Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-zdjqkawmgx
Target JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3
SHA256 26231a9f83ff440979a263925bd856ea8bd029e394fd5b9f72ac608933c7a2b5
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

26231a9f83ff440979a263925bd856ea8bd029e394fd5b9f72ac608933c7a2b5

Threat Level: Known bad

The file JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3 was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 20:36

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 20:36

Reported

2025-01-10 20:38

Platform

win7-20240708-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{831866A1-CF92-11EF-80BD-DAEE53C76889} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3c605b8cc1514b82455712d0bf21ae000000000200000000001066000000010000200000003fd4a30fc1dfbee8e98b64f82e7a3b5138fc16eecd2dd2eb39c31c8686183867000000000e8000000002000020000000d78e9a9868eceb93a3d297b41c833f9b7f7899d0a7a3df413a2f2ec2b6a38e0b20000000e5de985653578478a9a384e8eb5e67d83b52583f0b6f52f110f9b092e268528a400000001e57a4ba742ba42ad67c4c407f3354400bd891ad06573fec38b15e041c865625d8fdd41c5b9326c1fabab8cb1e9633e8e1b68a6059125b99340e7313e9176587 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3c605b8cc1514b82455712d0bf21ae00000000020000000000106600000001000020000000a8c220ff5e3dcc28ce7714912ebb849f05ac16c0e1e0e0fff53e00cf2b4e93f6000000000e80000000020000200000009a84fe910ae15a8199a925e193c928348fd9a3cfd37ad887dcc4db1ce933c11e900000007b1f335624ed5c44f916c2e29953d1502c8069be88b10c78f43327ef99a94e2622c30d4fc34519cdc4140d4fd00e68a9a32302cf428799caf1746b1a1acf942b3ff39c4209292ade3a3592ef1134d8d7ef7f925b2f999671a787bee2c9e79bb0c05802dbfda2a6043af6e5aa7c30ee0bab57319bff5bbe55edbc6685d94b616c52d9d95b940a8ddc6bfeac19248d212340000000808dd4b21530eb8832b8d3743a4f293129e00c30f0c2d7c4ac38816ddd55da24c0f475c540c553e955bb0e97edc96bf4a23c9eae35f071025f9344ac97666726 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442703236" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90562b5e9f63db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 172.67.218.122:80 www.onlineleaf.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 172.67.218.122:80 www.onlineleaf.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 57.144.120.141:80 badge.facebook.com tcp
US 57.144.120.141:80 badge.facebook.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 3.165.113.12:80 i7.photobucket.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
FR 3.165.113.12:80 i7.photobucket.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 172.67.69.193:80 www.widgeo.net tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 172.67.218.122:443 www.onlineleaf.com tcp
FR 3.165.113.12:443 i7.photobucket.com tcp
US 57.144.120.141:443 badge.facebook.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 172.67.217.127:80 i41.servimg.com tcp
US 172.67.217.127:80 i41.servimg.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.217.127:443 i41.servimg.com tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 172.67.150.119:443 arvigorothan.com tcp
US 172.67.150.119:443 arvigorothan.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
US 8.8.8.8:53 www.google.com udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
DE 88.221.110.168:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.26.94:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9BF3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9C25.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e759076640c4ac13b173bb01a285945
SHA1 ace84c4b160fa8e9d4128cb64c16f91be670a32b
SHA256 eee5279fcfd5a9237b8b816157dece96a476bd2b2fde25636f2dc2e0057b52e4
SHA512 d1cb8cac54841a3e728b64000dd9bb735b6f7515d700ef92b87c7c3f2d2c5c3a4ca4d91f1b467c336421efd88dccb33ab8ff59b12d784ae023ee8fe2147d8e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58ce949a353415961bdfc7dc43981d7e
SHA1 73bfcf693e1bee9177b310b73476b0ec12e8f889
SHA256 750f4c9f59e8a919710cb6779f554c55353b608878aad96ea3b3e1d74500291d
SHA512 8ec9672a1b0a6a2adc357c4dbe320011b10f070608e043676f01fa95abf7c532125c48958108084f74f98e4cfee63d2f4c979ec78557feb43d7ca75f9c1e7a6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 918b6f8f65524364424a1bb1e8ff1207
SHA1 e7d9cb25b73d16c53b10584b00b1296eff113cdb
SHA256 99113587049184ab71dd9739b204d9c4896d02ae87f65f185d28bf4771083dfd
SHA512 919414ba5415ad7b4b7a7f65bcdfe2395564f29baf807e7a1c2b3d63e7373f54d0cfe95c2e4d284036b31cab65c997f1820623cdb455b39df5db691db50ca500

