Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-nevnnsvqck
Target JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288
SHA256 dad0119c0c7c664eeee2dac2db5f8e0500bfcdf60158a6a711b875b802127425
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dad0119c0c7c664eeee2dac2db5f8e0500bfcdf60158a6a711b875b802127425

Threat Level: Known bad

The file JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288 was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 11:19

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 11:19

Reported

2025-01-10 11:21

Platform

win7-20240903-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442669814" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0535f8c5163db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B463D531-CF44-11EF-ABAB-F245C6AC432F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd423da5e038c14aadeb14736033cdf800000000020000000000106600000001000020000000d2581e578ac36e99cb9c670d80b4e877748fad2605b81514f9bc625798e4d628000000000e8000000002000020000000395dd1adba394db5c178460418e04e133ef234c50fe1843b69d2088cde13774f200000001a8c650ba840b0d1f12e0fc4744e064493f4d0b16b627e09ae4a14c58e6ba9d640000000e6706fc7723d528a11246cecaf62f38eaa24e76a617c3d6d4b4c77fc1c43ecd25c428dacd16565f7a8802ee14fc626a1de8fe0567600443ee00f6756c5bca811 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd423da5e038c14aadeb14736033cdf800000000020000000000106600000001000020000000d4a08dcd56a2b68b6d3599af1ea1e539913fd88164874b9fe0b5e45482fcefc2000000000e80000000020000200000007909378b2cd87ce16ccd0bad7a9c1810280828f257430462db3893b106723bfb9000000002f0b9cdee797b03233df8bbcdef237a6a4a54a72d03ca01cbd2affc150dc1459e889140e4d020ec8c127fb0cfa8622b7004be9a5188eec238c81844eff629602160420708cb4a7f8493a941a7124a901af06a460953d954d7300f307296dc60ef6216bf55febbea47fa1cd7db567875730d813d5ea187928e728a7100b74f2f8c301c4f39e92621ca8a4094c98f68fd400000006842546d24b969e379303e5748d9b3bc05f19fb0d8022dea699b430b5e8b7fba34c12c346e8518d8762899d855477d22902e4223877a2abf182199bb64091653 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
FR 3.165.113.12:80 i7.photobucket.com tcp
FR 3.165.113.12:80 i7.photobucket.com tcp
US 104.26.10.22:80 www.widgeo.net tcp
US 104.26.10.22:80 www.widgeo.net tcp
US 104.21.51.21:80 www.onlineleaf.com tcp
US 104.21.51.21:80 www.onlineleaf.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
DE 157.240.253.13:80 badge.facebook.com tcp
DE 157.240.253.13:80 badge.facebook.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
FR 3.165.113.12:443 i7.photobucket.com tcp
DE 157.240.253.13:443 badge.facebook.com tcp
US 104.21.51.21:443 www.onlineleaf.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
US 34.239.206.54:80 www.reverbnation.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 104.21.70.7:80 i41.servimg.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 104.26.10.22:443 www.widgeo.net tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 104.26.10.22:443 www.widgeo.net tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 104.21.70.7:443 i41.servimg.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m02.amazontrust.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bbf67f32578db7d37aa8a34871377a4c
SHA1 3f3e6fe5777563e56f191e3346de93cf7ec8b696
SHA256 38bc2535119383f467c70c3f9256234314afc29e57809e02f7681cab2daadc43
SHA512 394e26c0d016a3413e4f8548086571efb48a1b08c3f7abef12d62cdab4714922b8c2aeed5caeeaa0fe2c094e15679d64fb5ec7acfcb54ed819cf4d76155b3307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3d53c4742139710ce64cc7fa5e70ff55
SHA1 c8ad97446f7fc10496408dc5c0560ed331241aca
SHA256 4aac5c72d2601b96e48f85e441fba1cd9144cc94e45b67e7167938fa6e472c7a
SHA512 2e39a35c1716eaea8bc8e5b53489761b391cc4db6ca6850f6b3263cf72297fd245c077ea0a5917ab22c8cd7bccf85b47030b6c989f7009b9c37830e33f84268d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 123abf9c7333916cf08d67015f66ea4c
SHA1 be11c982d0a773781fee076abac921175af667e1
SHA256 fc3536b345f5e1aa83a5f959a0cb167348b365ec49441b69fdaedd8daba7880e
SHA512 5425333c0a0169bb4aabf03ab96d7bf757faace28752a2d4f0719b2d0962fd24a13b173dd5b67ebc47db089ac169e58594542850953a94d948c363900479c7f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c73fce4429c5f0dc0bfdf925e16c9e2e
SHA1 77a7bd55386bc1dc2c15a7c880ffa8a757ed91c2
SHA256 23c499f655a88251ae11385ee8b19da604fbad4c9c0c5035f092dbb60aa6b6db
SHA512 55b4506e0daed9dcee3f7680cf200c3330f3d7ac2dbc586e3b95cda856f6345cc9ebae7e5515c835ae656450e27dfc768954356a58d65efe6d20c47a8ce9a7f9

