Malware Analysis Report

2025-03-14 21:43

Sample ID 250111-mxtcwsxkbt
Target JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b
SHA256 22407dd7400b1661492bcff15d52e0faad2338039b64b053bbd29e5e49b85f76
Tags
google discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

22407dd7400b1661492bcff15d52e0faad2338039b64b053bbd29e5e49b85f76

Threat Level: Likely benign

The file JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b was found to be: Likely benign.

Malicious Activity Summary

google discovery phishing

Detected potential entity reuse from brand GOOGLE.

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-11 10:51

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-11 10:51

Reported

2025-01-11 10:53

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html

Signatures

Detected potential entity reuse from brand GOOGLE.

phishing google

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1172 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1172 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6772 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 elmubarok.googlecode.com udp
US 8.8.8.8:53 files.main.bloggerstop.net udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 64.233.166.82:80 elmubarok.googlecode.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
GB 142.250.179.233:443 www.blogger.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 adhiprimanacomtwitter.googlecode.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 sholeh4u.xtgem.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 adit38.files.wordpress.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 57.144.120.128:80 connect.facebook.net tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 151.101.2.137:80 code.jquery.com tcp
GB 142.250.180.2:445 pagead2.googlesyndication.com tcp
GB 64.233.166.82:80 adhiprimanacomtwitter.googlecode.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 192.0.72.24:80 adit38.files.wordpress.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:80 resources.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 192.0.72.24:443 adit38.files.wordpress.com tcp
US 57.144.120.128:443 connect.facebook.net tcp
GB 142.250.200.33:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.sms-online.web.id udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 ilmuphotoshop.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.14:443 www.youtube.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 128.120.144.57.in-addr.arpa udp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 24.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.158.36.54.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 adit38.wordpress.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 s10.histats.com udp
GB 172.217.16.225:80 lh4.ggpht.com tcp
US 192.0.78.12:443 adit38.wordpress.com tcp
US 8.8.8.8:53 toolbarqueries.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 siteexplorer.search.yahoo.com udp
GB 142.250.187.196:80 www.google.com tcp
US 104.20.2.69:80 s10.histats.com tcp
GB 87.248.114.11:80 siteexplorer.search.yahoo.com tcp
NL 74.125.143.103:80 toolbarqueries.google.com tcp
NL 74.125.143.103:80 toolbarqueries.google.com tcp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 search.msn.com udp
ID 36.50.77.66:80 kumpulblogger.com tcp
US 8.8.8.8:53 siteanalytics.compete.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 seodigger.com udp
US 204.79.197.200:80 search.msn.com tcp
US 166.62.112.193:80 siteanalytics.compete.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 42.168.152.104.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.2.20.104.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 103.143.125.74.in-addr.arpa udp
US 8.8.8.8:53 66.77.50.36.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 193.112.62.166.in-addr.arpa udp
GB 2.18.66.177:80 www.bing.com tcp
US 8.8.8.8:53 static.domainesia.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.26.15.183:443 static.domainesia.com tcp
US 104.26.15.183:443 static.domainesia.com tcp
