Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-n6cxyawlcj
Target JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8
SHA256 8dc356f18aa448b79559125c8a7790ce26acf4a56ba87064a464405dec40df4f
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8dc356f18aa448b79559125c8a7790ce26acf4a56ba87064a464405dec40df4f

Threat Level: Known bad

The file JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8 was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 12:00

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 12:00

Reported

2025-01-10 12:02

Platform

win7-20241023-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71A97FF1-CF4A-11EF-BB72-627BF89B6001} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442672304" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000001c3992c88873d632a04e084898eb96ca9627ce6d9105d10d878498691522dece000000000e8000000002000020000000a1b89316eef2241bcd8b8793a4c2a588be2ae61d1f50020fb9c8cacf318b04da900000001de816b3b730f791d4230b3b94e28e76057b9bcf992664f2ae2c325b9d75d069820f1b7ba9a59a1ec10fe58f5c299cc7acc8e9a6bd60bf675fc09e597a3f380f4ebb8a8d35a7c3f99930f7945a6714fb3ca1f4714bbd9a90d23713f876abd254e9142064b41cf83c36346d728c22d291673b2f2867a27a7b8d7de2e384c8ee3298bcc6541c484e63f64783bd60385320400000006b475b094e48cfcc4fbf9046fd1b0cebdbe97b0ae9bbd7a466817839f3aa0a8dfd6ee4e5b0f8117ab260bcaa0ca71f11e4608347bd113eee12bf26ea472c2749 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000004123b90e43c9aef9eb07c5e6800adbb7e1b8e1ef48a40df12e6657f4ae15ba0a000000000e8000000002000020000000a8c54272f539a02ba1306a6249ea19109c95fc5943d61420e3334d441c34712f2000000022d83f8ab018f164ac3d7600fb2811cdd9d99e5a6562aca2f04c60856cba78bb4000000031965dd1a985f4f9dc1b66ac699bc7c9210d129eb2a7ac9a09940b349c9d43792bda7d78f2420276ef008542775a832e4bb885aba6d6e1c6365d177f2dd1834b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70002a4b5763db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 104.21.51.21:80 www.onlineleaf.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 104.21.51.21:80 www.onlineleaf.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 3.165.232.87:80 i7.photobucket.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 3.165.232.87:80 i7.photobucket.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
DE 157.240.253.13:80 badge.facebook.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
DE 157.240.253.13:80 badge.facebook.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 172.67.69.193:80 www.widgeo.net tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 104.21.51.21:443 www.onlineleaf.com tcp
US 3.165.232.87:443 i7.photobucket.com tcp
DE 157.240.253.13:443 badge.facebook.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
US 34.239.206.54:80 www.reverbnation.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 104.21.70.7:80 i41.servimg.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 104.21.70.7:443 i41.servimg.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
IT 3.165.245.25:80 ocsp.r2m02.amazontrust.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d5180223ba059161e0790d5039dd69f1
SHA1 711facc50fbe0c7345058119903a3d2c28c1f574
SHA256 eca7748104fd92a153deae707860d19ea0f1b6e90fb8d9a1de0f1c9c421d4c20
SHA512 f0b8ef3eaa845603b0d952f60a1c88b1c4b5403b680f363eac0216983134f610cb614b490af3aaaae299f623d0308f9b50a0dfbe9a418f84f75ded2d317d1859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9436f71e8269028350690de3342f1adb
SHA1 a835ab70527e2465ad8e48cfdb5cd0b3311d1530
SHA256 e5a28f7747ae1bfe2dff60fec97dbf8ef074a2ad3d09fa1cc09d23843b569d81
SHA512 c2f1266915bc3728b1a44852b1cb72ea5c42dce92b8fdf3df20a8fc316f2af1eee42d6e73a8ecdf53cb951f43d0efd1ac8c81192b5a1132b7d807a5a8b05bc2e

