Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-zqa9yszjel
Target JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2
SHA256 63750e4a8938a06ec9e5eb3322a9ac926c3fe8828d734a45bbb6c383be8d8e11
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

63750e4a8938a06ec9e5eb3322a9ac926c3fe8828d734a45bbb6c383be8d8e11

Threat Level: Known bad

The file JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2 was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 20:54

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 20:54

Reported

2025-01-10 20:57

Platform

win7-20240903-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000618415fe5c7a114baf45ca3f7378ffa200000000020000000000106600000001000020000000abaeb75aee2579b6b0d50c27ad78cb93798c58078cbe18cd2e407485e3ec438c000000000e80000000020000200000006a968fa7cde68f47538482ab59158a6bda79ebc6b426a41423ddd3fd30e9cc5190000000dc2eb6158d133a50c1291d24af428d6ea14bced79a62c014d749380c0902165029344db5188fb4197b40ece4ea4c67903cbb58f4277f941abe518722f76941afedeefb91f4a8f173639698081be52ee16bed8040274ab07fe7efade3da724324b7c1dc2dc657a615cf2590b9ca31b4f828744b18e53fbbda81e01ab84eaa4217667dea7a2b1e1898c773623c80138ced400000000b1c2f27c350b43f8c733629eb9cbbc8cda136843910e068b0ec1eb1848669d86527d313cb1767dd570ed6cf3050e4309e2063810f9b59d08d22b99f1ba3a610 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cc0ffca163db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000618415fe5c7a114baf45ca3f7378ffa200000000020000000000106600000001000020000000a7653081a89155c060e29d73dfbcfde63585ff97dc3f801f2e099000c7ac95d1000000000e8000000002000020000000bacb013d41583ae02a2ccdd62b882164b1023386c88f965fdc303591bed5bfd320000000677047d13a40631681aca1a8208c111baa976ce92423f9038e7066487c12e37c4000000052ec4af55f43d0472053259d9d248fd3f8d2a68ea8858ba3beac906b694df98a4f5611ac4250ec178e1ebc234db73226aea3ad404f0d99b749a44492416b085e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442704361" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24055261-CF95-11EF-A96C-C6DA928D33CD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
FR 3.165.113.116:80 i7.photobucket.com tcp
FR 3.165.113.116:80 i7.photobucket.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 172.67.218.122:80 www.onlineleaf.com tcp
US 172.67.218.122:80 www.onlineleaf.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 57.144.120.141:80 badge.facebook.com tcp
US 57.144.120.141:80 badge.facebook.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
US 104.26.10.22:80 www.widgeo.net tcp
US 104.26.10.22:80 www.widgeo.net tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 172.67.218.122:443 www.onlineleaf.com tcp
US 57.144.120.141:443 badge.facebook.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
FR 3.165.113.116:443 i7.photobucket.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.reverbnation.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
US 34.239.206.54:80 www.reverbnation.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 8.8.8.8:53 www.facebook.com udp
US 104.26.10.22:443 www.widgeo.net tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 104.21.70.7:80 i41.servimg.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 104.26.10.22:443 www.widgeo.net tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 104.21.70.7:443 i41.servimg.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
US 8.8.8.8:53 arvigorothan.com udp
US 104.21.30.34:443 arvigorothan.com tcp
US 104.21.30.34:443 arvigorothan.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.72.73.219:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2ea82c85933816d18cfcaa88066afba1
SHA1 54c7031047010dcf9f3b38caa45a531a70d6bd29
SHA256 0275028d9e1c2d30b94e9344476af278b92c8b2eae2a38316bdbb5d72ad31a95
SHA512 cb2ac1ebe61144fb15b57998a62840bf392173486266501d010e2f494a5596d9d6a4d0a62c819850f30b58e34c4766a185da5ba7834a60fbf21dd37afc4f50b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d8864b5613612c3bb82d2fc39a2e0020
SHA1 d6dd692e281c992a000a4a96b7fdf106501976d4
SHA256 b6507ebefcd9a9f63bff59b8d39a37b26c9258866fef2474f038685bd2a02e1c
SHA512 87fdb891e06445b3a6c2b8f94df7856c0492fa0f0af5538ba212e15e19ea885dc74055d8edeaf382f6a6a9f6c888b5edfcd63659d49d794124c80b86b8a2b6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 92b839135741069b05829b07b6f3f3fb
SHA1 f9f5ce1b773f2fe6388af9d48416827e80964cc5
SHA256 4ae12fedbb424da1938e2bf5b343dc175d9cdaafd4123715be68dda9bb2f18c5
SHA512 c229439b8ae1b6760533115e1e9c70a2aa8aec489516c7245c139a6f2961bb5b8f79d3bf67b71e1df725ee2a94fc355974d297edce4b57b4a5ad2d46f4a0c38c