US 8.8.8.8:53 s4.histats.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
CA 142.4.219.198:443 s4.histats.com tcp
US 208.115.240.124:80 seodigger.com tcp
US 208.115.240.124:80 seodigger.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 104.26.15.183:443 static.domainesia.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 104.20.2.69:443 s10.histats.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 142.250.179.238:443 play.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.179.238:443 play.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 177.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 183.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.219.4.142.in-addr.arpa udp
US 8.8.8.8:53 124.240.115.208.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
ID 103.234.210.227:80 www.sms-online.web.id tcp
ID 103.234.210.227:80 www.sms-online.web.id tcp
ID 103.234.210.227:80 www.sms-online.web.id tcp
US 8.8.8.8:53 adminrumah.com udp
US 8.8.8.8:53 www.karpetmasjid.id udp
CA 142.4.219.198:443 s4.histats.com tcp
US 8.8.8.8:53 www.histats.com udp
US 8.8.8.8:53 227.210.234.103.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.11:80 e.dtscout.com tcp
US 8.8.8.8:53 dtsedge.com udp
US 8.8.8.8:53 t.dtscout.com udp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
US 104.21.112.1:443 dtsedge.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
N/A 224.0.0.251:5353 udp
CA 104.152.168.42:443 ilmuphotoshop.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.11:445 e.dtscout.com tcp
US 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 yzufy.blogspot.com udp
GB 172.217.16.225:80 yzufy.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_1172_KRFYPXFGJNOFHGSI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ca8ad475910ede616718e6b79e45508
SHA1 b58435b627595c4508e30ecfdefd7383a1a2780b
SHA256 e767b46266bcd168b8c7d84b4efe6a6832319e1b3372311174dbaf377a398a86
SHA512 7d75c8e831b5decc401f397081515679a3d4431a10adb7f2e685a2ae687bc5315db7d85daaf7245f4dd4e7a5262333f37034a6ee4f12b9429e43d43b3799f01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5a2b57923c35725a604273f6dbbe587
SHA1 4f2ddbbfb0d8c1251e385b702f4e62e5732ee427
SHA256 c1191722bfad58827fe068e08e82633b525e482480c94f57a214e181e998aec6
SHA512 f22baf007a5d562123c39ca34d1bd965893b93708dfe0223cf9e941ae13900147e126e5c4b02f14ce67dfa9b08d91409b15a6bc7751adcacf7f8b8a746f3e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21f757613ff3c54b25397730be364b23
SHA1 d797c4c1d36d831681aaf0eb22272a3d1b66d4b6
SHA256 88623e45d499221275e2710451670ebf0e75eef90d321d71fc43e15dfb5f4424
SHA512 a85451aba4f5bce2322754f10b9545498dcd616821b58409ac007917c1e931870a0683ceb197a67094bf097f62d26abc1eaefd00a4809d93e40dc82def6d4f72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0472256460a32cc38ff3e1450ed93e30
SHA1 fbc21dde55834f0763e333cb215d04d8315f9db2
SHA256 93d4ac6ec254ad70797d911401bd9dbd9d6dad7eaa718c8cea1c3fe45dde957e
SHA512 5deae1c74d398578df55dda63efcce0b11b0135cfeaee94a509b98e395c147464517677c183f5c07f3a1b75ac6d0f7f463750b07cdf30f3084b5c1a6b7eb3a5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e2c06f7bd0b8d00c2e3253eb820554f
SHA1 0a96bb9e17c17257dd07830ef2ef560ce68af9c0
SHA256 042edb61b3a4d9790f3cbb60582f94130f0034d3390070797526a1643fb783b5
SHA512 1d3c7b01f0a0b4c9c740c9b61e00a224d4165d1248e996de5097604e7ad950d3f538293d0aaa0dad3d51055ab13cdec68fcf1cff86249a4f8d386a0a2964e7dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1c152f7b1f5791d30073e48ab5af2bc7
SHA1 11f26df1d4b2d6e820314177587d8cb2f8ea78a8
SHA256 5595eb7993d08c74a2411eabbd68011c50308e67f6d3fde3d314ac322dbb9805
SHA512 5e02b1550cbbdfb9f850ed5893e8385df80c9d1cebee90ac67ece92d27d790bb384180f65833704e94273a3e27d48ebc77bc121ec4502e8e3559fd2a8227f246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e433adb75dc19bbe74fb904e08feabdc
SHA1 e824c146581a30254a1abbedae169700124336db
SHA256 e7c6dda1cac063bab1f9eeba6d65a1668cfca243ed331b2e398da60b914da699
SHA512 f874e5db32b5de54c712999629ad17bc5bd759221c2a578ac0089f9e28a69310606b562a0a1a0dda139b31d55bca69b4e50563ff61ebe5b08904a2ab79c7b2b5