C:\Users\Admin\AppData\Local\Temp\CabB0CB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c29fb18d0b668ba7a45360d672be85de
SHA1 584830a605f3a3254e8ecbc4fd11c7144254e5aa
SHA256 72a0740c38fe85ed15bfe2c4b8ee59fd5730c8ab678cca2b94f0d7425f965d5e
SHA512 0ae2a32636e56cf2b64932e543eb3aa347402ba9b359c90fe9434c73d019551c2e3eb02cc0ee68637565a25b10d2e219df6c82661fad13e59f57d5cb3a661df7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 7929a960ea0c3bcb65fe79ed8bef6153
SHA1 8e954796aac381ef02648d2ab92b0e78af118251
SHA256 996552eaf2733b53616eba13e52f377e7ef05002573e851ea60e0d54131db3af
SHA512 3e917bb0e97aad0edce3d95372a32ec8b9a74aaf3e22e8ef993395b32fa4e9387480f3ff5705becc1f3dfe08c4d94836ab9a998624be42e74a6801675997ded3

C:\Users\Admin\AppData\Local\Temp\TarB10C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d09c92300f30131b271017bb169a64b
SHA1 d429e666c208257c2f9a5b93f46753e7fac72acf
SHA256 9c064defc9927c2ef4f48b9534ce0c3b8e9bde72652d93258347fb399ddbf276
SHA512 3bad697329e29cd4512602d834b3da2edb747f93c63d1013e675020f3a107ec54d739789ca4c6123e6d43b9724d87db7284dfea6fe13d04a4bf0cae5518df365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 4f9f97881a5f531f90a8b2c2957b2ae1
SHA1 e36c263c70f4445d1403932d2b1ca40a9583cab7
SHA256 1a7cc98f8293cf603fadf4ad04f7be21fc9bef5c184870bd537058bbf9074248
SHA512 66f090e76e134014a8d6e6f50545481c6a682fcc5fb1ce3e08f0d516dcab91174af033da30a164a9c2ded1d80b807a73b5adf0289e102ff890899fd4abf28a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52cf6ac3e9a4ef614737085424e16fff
SHA1 fe7c67202ebc58f3914956b8a5d3f2e8ab3a0b62
SHA256 375fc960aa8f5d0a84adfa3f7f8a65622e5516bf601bf5eba4e21b3342213d3f
SHA512 e3f9fd5418cea7026b3ce6457d33e4de94f6e57cbec03a7e0f4e704d4fc6557f2074934de55606fbbd859f8c185ec169da01a6733376d7bd7f5f0abc1d689ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c11b77c9d5ba8676b4274b5e0fca76a9
SHA1 b58d1eb0b8c4b1b2003d881e5412a7b02fbfa4c0
SHA256 fb86777b98322db8f78c65c59ccffc881ee3c62d1909730effe3f674e0264bb3
SHA512 24e5bf3d24e67ab7a958714abbc8bbd3dca0fac8f7a4270eda9c41c9fa88e3944316db6c8ac330f9ca9531c4b71201c2eaeb4c9369c84e0e8d8c9a5f6c608ae6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef22ea4a3f99f14973eaa9a6394d8832
SHA1 9b9801627c7651764bde37f7acbcd0c72960a98d
SHA256 1448e94019a2cd53deada731c5d44077953d3ce8bf814bbb4e8ad01904f7182b
SHA512 1dca83efbd7c8f3398a11c3ec3f05fc03c659c387493f5923b369f44ef7e9913bfb19784fb947038717f8bd052a27363690402df0ed05b8b894dbf6bd0555151

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 df9398504eb1057a66c783bfb49b334c
SHA1 79c49cd42039035e802695a25da8e51d1dd0243e
SHA256 32741a82e9fae67d61cf71ea89f2a9a91c7317a8ca4f8f4d22c759dbd53f1c3b
SHA512 bb14a552ddeb90a2b8c49aaf0e17551b360e36a317182f57662760ca5626c3d688a7af531e973d85083c3e76e474eb6d309d415b11874055e7dbb020b00e258f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\tab[1].js

