Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-lmamcsfe2t
Target 2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118
SHA256 0e041a9a557c77b63fdcc9b7f2972b05783d74fd361c40a971caa425aa8b8b0e
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e041a9a557c77b63fdcc9b7f2972b05783d74fd361c40a971caa425aa8b8b0e

Threat Level: Known bad

The file 2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 09:38

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 09:38

Reported

2024-05-10 09:41

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4808 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4808 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa682d46f8,0x7ffa682d4708,0x7ffa682d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16512232111420732838,10781360898314013449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 ads.clicksor.com udp
GB 142.250.200.9:443 www.blogger.com udp
GB 216.58.212.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 farm1.staticflickr.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 farm9.staticflickr.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 18.245.160.68:80 farm9.staticflickr.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 18.245.160.68:80 farm9.staticflickr.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 18.245.160.68:80 farm9.staticflickr.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.67.115:80 s10.histats.com tcp
GB 18.245.160.68:443 farm9.staticflickr.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 18.245.160.68:443 farm9.staticflickr.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 18.245.160.68:443 farm9.staticflickr.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.160.245.18.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 115.67.20.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 s4.histats.com udp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 216.58.201.97:80 infoforextrading-advise.blogspot.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
GB 142.250.200.51:80 forex.webhostinpakistan.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.9:443 img2.blogblog.com udp
GB 142.250.178.4:443 www.google.com tcp
DE 141.101.120.11:445 e.dtscout.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 51.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.16.238:80 translate.google.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com udp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
US 8.8.8.8:53 webhostinpakistan.com udp
US 8.8.8.8:53 hit007.webhostinpakistan.com udp
GB 172.217.169.74:443 translate.googleapis.com tcp
US 8.8.8.8:53 www.alexa.com udp
US 8.8.8.8:53 ftsignals.blogspot.com udp
GB 142.250.200.51:80 hit007.webhostinpakistan.com tcp
US 8.8.8.8:53 ras55.com udp
GB 216.58.201.97:80 ftsignals.blogspot.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 8.8.8.8:53 www.histats.com udp
DE 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:80 e.dtscout.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 172.217.16.238:443 translate.google.com udp
CA 149.56.240.131:443 s4.histats.com tcp
GB 172.217.16.238:80 translate.google.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 dtsedge.com udp
US 172.67.157.200:443 dtsedge.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.157.67.172.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 172.217.169.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 top-sexy-girls-models.blogspot.mx udp
