Malware Analysis Report

2025-04-03 14:26

Sample ID 241218-phmmxaymas
Target fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118
SHA256 7a4038ceb92b5228a75fae5780f555fdcdb98d4864922db798e47bbd5fbe4675
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a4038ceb92b5228a75fae5780f555fdcdb98d4864922db798e47bbd5fbe4675

Threat Level: Known bad

The file fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-18 12:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-18 12:19

Reported

2024-12-18 12:22

Platform

win7-20240903-en

Max time kernel

134s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90add03f4751db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e4850412af7c4e92814be64ee1f101000000000200000000001066000000010000200000005d388cc427b8abe52b24d7255f9c60c3b6efde1a7c23ff820ba572566e407c4d000000000e80000000020000200000001fd74f22b05d5b4cd9cc6e8594f86f12a42be9fd3d311cea4efcd76831cb366c900000007a5f6cf701f2e014afde4727939c5dff7f5ee4979639e5e1721b09329429c454cded0c0209b6645400a110113110a1ee95c60977cf8f25ea17462ed60a8e93722e3b42ecb180b00a802307dcb5e7c608436a16f7495c000dc906279e0099c153d8203a5a3850ef4430b6b53b43206b1d1022aba81682805e562b94406ae072ae6784ecb15fa89cc459910988a4183c1a40000000216489a16a6ba3262590f0b340b9b7c92360473e522a2dfcf2ae676b3f336acb43cecd0ea4617dea998647377b63ad112a7e203a2565a411f9318fe551f9d8d4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440686262" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e4850412af7c4e92814be64ee1f10100000000020000000000106600000001000020000000f6f809f601c20eabf825992a0e8dcb8f9b0d1bc73a95e1088d951a7939d508a0000000000e8000000002000020000000c290133ba62ad75d117c6e7149c3b6632bd7c9302811aa9a0ac458e5f3148ef220000000750b7e90627e02cfac287297ec95de939e0be3638be6a54f3f40c8854a0befd540000000c9623facc08ab16a28c4f28394c99e744f986157a54fbcc9557890cd51e5d8bbb9fd4e8634e96c9a42dee23e79eefa24f337d3c71519fc953b95b8bbaade8ede C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{634DCA51-BD3A-11EF-948A-7A9F8CACAEA3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.adf.ly udp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 172.66.40.139:80 cdn.adf.ly tcp
US 172.66.40.139:80 cdn.adf.ly tcp
US 172.66.40.139:443 cdn.adf.ly tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 scr.kliksaya.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ps3media.ign.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 tag.tlvmedia.com udp
FR 134.119.176.21:80 scr.kliksaya.com tcp
FR 134.119.176.21:80 scr.kliksaya.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 172.217.20.163:80 fonts.gstatic.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 cse.google.com udp
FR 172.217.20.174:443 cse.google.com tcp
FR 172.217.20.174:443 cse.google.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.mibats.net udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
FR 216.58.214.169:80 img2.blogblog.com tcp
FR 216.58.214.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
FR 172.217.20.164:443 www.google.com tcp
IE 31.13.73.22:80 connect.facebook.net tcp
IE 31.13.73.22:80 connect.facebook.net tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
IE 31.13.73.22:443 connect.facebook.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.alexa.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 34.236.60.79:80 www.alexa.com tcp
US 34.236.60.79:80 www.alexa.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
FR 216.58.214.78:80 feeds.feedburner.com tcp
FR 216.58.214.78:80 feeds.feedburner.com tcp
US 8.8.8.8:53 i1095.photobucket.com udp
GB 3.162.20.109:80 i1095.photobucket.com tcp
GB 3.162.20.109:80 i1095.photobucket.com tcp
US 8.8.8.8:53 www.w3-directory.com udp
US 8.8.8.8:53 widgets.tcimg.com udp
US 8.8.8.8:53 www.webstatsdomain.com udp
US 8.8.8.8:53 xslt.alexa.com udp
FR 77.87.110.40:80 www.w3-directory.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 46.229.169.130:80 www.webstatsdomain.com tcp
US 46.229.169.130:80 www.webstatsdomain.com tcp
US 8.8.8.8:53 www.indobacklinks.com udp
GB 3.162.20.109:443 i1095.photobucket.com tcp
US 46.229.169.130:80 www.webstatsdomain.com tcp
US 8.8.8.8:53 www.ping-fast.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 craftkeys.com udp
US 8.8.8.8:53 m.webstatsdomain.net udp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 8.8.8.8:53 www.webstatsdomain.net udp
US 8.8.8.8:53 www.scrubtheweb.com udp
GB 3.162.20.109:443 i1095.photobucket.com tcp
US 8.8.8.8:53 s10.histats.com udp
DE 162.55.172.212:80 stats.topofblogs.com tcp
DE 162.55.172.212:80 stats.topofblogs.com tcp
US 104.21.54.72:80 www.ping-fast.com tcp
US 104.21.54.72:80 www.ping-fast.com tcp
US 34.236.60.79:443 www.alexa.com tcp
NL 190.2.139.23:80 www.indobacklinks.com tcp
NL 190.2.139.23:80 www.indobacklinks.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 76.223.54.146:80 craftkeys.com tcp
US 76.223.54.146:80 craftkeys.com tcp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 104.21.54.72:443 www.ping-fast.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.webstatsdomain.org udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 46.229.169.130:80 www.webstatsdomain.org tcp
US 46.229.169.130:80 www.webstatsdomain.org tcp
US 46.229.169.130:80 www.webstatsdomain.org tcp
US 46.229.169.130:80 www.webstatsdomain.org tcp
US 8.8.8.8:53 m.webstatsdomain.org udp
US 46.229.169.130:80 m.webstatsdomain.org tcp
US 46.229.169.130:80 m.webstatsdomain.org tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 webstatsdomain.org udp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
GB 88.221.134.137:80 r11.o.lencr.org tcp
GB 88.221.134.137:80 r11.o.lencr.org tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 104.20.3.69:443 s10.histats.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 statinside.com udp
US 104.21.57.149:443 statinside.com tcp
US 104.21.57.149:443 statinside.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 lh4.foogleusercontent.com udp
US 8.8.8.8:53 lh3.gongleusercontent.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 55b982369dbc97dea06cb89e59d53c4c
SHA1 addae69190617345dd411403039ed1da1802bfd0
SHA256 aee439fb2aa2cfe1c1015a2669c1408054777711325a464f451af64f5469c071
SHA512 d48cecd33343f250f73a48eef02f2aacba5e94943faa6ceba3cb9d1b4fa5eeeaf7d93790ab60bd99448bc7468d7fe6dc891af285007ff60d895118af15f61988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 418a90e43ddfba15f4771a4baa56c0f0
SHA1 74be932f36117524b825521a03adc46aef0716cd
SHA256 703722edac9ed2be20d046574a2e959910717f6fe161d80c8d22e4330f9b45f0
SHA512 5b6a91431aed52f58861bf3dc0a079de4ccd5845e5c771f2d393d9017352dc27725a8daf99e770f05d5bfeb18a33ed4eca7091c9ac35ad675a5bd4e3cc828eb5