C:\Users\Admin\AppData\Local\Temp\CabE082.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 98ea823744ea6fd5c249f2be76a9e7d1
SHA1 87c90f8ee18f41e09e5f7677b8b1cc8ba6e0f0bc
SHA256 dc8c3ad436c6d2134fc42f9ddb8e7b50e413c98e45988ece0902e408fbe8ce3e
SHA512 d55fb109f79f8c5aac25f185be12f5a05af19de0b75b1950fc235125e0b0651271d100651cc0449c4e4e656539d46d64782253948ee682b223b3ac723637dad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 31d9c172286693e9a58c980932ebef0c
SHA1 ea6b34be0261ec430cb41ffe6d56491fb979f55b
SHA256 1d22cf8efa804e5998378ad6451c0ba33e69a5e398c7dc90ac3df669f7ce8e8d
SHA512 eec2b69529e39fdd225dfc4b620faf156518771ab5e2346c714adf1f1017730055a29ed32f8b439addc6edaf2429f55f8355bbbadce4916afc633913bd13a9ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 6738fce10a70cf68ed85b639701590b4
SHA1 1fa1332dee19137438e7fc7a4cfc3d78e862b247
SHA256 8fadafec700076e5b3ba72e9476e4b5c4e129a7f17fd6305f1545684b920a126
SHA512 27b07621ea0a5fbf23d5f967fc31faf36357c922bb3f4a065b77c431da5783c7f2e1c477cac79af2b2ea2ff34f9acc111934f96ca23811db95806e966b0b6f70

C:\Users\Admin\AppData\Local\Temp\TarE0E2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a3ee896b17db9ea8aa4ba6b38d0f0d57
SHA1 059dd9dcab3b91699d684e1c24515803aed8cac1
SHA256 17f6da99013a679df60a98a686af54fd925babef726a2e443eaf2394b4446ad9
SHA512 cb33b6d270639008618f98770fde4116b3a27d4f7bab3c953625855b1084ca0225ee1ef195d9d172b3014af322c82ac933ec2104b0f7b8eba3c32710920f838c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8db496502c383f8bff10fd5fb29557bc
SHA1 feef0283cc739825c01eb160490a263b48496513
SHA256 f6c5f95bcfe14a8541b628f5520edd15f08929cadaee4769f2491841303fed36
SHA512 7a2f807776e66f896b99a1a8589630b854260db8e6f923b6eb10bcc35567a0d4be441b37c9871c87a5acf749b067e2789efcd8d1d563f03bc9b4389082072316