GB 216.58.201.97:80 top-sexy-girls-models.blogspot.mx tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 top-sexy-girls-models.blogspot.com udp
GB 216.58.201.97:80 top-sexy-girls-models.blogspot.com tcp
US 8.8.8.8:53 www.webhostinpakistan.com udp
US 209.159.148.130:80 www.webhostinpakistan.com tcp
US 8.8.8.8:53 130.148.159.209.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_4808_XEFTHYHGJIVMEUSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 553a37b57c32689ecc8e377842c1b03f
SHA1 27a6f509576f165b5d98c686fd3bb2766f83d6f2
SHA256 6bca1d6f64200e6451ead863fa8fc3c85f780799ed513f8aed2c42aad9c6f5a5
SHA512 bb8e5ff6df696c0b1ebcdd45cbae951a00f704e9d23a9599804c5b9022905bb0ad978bee3f699c94ea73f4251bbec014b065624fae8411c7b86d4d11e048ed81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 4eafdf705462cf28307e39d8bbf06b88
SHA1 6f76e61674af231dcb87d26f276ee931ed9bf818
SHA256 75741b81de4ec81dfd4cadd57af5c7d5ffdba0009baa480cf5d7f29384bb571d
SHA512 8aab07bbe6aa462b549ad314c4828a9465e37b9a1e4efa8f19cea49fb64770e25df7d67476dae2dc493b13c44eaa3e40a092357ff4c417f98f74ada61630095f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 3e53e00b0232c8e80264d871bc48e037
SHA1 d2d19bef488368a328156b18bcc6537703234327
SHA256 c563d9d869a9c258dfab25962680664a2bb757d2dcbfb9960328845bddf87583
SHA512 b2b66a3265cd76f1de6483bd505fd696cf66a5ab4632f6423a5ff6c00420ce4ce7100b5d0fe11ea663cd475aa217d3bcbefb72e546383caf4ab05368ac8a2cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 b566b7134ae6318c78de4d5baf1b865b
SHA1 7ad5b5c9c24b388c0c4bbd98deddde132c9d3740
SHA256 08530fb352d2d2a2ae6c253ac21506b5fc6aa7866d817603575d3282af7440f0
SHA512 853de4811e11243489054378f942be355e53e3380e7ac5c623688f053fdd31ae435823542b6f7ad9e94afefa3fee6a59df6ffc267f39680089d89940cff7fd02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 469a50ab9ff0c771d64cd47e8316769d
SHA1 a84b0d2d448afb77b9df9f0668868c96465de799
SHA256 ec4dae71899e7b87c09757f03c8b0b5dcc0631f62fe43cd7fa7bb8ed491d6d47
SHA512 c6c167b6233192103ec26119f916c29da0cf04305c4df8b83de622ab5e227ea3e8d8de72e41c3ea622d764b97ed1826b7258ba1d4329734b3ecdb4771e65c6e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8bce4b447baad110c3d64084693ecb0
SHA1 c73fca1cbc493f5b317e2bbd36ef0a74e07a7b64
SHA256 b4006da2555196027b2400b2b4f86353b644b567d21bb915724fe8ce2d8eb07a
SHA512 df435d510c0f7397a4677edd8d42a688fede421f2c09d50216bfa062ea3f50a19c7334367232d119142cbe2def80ef2975e33163d814550e5417a91a01748e75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af9213f43b121293cb1fb4886e304c17
SHA1 f76fc229ee7738cf2a621f46b2a1f31d613923bc
SHA256 0931a73d6297b7978ab7116801bca4be5cca7970f224398caae82c47e05108ac
SHA512 892cd31542c7d9d2182a7e643039c39769a0e68990268084c18fd25583425b196468dfa60449518d6da4f4672c84a32eacb89f932e4cd5c7cd21bf90d985055b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 92589b2b59236628f415a957f04a2568
SHA1 ca4fadedd77a151a6ef463a45f4f94a03a513532
SHA256 6a9699e7a134cb5a4d601ebedee15a7086d3317e9408b011561777a56c6b0efa
SHA512 d0890beb03a4c07dfdd2afb3507820862cef6795a0237164a1faa090fc2b40e8634c93569ecfe2ee0fd1629456c965d2b5dc4d5c5bf9060f3eaec84520911bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8ed323166dbe24134af6e100915d0ac5
SHA1 b1f70e0cee420f937cfea3fbfd28fae2c23ad58d
SHA256 dd424e8316fbecc8d64804b14e40f6f440f85139af9af84a1d447332ee5ccd26
SHA512 bd5bd45f5b07ae9826c6e82f691d4e5d7fee528142ff2faa8327bd203c142fbc39b9e6b5fc3a759fdc9a328f92edd24269d6dae78120871524943fb45da570ff