C:\Users\Admin\AppData\Local\Temp\CabECF0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarED12.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a7cf145e994dc93a3abf5d3eda108dfc
SHA1 c50b73775c83cbb6c121a491d89f79abb3a2131c
SHA256 7633ae125429b234153bfe6530d75f8cd943391a422910f0a311310a2d490576
SHA512 ae6afb0cb189583f529e12d92b4bcd7463eada8cc95745dcfbfe25734d4325aec78c35cbc12aae3ef207887a13d293432a20f3887629ada2bc6b5cfdfc5485dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3484d73ab26cfd4e7406fc31a94c140
SHA1 576adb041c49ae44b0e117afb911bf6fb9ff9e69
SHA256 c73690a6d04428024f6168522a5e38958ebef5490b594905ae73d3dd127c2103
SHA512 a78d9a7e7861fcd5f845d99fc19492d3909ce60d8feeda8dad42d1da2deffc1a36b53d040702d5e7920c8861278e4f90de647b5b0d817348516b88c1901f506f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D

MD5 fdaaff306f9908166f3fec130e798df8
SHA1 0ab422ed789b50e706ba69c9f787443dd5e6f9f7
SHA256 4bffcf6a3521fd5825a18d7fe6eedd7549facf2f7953c6e05b81fd3a9bb81a55
SHA512 1b1d4ee0c4d003b072987d0a67efc691f516ad1933b2df5409b411420f33e7692a15bc4b0a4405ae2e558a59effd4da610a49de2cc89785135568bb8ba829e3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_CF0CBB3D0D6F86153E0774F3F89E134C

MD5 7aa03e3745d157fcf128f901efbd6a60
SHA1 0d5ef0ca9bedc48cee1d9038d309aac443d392dc
SHA256 85faa97e6feb9e42b77879b94143db1fddd71eb1209b1f5df43c45be1dfe6262
SHA512 1ce6e2f52ddc9a10c591a64913216c6ce175f678e2b87cddd346eb83695ed6bf3e868aaad04a7cdcc97fe45c840c10d7ae6ca52f8a577df59ba009b31ee0b649

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_CF0CBB3D0D6F86153E0774F3F89E134C

MD5 3f59a5a454b23c2c79c06554af88527f
SHA1 0493467bdc1d9cc5491200f76610b5b8d47781fa
SHA256 869d9f2340fe6a980f38d328443c5ae6eb1818ce0799245ac20b4bc37efe9425
SHA512 53071c9a07ebe826bd29113fd99de3a25d330efd408986c4386b18f25b846278820e8214a255b2730ab8e53199d01faab7711736e406a0c86fd7d134e552ec40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c4921e65d982aacdd1daa65904625a2
SHA1 28080963c38c10e97d40f43eae465aa506630325
SHA256 636a4c86bf749236b676aef9d47dad88705aff9469f83f2e080dbf1ee72627de
SHA512 f257e9052b888932b7f62139d4b95a1415334f04af5d2ad06fa6fab53d7a4ec129e3aa07515f66044b94020ecd12677a64fed45c946c36e780a62e5fa085ae31