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 644dfc22a8546020e515f4e17033fdf2
SHA1 383a9de38ab8fd6f0b7c5b271132a4f97708c840
SHA256 bea9e6508f1d624bdf40816d60556e060cbb04e5e6ece187bc0ab552a4c41e10
SHA512 6d485881c16290e856d51f948ac4589634cfb0a440499bb5a218a723ce522dfe4b757ea315bb22439c52c1574de505804094f94f23703d57678ae4f4036f94a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 448fe5f76a909bc1299d42b10e2ea376
SHA1 769ecdea5641f149939b94ccb8ba04a84ffce42c
SHA256 ee85a9034e47062eb66c5047e0793be7e3010ce383ffa8f628be0d1c89fb3634
SHA512 4be280bf1f36103c223526a5608def81921a60043f080492594736599fce4ca66e471995c84b770b5e5c0bfc3937c5c6de145fb2b8ed5f5b62e157c91b0d43df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 4f9f97881a5f531f90a8b2c2957b2ae1
SHA1 e36c263c70f4445d1403932d2b1ca40a9583cab7
SHA256 1a7cc98f8293cf603fadf4ad04f7be21fc9bef5c184870bd537058bbf9074248
SHA512 66f090e76e134014a8d6e6f50545481c6a682fcc5fb1ce3e08f0d516dcab91174af033da30a164a9c2ded1d80b807a73b5adf0289e102ff890899fd4abf28a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 527ddc370b56d584d30c7223fb7e0098
SHA1 3d33ec8c1ace1760656362f03959bdc7bf73ff67
SHA256 c15b6d77e70be6fabfcd41e5bb0c9d14aaeff13d61cb1627ede158ccf5c833f1
SHA512 e20dedf14df72a2b9abb0f378f5f5fa60a389cc9948fbc171a8329c5399139f0c1e0f0195085c6343e4290fcb9bdceb046af503493562bc565b0c6237ad66cea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d7c427199a0b6cfc0648e21a3a8d54c
SHA1 1772377d51f7c34f0afce587b1e5cf1e9935b88c
SHA256 a2337b4506ab71c9beba4e9e5d90a4b0c2f23d93b068a0a7a873c797b91b5a20
SHA512 b6543b4bcea8d73c2a85fe85abebeea0710bc44f18ab83bb8539318ace92defa2e61676313310dbc68b414754eaa1682a7185421b33ae974589f80953d15e6dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\tab[1].js

MD5 8fe8954e18b3eafdb2dcf03b218e88f3
SHA1 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a
SHA256 ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600
SHA512 b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98d3a1ae4e8e58c842d0596cee53a29a
SHA1 a95676d45249c53dfe310f8813429287497ef579
SHA256 efceef890141e49b98b1d6f3d995a57dce4692a8bd359ae2330a75d9968fa7d2
SHA512 ec13a7178f20ffba01bb616049c7730d1319ffcde69a1a56d36329614a81c6235c1e107f0e7538f102bfa4f70b174897e9e428f40d37ae3c11ec88427244ab21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc061350008caa7fd00dda683036d75c
SHA1 929853cd22e1ee66ed0feefc9d106e26f73c60fb
SHA256 31554b3c159ca9eb7073238c4849a3b505868522627cfbfb5b87786f32012699
SHA512 1a125bffc2dc3382ed1e8b161d0396903110d079cf412db004a049056bb1d620641d355426b0b00ffdecbd17bcbc98a1d5e5f49410c4ad4cfc292bb2b5ef66c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f4eaaeb99815f77a77aa9e8d5c95275
SHA1 8ebc04e0ba8b27db3831d9fa89f5d41bc5599e5c
SHA256 444bb4b036bd9114ae5f771c5f9faec2bc25c1c543a3af50a080552851afd45f
SHA512 fb8af19a185d9f170f54f4cf8303d49a4cefaf6f66a46333d421d64b75d68236781b7842a94f9acb12825e84f66cc0d37d99f306d2885ca51edf3f3d0b205680