C:\Users\Admin\AppData\Local\Temp\Cab9713.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar97A3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\cb=gapi[1].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46441e2a954bcb804301cdec5495976d
SHA1 11a37184dc29e0c36d029f070f440916e68d6a14
SHA256 4784ed4ae1fbe034bbf8ddaed833a88ee5ce13785bfd3a2634c7cdbfd03cdafb
SHA512 537b622e73bfa2865c106de61b0c1dca6cb5514d7aa944bc0cb6e405d57f2b578f310276f4da1adb8b2525f9916d385184fc2461f496a1403e3cdb36d2c645c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\www.mibats[1].htm

MD5 55ddfe7044cf0f3a257edb0ddeb20fb5
SHA1 8998d4bf7cf3fcda93986d8451ac35410a840cd8
SHA256 3e11dd6b24715dd0503dcf35302d987848f748ec38c686b8a11e575a12b6b254
SHA512 fb87c0836990c58f689ccf5274f39a6bb62a168bc0d31e6f512ff363884891e8fb9e826e38ff238d72e147af70ed67d4b22b8814d2d776baa2979d3b0cca6961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2869e656b8b004c6d958c9ecf5c5d0fa
SHA1 34bc1b1385d0dc8ef1742c0eeb07f50995dce285
SHA256 1df3179878e92f4f0d321a20aaa88a70983c734ab855309ac3186d123c3d325a
SHA512 c1c341d8ca4ec696eabc4fd4d7f863a0343b3f86283061a3bb1b038ef1e21a03f1d57ea4842960dfb24420500dcfb2f9c264d8a7278823af2734a734371bd1f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 4ea281fc6041368ce36afa4acec6a826
SHA1 3841c154988fa5cfa5fa9b9e3a8f226eba951349
SHA256 96ec0a65f429d22408b9191fdef9f419e1142e975f19782869dff8e774f3cdcb
SHA512 ac544e5f151d0bf5a6486d851705efeda7e8dd4e97bd4a4b58215d2855f2ed0f37c2c8689ac39900981d6b3def9688908f70cafcf4eff30b5ea5c592fda2255b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5096fdea501939e50c5d64e6f07095fa
SHA1 e09958c834a8540f420c4cd61b8ab78b3f6fbf0d
SHA256 cd1f18991285a6b81370f91655c6e41b70a194b33bda589551c56c327a6c0751
SHA512 6f23e2c247debf4488ad7e34aaa10810f96454fb6d1dd351d6677ee03d1882242d79faecb241c1164ebc943c15b9894957c1a6dd0765ca8bf83b7565ab9a7fc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef7c7668c3aefb7686e85723058a8415
SHA1 40cc1026a823def424c4ffba785f9dcd944237fb
SHA256 3185214a276edab68431ced721161734d5d222089ad8d5da883065d0018b16d5
SHA512 21fb7b61e549361b03191c72d507b4a34c160425d31bbb796f502b5afa1fd41e85d411a46959864d383c6567596b984bd4c61e1ca865ea2f6cf8769c28bcdc9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6411086ba4263039af776a1fb2e7941a
SHA1 9345091508c380d6df03ea4ecc04a8b89d8d6bcd
SHA256 50478d154a2b072b6dcd9a008d3343d459b6f83ba070ab7705e960a60b31a2c8
SHA512 96b0e374da0031a76a721d4ff10de864d5cf1cfedf124b4e7d40b7fb1b5ed17d606190dfe0a8668247f8eed2bde81b6bdc247bfd899c567c7f8cb70085912fd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbf193cf4f09d005983482f7eaff3f66
SHA1 d79c6b873a39d922127e08323009f8ba380424a5
SHA256 edd2be54026fa205062f0ffe77532059cecf58c6a53a3c386121819200773b9c
SHA512 d088179d29f33c5e6fcab9e4495d7e14b3b6e707e559e0e1acddd02912a3163cf29a18b455e60db6e9083613c9e560ee20d4eabdd8e9217aa5fb885c370c7353