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 09:38

Reported

2024-05-10 09:41

Platform

win7-20240221-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000c1e485b20651916a7a1467a9f6699398be78f833fb91e70d7bcc4796db86cb9c000000000e8000000002000020000000ca165a08a05a7818dc4968ae70744fc453ed21c09a38dea8cf5f1500c2a7944d900000004faec49b3f29d72a8c245a22336ac47ddff38a182ef401c500a19cae8f916b8214b0f070eb0dd5bd673ad9a0c3cc81bb489b63daf96858007929de045f92c3154e95ed7dbb22fa2e4244bbea6acccd0e77eeaeae81d71392f1251be381cfc187ec16cf87d810baeb6d3367eb7338cb4a03fdec9474dbdeb71532a1c88a5ba1f1fa0dcf5c285a1bafd346535c67ee465b40000000b93cc23abf016abae1913ac93a724f5325154641889c8ae249bcddf0ecbb3cd46428eb6393785e0fb7bef10e2adbdb5cd9976c68c1dd039369cfb61eb509250b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\forex.webhostinpakistan.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\fashion.webhostinpakistan.com\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8037e8f0bda2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\forex.webhostinpakistan.com\ = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421495779" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "300" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\forex.webhostinpakistan.com\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\NumberOfSubdomains = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\fashion.webhostinpakistan.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\fashion.webhostinpakistan.com\ = "163" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "328" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "301" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "300" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\fashion.webhostinpakistan.com\ = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "301" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "328" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\webhostinpakistan.com\Total = "327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\fashion.webhostinpakistan.com\ = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10169B61-0EB1-11EF-972F-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b51bfa55a708fe39fad2ce7af6224e5850ec94b1ac5b98446383129daa119586000000000e8000000002000020000000c9408e6dc0c1b1a8de131cb44305170cacb64b9958d46a11166c7643ea585dc7200000002e88b992976377d4a325c60e67cced98f4c2eecf748ec3d84db48469c1f61e76400000000d135f9a59531a7ed2328898001628604e03dd3b90becdbaebe51276f15d6f808a37eaa031a9b5830342d33e40bbb3b62b3afb085e5676bcb979a86b37b738df C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e7fc28b12cc3eb7b8370341300b6d75_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
US 8.8.8.8:53 farm9.staticflickr.com udp
US 8.8.8.8:53 farm1.staticflickr.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 18.245.160.68:80 farm1.staticflickr.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 18.245.160.68:443 farm1.staticflickr.com tcp
GB 18.245.160.68:443 farm1.staticflickr.com tcp
GB 18.245.160.68:443 farm1.staticflickr.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 s10.histats.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 104.20.66.115:80 s10.histats.com tcp
US 104.20.66.115:80 s10.histats.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 s4.histats.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
FR 157.240.202.35:80 www.facebook.com tcp
FR 157.240.202.35:80 www.facebook.com tcp
GB 216.58.201.97:80 infoforextrading-advise.blogspot.com tcp
GB 216.58.201.97:80 infoforextrading-advise.blogspot.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
GB 142.250.200.51:80 forex.webhostinpakistan.com tcp
GB 142.250.200.51:80 forex.webhostinpakistan.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 172.217.16.238:80 translate.google.com tcp
GB 172.217.16.238:80 translate.google.com tcp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 172.217.169.74:443 translate.googleapis.com tcp
GB 172.217.169.74:443 translate.googleapis.com tcp
US 8.8.8.8:53 ftsignals.blogspot.com udp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
US 8.8.8.8:53 ras55.com udp
GB 216.58.201.97:80 ftsignals.blogspot.com tcp
GB 216.58.201.97:80 ftsignals.blogspot.com tcp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.10:80 e.dtscout.com tcp
DE 141.101.120.10:80 e.dtscout.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.11:443 t.dtscout.com tcp
DE 141.101.120.11:443 t.dtscout.com tcp
GB 142.250.200.51:80 fashion.webhostinpakistan.com tcp
GB 142.250.200.51:80 fashion.webhostinpakistan.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.51:80 fashion.webhostinpakistan.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a6ca150f8384fe0cbfbb925e978d5384
SHA1 b0fc897307adab09d7a5ae28c2bb8731152d740c
SHA256 3a12fab0a4528a254905e7e3569996b3e746b8a9e51027559e1206ae5d38edc5
SHA512 67068b3a0972472155c08d8aeed1da0f812ceae4f71ded6f96a78fa2349716530188d217614a34204a0e0d5070a50b0b7e1e289921d39e012b4b924418d6b56e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fca8af0dc8436b9952fdf961f8c7f401
SHA1 ac194f887a84a4538985ece94daf59cea48fe65b
SHA256 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9
SHA512 ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 515cb3de8e645fae4605a24f8f997df4
SHA1 7c0ee011e03c69f0ab56378e6cdc2f0b1e42a898
SHA256 dceb694f6967a0da74c952fe248baa09f269af83e6ae4f720aa401aa5c21bdf4
SHA512 ff15018551f1a96486edf99ea57df49bfb61a8c55869e790997f2f9d6ea4749b7aaee587462e21cf260865847825e92cc6d93348414101a0e1f9ea9e1dd5a951