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a16282696ddbf293dfa0e9c4c2c2f741
SHA1 db4586cc6fbb91224599026208d270c429f1b15f
SHA256 793d6f96c7d026a0e774d5cb929d3ed42e5e93647c312e77541566b145a013ab
SHA512 2d0698a3ad96c525af316338ca033f35fa0fef0196529f79f92c950cc8b4d3db50f93c3f943d6d71620ef52e878217638962b00b897dd5b99df0b5a5d19496fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15af4b12b0930b28f5e2d81ea8b9314a
SHA1 8d44647f11ed47876156d1a295001cc8519fa0e2
SHA256 4caa459e161ccfd4e3cf2da84fe2699cc1f62da3ab2e3fb126bd348588eeb1e9
SHA512 aae31f0e248964d5cd699c117c6f9ac8198d03cd925e7096fea2d04db9a5175441b20b1e8297073c1042af785033553170558fe18198ba952ff0308f1086fc6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ded2fb9ed46161f64b8093a2a3e40ad8
SHA1 51660f2088922ff395f24a60cc8bbf50eaa9b477
SHA256 ca6568e2793f9735b50eda9666b0fc9254661a58af4c2ea9eb2f880e2ebc7698
SHA512 d8fa0c6bd848aab460b21e3c986f4d4bd72717908a16046ee88e811ed20ba7649a9c7a201d2a732986f1c7c4ebe2ecaa1f2b87ab5c61102d97af5e094bd8e62d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 952c2d2065dc9c5958576699b681cf77
SHA1 c274361f672d6a1af300975db93c9424a3f3f2a7
SHA256 3a21d3b661569c7c869540d52588deb6f3771e1e630bbdc25d1b93be647dbf60
SHA512 d78d4d3e36947a96c9d93e72cc232c0599b51cd709e45f77a9e1ce719a4048de8bc3778ebf746a8d58a4195429b0710673452174fba0760c1b0f83180257d41f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 129f458f0446ee0cfa4db0363343b8ea
SHA1 63e46d3b728d79bcb5fefb5b0eb879019380dc5c
SHA256 2d587b399274e9c15b275899b5ef4080f65b29e24838c984d6452868e69b0f35
SHA512 98ff7eead57c99d8f1aaaad429eb113fa32ac436563cc7841abb98235a45efd278663598281ce79f6819e0a49c14812ee0c992be5e1d1b9399f27829a4d06ff3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 878f7c88d910e66306db27886d379440
SHA1 07b683b53f9cc64fa66cb75edeaefbd4d24f99ff
SHA256 1d0114b9a54e41122051936546534e770faafb549fbd6d9af2dc188db1b31aed
SHA512 e836cc2e45b41a019d6dc57e04d87db48bdf3dd903e1ddb24ad0f17a3266f859b015e65caf5135e34ddc5fb645b68fbd7c24c393f707728fdf21934cdae0e649