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\tab[1].js

MD5 8fe8954e18b3eafdb2dcf03b218e88f3
SHA1 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a
SHA256 ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600
SHA512 b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28388ec6ba732d81de3d805b80a18ca0
SHA1 217089bedc89bc56b79ae0cb931c064f3da305fc
SHA256 3d08af3e75204d09c439731c45cfb958f657c1fa92deb57dd1b800dde5a62a83
SHA512 328c38198f4b5dbbe2132263c7300246787189ebcd1aeec55803b562f6cc26fb60a98a85f003ccf6d7a3fe350d4a338081fa53643dd846b17209476c8dbd36e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb29f8606a8a1df1a8e6d44ba4c60726
SHA1 c1dac2c9fc6c49e0b5dc8d40d8e46ac307ae6574
SHA256 abf96dddc3c7c5f1a9766e1d5d5729f86405c13ded4a498ad9a3628c04013ca7
SHA512 874bec8cb82ed4ee5e1abeb0f21e077f5f41aae22e3e3648d2de0ff098bfe33c2624b6ebb682f9d6cc731b0455e7af485b85fa6e0c0e0f4a786919f428b8a22a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25ccb8b14a80a5d5fc4c86880a958169
SHA1 e60cedc7d072d87ac0c3737861052e8db81a4b5d
SHA256 b7a5a0d9256d62fa9ffffbb4e0398602bd1a78123f3a4a517500857210602f17
SHA512 94ca285cf641d0937027285df609e13520501ffc222b1b228beaef77caec415d83cf170c791e18c7fd89409d7f7499e3fbf720b2a65353f09f2b6ecc1294c131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0b532343ed724d300c53780040dd05
SHA1 56b398feb87a471673ce6fcfba505aa2cb111fc1
SHA256 3d2c458f2bb14cf9ea8e769ac7e4bc8641ed3615c408a73f963f9a41e9e5dd16
SHA512 cb1c2373a22dd726c531f6c813b10b229deb1fb61f1e39d8b1bbd1adcea699e0ebfd9baa6b8b3bb8d0577228e38ddbaa6fa783cfce5b45a553ff87245cf843fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a6979dd784f9e3011d7d133ec1eb6c3
SHA1 2e464b270d92824b40c345d551725a08104b1f4d
SHA256 2d8d00e4f5e798bc89aaa49d2448e493de7b88af82e09051fb0b794e0b3634db
SHA512 237b8b7352f14a28a2420871556e3da309ec0cc457a1dae7b73e8454d26466050c2a7aead4b381767c58f8a2f9703a9655e06fa6ffac171e166ce270bdbf9fc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ec66e83447c9b67103a760e614b6527
SHA1 21c1c9f636b80d5ded2ef0218d4ba54102419945
SHA256 f0acd355fbc105ff64b06eb7c3202b20313286927dd9d4ad865ef9e219bd6688
SHA512 90f46899a6d9cb863e03b5b073f1313e07dfd4a3fb3522aa7579310e7119f5bde3fc6eb606ae9b132a3151e12c9d2216176eb964a993075c65c9653894c6f628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9468acb01a0a2eb9472e9121655b8151
SHA1 0248037df01e1b082ad4fabb28f2f843d7290815
SHA256 ead063af3135fcb19455df3f0c8bb592e4b6c5938ba7c23ff455ae215bb10a08
SHA512 c520e36ad5ebcb89b21a00cda260344a1bf0fd069fc537f6ef2164ef9ca77591b952ee8f45cf0d0b07143d20aced924767f51ab0f3604db82831cfd94c73cf93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4ac6ae4763fa4c0fa4a2984976c727
SHA1 2345fa872ab3cf8597f2e06e17345e4332b34ac2
SHA256 50181db30649e38dcc7a062dd12862a226e3dc3a97a850a1de22b75b9c65ac6e
SHA512 e480754815ac6d8294741ee353013f1b3907d42c759c41a6e7fd5685fa9a038ffd350eb2b29ce3caf11753d5e5615b1993bfe7e121bff597e8e54b9c83ecfd2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef30f032babc319bd84e8835beb22d36
SHA1 1825cd1ed93b0048107e48f9322a8b798bda07bd
SHA256 0f3c791f3f2fa6428bc505628cd93f4799eb2e9b8eab9cda481259284ddb000a
SHA512 4bc0bcdb98ac472742cc386c98bc9a61b8907e11b1830add78a290115f062e3fb096998a0226f73b2ce5ac0299ed06e5f2b146c32601b277b66695477a9e9b35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 690ed0e1fd6003a8fc01468faa6c23b7
SHA1 cda62508e3da3bd8b79721f0edeb1fc72ef0ef7d
SHA256 14d205eb62af59452172c11de017273984729672974c8839513539b8ccb66208