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db7c8f6c825b52afd5d7c9f0140dd2fd
SHA1 495e67b7a176e1a0c87e8d63a3cf66697eb2cc2e
SHA256 619cc0951ca1f2dd8a9e60062ca81a4cd0ff30b5177fb3ebe3b91383ca9d16ad
SHA512 a2c4261ee0e7fa964393b7723ab32fc5bde2583a7f1730ef5256782d1c998b3e0ee666e5aca32ccea966f4a5c2ef4d4984d09b6ddb55ee1a34857ea0ac040fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f3983811bb5aca470fe3e6a3d53304f
SHA1 3156819638baf04a4bc9ac835421e32e6307d8cf
SHA256 adf848d03feaedf11fb4c4ba48e12f3577eac33e8f5f27ee653ecc8654e58be4
SHA512 d3461b16cf581f56de920392a49d0f0153801e24d9e1b3e600af12207656977845b7f29d248a0f2302b713075c9618527f9cc842c009bf8677d9a2da9e83ae9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d665c796cb93393f132b77ea7fe8df8a
SHA1 949797c585aa237ce5825186e9deb019def14eda
SHA256 8b50f68a00800dfb9b8e651db3c4c007b9aacce0f3ff4cdad6dfaf7c5930cae5
SHA512 706b4ceeeda4d3d1e745d9e6a1ae4589d33c53284930d49e82786be7c0fd4e3dd21d27a8bc51e2115b231fd329d392ac329f488d13f660592d189af7509b334e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99943349a72830cd7c6c4393fd18a31c
SHA1 b8a57643f5f91cffa26f982c617b8647df88fa44
SHA256 8edbd7cbd7aa84265474efbf2833aa4c7ab1dff884b6fe8ce7c4343fb3c17559
SHA512 69c9d77c0766df73f5b6b29e10b46fb191b787299ab6fe72985304283d81337079d62fdaa7a98edd90f6ec8eebb1cb72efff34e2ef841a43f93dd8f93696def8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbab39e9ae453ff3d7eb549b28502744
SHA1 9d7695c5481627f92f40429dc04a1157104a2af1
SHA256 2ca5413f485b6da3950384ec8fcf39e1d5867213d61db5613d524a8c50ee1921
SHA512 4475d7137d5c3a42476b9a83ec481554057e036d1c072670733ee708e48959c46be74df67f2dd6148ad86ef85679c6cc8128838c5776906ddc89be152681e4ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aede16fae63f95b2b6a231fc73694dd6
SHA1 c55dfffcb0f19d8cb0b569962a91a3d6f857936e
SHA256 c1fd3545a5685e5d4ac4e607b4c61371f34b3ca25b64d3a91b724989fe05b2be
SHA512 329537f3aacf46595541dd089779b04b61af38da4db3f95ced6d1a68e3c8c570c5195331e2a020be7ea43c062aad557de05c97a6a22261c549bbce578f91d68a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56e24510df60e249c4b3e0a9d04579d7
SHA1 2f8eb147a5e734cd0240924b843107b29a67c731
SHA256 85a60d664333910bd0341b4a6f247579ee95243a2b60156a021ac3f69ba6d23d
SHA512 85cc31a874c55cd91da58ac3a42a5d037cb6126a954fd5c16405ec1168eeb7b5ed7b39ff1af8c978d18a5b3227d7972f36df21eca81c8de58c7960a70d2832a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74f88bc857a7f31885bd31a5c90d4968
SHA1 013cb4796045d8bd16199108eabc633967d74721
SHA256 1030ef059eb5499859dff0279b512a04af9fdc89f0d2c18675f5d3d282569dd6
SHA512 aaec3b420eaaba5dc9f365f0c1e7149733811e70057a60d9472945ea44c9b9bcd6157b5737d1123c27382b82a0851490f7c5541cc4b452e28d02f275416dd841