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 466ddaa93e1177e8005d5fc25bdbba6a
SHA1 de62a7316806c321b470478d4e6d35f6bdd1d42c
SHA256 6b706078e8331388a58959b4487ae3e6238e170e483a3e70c62e258ca13bbd9a
SHA512 126cc4b33f52364be706107183a9ddeb11df9d11e2f142a4a859f4ee2d0f9d4653b5691bafb2d9c805af1364457b20c242c8934938e8337878a522b54d9f29ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fa5529a563957fcd6d11555b60c7290
SHA1 8d74d81b3a685aa8ecf39acf4c4ad784c9719844
SHA256 426afd3b90eba2753c5ba3ce49ebeef495b4dff5c78bcdb12667e9b2c1ce88fb
SHA512 498522980b3ee767b50828e0edd90fa103c9c8bde96496902875cbd577d20984cb10b50966c1e62f1cd8db7763424f04c18e7a75db02158199ea201dadef32e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9635979b518b565704175706970fdefb
SHA1 ef8bc5e4fb275445cb45afe26bb385d2354dc260
SHA256 e22d01ce6f58f8b7360ebafb536acc9a6ecfdd88db6abcf068527cd092112431
SHA512 cd7e48af6283133df6a76a143001859b25a3f1988f1de0f3b2d8de8f3701a42928b0a6d22c8160dfd608f2730b1d5853fecd09900567298dd7a38159f3ed0e6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fb9895b1677292a9e49e45d50b3949d
SHA1 c9f11843a234438e9b519590d4892b60821043d8
SHA256 6e294568dc5b07c84f35c78fbee0ec50ed07f6c0c2a3bf4ef6cbd0ee7ce5b8d6
SHA512 77d5aa45961db57d58733cd2c55a984512b8fd28399f43886ae30e72c55372f9fb21fbe539e02f7941e0e19f0329d950713d37914dc160fc71aa0bede44a2bf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ed5083ec92cba5ebe1186217111cbb7
SHA1 1ad8bc103e2b28a1bc63cb58622a23551d8e4310
SHA256 f341714d6b27e2750ea82228bdc1859fe08c53ac797db553136a8a8772c8ebe9
SHA512 c8b8e8eb2bd51a577d81ed0f9ff14215944e59aa334ee485f0d0d1fcd62cd643cb1d5ed3e9031d0cf3b4f2f56364406448d85fe21a0fe93d8e14d43ec5ad09b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69234c55b2a61a1dbf1e01b6aeb415a0
SHA1 6fe26210dede0e37144d9cc91e7e7a2cbcf132f0
SHA256 8697e89e7a830c4a7c644dfb68b9a72bd763abbb4e6bc79dbca09e774dfc0b36
SHA512 b77e4c3500a3c35bcab0ad0b144fd16ca0f6a81215364a4e9ff32f7c179456eece5523fb349828473539f3cb60b3169d50629d1b6fef9be1481d757a9ba4395d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ced8b835f4b2598fb43764bc9dc7ab40
SHA1 4c413e0d5511f480f2a43d848abdea06239c1de7
SHA256 079c9d53c9dbad058a9b4e35e3bbe70ad83a7a5837f27c59f214f25fd3b3fbc3
SHA512 cf5f84cc83fd8da879d8c9e403ce9d50fa425d487c7908f31e0cc7d8fb6e2935d660188d76259760c9cefdaae5700670bf5a78d66e6e358a5f2c0ba8de04dc51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0ac30b3af5164ba857d0f00a4d94ff
SHA1 cc01fed6de0aa7f9776eb153abd573bc1581833f
SHA256 b3b5e8aa6d5ef801e568b89e4870ddccd8ff847b1ad8dad18707aead912b9e75
SHA512 6b64b4023df18f9e77f26df4a2e0a858585e9ff2c008d8125ebd6e32374f99040e5e41893ca299ebe941fc8b36575d193ff0a7b5f67264acb2a7cb91d4bd2f8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 141935c222b6ad21aa7ce823fd4367a8
SHA1 caeab3bd18677b46e7118a28c4e4fe2eae84bbd9
SHA256 80844e946dbdbbab13bc82a3615c8f87e04f4571906fb5ca2d1d1c2243f65fd7
SHA512 2560360dc08c30873a4853fb24c13ae20a3a65c032aa1a3b8e6f2a4ea4ed802525a428975d819124971ffb941075cbab458abcf65daad7f0a38cc5623001049f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 728b31bd92eb364e7e31029d686b6dab
SHA1 f07feb6f1759ab302fa60d45ee97c1197e1d54e9
SHA256 4275d0ba024bed7810dfcbd7c560fbd87076c451c6f3f89b7c819821b842a57a
SHA512 bb120b846581353ff4372a32c8039e5d653c0784db54c76f944276ee6abea633da42712d01227cf99efa75a9c53d1530aeb1560b543cbd9b8c17a00c7dd426f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c8b301e8ef9bc3873387b21644e08dc
SHA1 20e97eb1d6154284ba8b36d136ca4f2c0118090c
SHA256 e3f2eac00b47cf35b6dbedfa077262ef19cef22fefa4391e6f80bd7944b5419d
SHA512 8d4ae4b7fefa02816b41627a1cc29796a08b0b31b7d6aea600eb3db082c54f4fb316d19c49d036e2daed9b818b3ce4f5d9cb92d8d4669344dd8da0ca20c1537a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c92972f898fd50c92ac085d9ab929b1