SHA512 9d028c6523a777c1bcfd628d83b4a483b0632cdc3e2701e4be1d71e902a5302d771b81ca1c1cc89b937182c4ddac9243d7cb4f299bc3f5165077ec1b68b856b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cee5fc34a1f1a6bd5d5d0f3e378f62c
SHA1 f280a51e586e23a3beb2a8f6abebf53047da6eb2
SHA256 ab7dedb6e38755230faaf357c67ab268958daea274e0cdf06ce6e8dc01469c33
SHA512 7c47ddcc8035a864c6cace08ae4e986954ee38a1e4b188a2d5a3bfbb83d966bda79f092ba2e3d6c459a9dc761933a1c76a27ccc9ea6ed1e8bc4ad6bbf0adcf51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a3e3ec8f232fe08919cfe223bb95142
SHA1 3738b6c6d47a4aa48af764dd23b124623ae468dd
SHA256 451f84a402c18f81653f4d9211c5f725414962d1baffbeacb6d533576ac54100
SHA512 9acf1a8ee947ee913cde2a9a1ee5be66b02d572b04ecdfbeeaf4382d2283035f308075df75c340f899622546e28fe40e12460db88c75715b5aa1bac94ec19299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41fd23ce119ec255e5cf196f3e90e059
SHA1 1e68bd066470d38f3624277322b8e02c01c7f8e5
SHA256 a3acd38ba8132b84b64858d403e727ecf754d30bee8167dce288a2c3a5a141ab
SHA512 7e0203f7ae511c74c740a60d4a661d3b55d7972ac7d343d00485d8a722647b37cf3adb570ff5b2af2ac20f76605c9756c681ea41f97cad6f2080c5c9024481d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0c1c1dcad914e5b094792e99dbd9def
SHA1 4b3afce500329546a46f4d5f56c2bcd5cbd575a9
SHA256 4448ff77d4c13b688225abad04f34f7c3f68b39bf208a549083822ce2d7c189f
SHA512 f4c5c14d3673f2d4a47dca6ce936f4ac27df65897a40cd64f47d11145e65ee9d52fc4ba49a8c8bd4eb63c7adc83a111fb34c7d934da35ddf5668a9e302a0254d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3dd41d82b302ac7c181d228bdb8631b
SHA1 a69913d0503bfde46355fbfca0ba29f87fa533eb
SHA256 1b4ba3becaf345a37e842f157c356e7de74771267df0b8bb71e683344bb293a4
SHA512 def80c9a7f569f74d869600b3e6a4f469e7761f55c4eb4cf94a8ae66920a5ce1d08a0a1f89c065cb641de3bb9c12cd08eb01e5e3059bf6f6129af8f4ed9beec5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d38b49def082e56038d3251d7165b94
SHA1 619842bebf129db3aa3fb1f52ce2d45f03836048
SHA256 3cc34ddae1a17aa472aa6eb769dcebb7c0029a110ed04dff428b2aaad7ec38ac
SHA512 657261dea8d542f31729aff3bd4212322a71d82d1152128e09a51436df3fd1abca5d992fb3c2b9567df7becad3bf4cbe58853877f0aa88559e8d373987f33bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e46a3bfc7eed5e65a189d3ddf328f935
SHA1 859895ec47ed3d6628a4e6168f1c6a013805124f
SHA256 c6794a6d89b58629556e17aebef441c923d5ae7c314759b981a1a085ea1648ff
SHA512 9d8f38a330b032b2ef9b51fd9be09d72c0ae9f273954e0cec79a17bc1bb7a9fb4d93aa4104d90afda968486814c910fc1c182e6f0acee92781be3b8fb810ed20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad9952708cb467b90824b5fe03b6a0d9
SHA1 8f6bc13c1f4293da8030ff34226b35a32dc30b2a
SHA256 dcec1d0f46f1d7619f3effe5be5c59f6e3fd495e98af544bd59e0df58fd98924
SHA512 f83202424fc4a4bdc5fea4a258f6251611653ab0864ebdccca5c8428eb36f6ed03fd3b306dbb40266e30c227c24793d8c1dc0cc0cbc45abb11fb88e1c7d98aea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85ec596760a87fa934b4ec2640306c22
SHA1 b1fefa5e4965df73db828c010b6283eeb71cdb38
SHA256 2699d95765d9bede8708432fbd984294795d1f38358c280bd3125df0d2ae6caa
SHA512 10f9cc27fc2b3d9cc012125b80d033e56b3d0493ee827fbc64e1af3fd2cd8a9602106f824ccc0bafc1b5c80e396af6206ae944c64e5a74651fc568981766489d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91387e245da2759b9e500f1827bebbf0
SHA1 b51b0e6c449ccf492e26129fa9e6c7a144f2e161
SHA256 df6f2fb7d42bac103d4f1421266656e85892c2f643300274093a7a655731250c
SHA512 79c0a1b0931c44108db48cc4c4817f84b5e9ca43f7cf1a7c8903795561b14dbc888302ce187244b53f957274c7364d31256aa4c6287709c2157cf87e60300510