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 92b839135741069b05829b07b6f3f3fb
SHA1 f9f5ce1b773f2fe6388af9d48416827e80964cc5
SHA256 4ae12fedbb424da1938e2bf5b343dc175d9cdaafd4123715be68dda9bb2f18c5
SHA512 c229439b8ae1b6760533115e1e9c70a2aa8aec489516c7245c139a6f2961bb5b8f79d3bf67b71e1df725ee2a94fc355974d297edce4b57b4a5ad2d46f4a0c38c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bdc7361e15ace8722f4cb2e4083ee8f2
SHA1 ec42d48b1cfde8fcfb764022f7d94a9a4e5b4fd6
SHA256 a0314dc99d3e0b4955d20088868ab1cb8083a36fa4d69561c82c7635678928ea
SHA512 320266e90400156c18f3a927f89fdecf22f5b08d1de7f6a6bd5bcea49d09ace6ca8258559a165322035339eaa9c23512ece036941e5cfee1e939ddd795a2c14c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5ae7ebf75fd33567ad2e4be6e01e1c3e
SHA1 566b48fa54abd91bb7a60bd446456f9dd7e3ef03
SHA256 e7b6e539a6f29dc88ee2352051043635be31ac46f4c113ebef2ecefaa24963ae
SHA512 06a576c3f701140e0fb9ac370389c11bdc15b54e60340959fb5b035be917e0050a23945b82ea36a7f949163a4547f263be28dc6168c9ba428dd6a784f53e5fcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D

MD5 371f07b16890b75f8723a37e4c78fe72
SHA1 026d701d4e859df466dde9b3efd68b118ee9ea27
SHA256 d61ec2de728b78b9e2254e6fe35469cc8d01e08ff761982e67326e0e379791ca
SHA512 25ad2be6aa11599944f3e92745a15eda33cd51315ec94f58bcbc2a966c3406a687c29123be8b9f81e7a8127e3bfa108aea92509231e699dcc3f102ce5d92d595

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D

MD5 fdaaff306f9908166f3fec130e798df8
SHA1 0ab422ed789b50e706ba69c9f787443dd5e6f9f7
SHA256 4bffcf6a3521fd5825a18d7fe6eedd7549facf2f7953c6e05b81fd3a9bb81a55
SHA512 1b1d4ee0c4d003b072987d0a67efc691f516ad1933b2df5409b411420f33e7692a15bc4b0a4405ae2e558a59effd4da610a49de2cc89785135568bb8ba829e3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_CF0CBB3D0D6F86153E0774F3F89E134C

MD5 3f59a5a454b23c2c79c06554af88527f
SHA1 0493467bdc1d9cc5491200f76610b5b8d47781fa
SHA256 869d9f2340fe6a980f38d328443c5ae6eb1818ce0799245ac20b4bc37efe9425
SHA512 53071c9a07ebe826bd29113fd99de3a25d330efd408986c4386b18f25b846278820e8214a255b2730ab8e53199d01faab7711736e406a0c86fd7d134e552ec40