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 551f62e066b7e2f4c4662dca89a9583a
SHA1 3ff57926795aa05598c83717eedceae663ef0388
SHA256 24c265ff498c4682a89cddaf337c0d88f19f559aeae55d147d7fce49dddafcce
SHA512 2a6c4d0f5818a34fd86c53a7d0615df933cd67afb4a849c8d7fd33e3a52312b322b02f53bb067b170ed9788d7a8ac73d13157cfe20bc24c7cc604a8d3dfac9bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8908961a4830289a161570f969b338f
SHA1 be4450d250e9dd6e20aaed1f059c6de0a6df61eb
SHA256 4a8c5f71c55445c81c7cf8e711c2ba3a9820729d450b6b076983f54d4dfc8968
SHA512 8b3a6542e6f5bb029a64b0b2d850255dfb15c3fddb70cd51731caad59864246ba6844381c8b2898f501705a359b3ec2f3f489ca890564e022f712c8369732479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd270121101d9a42e45d7871ae251d1b
SHA1 f9ee6f4668dfe736652f472bcc7afce0210bd8ec
SHA256 16982e62bc30425d16ce9a38631fe2b31243754c7c70f8bb44e4321f8b9cbe0d
SHA512 5100010e1a81dbab36bed0c77f90a5743cdeefbf93457b3575089a985642044c140b6ade30208b4833e08ea3bbe4e8e451f720815ec6515847e109d9db0bb136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cc9f98d2bff3030ca2b690b3f9de4d0
SHA1 bac7cb2ea29db8973a56e45b3fb76c6ea964e374
SHA256 50f048f2708196772b74a90e1e7608a18851d8d499966029279658f3f3593d21
SHA512 bac37e6357ddf96af891df807ca8517ecd19864347390a0d35053dee6fcbd37561b3ebbd5702ff526101aae7872587b7a6273d8e625c1f7754a8066e5114e5c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a60763b916261556396443d8300cd168
SHA1 747011b5193e30da9a1e7e76e18f21271a38e9e6
SHA256 c0b4ec2ad5f22a90defc6141e3e0acc5e54ba5f603cbc559f175c41d2beecf25
SHA512 26943fabce0a48adc70bdfce3c65a0c02101006e96cf52295aceb73a2fa1567af3d63555bc1f25385ef51ffdffd3e6cb4a296b023a0c217c41ae81d0f0594b3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33e539df02d9f862f96f95d2753ecf4
SHA1 609ef28c9eeb33f064aff0ce48196fde71d972cd
SHA256 68e7e4100952b2dc9939adc6e205b787e2cf139556fccd52b80273f70086090f
SHA512 bc669e0591f419d394b25f3d41a5a394a0bfc801cbca6f4b93e6460905ed46dc5d39983ada170733d116ddc68877ccfa95da30833343dec3f1b0239f2184eeac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bdea97d85582346aeefacc69f762075
SHA1 73aa1e281e37f077f00ae2e1b14d9d8b3b043e03
SHA256 8fcd2109a2e25c67bbb9b2922fbe490e67f1c853e74f25d47fd43c227e82b01c
SHA512 493c66758ddf8e3a0b268e67f9542e41151d356f644daa31a72da2513a9fcdf8aa2faeb372d10aa246efffaf6c195db3237ee570f42a52e0da9775a0afa3d53b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76fd1c844dee673cd4e2bebfeeb33f31
SHA1 b918c1358b3615d0081700c0734a2cff49c700c8
SHA256 deca3a0a29203beebad2c3f93dc137729996adda07b4a9dd027ded331406922f
SHA512 6cbd28786eaaa7eda84fb9ef1dc389f7b9de236776030c664ac0a493cc9c3e85dc5eeafc57ed5d005ab65f09f957180122fbca178649feb86aebce6b58f0c41f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc74431de8b3e39928d4e77eb99347e
SHA1 b8e08ab8cf2d07fd49955040cf2f585636e1188a
SHA256 2b2954f0f3c5c57f42ff2fc6eb5e86b9df9c776cb579a848d2cca7b200834b56
SHA512 0035ce693c5d3cdb8fd4f7cc808d1fb0d66520cd832424610f3571d82b9f7aa8a55cbda5fc353b8e317fffcb7bcafeac631e9bfbcbf65ee385c3a3156f2a8dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f775840a998cb368cce75219ee03e8b1
SHA1 79dcee66e904fc708af6027c8b4cf383e97c815b
SHA256 f2ed9f1f68ccd60dbc27a9ddd5960598ee4034ea1ec38246a8bcd8d301fb3e33
SHA512 ab5a49a1ffef25cfb92df05a488410d6847813ef99b4dad001d10286574c03defe2ede17c7619eec269e18f9ed86c4457164d619ea9d959b6a78916ecbfefec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6e16ce8cf0ffc2af3cf6073e2bcd143
SHA1 0f108338a2e3d313e95b8bb0229d08106efec966
SHA256 164988abe35be0e8d6ae00a9ee26d7c8a3552a0a646c4eff723b72d88cc3b6dd
SHA512 1f7a41892eeeacac5915678db99a08c1b0988e0b8393b9cfc7679449916c1ab23457f0ada629ddeed44be9446141529b8634301712d47c4ffcd7237130d30d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 042266dd1ff63df58d2d6866f1018759
SHA1 aca5dee388d0789d7504ade2aa77132778c68d32
SHA256 d3a81f01cef1fe2cc03f68a9bf4546d04a9849325db7ef9bbfea90a61e6e6820
SHA512 815fc090e241b7fddf886ef32c4e9e15f8e07734ed4a3c561399b62284ca1537f7b7740aa03aac53041085783abf92e4ec5b68ab7d4c0988a765eb8f13fa450d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88c8099e758d9c403385c31dd8647a5a
SHA1 48568db24e12493f0096c69773bafdc0f422ef5d
SHA256 6d3b7254f94da2bf7c07167857fa5b68f2dc915454644349b448c8fe3283cebd
SHA512 e2e729aa6d2134ba49791786eb1fa10a238e9453a8f41d3c12336c103330b2e7ce1b54ebe9fafd249bd7c14a21e8c083f61955592b40ae37c5f977e74ccdb31c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4d23dc2ee990d32d58dc2fb764f7924
SHA1 8ae5511b6112d479b1c33e529c8f484260321485
SHA256 151bfb413ad7af752add0aa1bfc7d36fe904628f501f76f34b8c77c409a09845
SHA512 32535fb69628ea954ff78e473130381812c7a1b71a6517efda6cfe563af53081da18aa7e52643e1fda9ea0b5d8cf6e5b5bfb187edf8d16c479ab80d1da12554a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c497e415b517f8ead3a67d618d463c9
SHA1 c0c06920008c91a228cec6de6c04bc3793761b15
SHA256 8c561f876948a44bc008c6e60b714e6bbb0911fae570d43f71737f1486412c6b
SHA512 6ad2ebbf00e695f049d9ca6a7cd1f064370386f91bb7684b2a40089d450f7a93efcd6a9ad45602e6d42df74c93e70309b3d2874d75d418e1e47df3e19f21f897

