6950333c719df2bce5050376fa1d2157
SHA512 5a56ea9c66018c592b164ad16af4bdf0204cc98671459a5bbe95223003ddc430d25e8b84cf501297dbc01b780ff091bf8ed945027579dea04a0b7d43b2a180eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 819361a899d6acd2a88c7fb4777cf3e7
SHA1 3bc1a7f5e7277e3f4a2841465d3674b173123e91
SHA256 9468074b073ccc407427090d60742f092156268ea73fd6baa0d41b3480ac5695
SHA512 1f5ffa2e1510ff7fb2e0fde2275f15af63de1190c4ec5dc7f6c131d4797ccaebb6e1d24ec89f19fd6bdf2ad3e99a9c4ba3305a5259d492860f7443a8ad159223

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 462410f4817e5551cc0c05a3dd27279a
SHA1 c78c02d118ebf6aedd021e6f257a94c7da457722
SHA256 3c5ef84d600c7ed6f26012ebfb6e70617297fbfbefc657112fe00356158a88ae
SHA512 e663ff185bb932911f8d50e3c3d62c5332ced6993297de8c42736102ad6e3267966e3f0e43927d27a79414ec1a9226682442ed4302e9fdd3e44c74233fff0bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 616a8b6bcd79a4957d57808d55a70ea4
SHA1 496132be5f08183bcf73b569d27ff19a4a1aea21
SHA256 a87709f8dbb05ff8996262ba9ebde823fbc5c667edf36675419bf234792dad87
SHA512 27af28b8aa757a83e5c0eb8d92dbbab0f4b91e49639ffd2d8c7e8e592d461ae03b774767ebf3225df3e4c87834edb6d42f77688ef070178542ea17f6f7024e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff783c1e-197d-497d-be04-b259e3b0bc4a.tmp

MD5 5c6706b30a0ea6e2dddeab971d1dfed3
SHA1 ee063ce72fb8222f9db2f4c1d0ae4fa72d054592
SHA256 5fcb8f64223a2595555208be19418a1c193785c9146e911a2def87c2a352b3f2
SHA512 1d3586f09811aa665b00ec48e436b76eeeb02069bda7459a550973d48e7854c72dd5b8ee4d00c656d43ef58f37c00a4813fd147bf59e4f2f2ab9d6fd0f1695ab