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\tab[1].js

MD5 8fe8954e18b3eafdb2dcf03b218e88f3
SHA1 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a
SHA256 ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600
SHA512 b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31bb6ff2c24e5887cc6c211c2c45f154
SHA1 c0117a77f003658dffc8dec23a4853db61a4513c
SHA256 385bfba302178690fc337601aca156aa6520ca652e1726e45c281d8face01471
SHA512 5ea8831377519f0769109497fd63282d338752bbe5f31e9a888e042b2c4bdf6f696dac2799d2f2c813c85b0e4fd1a94acd6da11fc8735ecdc842c0b780eb45a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a598196066f46deb6c4dea6b5b71b089
SHA1 b25954ec63c18f8d1c216d89adf4d2220723f0f6
SHA256 38d2ef31951d39ab8d6b491add8816a5d78294074ad96a963bc9f585cfa31c7f
SHA512 40b5692fd5e39e17acb4373cbea0b532b89222ef761dc152a0e5253cd9555785885cb8ca70c5c950c92354f4a59d398af998d40e19f235ae8b3e4596d85b6509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70e7f3b58aa2ed4cb0d1e50d68973a2d
SHA1 d88cf1f44aa130466b095be98e0cee8be9e78b0f
SHA256 ce8b7cadecfb37ab940d563ecc437a0d2007d3f2f4d14fd5187eb5c2007eacce
SHA512 19bb345abbb0bb2afa63476f99bf9d1596b5bbc676b80097828944fcdd0d9b18d7375938e7f252a1ae5641cec93973e186bf561e2c9230a2091626a5b5192793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d400a95f4dc7feac7556cb71dbe25e7
SHA1 45210a8a6f1fe1af6fdee1d2bb5d903966edb7d8
SHA256 5196b1cfd3e19421c51a4ceaf1dd9a47dd225ddb4ff70eb4217d3a0b161f63bb
SHA512 6c8c4d66b4777f974dcd47e1f3213078e8e1c9a3b99c3b1535a10977a568b53a7ff383f13fd992593f015e080941d4ccda6be911d83ff067ac227c5ad7b0a330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46bfbc468b7ba3cc0290824e319ba04b
SHA1 342a31bbd3265ec52554c3c00298da2a44366168
SHA256 41dbc6cd61fdc113ceca424d194f1428dcf900a3c37574c7b36cfb5b8f3e2cee
SHA512 0d7ddad8f782febea80d53c601da558f14aa1573934aa77e444a0b12948fd782bd20c970309d06002eeb20d622b22b95a59337d14016303611186361760a9526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71354750aa60007f41b29cc975b343a6
SHA1 3cbd17783fa853e6de91e36c4acaa37abac9b32c
SHA256 70d6534ccda57b103b6d67116e4392578baeeb788ab12af52f8b07c182754c24
SHA512 1c4cfecb97c7826adc32ee8654c28b5547183f26568089e17aad1f8354e95545e278321ba0131f0308221cd3318b474af7915617c702163161f6633eeaac1baf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33bef24aeff44665a04d2fae890a6916
SHA1 d2abf419dbfa832280ea8c1a3a09bae20cc17120
SHA256 faa24306c9abad7f39c2867df1193fceb52aa2650cab310eeefda87fe03e0898
SHA512 b1432a64e1f34f6966d47973a258e2b61f294e3b1bf3d67901b8a9c105a8e51c392fd26677020753cb068049d12ae21a3e33fc25ec8c91042f00f1dcbf947eb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7af033d6c0966af464b1a0c71edba45
SHA1 09571ee059c242abd621694797fb64733433ba51
SHA256 a6caf0333cc2620a4934fc35858d25297776d0c7db56cd95003aec25831bbf4b
SHA512 a6160b3648f170aa24b7500a9a5815f72f03db186e71e9a7969270787f01f820aa05e9a62eff4e2361f91f1bf10c55a35e6d98650bb8d5b52c7ff87a00e9faa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f557019f72b53a307290795e051318c7
SHA1 5cbc58acfc2aa56e46947cf7ac278098c9f58b84
SHA256 cc2c61586151966723f0db6baf69c9a56aef08da5528a36dcf62f89e46f325d7
SHA512 6ebe83cc31ca240a44617fa1d825c69475398dfbe9850af4ae308a4a4908a0b06df64b9494d56509921925c0ad38824497f98e7e4c999aa4f9105eb2e3ca3faf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8ef1b265b340310ef451fdc2ab75304
SHA1 e4927e740c493417c074ee7d20fc75d3563642b7
SHA256 ed74c88f0b03f52b8a243caac4c492d87bd9440ec0cf2a1c2a35b97eb80e1eaf
SHA512 8b3397abd1f678017adf788d9232cedeae10de714aaf8ba1043f79ad1be23871ca22b32891aafba5dbde0f537090fc33bf9aa9686398457e94a18731a85a04b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a22ce68cf97f3f51cd7f55b766f6efb1
SHA1 a0bd50ba6580f1b27e74b54ae40d4c78cc764667
SHA256 68a60a931b66e67b6035d6c0d0116cd078a8efc2b99d8b4416f505499fe3b13a
SHA512 d1a778340ee76ba86d5495d89003030b3c88888e445927fb3d6cb0340aab5f8946b196da5797ec8dfa43bcbba4c5c892cf6e72f51062a3ceccaea389eea3174d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S57FCR1I\www.google[1].xml