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\ga[1].js

MD5 e9372f0ebbcf71f851e3d321ef2a8e5a
SHA1 2c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA256 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512 c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff220d16b2d3dc37c2454a575df76a97
SHA1 4da91b4045b7a6e6c5242db02107087a125cf0b0
SHA256 e054aaf33ae94794ca2b743de8f92c13d2a9b82a65e930e51d10c19dfccf719a
SHA512 ae23b89e9449f055dc76169ef160706ef6fbed17ca4d3b188aa0b55baec95de3728c1f11fd4e2e40c311c9de3d60737e4e908e3666cb71108b02f51b31bf90fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 065b22b961139e5094e0f9620b953b2a
SHA1 bcc1eafad39365fdd30db694d0db4204b722f837
SHA256 abd7e2a42f3603a774df4eb84774be4df4752ee269ec40e5eb0a103387c1e607
SHA512 2982c9c2542b04c50e2c37f94792f7db66d79e13066e95d9d69dd3960cd63a79c5fddb146ad53d87d73d901d1140551f41d1a4f5a5017137893a8e0138c4c58b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7c1561ca197e7f424ada62aa959021
SHA1 da66d6bc7b5ab73890c7366adb4169ab5c5cd180
SHA256 577d98790caf0e4f111d45f4a9130d2f1423f2c6f8a0a8e90100ce56707bc7ab
SHA512 88b20289c701c5708e250d0bf2c2eacf0a0d7bdb063e45473eaf713fb3139e611e73cfd106f4e4160f01434b358dd119d0889b54e68aa1d6f389df72c70f8a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14a18aa766065be4bec03f868cdf8206
SHA1 cf417390c723c6a70de99f57f2b211a75e7ee0e7
SHA256 d256b9ed4046942f0ac5e13a4c6f517b44ddca75715d9231a4324e43c1a0a28f
SHA512 98245a9dd381fffdec38ae3efab65617fc491ba1056c4f17126c80d3a86806fb164246f0f2c69fa572d52104e8ee5c9b546bdac4eb298a24216d64e4f9bd5b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f2df51f7ae9dc20002402a7d4e04c82
SHA1 cd541b5925c6fedc89092cbbdfc89d6296abd8c1
SHA256 924eba255023e1e3088f98c454ac0aa189d751229f4b02969c59722feaaaee42
SHA512 5c1bdafdc7cfc6ca3c0b07a2da682d2d58a9b0f368dfe5404268eb2b6b56ba27045cd4016f3a13b302882b5ed66140d9ac1c557807957bff1923fe17f6639d7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0f43d80dd1b972fc862ceb363a2e759
SHA1 64e291d44c15e928d0f8be4dfbf480044bfa4ccd
SHA256 04b2a40b427ace6acf7b2ef41bc5df58a0893d4e0fd12f61ac646bb5f3fda5ae
SHA512 bfebd9f626249af2e8ca0b6f616608c4c9e565e9c461d9063cf5b489fc34713e666bbcd083465b24eea9a7f8d39267a618f8d3a2c5104e1ce20ecb440c03264f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b3145330a08e1b63735f9680482b99d
SHA1 61f6da709cbc6e1e8c091dc1e7b1aa585f1bd358
SHA256 fe34380b64dc6c1c487d4f164c18cc7cba41ffd2368ac64743e4d3808da47ae7
SHA512 9617b9804e213856afd8b4d92c7fe4f3d7a2cf5968d93e2b2713deb3da9a3f7852792d47154d009f88426c1249cb5cd87c71b549045f7183dd04868f856a457b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e39c5047ab1f516c0af9fef7d4ccf5ad
SHA1 53433fb1af0e0afff34026222fc1187bed7e04e8
SHA256 4fe10ef0211e29f37539afdb1080f9310b0a47005064abc563bbb2b66354edca
SHA512 583b8cc19ccc89749fd42f6d185c7a305f2371853e6e4d0d36a27105adda3bd7af02d0c436a3b11a8f6130a567ce82469f8254d7c4934b88ec325c956a238125