MD5 8fe8954e18b3eafdb2dcf03b218e88f3
SHA1 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a
SHA256 ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600
SHA512 b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9c9a02744fe90c12ceca0bd831c4b43
SHA1 f51b0407fb35ebad84441decc29761c184d5d867
SHA256 0a58d5f975364732042144de32ea59ff969e83446cb4571ef7da06e827880139
SHA512 ca276302a06867f59ddcd66224779cd2c5d78fdc704bde4e76a032659cb01b3d35e42470679baffec759f7cb972db9eaf2b5e5792b825f46d6076905281478ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64ab72281bf9b7a539a34f6c9f1b37c7
SHA1 01d9c2aa8ec19f56bb43f3256678769dccc15f47
SHA256 eeb1bfca796bd5e184dfb21facc8f76dab239477fd96cf37baf7c2844eea87ba
SHA512 07ae15a1af06e1c2ba416f823b814714222b52cc6d6e46edf4d6e0ba06abd86c6fe6dabae211a3177e084f825c05044dfcf1a708d6e1fa6312761d63ea0899e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23f6140c986af30e74b08cccdb03ec8a
SHA1 d84886c638e3d78807ec48ae9a06081237db5b37
SHA256 a7ba6742503be1ad5dc4e487dbf9180fa03311cc76502fce74c2ed4c63fe4226
SHA512 1ab31678b9128444a774cb92b8e3fdc48fa30c888be1de85a5a9028334574f1c161a8da77e40a4bf2493915342108f57bb1e50e55dedc790691ce90f9827c686

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63fa4e8bbf5848873a6a58cfb4b8c409
SHA1 2fbdf8e086eabb187cf27e8ccbea8423a47b9540
SHA256 f38e3db02610e7de59f27f6279c316456add3caaabb3e3925fb76edd3b9d1cf2
SHA512 14e1ef466af495f116b42f0b351d19276644b4529967b0188ebc546aaebb9d3e1f3e77a7b0cf476efd025da818b3beb31f1b295a55abaea1e05308fa19ad4402