MD5 1dc2fca9040fa8b5814b065129f578f1
SHA1 5802736871352a3d64d1e4b918b0a480a18d173b
SHA256 4e949fee956b1d915da06a987d959c69897eedd171f931767a8489a69d141069
SHA512 4b42dff2c9ceb6b27bb28ffbeec7c7c19193fd6076f3bd99a3ad4de4767eee0802929acbf3ce204e8de1cd09b71fb4cf2a709866604229aebc0c3e71f6e100f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d89f2e6fe8be3a776fb21286b3c6ef0e
SHA1 f6ec9837f2faf0bcb0f1494a8c3577d6f4d6efe2
SHA256 f5a89eb90ad8bd9df16535e36e417d80af30c426eb22757b489d1a22468c37cc
SHA512 4f3012f24fd152e08657108cdb5affd90e089c7fb32cc8870145a7d154bc596ae07f4f9335a673cc2b550e4b7d490d4359f35f90bfedc5a7765c54f5569f5179

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1a29ed1f70bb7bf8cc6f104a695bab8
SHA1 545e175754393c6597a54d926efba279629afb42
SHA256 ce180a956c19900eae18dd9e003a7c4b4fd34f2bf4ba638767ba45f2cd1b86e2
SHA512 3b6abc1c99be182b6548d3a9b0fa587dafb94124795d2564991aed6c4e02f1612db9e718d39c40e7c0fec9f7ac305c15411f99a263a390e6a841d462fcdc3df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73fb5f3c5eb860685d128a7affd51ba1
SHA1 361f6548954576e8e871c1d23479f428fae741d5
SHA256 229c8498469ec2ee9b991b9be0f9f316868dd9e095a021f798fd3685e335ee2a
SHA512 1c1d804be286713dd796b3dcb0a186de3f1e985331d677286a8c88b7783b441358fdb5f04ef9892c8361b28dc7ca41a3bdc2b9eaae509d173e872e14be039fb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b756fd6c367acf1eb6aa8d53f38c794d
SHA1 65b2915ac46b180a15220807172cfe7a60d83b6c
SHA256 cd06421140c69dda05df1932c2b173e35d3b1f1d9a5753fcc0850eaf5f39dde1
SHA512 4529fdbf6e066d8a49acb1b0b595d42cf9cf12d55f99edab260a1d1cd77aae556a0b4c57b885dcc0421aeca650126e28a2da3571100d226e4b468f42f0961c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 767aa205f40631983537f4ee83894975
SHA1 c0a04baa9a5a57cf58154a6f23aa65ef305bb1f3
SHA256 d63be61ad30040b1b05e68c43e411625a17667e27e09162fb95aacfcbf13f5e9
SHA512 fd95efbe2309c8b12df17dbc4763eff55f549cdc5d78f2c367eaaa6006b6c7063155d9a983e305fa736a968edb1cdbb4772876363e246d2031cc1ace4d983772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0069fd4c2a97554b0b371df1107520e
SHA1 a13bc02579c68e6499cc27ae26af878f324e4848
SHA256 e95b42e4f13dd7b9a36ea169ee1fa7790c549fe83b3b98faf50851f1f4412272
SHA512 b91650089c0697fa1e4c95bb1de5c72055869f344686e94e602402ba5e3e4613296ec51227c20c975a5b4cd98b86a50bfd0deaacd978ad0b9f5d9a31207eb0ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d96a740f1a0973c751266609aff91d8
SHA1 5550ef163683c95359744d34feb483f3a8b5f222
SHA256 1e1d6b4fef798b82068a2e097b0a7016ef8b3136fc15d117df6d3256db5c31f7
SHA512 0378ca201d5605cdade538db825a68551567f6337c62dd2675d89b76950939d76190edeceba2e896f3f4d6d8057d1642025bb76be62cd97cc8c4f1a1b2c2ba82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e611163a1a64329519ba975e834c8acc
SHA1 154da24ffbad2af29988a5e28ba73c4cd7bb3230
SHA256 a02c35fe12f1b286a36ec849a90de72a8f022d93804663e6eba17a64051e5a33
SHA512 a49fd5520dfedfde59a887767f5820b0d172fbc55c207da7729de8d2303b0ac7a2826497d90f5046328e167ddd8f25da7e970731732670249b57bcbfbd2cbc14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bddcf4ce59a934c4982ea46679259e6d
SHA1 bc52fb4fd63336b8f37ccf7ea265b011b3226cc6
SHA256 88eb3a05df3b190b0192e5c802ec45aec410187f356d9fbf09f2d53a034a6849
SHA512 4164279bcb0e783d7fd14479e1ea195390f21a00ce8369af455f7e2b60cc27815284296e1e01cff97d73bc248838fb9643e3b5c508c87485173a2c99d2d5dbc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d5ae804c4c2a33fac2e43f05b6e42b5
SHA1 e4428bc468a0d94c28e911d3446357ce7e465443
SHA256 39f688b869ebeccccaa336da7697df0e78026d37cd93829384a1344b0eae55ca
SHA512 fb0436791dd65126692468b93aba4b6ea537816213a31478da6805260ea35e79ce651d5ff592058cfa8e881d2ea9defa0a1343c55f06759eb4f29896c1f2d457