SHA1 0fce91a4469dd7975dde7a0b0bdc855a7198308c
SHA256 9af4e6f366b5de06ee58505412109e3729163eaedd94a812dd1fda66676cf280
SHA512 a2e4810d2f6a06b9002f447bd6bd626357f52bc6fa2bb7878eaea506418267157e856f80aa37f9ecbfa3865b1f0b82c9ac089048ab3cfd6a189a429a4fae8203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 252c19f45d08a968c39ee66080ba56cd
SHA1 104bd5e931e30ea9c204f751e7e30a132350aa7a
SHA256 33ab1ea2b86325666bc636e5526381455ab8341da57273a133ef3a9ee905af38
SHA512 3baff2cdd76753d32b59452f001397d33d1ac5a5bfa528750a7d1c1bfb2cb29fcd0b57df58636c39c7a54a1754bf67c56b7794fa9c7063654ad00800668180a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cbcc11dbf4d67dc91a213047428b217
SHA1 7608e6732b70d699d2d206866b1ab0437612bc63
SHA256 8c1a7b3d6f890117445b8965289523e5416cda5006696d43614d1143db30a05d
SHA512 86b506a0059dc431fcada202f9e951d6fbf7cb23c2dde0feff50fdb7a61469b06b15bfd96bfbf08367362f9a167d902f523bf41b57f8eb02d73579b920718dca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45481add315aed49627527e87a842b35
SHA1 c40dfca100c1d769b38df9d3c298059e8984206a
SHA256 8a500c83144e9371c333c9cc76f8af923139afb24aedbd6dc169e63bc059ee03
SHA512 a99fddbe91d8da4d300d06548ea9d01a70f60c5f93090d4ab17431aa7b7dcbc562728d6b92e1e97166dd02bdbfe63cc4101833f915def5270ad726eb32b42067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 832b595fa0d6a1332cc622650f5553ef
SHA1 2025b88e9378501b43fdf6795e76e5c177a20f20
SHA256 55facd022899e60c77c67866f698616ac836bfa161519a56ace7d4fe6c65fad1
SHA512 54d67f4b9e12a973aa8e7ce55043220d75f4a5cff7e766fb059f8291719e27d7d91e09a5fbe083c1207b14352b57fcaf57142267d045beb133a8dbdadcee896d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04007ccb30811918d05d9c3a701f4592
SHA1 cb668a24564e8c65435554bf4c038bf6af2c64ae
SHA256 ebdc5577dc8df4a3c90277461bfb354f351b4acccdf1317bad25e7a0e71dabca
SHA512 be33fd0991d2b8755d71e6c78c7280f52e872004794c7b09016e734d12b8dfca267572e71929341945e7a36d568c5231718238222977363aae38a8933ddf1fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d321574d53ee3966521917b4572dff8
SHA1 0670679327bb3a318a3c29ed0c94ffa54ebce2a4
SHA256 a303472775382f0f80c4f125d8213fe8ec2a6ad59eb240e3c17880ab79ce4f68
SHA512 f4b514b4bbc8bd01016640e6a152154c334560217a947b0f74946ed8d4a7c801284e9b885444c1ed7d8afefe6937f3a373a89450e8c4b1a24ce0649b89aa58f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aeb79b807e3a901cc7a7cfe7c25dd31
SHA1 42d9afe7af10476abb5ed76dec40bdb0c4157166
SHA256 6a147789db013d47849ab7814589042bbeb6f88516e74c15a80d79cc65defc58
SHA512 a978f2f7b7c4a5dbdb9cb96369a3d317eab581cfb6f534cbc8c4caa10c331b8182625473bbcc2d81e263ab4647b9168f8bc8909969767abaf9bd6d2900a8b6ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc3e4807dfdb2dc6c6437935574064fc
SHA1 b608a340a56b0ac46b9910edb9044cd2d34b8f96
SHA256 8e864da46e522862abf465ad66b8a9c942168016b5f016a11cdbb25d8877971a
SHA512 a7f423e2e0348a759317d9a0813dfe317c6851040d96870e734e2057aa61b8d93d32410415ed2fa4578d0badac652e73d5e55dacef0b016a00a60bc2beabc4cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6587640bb539b9c87dfa9d8ad07e3a5d
SHA1 7b28a6a0ed768e12fbf18d8c5f66b7211e016903
SHA256 4654f10e4cd6906b1504bb6ad071d267a30f34d887ca9791aff0423433fd5df7
SHA512 ceaf0bd0362b49664cbc6b90339504dfd9556eb17a7ecd176f13dc2dc50404b5aa539de367e322985729bf1999fb706da7cb675c62a5a8e024b9fa0d447ce2dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1aacd192f79bdcf477ec7828122bff87
SHA1 668991d59852b5fe8184dda575e3bc5d12b307b2
SHA256 6c491aa8b9fabed75dd552a9ab266c9b7361b71976ecec4a48eb12f0b803cc89
SHA512 abfbef0a0d521fa6afadf4112f80550073d6e19f0ad37bf0821dc4bf8a4184c0a33877df735102f78c4ca0ba4fba21e8ae3c013d6e77a13056f3810f71933512