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7d24dbf8823ca67e62fbee05e7060c
SHA1 81e2f2a6ca79a30135467c9a3a5dba619285484b
SHA256 dafe7166114b80a7d7fe0f8111db420d04aa35caab41dd0e86835cab867f12bc
SHA512 4d4fd6902265ed1ab77900170c407648288146c518e295b077eb8703530b85d5a65f7d03faf13477f13635b20dadeed24ebbb21331af8fe174738a366794f991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0338451ac1f388f4c3c3c0c96488133a
SHA1 bf79619bee4e807db0c5e0d25bf395b394e3365f
SHA256 e3e0ed7bf78ea1a8487d6b960401a04f2d9805698ea44209e7adb5c5f85401dd
SHA512 a03e3abb8ac904e02c88fa0bfe8fc1edc1c198a3bb409e36786cece0f69c1daeaa15ad529c5b8ff2734b5eeb4042dd6c35242ae69abcdd4c03cf9a6229f41eab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bbc2d34be83737495d8d04b6d4f3428
SHA1 99444852896424acfe6e6402a4ddaa5bce6353f1
SHA256 53f275f3c3c998e49573ea0c111f703928b270278289b372e03b69eac277e90d
SHA512 1872de75592b24996197fa3ea2770ed6fb9d7a3b8e877f5f1ef5bcc2d330e95e0d9f7bae3481ced7f10cf9b703e09714ec4079a8473a32d970a49b1de1aa158e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a4fdea1c1a12ec8460f3a379f58b38
SHA1 27be49d9f13cd332fdef552c0943a61e48c3a292
SHA256 aac5080335b9849efe64e12f68dc95a50e82548fbdc79a764dd9d0b0848408e2
SHA512 3f6242450b543beebeaf20f5e1ac24ef2a3c752d13c013fbb7b8a58ef2da6f7cc0784e74da304dcd111ef3e587ef5b37a7bbbf17c09bc6920b7b5ca68d394e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0d3de53885b9bfc99178593633daa44
SHA1 f58c6a40eddb28ccd14334dc7c50bf944ad7224e
SHA256 23dadb9f04d2746f1543777ce2af250a793e4e95c93db3f6e375b041b0536946
SHA512 64c4d93619200f11f03bc8e3caa429ba7ae380652fe114351c3599564e2f33c9ee239c554abb17682d93033cd001097fac80031c079c01ac10b95ba3ef0fe4af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81bfde867980cb6b9909dcbbf0074698
SHA1 4b40bfa619a05f2397e0f5897ed23e9d958ccdfa
SHA256 c9082b916b5f22c27ca1dc226b6ac8040fb46dc1bfadd0098d094b842d0f8750
SHA512 870a8ae9762733d3faa16d0588759b11d17bafbc28df8862da6a0cdc5d5e7f5076bff2070b01241741dce9d52188a2aed6d7455b7407cd01b44dd173c047fb38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f55728e6fd51f7e56930ac6f3dcf6deb
SHA1 abd21b1fc640b194089f92426511f8719ada6c15
SHA256 9d2cddebc207cedab421a5b1328fa34c48e954065ff063db464ce8c040dc7654
SHA512 cf6f2e8a3c651fcc49ad8f54f9dd622342f74d1dd4de7028f5102e3d7cdae939c1a650e85706c8dbef89352272a1dadb46a59e30d7f14cdbe12259b511392b51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d410eb4716f80e23b48663ebe40abe16
SHA1 0eb5913252034598399f01fbacef520999852485
SHA256 860f85046acb58990822a5a431d410df56d4fc655d66a5d36c77fcabfe552eef
SHA512 c003d4c53f8cd0e7c5548471477b0a33187bfa5c34a38d4556bde742c91d0174e107b5111355f15bd5ff279afb11a69d9e65fe63f7ea69a86e35caad13e93b2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3fb77bd632ee7747474ad3c231b72f3
SHA1 e3d2d18603aca524958d35f9c3598af30a95169c
SHA256 d2b34979adc8419c076701e499b084f2a6e4b6398c74eed922ceefac65d6c8d3
SHA512 439e57c113d40c0907f81044e77a9a44d84c6d4c18f1b84f0213ad71ba9a229d0423ca0dfc2b4fda97272b496b320b1e97198ac5c3b88dc4f78c19a81f3cdb19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c068accb3d7d02dec3527d42d271812
SHA1 8117129d40a475faad8edb9875d89f5c430e5b3a
SHA256 3c2d07f598630ce52a43cae83223c83213d7b0767f1a4b55887ae8abcecd6b01
SHA512 06ac97889060ffa544d1f68f1d6895b7e10b1e0b5f2e1af235103975673adbaa36bc688bbd59b37c5cfdc793684d4f8092aa143dc2399a6f5b84b93c986145e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c100740a5bcc088e6cfae938b9bd5acf
SHA1 fdbaf33696c54987ce391e61c0f1456df0bfbc49
SHA256 ed1b5c172d3d3ade1a37a81c6b3401f7baf16d0d3bf3751cf57c48ad5d24e419
SHA512 383809a713d93530b9230b8269f5824a19df8a635842ecb4558db465179f1a0d8f1a3c61fe6cf415337451b36ae15235ff4f1d6c2b347e3b7ce6d35056351b4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 980f949c77840055bc13f336eb18f9c4
SHA1 578bf86dda0772f486417c36c62a5eb78299a9c8
SHA256 a9487fefaef06c43557aac0e68042fc6a0af207cab219a3e2667d45e73a28624