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-11 10:51

Reported

2025-01-11 10:53

Platform

win7-20241010-en

Max time kernel

69s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html

Signatures

Detected potential entity reuse from brand GOOGLE.

phishing google

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sms-online.web.id\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442754537" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F625F321-D009-11EF-96DD-F2BD923EC178} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id\Total = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sms-online.web.id C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 elmubarok.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 64.233.166.82:80 elmubarok.googlecode.com tcp
GB 64.233.166.82:80 elmubarok.googlecode.com tcp
US 8.8.8.8:53 sholeh4u.xtgem.com udp
US 8.8.8.8:53 files.main.bloggerstop.net udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
FR 54.36.158.42:80 sholeh4u.xtgem.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 adit38.files.wordpress.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 toolbarqueries.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 ilmuphotoshop.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 siteexplorer.search.yahoo.com udp
US 8.8.8.8:53 search.msn.com udp
US 8.8.8.8:53 siteanalytics.compete.com udp
US 8.8.8.8:53 adhiprimanacomtwitter.googlecode.com udp
US 8.8.8.8:53 seodigger.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.sms-online.web.id udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 192.0.72.24:80 adit38.files.wordpress.com tcp
US 192.0.72.24:80 adit38.files.wordpress.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
BE 74.125.71.106:80 toolbarqueries.google.com tcp
BE 74.125.71.106:80 toolbarqueries.google.com tcp
US 13.107.21.200:80 search.msn.com tcp
US 13.107.21.200:80 search.msn.com tcp
US 151.101.2.137:80 code.jquery.com tcp
US 151.101.2.137:80 code.jquery.com tcp
US 208.115.240.124:80 seodigger.com tcp
US 208.115.240.124:80 seodigger.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 87.248.114.11:80 siteexplorer.search.yahoo.com tcp
GB 87.248.114.11:80 siteexplorer.search.yahoo.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 166.62.112.193:80 siteanalytics.compete.com tcp
US 166.62.112.193:80 siteanalytics.compete.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 57.144.120.128:80 connect.facebook.net tcp
US 57.144.120.128:80 connect.facebook.net tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 64.233.166.82:80 adhiprimanacomtwitter.googlecode.com tcp
GB 64.233.166.82:80 adhiprimanacomtwitter.googlecode.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
US 192.0.72.24:443 adit38.files.wordpress.com tcp
ID 103.234.210.227:80 www.sms-online.web.id tcp
ID 103.234.210.227:80 www.sms-online.web.id tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 57.144.120.128:443 connect.facebook.net tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 57.144.120.1:80 www.facebook.com tcp
US 57.144.120.1:80 www.facebook.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
US 8.8.8.8:53 www6.cbox.ws udp
US 57.144.120.1:443 www.facebook.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 8.8.8.8:53 kumpulblogger.com udp
ID 103.234.210.227:80 www.sms-online.web.id tcp
GB 172.217.16.225:80 lh4.ggpht.com tcp
GB 172.217.16.225:80 lh4.ggpht.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
ID 36.50.77.66:80 kumpulblogger.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
CA 104.152.168.42:80 ilmuphotoshop.com tcp
US 8.8.8.8:53 adit38.wordpress.com udp
US 8.8.8.8:53 s4.histats.com udp
US 192.0.78.13:443 adit38.wordpress.com tcp
US 192.0.78.13:443 adit38.wordpress.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 8.8.8.8:53 static.domainesia.com udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 104.26.15.183:443 static.domainesia.com tcp
US 104.26.15.183:443 static.domainesia.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
NL 88.221.255.177:80 r11.o.lencr.org tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.10:80 e.dtscout.com tcp
US 141.101.120.10:80 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 104.20.2.69:443 s10.histats.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
CA 104.152.168.42:443 ilmuphotoshop.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
NL 95.101.21.33:80 crl.microsoft.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabF78A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarF8F4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acbb1ef43a0e30833c11c752c3985ae8
SHA1 bc430da9e7289f9ea68686f5d1bed1e813b16e1e
SHA256 d73f0c1f49449dd01198af493b957881fb9214b3fa63c299cf3a65beb4548de3
SHA512 96c3ec6933e9d78745e4ec0a1c18aad83951589f547f79eb3152df7e7b8ccdc7f83c5ae3c4e3a6bfbdc4dcb548db670e8b39a1fda4b743a69b13b3c71452e984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4a43db46122267dd5fb1336f5640bd1
SHA1 6434abfa245c32b97f757f02588d60aca0fd729c
SHA256 398f4030ed4c45820259561d5153a40d4e1b776239685131f1a9fd00d3426c41
SHA512 c175f9227ffa3d87086cf52436ffdab6481e7a33fea8f968c6e8786b6b7a97092fbfca8b0b85181f6e01e1269cfcdd2df53c11b2bb2b3f75715c9b15dffe808b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1db4cfdcfdf9daa31bd7369c5ce6bc64
SHA1 3eebee09a6d1deab13e122213d8d5df897332266
SHA256 6b72b49bded2134cff2d6e3f6ad9ee587db7671927958ce0f72bc9a089280c53
SHA512 775eab05bd13c5fc86ec71ec8c8cd1ae26f55900045c011dfce2a6dcacf2c677c67bf8a57dcc0d4bf64322357108c3c4e07fca439a24127cbb287798017ec51b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\BidVertiser[1].htm