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b117f0cf1e5040fb80ce30a4191d49
SHA1 9204d95e5654f4c4efdbe45b8bf0e86babb24635
SHA256 417e6142444b4d2f47e4cfd851723dd11d233e45f114a132435efb8de3a26bf4
SHA512 4138c9ed51df80c1abc0f62e46bfbb409c853813ce3c8905a15b5bb75578316be4cda359ebb405bab80d1189703f8030c2d4ef8485cd4313b9419adff6be1fcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62f71744a377e9eb48390380d7ac538
SHA1 7e4e6c3e5d96309f2059fb673cb02037b8c34351
SHA256 5b8c4fc64f62f683ca221f512ee7118a4aa44412740188249f977a0ee43dbe42
SHA512 c0bcac32e52c1be5700bb30b36458c48958796141cfa06fdab62e6fd5710577a74eef972d5c08ee4cab28d5de84470fa85aca93911258b9bde5340554996e905

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1c6aa261dd8b1052226853318479a5
SHA1 7e318512d45fb54c96b4e385d6ae1f10ca46e77f
SHA256 3880ecb4da6cdb1573ecd579d0cc26723200f68a675b78ecacba7d7b6565f452
SHA512 3402f8753ba91105715e0ac0fd3f3e5be76459f25bb4b984fc9ea5bab9470d1a7ce87c659d1ff387219fa28ad00cd19cd2900a40bf15539395720e2fbf8e91e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42bd41debe57a06664bc9163cb9d507e
SHA1 b46c0a99c7c86cd3135f67365248f4da54042187
SHA256 f64039eba20147030e402ada4559fc3d9744f8c3a997a03a4f9777ac2fbaea2a
SHA512 b93f496b98bac410347c5a6ad30c682134c2a973da49fc024cec63b37571a7a240d6112cd6762bfe7fb898bda6984f89e332b5456908c0ba54a9cde3e209aaa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2d1b011f542fa111653587f921011e5c
SHA1 a61b24e2cba17f682ea8a560211ca04032f28e66
SHA256 cc28a3f9eb4f5d4c3838b23dff9c17c0d14d8a5467d9d844a057d90f15c4ffde
SHA512 9732844c740e32364245eb60dafa785bd434391f123776d14f264706d7966d4c370aa763f25dfc0edaed33ef24e98ea709f1737432f0047d9b11075b04da5550

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfc25d739821cbf768b92a227e138ff2
SHA1 575ea69652e415edae8819a4876bd1a7a0d20bbc
SHA256 0d5ec25a8517b988c519787e7a21a4abe8596fed4e982928f60f461d1216d6b3
SHA512 1b419ba5fde13d9186e837559e70867ec6855d824732411edd2f06e38878d06b4b06a745ccc8478ec370f03ebbca59a1d7fed130274a92f3a4b9aae5b9675d30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a3151a668191c27cd8cce5902a3c2a0
SHA1 ff08d03273c4a8477e015b23df64ecf5e4b51104
SHA256 66dd0ce18b6e9ce8075a9f76b66a600d35453d5dd29c5f2ca8dc272bca3b0efe
SHA512 2ff7c747329abe1d541e1d254e7ee233e6a83f8d296cfa2e475e6f2d997474624800845ee5cfd330a9731ab056967a819963bf3c3ada2555f0b4b524fd57cdd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c5822af256f8b77ba89c88d4830dc7d
SHA1 6421812304dfc25e781a2c9cc794ac1d16c269c0
SHA256 df6b6e1a51e08cf862a881da32f7b64211983ed074081a22bac1f52b2b207e19
SHA512 2feda96c50ec1b869a40649eb487b38feaeb6b6473a10aa2ca51dfc5b79fa723b7b2635592220d2f3761e0c63088a3c538717b0faa1d9b5526a987a9ccb47834