SHA512 1136793229d39378fd4073e988c1536cde3cdbeca05f642a9db3a73118de70e3d1fa5bad4a9dbddbc9468a3ae8f4f84fec86be23395bdd24d84249784a32569d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e62cc2bb1cb1ca7a4a37c914d110304
SHA1 e650578ca713681acab3ea5c62d5a09436e57a42
SHA256 a8a69746cbe13606c12f9abe9ffaedff5120fb7a1ccc9e1440f650e0db866606
SHA512 15050a02ae9e20231e69590ca728e34d166ec23476da7ccba5a8ac01563bce62cf1a71b1c5e1292b597d7cf277f8412ec4ac8a0ca7b9289dea2bb485b3a36bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc1f3a9de0da011042d5f69f4b2782da
SHA1 20afa0ddd009a1032502cb228367ea78bb31cc08
SHA256 074996aa510648c8c161d611b21da6c6e5c6a2977339dcaab8f92e1e4363d564
SHA512 3dfbc983d77a5e929241eb5e166c66324d50fda8df0d8c8d08a42cfb914f59edf0ed0ce7b85e894db88cd159d348c201dc0ec416d76b8744d23ac0572c5c186e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbaec9f96510a0280ac3cd0f61ffef71
SHA1 7c3d47278618ee0d0d3f29973ac87faba0f5fbce
SHA256 f3873300596db57cb2027fb132ab311b2b925b34ea3ae8fe2e28fd9a6eb6d4eb
SHA512 394df139ec83db50f2b52d9793ed1f225a6b8393e8f67bcc1afb5252e01177842df4208a644c375918bcfa7bfe4043eb3006af7875c4088dbee742981595097e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd0351c9e0be4e629ba45df844137489
SHA1 825959512e9140b6a0b193d4f0c2af1c057a811f
SHA256 8ad341774231e9af38bacacb677ef06b46dc6f3c1641612b5371ab740e282dcc
SHA512 af40fe739190a7d891f191179bf448b9be306a722a9936b446cf8092cfe8b6efe08011c9c7fcbbc9841b8d32f52742425d516e2bdb9f8a0965eb90c8a41466fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8f1d44cb15e70d1aac8044f33b7ef0b
SHA1 2c2603c5a2c4a8999bf7c5709516d273369e9fcf
SHA256 39e6414717a1bbc367a8c1178b104233e8f16cb13a72006d2bd3b344b504572b
SHA512 caabbec3819853454a6f22ca9e733cf00786786f28a9b3150f86266551534888ad2c18d19552e5d2cfb327e30f8fd0d1d25873b148b37554812a35a126adab39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3958fb1a5e1e9cd8c17f726f5f36d21
SHA1 3e0fe8e90796bbcabf7500fb2b6653eb8dba9b16
SHA256 6dd280b5d99130ec333b31d693920b10c723804d65ed54773be280ec27773cf1
SHA512 e28f0bc1b8dae3d318973c186369ee86dc62f0c3c9ddef2c53b6ded9c6f11915de129da09b958e54bc8894608ce615d96a03ff3776cf9fa4d8297ab83f4837e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32456740a9ffaee54340e741c755abde
SHA1 3cd8375f4cb6ca52cfcbe9abde18d31877fe1cc8
SHA256 7ff2e09a3a8ef9bb537e76c85299b3f18d2f68474b80f1c749d683ee73ca7037
SHA512 2b42627a41e59b22ba4bf6a1c8a50fbce3ced5097a35c053769eadca9a2b886bb705b38b47852deea160fad446ea3c063ef0beaa9db5fd1b26f7dfc565313f74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9723a3885862403f51eb00659de5b386
SHA1 076005021ed27390d9449275cf701b9655e0e0db
SHA256 2f0532a6de6fdb0f6284952c28c581655db82a9bc6666b1d562611c8d23a2896
SHA512 fefbaa16952b31ab5f16f2ad68bd4a6983a57dbb21a8f63adc225a98ea335fc69fa82fdc914e3e158b2f96950c74709832dd21861c3cbacd8d82a886e202d3a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f3da97a358a1f6ecd8960a6ff464f89
SHA1 c5144228bfce3511da60924148c5dafe6f29cb18
SHA256 8bf8d96b387cc5fd2c11ee835979da461308071acd571118fb74ef6601da99fc
SHA512 aee1aaf3a7d6b4bbbf6607030fd9a37cfd1656dba07ea92df56b69445c545ba80a0cb36fa8e8513bf3f0ab38f765121ad86114079beb66f099bd308fe6928b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86b85168a9a2a0112f065cb1578867f2
SHA1 6d158387b7d6d2a5948b2d6cc70af275e86e58fc
SHA256 0e071413880fda5bbfb75e30927ef53ca0edbf50b1375ded69d63c7128925ab9
SHA512 8d924d343a64e14a7cefeedee0b22596d9dd00490fb32c0cf430faf0f90bb3072da5acba6f1bc71ef7c65ca92d04d8de7b131298198d5f0ded83718da136f614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7254d99f1e92af7a2d9e3957ddbde609
SHA1 fd9fe7050bcb31eae30e84f98d26f13e139c86b5
SHA256 a3ed0bcf441b83d0de364e9340c35121984351431cd76108a8dfdf1f21582e34
SHA512 fcd3d407d45483799ad017c1ac19a75931c3f70638f7ccf8ea1b0218de810450b36c1208f2b4a221f4d827880c9f11fcc3edc935a71805b9e91b3f9cdd539481