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cf9bfc102c5932e681531dc48d56d731
SHA1 8a587d9996f6733d3a4733a961c5e9c69575038e
SHA256 d4d73765491e301e469c99f1c100cf01535f39c9005511469845512d331ba3c7
SHA512 b38b09998c185d9c53d75f3b52237485dcfbcafd7ab3dc3a1fa7dd4724c69db460843f949cc143d66583536fca67c82d57d7b38801b713d2ac47889a4d301533

C:\Users\Admin\AppData\Local\Temp\Cab15A4.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 50ce9077e48aa5d708c43b79fc9340e4
SHA1 26bb5aa3a218129252381a0d2589aeb93fee24bf
SHA256 8129d2af4c11d992b7837059c4f57f48c9609a2f60c0c9f090922cb5a982ea17
SHA512 601bde924144a20087362738579945f4c80c098a04ef4caacf0ed2c9e57aed50527edda8f45b32cf9d7b925772526abdbe8e380c7d0ede71dfc2a4815a6f845e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1353f55414adda69638af52a2b2a6f64
SHA1 7d32966c0f6bded0a4f64ef92e4469b4144e2d39
SHA256 28e005e075eaa4d2e1a57f16e928ab92707cd33437132d85c0dc9212d7b4738d
SHA512 a515641377cadfd4ad9ad8007124237b5c1b9246424f8a716dec3df9d0f2b8bfadfadef79e9220bdd694763f8d1c0b110dcc72ad1c7f40dcf11a5017e514f4cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6dd6fa735f158a09197024d31542cd87
SHA1 9a5780192e1d70466515a332cef6a5beb71047e6
SHA256 18beb46f2823b4f50905e78cdcf5a9ccf42542999da3216917da6305fd6dc708
SHA512 391eba0b5ca1ecafe7e384ae76d5e78bb5c4a2de1baf36f38cc04525c8f9bdcb2a9a8e4b340596204ca58d38b39976b18be5267d2ace20b140dae7d80ac8ba9e

C:\Users\Admin\AppData\Local\Temp\Tar15D7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 872980544d261a57ef55e217df58b27d
SHA1 c18c8d0e4591be29dd09fca6d42b1d09d6471398
SHA256 87cdedeb34d9e737d7dc4a5a1eba97cb03b76ef96dae4b735901cb7055aa641c
SHA512 646d624937ebb5f08e57e964aa9f2ab671497adcd963abdeabb090571663eb8093f2a7a8c6d529db0df6ad587c219ca5f022057c16cc23cd5eb97c7a0ebaff64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C66311BFC31F329FE5E6FBB46563B719

MD5 08b42de8e5fe706ca8f5159cf7f38b76
SHA1 33c2bbdbf57a54ebcc6a17da1419d661c46899f1
SHA256 c18980e956391123486c0cb4398901884bb4d3258b9b9b6b3f14c2c224bbd65c
SHA512 1f7e9fa94c503036b895a2ab9029af9c798c89826ea2e5d3e12c4a8c01c1c773c1237dcf6515249224a13fd71581e2ebbf69381f121e8b7dcfbbb61a7618d772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 804899dbbe183cdf2958b736dc54f3fd
SHA1 8c34c600b4f6acf89a2755ab5be94d5ca1126fb7
SHA256 609a06dcef84a2f53cde8b039336d8dd61784efe8945da4f00c423af7338590d
SHA512 0de1c9a29a5e3bdeb88b545bfdad0235de553e2ef2e0221fc5c9ae96cf3cc6a8da5dda4cdca5ff359e339cf125f1faac63a6494026b08aec4939e1c930ff62bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 172831834ea62b24f27ae09586544041
SHA1 1bb2f6eb9c319fe96051c9a7db6cc4b882912471
SHA256 c88fedc9c4ce58c474cbda40048f9c60ea139d81438401ca3f9f38de59e57319
SHA512 ab2e156cf49e575074aabec3dc76df497408755944acb34ea9a67f85eb75bfd1fc4eb898b445cab38d6cfb799288668ca6ca9338422de9d774264dffcda4de44