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c7b257d13dceb4f9e42459f38d0993
SHA1 c8229eaea29f61b83b88f4cd0263a4fdb7f879da
SHA256 d22fed49f3ba85b491aa688381c19fe9f7d5e10d95a7a4538dfe7c240ba626e8
SHA512 a647fdb3b6a23c1444fa6331516e44593a4704370bbdd91c6d1c7209fced09394fc554380ac276f18aab9aa61189208e0974585b13364a8e66a92cb61444c721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19ae1ab8350f1851a97fd5c17462cc49
SHA1 3ca8f41f1bf8097eac1b124bd2f66a179e8e670e
SHA256 c8653636c1559ce8536fc966ccbe1273cf807fd862af05afc22570822b237346
SHA512 008ba37afe50567ffbcfcdc6d7daab3b4fa6d4fee0a21923210ec36f47245f262d648ee50a1541c8ffe6843d54e618c0ca4bfc5338b91e863fc0344ac3ae2d63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e19e330ed62c4f0e925bfacc73ad4569
SHA1 762cd342932f580ad1ebe314f56899edd5239874
SHA256 5b4c5fd9f2c542af00ee43c7c50af500f39edb5b5e3c0e5d294f4808e40e9231
SHA512 0de24c6765cd0c08a91699d71062a5633436059c2fe85f12469107d80b7aa2398fa10c0cd9da79d60772df23053308ba59e8c803410562b88a40b0bbdac98f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a157affab79eae711dfeb786581510fb
SHA1 798a312e1773ec52d05608e8bad11f5433df1404
SHA256 e174383fd6e7feed5c68cc540b3e1ab859c1b3eb0ffabcc52e7e5019d77bf18c
SHA512 ded252a047aa3e2f7721a7b48b8a8d4d37807c8047075170976849a46b3d37d043597897f508158c7efec77143ff363b2598775f1297a4f1306859276d83d890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c629fa5ee3e257d0f5d6101e0c8e258
SHA1 bf3b84b40f04f78dcea68ca195392817d14e8eb2
SHA256 f995a403e8b0b44c35b04eacdd1d57792ae76c617a78f31fdda2964d4d66834f
SHA512 4218558ed99bfc4e69956a990bb9eb9b72833c07bb90f83457b1fb0cbb0cc0e25289db3cea47fd3b87de008747eb35412a544f81b2ff39b11afbebf8681a2dfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2228d7b7bfc0e72b46bf7fb77816d50a
SHA1 f4f238a8353e26f9cc5341724312cf677bcc5348
SHA256 8130c443c566696fe7ec423807546c88f805375cebc96557756a6a20c7885cc5
SHA512 91c5d5aaf5a799b95c20fdb81694e7381d982e7dc6b00a1ba9f09fb2facc35c58e7fcbc76c6c84863f55392d5d243009ee551d212958aed1782ae413cb3afbbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee48d417b59f8e821dd967db9930b715
SHA1 07a54489fd8a0576dd9b227d50529968a39b0700
SHA256 4dfa08f86b499e91f7a81100e901011d4444e06573498f51c491d394dde6d67a
SHA512 d63a2b8352230c1a837d393c0e0a295a6dd235139cc70e0de302108c69da80f6ca63b113fc1ee13df980691f49e921cddc975ae5d7ddaedcb275e690f5f09157