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e21929cdc96b6bbfd7cef594593ae1fa
SHA1 3e5b52e5763d52ad434086c39fffd747c07825bb
SHA256 af2145398f58ebacffeb0cb5f16eff39c4e586a30ef6e31489a1703dff997566
SHA512 f9afc922db1331e672c33158231cab7813aa48f166f1b53e39c861da05a8069363abd70c6624861117ca9fde8c9938a2030ae372dfa551e2b80007402549df65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 49bab707a5f12a50e3006ab451d2e2b1
SHA1 694481f45f9fe025c9e0d8a47be3ca2f5b79681c
SHA256 da674a6ab412abf7d9131ba93e2c3baad4c43076a2ca2fe2a2fb6c29436e5cfa
SHA512 78f983f9528ba41878fc90121aeee1c523b9097d89e9cdd2b9f3644645f095afe0883b4ae07a1363b3792921bea915b9630d88a86472491dcdf17cb14ec229f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bd3df395c97d37908bb795eb9bb4632b
SHA1 c7295676967f3469f1385a07c5923fdb02fad2f6
SHA256 94d08e1d8370700ec68c00a073572d3e39d1f0c8943831a72b38b51bf66e29fd
SHA512 8d75bc5cc17223075bd4f6deb054408e6fe04a8ffd5a72a65d5873eac1945ce127226e7fb151b54ea5ae9281592471b4e6327c22234d2fe1ba97a5ab7953799f