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1090543a2c6cd42563651ba21807a515
SHA1 492a36ba0cfb1733ebe10154e4e912dfd8e3cd08
SHA256 27a3a807b50e188e9ed08b1db269b4700b172a447726a66214920b0eed99ab8c
SHA512 2acdac48d814c715a6c1b25e21fe59c0a2c6c3b1bd02c842785b2be2e6ea544c2c817d64255063a6cc19f7fcec31885cae6448d856d384e6fa8055dfb2af05d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49ca8846d62fde22a3089aa401f8095d
SHA1 6638ee2f4db89378fc21e4ac3dfe7fbe6e240af4
SHA256 0b7b167f32f2b3b7cfc11a57b44e7fd9af7c10d7c1f63c2d2c2ddfa17b8f313a
SHA512 d0a99957c31083e25855d50b01219a5b6970d42a251218329e5a410e2e90191d2575391b2f52fc4c3cfa83b1b87724370c35e59252255e514fef8176a366d059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f216bbb5eade41bc0fb4f4eb30dcaa7a
SHA1 c49e11f59ce4b826fe15e1e3c2ec705b405a58f9
SHA256 ab2aebc90ba78795715a343b919b3a3f3c5a6c9ea0a801ba29c8028b3ff69492
SHA512 c900a1ab0407edd41e84a0068d002a36c7c10c1a409a578b323ade3a857549ddad6e2fdf817c39d0cfa2598fc8b642cade73770de7cb5254c5ab06cc24e85061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8fa107ad57f858be1572a513f065d33
SHA1 8b6a84146c75bf1f1763906e7149652a765bd3ac
SHA256 194f8f94413dfc5eee8d10a4555974f309a4f43575059ebff7ba178210ca24c7
SHA512 d4bef4b9513e8fe466330a02924010c2daf1f4d19cf28b6f74166c2a0ed08f1518867ab75f321820965bd82a809c76408b84d7cdaf85cc591acb6135254705d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a3ea78dc11230f270c15a3c5bb53463
SHA1 ae821955af28ed5322104ca46ccb0688cbf05b02
SHA256 e936f264e90dd2d93a1fac71f3098e8e43121b787dff1171f8b39b6123a6082e
SHA512 d46082632d01748eba803a3549e337dd8c77a2f9fd4a6ddca5e03eb0ec91f96b158afdb3943fdd2231714b06b43d495a1caf3b466b4db9b7fd7f85ba69dafc28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b988b23f8b0d76b4e5aad625754cbc7
SHA1 143c121590a08d2fe2a19a0e59bee0bdb5d4e5e3
SHA256 05b57e52081bf0d1cb7bc3c57a0a91458cc0fe17d88dac1cc2e5a4300879a947
SHA512 ddc9f946008aca88946e6554087b330072b02ddc778fe43213f15423bc931edb83e876f1bdc41c55936014eff673fd9a35d52790d1157b21a5a4debe4bc2fb3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dde7f372a0c93da53c9f71a98d6c1bc
SHA1 8a9ebac013425b25c7db9fea8306d461601cfcfa
SHA256 b69e2bfee7d4d179b02bbd9d6d338ad5b5fd9da517bae37af7b166d39b24e094
SHA512 b012ce08c05fb7c3ba72c12d2e7a7ed77c00e334a449f6bd9e9f812be4ec9d682c026d45360c0b7c338a2050ac4a3e15bef53a210292c0e7420a8bf24a1cdf91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c303c70f7afb697b878b3c6f8f55a30