C:\Users\Admin\AppData\Local\Temp\Tar169C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab1687.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d94f462816fec60657b7a9057d0a2bcf
SHA1 69d0b7635e8025aae6e8deec2c706a09de81487d
SHA256 febd8f978fb8417ee41e8523bfe5fd261755c1dd650e6b1bd1ec54649cd7b7a2
SHA512 01708db8cbe19f262cbab6107fa4bc278c798f47e3ba837359547a6ce47d24741ebf59350f95637fff44467b489045fa3b9b46dd4ea3b5b71a0916b64fa68355

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 151a6f7fdcd317a12aaebdf5b3fb7bfc
SHA1 a22c4fb8d4e5bb5f688cf7b9539c88d22f6613cb
SHA256 4a69f8851c6d8d2fca0b452d4d3d7bfd5b2239391fbbf54e6f2ee3c3d6362dae
SHA512 8669b8ae2b7461f9afb00644276bd347e1c3ba647f0c70bbfcd3698b71410b234c242d424e66bf6a0ee46c0ca23323b434e6da9cec0de236f689c0bee7962238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 8b62af6d65f50d34785f80330f37295c
SHA1 2a756d1b20c0702deaf5deed0e01be0084b28f62
SHA256 3fdd6b4b24cbad8245a2ef4b2a68ac06c8f164c9aaf4ba857baee505cd31636c
SHA512 bcd3c3631c58f9d5b2438cf243e649b54f326ff26e61a7b4b8d2ce52bd5abd7946ffa88a8ed4e472af3763e59656e3937941797060189e60d99e64ffee8023fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34453af57361202da3e51efcb361d849
SHA1 c1d4f0126fddc01805c64b01316006991acb630c
SHA256 765253ce408ebe181c595521fa9f70cdcb448affde7a00d18f0e44211138c8a1
SHA512 08ca2a28e1e98687ffd7c6b2392901d28183093d1661b5b476e78d37add6bfba3b1b49a08cebde1c4368c5f471207f29a6c43c7067c90e12bcf6d7f34401c159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcb893fd2ba304ac73fc6978cc746cfd
SHA1 518a1e4d95ffc188ddfbdf14913ae249e2d43c20
SHA256 809c4901d9c88987b37514a950ff83a05a4bfc0eb272f1526a05a1d7aca7aa2e
SHA512 6c33a1d71d1fcc988aff31fc06ed7a3183fd863ff38aed3f09c80dc4bc36b86249811d47dc7def4e60469aff852fec4dd19e2e9823d86a6a0fd8766eaedc4302

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38348ab3a4ac641bf49b4700001ada4b
SHA1 6cefe1ff3f1fea11c4e7bec92032ba261438c6ba
SHA256 4159647f37029da82253b94879911307f550ac6c3f2f5c9b5118ead13d627ada
SHA512 ca45fefd1b6ff4f274eefad96bec2a6840c99d2911a15268a9977ff98d226eeb4d498e159589ba95dd82c1064ab57cfd82c5f1dfb77146acb326f9aec71d4740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a73b2231fb747ed5294dc1ed260111f
SHA1 d1288c4bb1d86681c358760f1ae6c649bb1a25d6
SHA256 35f1c6ec12bf6fe98d6de9b82fc5a2f8ccb6e50cf254c149418d0780f52a6c38
SHA512 83172a6c006a0d1ddad52d38e081c16661afba14d7a1b86c777fe685d63b2b9ee5ff4e5a25b38b16a82564f95c4735e2b0538010da53e17015c0fbf3efdc55f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\platform[1].js

MD5 e66acfdb2f1dfcff8c6dba736dd4ab6d
SHA1 36026360b6c8d750488ef2c739e04969f8c5bcd7
SHA256 742841b3cf614dd55ce486a7335018bd1992c4d05ef74b45a0781318075a99f3
SHA512 113b6e50ded2703cb7a484a66250a38d74833ab9a994dc54042abc95500fe7405f9e5f384186c15bf392c613420a19108482d279776f6e2fd00245b8bd892fbc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\f[1].txt