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 12:00

Reported

2025-01-10 12:02

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2668 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2668 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb386746f8,0x7ffb38674708,0x7ffb38674718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x170 0x40c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6900 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
GB 172.217.169.14:443 sites.google.com udp
US 104.21.51.21:80 www.onlineleaf.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 21.51.21.104.in-addr.arpa udp
US 8.8.8.8:53 js4you.googlecode.com udp
BE 64.233.184.82:80 js4you.googlecode.com tcp
US 104.21.51.21:443 www.onlineleaf.com tcp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.14:443 apis.google.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 104.26.11.22:80 www.widgeo.net tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 accounts.google.com udp
ID 36.50.77.66:80 kumpulblogger.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 104.21.70.7:80 i41.servimg.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.21.70.7:443 i41.servimg.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 82.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 54.206.239.34.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 badge.facebook.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 3.165.232.87:80 i7.photobucket.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
DE 157.240.253.13:80 badge.facebook.com tcp
US 3.165.232.87:443 i7.photobucket.com tcp
DE 157.240.253.13:443 badge.facebook.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 104.26.11.22:443 www.widgeo.net tcp
US 104.26.11.22:443 www.widgeo.net tcp
US 104.26.11.22:443 www.widgeo.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
GB 142.250.178.14:443 apis.google.com udp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 www.widgeo.net udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
US 172.67.69.193:445 www.widgeo.net tcp
US 8.8.8.8:53 arvigorothan.com udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 172.67.150.119:443 arvigorothan.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 87.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 70.192.138.108.in-addr.arpa udp
US 8.8.8.8:53 13.253.240.157.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 1.253.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
BE 66.102.1.84:443 accounts.google.com udp
DE 157.240.253.1:445 connect.facebook.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 gutockeewhargo.net udp
NL 139.45.197.107:443 gutockeewhargo.net tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 104.21.80.1:443 my.rtmark.net tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
NL 185.89.210.244:443 secure.adnxs.com tcp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 20.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 119.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 107.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 1.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
US 104.26.11.22:445 www.widgeo.net tcp
US 104.26.10.22:445 www.widgeo.net tcp
US 8.8.8.8:53 connect.facebook.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 d3e6ckxkrs5ntg.cloudfront.net udp
IT 99.86.159.128:443 d3e6ckxkrs5ntg.cloudfront.net tcp
IT 99.86.159.128:443 d3e6ckxkrs5ntg.cloudfront.net tcp
GB 142.250.187.196:443 www.google.com udp
DE 157.240.253.1:139 connect.facebook.net tcp
US 8.8.8.8:53 128.159.86.99.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_2668_NVBDOJDCGQYQNQGW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53032e00463d689328678b1a7173ed08
SHA1 4745f7f74ab9157c304fdb1decc7aaa1d3fd2e5e
SHA256 65f16a6a4a3513469ed2de3f2e4e28b90589a517202e56768d350c8c4d3f14f3
SHA512 60239bf73191c7928967760aa217445b564ae7609863ed1d17080d142a9899407aa8b6aea4767e78c97fee5e8407acdb1ce65430b7fd1e0c67f8223269dc2a51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d118ddf2827d0001992e5659a3eebaf
SHA1 f475992dba7ce9b3bd56a6c1e943f8d6b56ff965
SHA256 dba47afb6c39b8a337571e8c46ce6a56ae385c996790c3bb9c4be3399a376981
SHA512 eb229d371d193dab1a016741e6bd2f3e01af7613bf70bd541bc61ae6fae8ef71333ec0a6ee0877a34ecaa742f1aafe935f97abf6905bd1dbc961a144d68a1b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc68e2d21be9acc39f48dec98965ed67
SHA1 8a42f0b22fe7cf7641e0e191aa9c9e75e13b5b53
SHA256 65de49a6fd65ccd56fe0f71cda46e1d004910722d088d905d476659eb8e411db
SHA512 662289bb006cdd2f17eefe748b0d33794652d64622921e97326ddb373ae54a16b0698b726edaee0201f1f1b41fe73f60a14f23c8a4afc5128b2f379122621ca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aea91c037ba56f1d4b382f0c740efd54
SHA1 4e9ef748a4c744f5e3b9faa59b243f3c255b8269
SHA256 1bf4fadac9a70464ceb1b047ee323987482ddf8def76425fd4fa9bab75797a7f
SHA512 30390045f31eb3787fc1344631a1a01f785a0c7b9a344389674ebbb2eb6ee50d3f1dad7a0ed830f83c762f499187885c6407abadf7e99be46c914b3bcd4c9f64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4b48c4bf1eadc8b081f6303a48daf9d6
SHA1 a630be2dead124c6b4388b4979927cd2ff33c65e
SHA256 2e6d99e4d0121bb6d596472a80b9e76e15a8631c1efc76e10178018b86311217
SHA512 adbd45ea47ba2672b80d44e14d7c77f257bdb21474e96e51c82005e52889d53988f7085a310fd1422bf05e1d93a0d3d9765f6297b201d53f2cecd318a5a9bd6e