SHA1 a7661fdc0ca5a4d6fb1e1f47d3ebeae1a129eaf3
SHA256 9448fe9f6bf5e0d09799804c1ba0a0eb67a5dbb554b92776527a40b1d7fd7a7b
SHA512 c5d5e0018c1e4e088f1cf857ade194f0fd08ed4acb26448e7bfb2b11072822140a89e02e5c10774f3bc729a48528ce9d5a6b0e249b3727584b19a722c722dccf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 acd757b1ae30c1761ff91b6f676cffc1
SHA1 c91b4cb61dd24028a8d696ca371e695b80b61251
SHA256 85bfa500c23bfad36c7eb62d6952bf7dea1168fe77d738054cd8370fb5685581
SHA512 c265c4c077654ea16301abd50a71489c1d2b52e601e6441f978ef65ad12d27d93845d8eed4a4abb52375ce52ef935504881cb08cca98171e415a955e66bf61e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95ac50aede95c02308afbcc991981828
SHA1 0736d1f35047480a24ba5eeabc92b227f0fe2ad1
SHA256 12dbb6ed7b0a630a1be2a37facad99069cdaa949d9292d01c3e0cc574a4b766f
SHA512 0c28ca6512cf076bd63f8800dd217a7bd44918d7ae7736b8710c86aa4664f2c8abcf3d7bac5859c3263dcb0f36093eff024eb221e40d12307a02495eb881cd63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 643da44a40a54d0404431716cebd59f7
SHA1 062d4c4a7e253ca5a8e67aa250c10f218918f6f9
SHA256 5213ecba8092dd71a7854bb60328279f29878ccbcbf5c80f9d369d70299b1947
SHA512 6878088d9041bbfb016441df526e707af2982976c50d8f745cc550e243f47dc6b260254cfaa8c67f6da3d71dc581d39aba819f471f5cdb81453d036db7da14f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fef4f4b88949d23679b88bb01630171
SHA1 00b327d50f70637ac24fee21fb8b461a746f2bdd
SHA256 78f39415b337cf2ecd4e8b3e44b3f189d3451cec9aed88e46af5b3261fe7cb81
SHA512 ddeb502d43214b448533c0eb61e9b5259383f3c8d3fa1dbd0be1d733a9620b135643aa50f1fcd834c6bb239b55ae7053331e3db05633d27a06de9f839291acb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 274804a13cc7a6f1e982acc6d2619c01
SHA1 d2c59c390204bb54bd2bb7937ab7038d8845ab34
SHA256 ecb20e29bf293201bae26e44d335696e0780236dcdb41590d0856fb691bdffdb
SHA512 ef887298dfdf850ad438c13fae536cb8a0740740a1c70eefc63b702c69183d86b2f366d6f27672833117bb4888f8ac4cc0b9c1b853bdd32c2ebb5ada8d5b780b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e769c3c27824dc750a6562d62689b8e8
SHA1 cf21c9554fd2be6846531d673762cc40b8e1ff4e
SHA256 e35f08d1a22c18e28827864edb9e106262deb3b94fca0621008f88f3152b8778
SHA512 1995f2ca163699965f3731670d33034c9a3846cde7a282c38b51b52e5687f8858cfa4f31a7d26f3e3412ce989be7fb56de12fd72657a6f6f1bc529deeaeaf178