MD5 63c556d7d2f78f06be5f3ecd2494b9eb
SHA1 bfc0b229ea35606689e78dda1f74d234b6b38119
SHA256 a4ffb2360f77d3de9fcb8502f6e26661f50c9aea772be9d77bc31d546fd2ab0c
SHA512 e40a0028937e8f04cfd2e0adeafd45b9a346c08ecee04647733a0a903b05084a065ca5c38bb737722a994c34e5fbf61897cf1dc43fdab878a6d5256dd235795a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\0[2].htm

MD5 f0d619a129d6705b1bc53fde3df570b5
SHA1 0a36e53f089544251ac6972bad69193a4879c7df
SHA256 f6044debf31c63eef9e7d0d2b8f219b763af9c0f35d1d00f876590ee341d5c72
SHA512 d571e0cf2dc8d064f32cbfbdf191ec4fc205c531df0569635c61701786235af0c2dca58fb80949ad4d77830aaa3009c8f1de38c8706a94d714e660717bb5e0b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\authorization[1].css

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QUDPN79P\forex.webhostinpakistan[1].xml

MD5 9aeab5849b528f4ecafb46bfd8eed8a7
SHA1 1e930985395e00c2f0f558afda124ba38f8baabe
SHA256 4bed3b0645539e096babcb1d820e98caf2287b34896dc01852810fbf16932f16
SHA512 b3dde777af59614f5e1eb932e8a57656d6b24b65699eee58df1318db6c023718e3b360f470fc92222794f5f849398e9d9ee2cddb93e7d84f522a3a86f436f647

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QUDPN79P\forex.webhostinpakistan[1].xml

MD5 87653cf468d49f2ef2205ac7b2420d98
SHA1 1502885d53cd1fb4c9d2c5ac2b89f4c998d7d8c7
SHA256 96dda435866d85259364c5fd2ae700651bcc67d1127f69ab26784620dd478da1
SHA512 f7a27931fcec8c2eff04f33bc22e7c11246b539afbe7f5bb3a88f08e05ed38d1a83fc351eff0d4208212a7dbb2ac943fbd7381ab0db4f2c47826abbc55c8e773

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\4290687098-widgets[1].js

MD5 30490c5bf1c9a62c3f7aaf45de530b69
SHA1 89fdf91f40944a3babf7d9f485cbfbcc32454d50
SHA256 b7c68fe77654ca4d42928e0a0ea49c642de2887b1ef65e5123105f5359390d49
SHA512 ade075fce5921fc27c36b1c21efd5bbb8a1d08699329621015a18a75b69ab25f5bd3d3014cbe853109c304bdf5d5421b30ac3a3e8b4b0119f9509feda4c97229

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\cookienotice[2].js

MD5 a705132a2174f88e196ec3610d68faa8
SHA1 3bad57a48d973a678fec600d45933010f6edc659
SHA256 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
SHA512 e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\css[2].css

MD5 4169d4a8701b5c253cfb2178415997f1
SHA1 24cf6f697756068ab04519c74ca82ce0abb5f9a8
SHA256 e2ee45552145cf81c35e596d9b6cb6cf60d768675a1e4521ad265d41b9cc7cf5
SHA512 03c1aa85db284040fecfc9f40f5e04342b7d203e3a87d7c4f1c904d5a6e27bc095ab86c0d2ca286afdffd78294727d810f4763fe06e2e701342a61208c0044a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\css[1].css

MD5 a8aa26addf3c87d9f58374f6ea73308c
SHA1 32e6214b33a369b8d766e6cac55f757e0f7776f9
SHA256 5f76b4459b4391e5a30677a87065c7775d9b085b6b3652e1146b03f1b6b8c306
SHA512 c358b2cb834a9f417357168683463a1ddbac13555cbffb4bb0255761c6e12632ac4ad95bccca24be20bbda2cc21593629d57ddde7cecd01b98c18511c31558df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\element[1].js

MD5 de394c8048c3588b09e668ecb384b861
SHA1 a4e04dfbabc01a2f8b7ac791ff16fb6271850191
SHA256 d345be780d234ffe86f66335664b385fec5ddf54bd7d2724d9302856831adfc0
SHA512 596cd909eb0c41f4b9b7d560d00f7a28775154b0b86a5b31c431841bbb116cfeb245c80b25f9d7692e198148020dfd3aef107d3bc913adc63a4d8dca161c570a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\m=el_main[1].js