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e17db959ac0ab9a1cdedbc7e138bdf
SHA1 fcb95bb36f44e15660277546cb0a85c018b8115e
SHA256 5fc839fa1d42e312c59a7ff01914d1ff1f8d027f8f16af72e53fb8509719e79f
SHA512 95f88384887443aefd704fe40eb87faa6af0d8b1ca9fc58ac7c8a698843f7e5b46bbf784163d4f8172dc376eb4948040d85a3ff0adc69c0b7996091ce156a479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fd95a5a09fb6230b5ea31b05134841b
SHA1 452fdcbc8e915cd88c8eef4c20d4666664e8c614
SHA256 9eff304c084ce0893703b7317b80c4d4ba159b51eb5725d0cdbcdef1dad4f2c4
SHA512 506403d364486cc7f31f3db23cf25bbd3e8b838e5e1af1283371e4cf3e3575fab774061cd5893e60ca63f45ff15b8393cbd308c63beeb0ebe96470806f1fc2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15d58244d334e105815ac3db79dda545
SHA1 0adb2f5b0f7c1079ab4357ed896860ed1f2ff41e
SHA256 f4d0b7e277e4b71794820b8053799e08baae63464925369c44d84c02cbd90f12
SHA512 ac9ad576b459868fd409b6b51f3fb544b0c8b4ab220d80835bba606b5e60aa14c68d9549856f2104a4e48f2286bc656353c30ebe02a671913bfe186131101de0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b177d922321fdb8c592b3e5dc36b12cf
SHA1 fdb6243424f51d7ee064a8d82022bdcc521420b4
SHA256 c0b8f99c0aa0fd8cf7bd7bfd40fba7bed2d8fe07df266c36c8a895b0316316a8
SHA512 3e7b5623ccc0210b7ce08a9f69c16e21ce1f0322d8e5a75aa7cca748c34d84ea72f79ceb1e032f77fd089343385552c925896d158958a782af07a06a3781cd79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ad0a5535695c7f65957efad941f581fa
SHA1 231e9fa8a29f2ca3a29337a3fd3c0c33354dbcfa
SHA256 b00fddee158c411e73acacb0adb964dc80b18b0ed0b7328db2685f67938af36f
SHA512 225c07ff10ebcc89400ef1ff209905a378e6410fe4aa849ec0bba553857637a55e67c443d402712d71512753ccd61caafe8e4cf07ec3ee4023b4656f8e98c942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c922e1a35b4dd8f314b0cab092dbb8c
SHA1 525a08f0fa6a5e1014b6ba71d4b97ed90e4840f2
SHA256 04fa93aed55530c4aab1dde0b056c684e53cdc443002169b93d210d6f342e49d
SHA512 b1d10b95f732684a900f4d264936ae3f569acc3401168d9e6b38dae7a0e55219e99b67ad09d5211242eb24c6b44ad758e774cadc6bf270296d7c2fdf700a3eba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2ff88029203eaff0d34a516d0ec1b8d
SHA1 6e60cba19cffe2ad9fd9f2508ca44004e3065b15
SHA256 b402bc1eb2a6b01fbc03bb28ee3e33a68e87bbbbb62bda4a82ae4c7171042323
SHA512 ffd20d7c95cdce170d2e4567a1c12dd8e4c180c94b795d07e2c77844b6e2c99fdbb061c5757a7300a91980e977c36fba0a5e0c086ad5602d0d75b1930452f505