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5f50b9a33846e145fd0b931e4f04409
SHA1 e35e50f9156f4b80dc385d74b503a944c35ac238
SHA256 de5bab6186f034c88041f7cef0c8ec178e5cdbfc4d18b1733db8b9ee76a77800
SHA512 5d2c6cc6f7ac353696c0fe722b9517ed9bb25c73d0c9e2b4b888de0a8a83e502f8a423305f7339f79934b78fa74a1d8a2bdd15f083fc131c2bf7f068dcf13f79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82b736babdb475bd20d14769dc0c72b8
SHA1 18519577ae3897764f5edb04586bba7d37c9b937
SHA256 5c1c7007caa677457ad39a2fb9b2e562c1d086bac62558456d8c402f9c49692b
SHA512 4b672ca4e4024b58cb88370f6f6197a2a0d4d8033aef14c69aee79914dd72ebfbb6b8d7f2a4e063e5a735bf245675f3b4c45c44af6c29cc290e5f767379213d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 caf1a0ec0f08f47925effef004b60ce8
SHA1 dde8c9f6a48ba96dab02b8f3856fafe472d00b03
SHA256 0b52b5efbf7fa2b9a4f9bdbb0bfea1856a1b7fdba7a8e4227e70b7f3f2f2f180
SHA512 e79b01f1e111700289b582c2cfe265c6722f7f94ad32bf8328e82a2f721fb6128e7580a84a46edb3a06a6db7cb3b6d380ab0d48b56c1cbfc2cc697f163fdcf99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7cae83d0a5ef78d1a11a959d099e142
SHA1 823098196ba85c80b8e6f2061a8017454628e505
SHA256 8dd673bb7ec78742fe7a566b932f8433819606151963b5d5b68da1d7a9f16040
SHA512 cadedd291ff4246e57ad2c3c5fd484624818fda4a33d8559b0cc9c397113c9b912dae1ac9dedad689869f6a6f58d75f1a93c65f8ef94ddaf587f97a9f0511cd5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\rpc_shindig_random[1].js

MD5 25879c1792060210aabb2cc664498542
SHA1 349848a5e88088b22fb4762ca2a619d1a7f40d97
SHA256 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79
SHA512 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-18 12:19

Reported

2024-12-18 12:22

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3448 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3448 wrote to memory of 3424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fb82cc4c9f47eddf67154c6e303cb8bf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe245046f8,0x7ffe24504708,0x7ffe24504718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8144519294056913134,3252998404616563198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.adf.ly udp
FR 216.58.214.169:445 www.blogger.com tcp
US 172.66.40.139:80 cdn.adf.ly tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 104.17.24.14:80 cdnjs.cloudflare.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 172.66.40.139:443 cdn.adf.ly tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 139.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
FR 172.217.20.163:80 fonts.gstatic.com tcp
US 8.8.8.8:53 scr.kliksaya.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 134.119.176.21:80 scr.kliksaya.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 ww1.kliksaya.com udp
DE 64.190.63.136:80 ww1.kliksaya.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
FR 142.250.179.78:443 apis.google.com tcp
IE 31.13.73.22:80 connect.facebook.net tcp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.176.119.134.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
IE 31.13.73.22:443 connect.facebook.net tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
FR 134.119.176.21:80 scr.kliksaya.com tcp
US 8.8.8.8:53 widgets.tcimg.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.indobacklinks.com udp
US 8.8.8.8:53 img1.blogblog.com udp
NL 190.2.139.23:80 www.indobacklinks.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 ps3media.ign.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 151.101.129.135:80 ps3media.ign.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.73.13.31.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 135.129.101.151.in-addr.arpa udp
US 151.101.129.135:80 ps3media.ign.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
FR 216.58.214.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 www.alexa.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
US 3.208.97.163:80 www.alexa.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
FR 216.58.214.78:80 feeds.feedburner.com tcp
US 3.208.97.163:443 www.alexa.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 163.97.208.3.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 www.w3-directory.com udp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 8.8.8.8:53 www.webstatsdomain.com udp
US 46.229.169.130:80 www.webstatsdomain.com tcp
US 46.229.169.130:80 www.webstatsdomain.com tcp
US 8.8.8.8:53 www.webstatsdomain.org udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 40.110.87.77.in-addr.arpa udp
US 8.8.8.8:53 130.169.229.46.in-addr.arpa udp
US 46.229.169.130:80 www.webstatsdomain.org tcp
US 46.229.169.130:80 www.webstatsdomain.org tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 webstatsdomain.org udp
US 46.229.169.130:443 webstatsdomain.org tcp
US 46.229.169.130:443 webstatsdomain.org tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
DE 159.69.186.9:80 stats.topofblogs.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
NL 190.2.139.23:80 www.indobacklinks.com tcp
US 8.8.8.8:53 9.186.69.159.in-addr.arpa udp
US 8.8.8.8:53 www.ping-fast.com udp
US 172.67.136.97:80 www.ping-fast.com tcp
US 172.67.136.97:443 www.ping-fast.com tcp
US 8.8.8.8:53 m.webstatsdomain.net udp
US 46.229.169.130:80 m.webstatsdomain.net tcp
US 8.8.8.8:53 97.136.67.172.in-addr.arpa udp
US 46.229.169.130:80 m.webstatsdomain.net tcp
US 8.8.8.8:53 m.webstatsdomain.org udp
US 46.229.169.130:80 m.webstatsdomain.org tcp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 8.8.8.8:53 www.scrubtheweb.com udp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 www.webstatsdomain.net udp
US 8.8.8.8:53 225.35.98.208.in-addr.arpa udp
US 8.8.8.8:53 scrubtheweb.com udp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 46.229.169.130:80 www.webstatsdomain.net tcp
US 8.8.8.8:53 craftkeys.com udp
US 76.223.54.146:80 craftkeys.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.214.169:445 www.blogblog.com tcp
US 8.8.8.8:53 tag.tlvmedia.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 lh3.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.74.238:443 lh3.google.com tcp
FR 142.250.74.238:443 lh3.google.com tcp
FR 142.250.74.238:443 lh3.google.com tcp
FR 142.250.74.238:443 lh3.google.com tcp
FR 142.250.74.238:443 lh3.google.com tcp
US 8.8.8.8:53 cse.google.com udp
FR 172.217.20.174:443 cse.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.mibats.net udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.65:445 lh3.googleusercontent.com tcp
FR 142.250.179.65:139 lh3.googleusercontent.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.65:445 lh6.googleusercontent.com tcp
FR 142.250.179.65:139 lh6.googleusercontent.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.65:445 lh4.googleusercontent.com tcp
FR 142.250.179.65:139 lh4.googleusercontent.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
FR 142.250.179.65:445 lh4.googleusercontent.com tcp
FR 142.250.179.65:139 lh4.googleusercontent.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.179.65:445 lh5.googleusercontent.com tcp
FR 142.250.179.65:139 lh5.googleusercontent.com tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