MD5 bf47475b5b52d458f577a3413e6643a5
SHA1 97bc58b845b8be59fb4914a52f22ab23e83e60f1
SHA256 3a4153a0531933048ae28d84e5426a3d725e89b6d41e6206c03cc5965280d8a4
SHA512 6d3a6fd6c7470eeb67bc3df3f5acfc1d5e962d49fc065380cdb8ff18000ad276d3930efeb97ee0da72d3eae00f30f51c72db0224dd648d16e21c22a3bead0891

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\0[3].htm

MD5 a2de02277ad974f97d31cea244dfef23
SHA1 824a15dcd6852d2866ab8fde9ea1d8eedc930d77
SHA256 ab2b1e61dcee4369ab26bf0ba799fe6ca670f658a73f746e2f0a03e5f72d22d0
SHA512 ddcc49b016e4a258b96745e93419ba09513a03b4863db0ef1000a7a76572445c241d1a4485113baf202a4ded123627e9ae3e963ef10f4fbee4c5972a85ac345f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYHJZBYI\fashion.webhostinpakistan[1].xml

MD5 a701487c04acf00bf255fea704ed55e3
SHA1 8aa1abb22b9d739c41b2b18a6e1827dfdfdcb2ff
SHA256 d57ea71b17a8d49cce06ec4a229c440519e6e91faad9ea943ab8ec6dfb03d17c
SHA512 8d250bb8c46dfcea9135d2f7f14448aa9d2b3cfcf9be536538aac3e5de02f5fa985acada6cedfd3eb6437b3516ec1108634dcb363b695a3a702d9575ec727069

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\e[1].js

MD5 20c4317df06918eb01577871257848eb
SHA1 4bab2a2fe08919be4bb1f231f56f3a9158792b24
SHA256 a9578b7b9a921eb03bdca64107746a4c4511797f86c3fa5a06f5c765fda9aee5
SHA512 1e761b9881f225ac067b0087a49a82b8245825c513cd18463e62bc964e5f53b51c4d7ebe210d83ea8ef7dc19722dc76d0154fed3f6df255d5b5408be1ccca5bb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYHJZBYI\fashion.webhostinpakistan[1].xml

MD5 250efb19946ae3bfd648346f0c0b30e6
SHA1 a30927c4e4477c804b19627d380746281ef25feb
SHA256 923fa045b22aaca0698b1db70de62d358a131c78504e030e7920266a74817cf4
SHA512 eb2530a51b7f2bdaf1f9051dea60612b81b7777a39b588ae611b526ef12c57d4e4dc1e431d32f3f6db66c446c5cfbcdaecec7a48ac7e4d18cf0ebc51398b018f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYHJZBYI\fashion.webhostinpakistan[1].xml

MD5 2a8c151685817346b80ce535ec552358
SHA1 d9e891b9266eb388c561db70d9b58e431e27d595
SHA256 33e8ec86141c5f7fd036249258cae96b3facc5cabeff39a1127e42f5a7c962aa
SHA512 390b49440974c4e8dc8782e5ca24ea2c4533115a8eb74bd337a28a54c384bba635aed392a4a7b4a793b2f192b5d9f97bec8b9078453655088a1658a48805df5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYHJZBYI\fashion.webhostinpakistan[1].xml

MD5 9bc506fe33738e4916a6dbef9c285868
SHA1 d4f4b9160f3c9e2375aea3ce7d061d75dcd9b642
SHA256 aab3483226ff128c4eed9bf97e7d66fbd37f2c0b1d71a5811b833ae744cda276
SHA512 932eb4994620be6d9bb6995c015c899986fa358929d6eb8404a570a1b28a12ed2f6e5ad8a94b3e49ffcfdf42c3a494861b30988e12618028f1aa783602dddff5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QUDPN79P\forex.webhostinpakistan[1].xml

MD5 edb8f7dd64a2c4a403cbfc88a69d3747
SHA1 cf2ea381a0669f98f78c3350865595d7a0193ff3
SHA256 ca24884ba610adad90c6d7551eee07e54dc233527392c0b692af56e34cc59cac
SHA512 b0774ec83bb0bd3885b914bf3bbb3bc653612560d06705f86c17853f2ae2c009223e2f8939cc591c794fdd55d62b044c114158d040850a395f7493a4578dd375