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61ddfb84294a66ec5aecb2ccb5bc43fb
SHA1 4824110aeb208ab81151ffc2fb342c087ef08b57
SHA256 fecfb6a16fc05d9443cde17546a625b0f6218a2bfbf2cc08ea0e655dec938885
SHA512 967ee09016ff65be1fb2d611552bbe034e67fbf9d8f819644c1fbfa01fdd565002d78c6ade0a3af2fbc20b7617628d67d4cf7dd18776216c552cb9d2dc781b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d877e2bc1012c7553cc5dd753b07505d
SHA1 6330f49996adbd1ddf6ba1f57e7548f97c14aa6f
SHA256 d0b68e9832b4b33906eb9cb68e971d068764a6898b1e50e7dedd34f101028f04
SHA512 b0cade3ed7d29ec1f2da3eb50033469d5e001f647726a939f4f3f53afb436049f6d93f3e3a7a46744cdfcb2d03ab33d8db24c5076601994bf1c3e7ab17d2972f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 526f8e10bdb5697e7344327ff9b95395
SHA1 4f1518b9b8af2b1f9b62f5288d483efe49f88637
SHA256 83ed7f2dfb28b274e30ee9f1bec94285c4e27b4b9f1f7d7960de389aa040abfb
SHA512 3fb3b5469b0e68d7f664b8b9988f087338a0bf12a400b19b3e9d073002fb2f0120ba8b01cd091c69c5d71751a27bef787e09f34aeb579b54ff77bc2e71f2b503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38caf834e29df3c743ffc2ce9494ac75
SHA1 4bfc992fc7262f31aea4c7b0a0e0a45002857d8f
SHA256 8bac173ae14e2ff74499f1bac1bb1810aab8cb3293061be11174aa4722c9f701
SHA512 3d72421b209b9758b43c105df243e472b0e4bac2fed7f5c2c9176f18809f9c444e26bb189c11127f8d7a746209cf60511c55fcccafed53972c53d5fcaf5a41ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899392efacc1f851ec93609441d2d868
SHA1 3e849d6b2177872b71464b2e50ed5eebc06a8691
SHA256 72aa491eb35170c21c31530a01d9fe45b485e8e4598cdff93f467797348f1255
SHA512 f3bf664fc5df5d39491c8d5524c36b62ada8f935028bc8693624dd94df7f63be73b8e784d904813b5d66f41328388695672575e2c68e854ce5ef7757460f1744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3899cfec71e06a62aaf40a66c01d42f
SHA1 122127bb9637f16ae2e228c2c8152c524c5330d8
SHA256 abee6d708f4223a228c0ca4cf268d057cc903329bf8f39e8b38e1db5b787c363
SHA512 2330d7144d1c86618e06b4e37e4ae8d74d5b3df97b6e1f7f5463ae3d11ccc95365682b24866d1b02a5482e852d5d0778ff36ded1307e1726dbe5e26f1bdab1dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eddc6558cf1f3ed41da6e525636b309
SHA1 bbee2c18d4266fe299b4115e649ca661d0df1a5e
SHA256 25197e6eb110d77a27e2ac2bb71a1404a97ad2dcfc89d13ed40f287840339dcc
SHA512 afcac531717c3d02004778eabbf33b127f73d8c377e831b3825613e17e71d8374ce901d0c470c17f593c17cf6f7da88d8bb2a99bbe9427dba94f73c1dcfb7197