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55b04ce7c0e5134005ece863781435a9
SHA1 2a61c7f0ac5c4bf3e69bf1e51a31c847bb8e9fe7
SHA256 f8b3811d39d36aa4e91a46a6e73b47425e5cd2e00d4b05f7564e0c202480adf3
SHA512 22de923b0a7af415af2e6692d06fa1b38377018c57f0ee68ec18aa6feb3e9f36bb6e1574dae2cc11304ad3d45160e8458b01826fd92ef0cbff84ff09267d9efd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 018e2bed40723a7c94f0181952120c86
SHA1 94710de0f9e690962c6bf4748ca19f655896bec4
SHA256 b2aa3f358200e3a89b349983eca24ab7c6aa18871e9c24c65c7d44cd41d13453
SHA512 9c3e7a5eb71efdc128ba31d7f89d8c3658a5c57813223a72a9dd049a7b08a0ec4c09b994f94274b6eeb836b8a5fd792d556934035bcc4beded9cedf99f656f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42134ab48f75ef09099111426caf35bb
SHA1 a71939f98104c4b7a4c7d70cc4575f3ea1ac4245
SHA256 298fbad51fd25ae0e59f0b53463cf40d73a446f45c311ea3cfae02766eac4d25
SHA512 67583802a0d41781763cc9bd6afc262a787452ee7189ce6f4ed8b0c0de48192d6fa7867f62d9fc109855834d603b64f5a4e62524dbb4f4f00536b35f56d046c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e349b723c6891bf60bf04897f093147
SHA1 6f39c0bef5104b7679f979780bfe899da0e5788c
SHA256 0a9660cfe316f9691abfd6b749ca0203d949ec7b518e2dfeb86e2b64b792fac1
SHA512 1985bc24026c7a26b4637b48d8d566e53429954c15411b642e49b1c9b346018bfb5563944648cb847131c6d218e31c945cf5c0935bdfac78dd6dd2bc965e76b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9122ad1f26b64a5b8532460d88e44c1
SHA1 bc342952791183d6240269919ab5e3113a5aca99
SHA256 6976c763155b27b8c9a99fe96bdb6c64e8d2a96861d357b190598c5b7699439d
SHA512 dfe7abb6283ebcd0d0b2f356d480f5c981ee34f1815484fa7e2b2dbe8de59e9ca509d99665c45df7222dca42c0a5ab65463035388f0c848d0bae6fb2f8b40de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f20273f4587aefd4ffeaf5c07eaec29e
SHA1 f9d81ced9affdb872c665922d2e1b7cf8c7f5a6d
SHA256 a49d1fc0149b6ae9224986f24137b8769e3a4256d0f110b440073e452f7eccff
SHA512 ec1d6c52bbe277b1ded987ed28e239bf41193ef86cf80fba35007383595454997624c62ef05020a62cf00b8257a18873d7d4bc9be12c9e3c6749043413af055a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62cff36deb892249fa95360d898d0402
SHA1 790fbadab3770ba383fc6a035644e1dba33f330d
SHA256 a5728ee59c0293fb376e19d6bf803561cdb4905bd34b1b529cb367e3e580de1d
SHA512 606685a164e076d4fb5c0f85f8d2b39c32460e8ba44c6b32969a74131a993b36f5bfd4968a30ebff7fa8b63b6eea9a11fc3d1262d4405c390ac36c111f9419f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c063a08e9fdcf304b5881a9cda91b5d4
SHA1 b87d474074604b019033567df41104a1a40d8ee4
SHA256 679d18d8ceca53382f20ae1d4237140fe858a788f03298be2f3767125fe2c6cc
SHA512 0a9297f9e182081d22463a3a185021cb49206231d3e80811b0def6d85aac978ccf57668ec8cf53b9201cebd10d2e2addff5562d00a2c30dd5296e99b97c713c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 230f2a7d6718de5a03075a3f5cd7b66f
SHA1 e74fde4be027b17993a3bb81e16ec7e6c041c212
SHA256 57eabf9788f501cb211e31655e44eee58c4a1765c22db63b827d720768f889ec
SHA512 a0459c281d655fa42d223d03620825d58825e6cee112e528a0793a67a8fcc18e8e5fbbd8c762fdb4708b5769a781017f3d6b84e77824d6c68ed16e7d74f12fdb