MD5 6c60754af27389e2778b3584bf10f3a1
SHA1 196be0cdc74708ee01c01f86a648c16573e18fc6
SHA256 ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9
SHA512 36724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca423c5f282b7b5a61fac2298e644afd
SHA1 f8dc7a5bc1def3f45d138cd76a409ed6da743b85
SHA256 7c606b0f77e37ad7f5614d7c3ced3ed8eac21647f79b702e35da42de5498410b
SHA512 c59a0e7731632f1fd16b52c49ab99d0686b1a980f1e9ec0d6bb54aa68e2251f72cec39c5d930fa56da5389b24ea13a362a389a98d104fa7bccf672a47b78c9bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9f0f6c9bf7642253ed69b429067f21a0
SHA1 e43ebe14454eef68addfdae3b2cbd24dcd63f680
SHA256 011777d207a5ea9b9ae2465755dfdebf5b3ae6276f4ac4b8e2365502e1a5475e
SHA512 3916e166877c9c6d1050580ea29345128faf4717db4af643564fc760fdf869d61574d9c6a584739d4ee823a18c157e730f0d93cc7092644fb010a384839d1691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ec7f49d3c939b9ae63cd9df08cb089d
SHA1 a2641866aeacc4580c366ba26ac4bbb82cb28f6b
SHA256 ab976d5a8f836899dcb0877e28199ec6c28bbcb548f1e94302f33b9f9c38e938
SHA512 6b7087cd798b7af442139d56d74f70366f6111f2a6cf6e08256f8a22cf4ad6a097b25b784d9ccf7c6c14a0f73ff502d9e9b45dfc4e991643941523001c7cc4dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab7a13f70384eafbc572bdda4f07eb96
SHA1 5cfbe29fee633919302e275c768be00a087b0b96
SHA256 7dc14b1b5fa24867d00a1e92b5e60ab7660082677470f70e9b9bbde800c76d36
SHA512 7c19f672b1ad3c29ed859a58b3b0154bc403bae7e5d92ecc4b681e29299bfac99bf2e23cbf6d95ccdd3232b79535e896eda1ff0622a1de961f9325b6861a46cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbc410404a97069f0a0401c69eaf610c
SHA1 d0575909a88bb2eb8b7696cc22361eb3768d1261
SHA256 709a55d9080786fd881529db37631b9fed9b98790b2a604ba4a74c8f610b7912
SHA512 55cf8401ff07c5c48171a8f03cfc823de58d588518734f75fc88620aa347db863e1501d3b8e6d61b5140864bc14de112b6860116bf1b12d00a315198beed28e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86ff3fe21a66656b4ecacc4bc3043c46
SHA1 0d9cbda3639402e02a2e5da88a6cf1a45f0c6e36
SHA256 76e30f522b6c9ed12303d6b767167b13aa243f86166dc7d1338ad19388201584
SHA512 5124f47b7b07c4ad9aaa706dfb9397bcaeff2406f599162bf8450f4286420e29d47b70208ed8eb4bee0f2779b7438a861479ba231c8a3ff6f6e0a041d7336ad6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 965c9c717ea51da7fe89b3800900702e
SHA1 8e6b7ed78c3554d1d7f41f793966b3f0bfda5da9
SHA256 5024017ca900b6de83b7b6f711958c58653a277c59fe55628782ee8cc49098bd
SHA512 6ee096a61faa34a628de5c35c765ce405e521a97e118d53d7df71bfa842e2e0f3674143eec970dc67b97228f2ecf27164cea44ed13fbf1fac886d1234c13b4a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b474eabb786754b8619539ac1a824e3f
SHA1 5c5f1f025e232557717bd74241220a438d9bf09e
SHA256 c5796b19f168b51d68e41e38e0d0cf254fc0d5daa13abe42617b7627fa08aed8
SHA512 789780b9a9ca58bc5348e1aebb9420b949080398385991d70862e50d2f22cbed231e45c1a237f6ecb749a5e318d90728cc06acdbf4c3c8f68d3b68775276cdfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 161c8ad37c15325fc48dbc475e8aacf5
SHA1 0d4e4025aee0a85f4f7315c41293840e324405d0
SHA256 426605546e673576ad1036e0006fbbd13288f8152937020771d29da4b823ac0a
SHA512 299ed71f91805ae36f765dadc0d3c71748e40a8889f5d58ba60204992283467cd02e06a3ea286f37e23031eba2393a5db24c745d31dbd7ea940f30705a11416a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a483c30c0f177afaf70aec43de6424c2
SHA1 e30ae9a54e9bd52d942258dfeea2d61e27927013
SHA256 4b3393a701c51856245584272781ff040778ee48717a1df8315fffca775f83a8
SHA512 9efd49fb4be200a27e6e8e6f2bf063a7aa1758bedd2d9f529acc48e270f48d7714f69e5ebc6a6f2af00ef25419c03984f1ac04c9296a0a327c971088ec93b473

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c90524691709eede52d80701eee65100
SHA1 38c64fc939ca216a84173801b2b1d2cebc6c03f4
SHA256 635111912377e461bda7bae25beeba5f02e03749e495bc9e5d51bb2ab979fb1f
SHA512 6291050a1754beee3d23a3045974d4a47e57e11a1e2623fe8fb895c25c3c1bf1606d7ed5c423384d572ae10ef87e8749260d611eda57c2a118cab6665ab20cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edfe4e5e47dfcb35eb8ff1b2c78bf91e
SHA1 f471d88bb5002b8e7f2290846f0cd000e99b6248
SHA256 b1f16741f9bd34e0f74e30ba6edc626780e5ffdac8ec7e4b0295c6001857776c
SHA512 ebb49501d2cfd6747152e6e671cf55293d3ea07af4fb7319d0904079bdd5df63c689565e66b71f8c15bb53aff4f5055f582b56e3e3b908997439fb7206447017