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 20:54

Reported

2025-01-10 20:57

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1500 wrote to memory of 552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 3176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1500 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ee0620eade116377e1a032ea43b8e3b2.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef9cb46f8,0x7ffef9cb4708,0x7ffef9cb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408 0x4a0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10819908560436022796,11147462273823707020,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 www.onlineleaf.com udp
US 172.67.218.122:80 www.onlineleaf.com tcp
GB 172.217.169.14:443 sites.google.com udp
US 172.67.218.122:443 www.onlineleaf.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 js4you.googlecode.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 64.233.166.82:80 js4you.googlecode.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 122.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 82.166.233.64.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 oktri.googlecode.com udp
US 8.8.8.8:53 geoloc1.geovisite.com udp
US 8.8.8.8:53 masterendi.googlecode.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 p4r46h-blog.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 34.239.206.54:80 www.reverbnation.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
FR 54.36.176.112:80 geoloc1.geovisite.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 104.26.10.22:80 www.widgeo.net tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 34.239.206.54:443 www.reverbnation.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 s10.flagcounter.com udp
US 8.8.8.8:53 i7.photobucket.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 badge.facebook.com udp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 96.43.128.66:80 cur.cursors-4u.net tcp
GB 142.250.200.33:443 lh6.googleusercontent.com udp
GB 142.250.179.233:443 img1.blogblog.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
FR 3.165.113.31:80 i7.photobucket.com tcp
US 57.144.120.141:80 badge.facebook.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 172.93.107.85:80 s10.flagcounter.com tcp
FR 3.165.113.31:443 i7.photobucket.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 i41.servimg.com udp
US 57.144.120.141:443 badge.facebook.com tcp
US 104.21.70.7:80 i41.servimg.com tcp
US 104.21.70.7:443 i41.servimg.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
BE 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 54.206.239.34.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 22.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 31.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 7.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 57.144.120.128:443 static.xx.fbcdn.net tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
FR 54.36.176.112:8080 geoloc1.geovisite.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 104.26.10.22:443 www.widgeo.net tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 104.26.10.22:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 www.widgeo.net udp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 141.101.120.11:443 t.dtscout.com tcp
GB 64.233.166.82:80 p4r46h-blog.googlecode.com tcp
US 104.26.11.22:445 www.widgeo.net tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 arvigorothan.com udp
DE 37.252.171.85:443 secure.adnxs.com tcp
DE 37.252.171.85:443 secure.adnxs.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 172.67.150.119:443 arvigorothan.com tcp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 128.120.144.57.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 20.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 gutockeewhargo.net udp
NL 139.45.197.107:443 gutockeewhargo.net tcp
US 57.144.120.128:445 connect.facebook.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 d3e6ckxkrs5ntg.cloudfront.net udp
BE 142.251.173.84:443 accounts.google.com udp
FR 3.165.113.113:443 d3e6ckxkrs5ntg.cloudfront.net tcp
FR 3.165.113.113:443 d3e6ckxkrs5ntg.cloudfront.net tcp
US 8.8.8.8:53 my.rtmark.net udp
US 104.18.18.184:443 my.rtmark.net tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 172.67.69.193:445 www.widgeo.net tcp
US 104.26.10.22:445 www.widgeo.net tcp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 119.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 113.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 184.18.18.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:139 connect.facebook.net tcp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 45.89.16.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_1500_UQSOXGZGICRSIPJT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef7a6d65cc1ec2880e66362250f3c1f5
SHA1 99134eda4dbe86278903b9968da73ac52f86c801
SHA256 69d77aee636c94bb2866ea066fb27aa188108b2f12307f51fde515dde0decf72
SHA512 cd3046bf6bd15880fe80643e4feb82c7405ba2e9a6ed5ca376554d93749e47d5a4a0bcb948c6797f58cb358c3e4ab2cad2f6b2122684d13d1364fab926f79375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 07f3c09eb2921c5c53c9359a6c4efa77
SHA1 a834d0b469cdb874f079d39ba51f28ecc5e3c66c
SHA256 44bd8ebe9431627641cd55f95660ca606c90e287b5c6e69f29367aa4649cd45d
SHA512 4ce0a875bf0460c929379d5be681d796865d12b6ac9663025cee1d50b3b87dd3a2ee35a3a76a8072cf82029c6f892e6b841cadb7da8dffb5c2c44592ac538045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fdba0728b675c9cf0bff0989f1376c2b
SHA1 381563fb0bbf652ad3075c9e995f75140db50f29
SHA256 6a9bbb958c8377c6995fdb1c2fbd8533e8b15da51a1f1ae7afc306e415c6ad08
SHA512 4f4619d6068415afa4555569c78fdcd2c7dcb0c5d2446dc536c7c3e8f5a75264e2ec29f359122010e55966ee9dc09160807618f35e16da7d4252782da592ebf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70cf91476338462f1736c1055ca0491c
SHA1 473e7ae0e944253033d578b715d0eb79de8c9af2
SHA256 77ecdb3f9051a3ee5d54f7d0a8f3678be29033e9d3d9c7e921efb473b864d55a
SHA512 5188b94ac9e5a8b731f1e9a17ed6619846cb1cc91626a73c77d857995731e8716962babf47378a0ea70f03d4e0aee3e2eb801456a25a69345257c001b6d20d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c6053e74f86e588e36e8a008c362c7e
SHA1 5a503fad7a04c29c187e59f35366106e9f752e74
SHA256 dd8a4a1baab88add6abab5a709635db40462bbb05925dd3b3fbafad75ee4dd0d
SHA512 bc4c9defeee4b4b87bd1b44bb310afdcb5310d4fdf6a723b0046bd8a908615be6b736e0c5b4bbe86657fabf2d74676345fa99795d7a8aad95859c57bf3109fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6302602fd054ca61a99c2652c3b4ec99
SHA1 4d87eed16a1cdf746faef24657bb9706a13abfcb
SHA256 3ceab8d07bc8252a39100bd0c38cbc282b618cca0526bf83c80c058c817c61b2
SHA512 a89b420e17de6abdedb389e8e1d8dc03b54981fccefe38383c3e2952db73c5b5ae26336122e13ab6ef3d533dfead9f914357c842654dbdd65620f0c2cbaacc49