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 39250bec06503bbb43714e09988f3328
SHA1 3e74c77aceaf2cdcdcfd179e5fb9924116459a87
SHA256 0479fddbf709585554bc611aef5a3ce0f4eb911caf13317c9dee1c513ebb6fb0
SHA512 854ab5c5fda36f0d440ac27ff45a427a8f13350057076eb04554f9195e22343bc03e14f46a316d6902bc6db3085ee7f168850907557a37e490e6e8da52165640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cdec475507e01bcb40abe88640298aa
SHA1 c245242246a971f11663fb7346cac5ea06c5b22a
SHA256 0024f4d018e789310c588c71202c827012cb8bbf6d81912ebfa433c171a72c1e
SHA512 6694a8602cb88e56132f4422f62591212f585f2cd8ed0f9e107442004cc85252ed2a83f6a0f77eb6dfd71851dba660ac40e51815466476b3ca17317fb65357a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ecfbee887b7659d302dd4a2b507b20a
SHA1 4b308932be6350fc30e9e559a706e43d967e8af1
SHA256 6817d3093b938acaa55c0927e03ac261901bdbc497bc5236841e446bef7bef14
SHA512 0106469d57ad64286f087b02bff2f3485ec16dd1aa743a4914abcdae1d9cbd6057fc92ed2055bcee24a26439c3a26a556544555347f801c8ae60046ef32b9faa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 127c2cc5e681b805b906b835415fdb5a
SHA1 8d234414b86582f6029645aed4d577da7e958a59
SHA256 70c63e464b1fa8dd76c1f9ca4fef5045deda501d7fc7d99de47aa4388544e599
SHA512 58559d4371c823fdf67c786f6875aa0e5ae6ae0b6425b40e9b7fae1e7511070c6198361172678aae4f43622ae23a0512379a0ddc04320b97e7bdecfd291762d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2141c18cfed492a6fec9d2fd96046790
SHA1 0b22df65b330725b8782b186fbf7572422ec8cf8
SHA256 586a120cc9d550107c7a04d490f122090e3ccba0a21fc5c0a595fbe34e034f13
SHA512 68c91fb66e64de649d73d18a10f988be96069271036ada9d3428a4edd9b2a6241848f2b3952b5b7b08de319b63468ada44180f975387912e17d5bf72bf87ed0e