\??\pipe\LOCAL\crashpad_3448_UTXIAEGSTDKHQGYF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47b3f564846e1c1854e31da2c4bf8c64
SHA1 300367bde6db44cc8e922a3dbf2786b722a6f1b3
SHA256 7b43382cb5195dd0368de0eeeaf0a85a5ee5af4be3a628ab24990aeff2fd35fb
SHA512 ab65ee7f42bc6881aa1e8369ae2d1841cf0ce9293dd5bb26f444a32de588ac91487127f8adb32d962b43f7857c525f728692ab8420ef93deb103a19ba6bd70ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94ae19a8d7478b30d4b3bf43bba7b359
SHA1 4f91175cfda8036c2047ceb95dc679f29929f3d0
SHA256 2de3f1e00688e322f76fa146a0abf8fa000e14c631081b7d0756aec20182595b
SHA512 2c8b1f3743fd61a70958d810f15f9b161f8b4b0f3af068e0c0b2c987f8c677e52d991e6f2277ce61c609ce2f404e608ee35a154907648744108e15978bc0843d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 630d120704de342e8bf6c9fbd92604c5
SHA1 60081823b9d068b089cdfe401420cb23cde98bea
SHA256 78c033e44c9d4530da7bdbc3c692cf0ff2dcad1f40ed211d89c192c6d219ac05
SHA512 1028d1f23282b930455bada8c7afe145b8ba18a53141b4d3f7ed7ea243771017025872eed7f08321284193e4c11219c3250a9dc883272e6a782a227a11375835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e659.TMP

MD5 6a79aff1580fd01b5e88937fe64fe7c9
SHA1 2286178e4b92bd02a2aa162c41cd44be62dbd1d5
SHA256 30f24bc2dd6bb24c24c9695cd5f98f27a713c8082e96720bd6d125b04038beac
SHA512 7aa1094a29478e1a0e4dedbb0d4388d0ec6a7b45d97bb5c371745f6a928667be8fd080603a0269492803b6208c4c27254c5602c5e81558bfe78558467a417c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 652732f0543ff2290b5db9c1eeb83ae8
SHA1 bf7395f90c47c044db2ca1184405f5f85cb030b5
SHA256 8b7a6a89ffe4c26834c70bdfc67f59b002856b316e63939af14e8339dcd10086
SHA512 4a1141462e55d55f2bf8a821d794cb8030e7fe8a71758475952e62c20036e23fb61bc44107370e5c21e4299a870f4846bf09b9d6ae55d54a3aff951604d9e509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e88c79e41eaabf6f1ffb431d5e2bd05b
SHA1 ec608f93fdc3b42e67967fed8384d107cdab5571
SHA256 f7d7776d613dee45f181080821f7910da4d94345b72a176a10caff84708dabbc
SHA512 561bb1a651c423d9e93c2029dba238848ba043fbc21724e1655f202a6b1770ce58dbc87a96fe9adae8d31b03cb4d2dbe4b64e21852e2135851ecc02ebf8b8d5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8e4a2d1f8adcf92eda955ab54dae1d78
SHA1 7c89803478d4330805fec54edcabca063a44a4fc
SHA256 a0d1325f192f475e71c367fdd54f5aafe9e6b3bf23af96bb8e34563704e29f26
SHA512 7262bdfa9a0e937cf0d017e420f60401c51af43300e39e26d3952c6d127274437d3fa3b6aea8d0e141dedb1ee1b4fbbb726364e2c6714954169ee667fef788dd