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 11:19

Reported

2025-01-10 11:21

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4788 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4788 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2dd57d691d99fb0502f0b7dd19fb288.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb78b346f8,0x7ffb78b34708,0x7ffb78b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6084 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b8 0x4b0

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10722468629952837606,14856512247415121552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1244 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:445 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 172.67.218.122:80 www.onlineleaf.com tcp
US 8.8.8.8:53 js4you.googlecode.com udp
BE 64.233.184.82:80 js4you.googlecode.com tcp
US 172.67.218.122:443 www.onlineleaf.com tcp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 104.26.10.22:80 www.widgeo.net tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 74.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 122.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 82.184.233.64.in-addr.arpa udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 54.235.188.83:80 www.reverbnation.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
ID 36.50.77.66:80 kumpulblogger.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 54.235.188.83:443 www.reverbnation.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
GB 142.250.179.233:80 resources.blogblog.com tcp
US 8.8.8.8:53 i7.photobucket.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 badge.facebook.com udp
FR 3.165.113.31:80 i7.photobucket.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
DE 157.240.253.13:80 badge.facebook.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
FR 3.165.113.31:443 i7.photobucket.com tcp
DE 157.240.253.13:443 badge.facebook.com tcp
US 8.8.8.8:53 i41.servimg.com udp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 104.21.70.7:443 i41.servimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
DE 157.240.253.1:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.188.235.54.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
US 8.8.8.8:53 31.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 13.253.240.157.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 7.70.21.104.in-addr.arpa udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 8.8.8.8:53 t.dtscout.com udp
US 104.26.10.22:443 www.widgeo.net tcp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 mc.yandex.ru udp
GB 142.250.178.14:443 apis.google.com udp
US 141.101.120.11:443 t.dtscout.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 172.67.69.193:445 www.widgeo.net tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 dtsedge.com udp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 gutockeewhargo.net udp
US 104.21.48.1:443 dtsedge.com tcp
NL 139.45.197.107:443 gutockeewhargo.net tcp
US 8.8.8.8:53 1.253.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 34.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 20.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 1.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 107.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.21.48.1:443 my.rtmark.net tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.153:443 secure.adnxs.com tcp
NL 185.89.210.153:443 secure.adnxs.com tcp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 104.26.10.22:445 www.widgeo.net tcp
US 104.26.11.22:445 www.widgeo.net tcp
US 8.8.8.8:53 www.google.com udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 d3e6ckxkrs5ntg.cloudfront.net udp
GB 142.250.187.196:443 www.google.com tcp
FR 18.245.175.116:443 d3e6ckxkrs5ntg.cloudfront.net tcp
FR 18.245.175.116:443 d3e6ckxkrs5ntg.cloudfront.net tcp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 116.175.245.18.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:139 connect.facebook.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_4788_FIWJYSDTBUJNDYIJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bf8564f9b60685255c2857ad78497fa
SHA1 68ecf5c39097f6ad29feff1231e45d1f682f9536
SHA256 66f7049e46adec930b4cb2feff0aae964cdc4d699f823616bd9ac297598cbb42
SHA512 86b2103aec980142f31d340d6f2ac4a5a43b5221a80421ddd03d66dbde5e005b9b4d0c59c6467abd946ca68c606c1f310b49867726dd8acbbaed4f609696e725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3e58aea83712bc968464ec90292f4d3
SHA1 fe19f26ccfab263f213c61a175eb29a88434fd48
SHA256 b58d5135c04eba1b17f22286fa39fa583c7b39f87102b054054ad14356586830
SHA512 df257b3c287e5455e19b99ae76cdf950af10cb2ceccd8e45b98e7c8c23d40bde9306e74ad589b50580eaa47aacb6fdeb69edc53e44b967d41144616c3bf9ef9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9510f9e9df302fa01881bebd6f33a307
SHA1 b6a54cdcf7e30c8a78f93e5736a736a95fc1836f
SHA256 fc81071a6f716f317bd5a595e5921ce0a3ba005c48a181efe27476ad28afc94b
SHA512 8ddfc0e33ee7ee4b7811dd099e1f9570004223877d4a49b354f6bef153fc20d27b73da60c7fd04edce7123380c49ddf3f0587e7bd43d1ad8b9542f61bddc49ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38b9362158beed9c6b9c726f22773503
SHA1 872e9895412e832e38ac03f71869e29c2783de1b
SHA256 28c6dcda566d2860a2c31003dbb5452e7085a4c539a69a40b635be42cc9acb0e
SHA512 99a8dc45cbfac839d759271dcfec901ac3f5e0db5e61bd97d55792ac8f0df72067142f7b94005a3321ae3826f057557f78788f3e6254b0f4209feec8a05d0e53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fef9bacab0a57f7c61bcbfc66cc217ab
SHA1 81bd4497ccb22441e5f268cb3b632f9305874009
SHA256 62f1915b111e27874ec203909ba3c02630cb7c8eaa6c02ec68ffe42e7e3eca1e
SHA512 523bef790c9251f102abcddd0510a274ab1f4f2aaa346b8e8a08737a82e34567506963f19ca5b9906ff0210ad216ea3d235a51ea16e40927aa72c8a19e5728a1