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 20:36

Reported

2025-01-10 20:38

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_eda1828e3117e746dbae28ad100f0fc3.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0 0x514

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6333902990160844725,16976971377584778944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
GB 172.217.169.14:443 sites.google.com udp
US 104.21.51.21:80 www.onlineleaf.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 104.21.51.21:443 www.onlineleaf.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.51.21.104.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
BE 64.233.184.82:80 js4you.googlecode.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.14:443 apis.google.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 34.239.206.54:80 www.reverbnation.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 i41.servimg.com udp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 104.21.70.7:443 i41.servimg.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 172.93.107.85:80 s10.flagcounter.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
FR 3.165.113.12:80 i7.photobucket.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 57.144.120.141:80 badge.facebook.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 82.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 54.206.239.34.in-addr.arpa udp
US 8.8.8.8:53 7.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
FR 3.165.113.12:443 i7.photobucket.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 57.144.120.141:443 badge.facebook.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 141.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
US 8.8.8.8:53 128.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.220.184.93.in-addr.arpa udp
GB 163.70.147.35:80 www.facebook.com tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.196:443 www.google.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
BE 64.233.184.82:80 p4r46h-blog.googlecode.com tcp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 arvigorothan.com udp
US 104.26.10.22:445 www.widgeo.net tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 57.144.120.128:445 connect.facebook.net tcp
US 8.8.8.8:53 gutockeewhargo.net udp
NL 139.45.197.107:443 gutockeewhargo.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 my.rtmark.net udp
US 104.18.18.184:443 my.rtmark.net tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 34.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 107.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 184.18.18.104.in-addr.arpa udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 d3e6ckxkrs5ntg.cloudfront.net udp
FR 3.165.113.113:443 d3e6ckxkrs5ntg.cloudfront.net tcp
FR 3.165.113.113:443 d3e6ckxkrs5ntg.cloudfront.net tcp
US 172.67.69.193:445 www.widgeo.net tcp
US 104.26.11.22:445 www.widgeo.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:139 connect.facebook.net tcp
US 8.8.8.8:53 113.113.165.3.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

\??\pipe\LOCAL\crashpad_2372_EMAOEJIMUAKIJRVW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 adce36f20e8174b7eb7ad70f3d40a052
SHA1 43fbfa366d49c5beb648cb5d426fcd8cc47973ca
SHA256 558a883f15dbf950bc2bccba1c5feb6d1bc21ddc4040484b53e1d5c115e6f94c
SHA512 1fa1b2b2c1de215035f988d7278007f31aa30d3a90aabeaba1579a815125d5257e825cf971dc2612134f0ab3c4ad8dfdb8b040205653f21f2bfe954d9483c1c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 3117739648aaff9ea31d9b9002f83eb6
SHA1 3e9d21e65730d58df6b1085305def7c453c5893c
SHA256 ebc7f766e79eacc28034cf2cdf6e21d6c0692bb522471b5cee90e85107c8cf51
SHA512 ee63bd9f7c22561fc9e1a24740f40dc46b26eaa9f9f05f39cb6c80214689a992ac37d49d8abd5f66fd51a58a7659a42e920dcc8ee431e5ad770b547c84a0ec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cd28720f09abb9fa8f2c211405694710
SHA1 e865e374da25a4fc6d5685d7349b7d8388bca27b
SHA256 bac85d4e4d80246b9ce3c522753d9b749c4b67222f3b87c8a3385e391c08a22c
SHA512 45ee66f4ab9da2ead6d5cb62954c87dd411d3eefa7daf65e09cefc4b363077f4a7ccf36b5c92b723ef4255dab77574164a2c5a983d981dc73eb18d274e7d05a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4752560dc4c7e6b9cd2702a8fb8f206
SHA1 023eea29491a2d50613ed31dc96ede1e9a94b099
SHA256 f25448c4306fb9f117f57f08db4163f078a4e2f2dd0f231e99370416a45ba055
SHA512 a61e2d8777e174a1ba285906f44760e027960d5da93321c7eb7e7d3b361007e7a27975813de588f16d8534aa80db394e57aca4047f8050f6ed865a9b8ffd2bb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be69371b2cb7b378cdf4af58673c2a6d
SHA1 ffa2fb0d6dfd960390f886d913a9ef751414e318
SHA256 db2c90609469ee287d1761b3f1586b7142d27f7c06807c06a6ffdcdd8227ffcc
SHA512 88e4b29c41a8de8c2da7aefcae8239ed0eaf114a6ea89dc043f1df78be598c557ac20b86ea89c5d9a8460d91c7d064a2e112d728bd6469418caf0549708637f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c673ecacea27e6ba8191a9ae453d28a8
SHA1 aad42f0c1dc440635af5f12509d18bfbe67ccbad
SHA256 0b05884a76ca85ea66b81ad402f1222ce54c15ce3a00de6524ddac0946403f69
SHA512 c34fccd400acc0df30e97b9ade09d4b892ef942ab4b9fb517748574c693cb8a2015c148944d4b705e28e65be00f6125b4a75312150599764b4026d8f43267eed