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BYHJZBYI\fashion.webhostinpakistan[1].xml

MD5 86182ed34cf274148ee36eb6cc9b13f6
SHA1 78a7b9d738f47c7791211c66e322c045601b804d
SHA256 3cfcbcbbb21fcb77489ef169378cd411b044dfd82d263a4fef7430573f960fcc
SHA512 181121d6526661bfc84ffb704debd33d5eb1c2242afddfea3c0eeb8ad0e1d5aa57bbd8c09be77348cf84fa574651b44152b02df1b0e102daa5b2a0977238f39e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ac9b230946134a164a8641e8c980be2
SHA1 5c997d863551498e07ca6b9dde00dd5729c19fb6
SHA256 0bd306efe54fb6ce1262e6312d335a987246df65e33496bfed0ecca9a196433a
SHA512 5dc73b8e757aeb1e44fca8650ab1f737e4f90513f6d6e19cad826da8d0277ce8b00f0550834b1704a8bc1da70f8211989d689edcc79ec7c18dd2a8d25f8e3079

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5644426e8653efba52e69df4e032d258
SHA1 a95bdf4632ca279df5c76701350de0642c431857
SHA256 4a895d9959bb83240608905b64b0fdd036744b38505850dbe78e0fd103e10d2d
SHA512 4a5c9b2fbb0554e1835841fb0538034df5bf9b3acd80923a1ff00bb6f7e14cbb0b393307d78ddaab6d0f7f31c971078a604c118a77f191c83c8a2f19a5a0e32c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0ff7151ebfb82b63b86a3146f0f16cb
SHA1 bd1e8bdce6b5c7a8a9989093f8c80cec63479205
SHA256 9620f60b599a78e060af89028498ea420e991c4adfd80977200987022610440d
SHA512 fa4505cd31659261d1036aa6987b8dfbf55ec3b7f236f707e663fa9d293427450cc5eeb23451502a7a3036c3b426a5fa86f13ef2786afa6b5c5a63eb13727bf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba631c9fa13340b1a3b937f75006679d
SHA1 8f6de83d41579320f9a4b7ef87a4d30ce16efd80
SHA256 83af596bbfbbf57a5f8ac3e5d13e146b10e86b8ce93364bec2f690dfdbaef898
SHA512 2cbf96a42e8c0b3650da03fa90b7f6db64045cd57c0d5e8f2acfa0c6e8ecead7fc1ee148c73a3a4ab933270c58c33ba48fd85cfb5302ace35bfe61edeb0035c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c6e752ee31df78fc0500666e4bf572f
SHA1 60dae37f8ef54a4689239d707614ae53bbde9ff2
SHA256 5b838ba56341ff230abb4b9e4b4562cea1afe70d35220ab4fadd7a856ff28f89
SHA512 78b96ff6e05790ff8455d4d9e3ae9e7592310d900cc0022bcca05cd54e84cbf3f433acef056c1e0a8e35a23e3d0378239e979bf5614fa18f99cfe2b235f4a61e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 357c66fb5a7ba5cb3f7e9de4750cd751
SHA1 e5b89f0c4e2b39c05de9958ba72bc6109210b8df
SHA256 aab93653552f119c6ed3d5aed7264a9b3555c95c01dd5b561423d083091a89ce
SHA512 04a1083189b2cb0083b57d05aee2dae9beb47093b7464db202b77f463184a6695d68218251efc678b059432cd3836545f2309ac9c57332d99c1242e9d85325fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca140e08cc70047e294408db93551046
SHA1 37a5b6f746c34f36c57e669c88dcb6c6a87359b3
SHA256 db29bc2dd628c87533b8622fcded86dde527cf5dca36143f103b65f54a2dabde
SHA512 ad520a1097b862ed0f7a27bbd0003c90000830fc48d9d67973532599012e42ec0a3479b2f41f3476806799281a559df6f5c5a81976c989b9fbfbce4eadc2b8d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e1215a38d66c21619659076fa827597
SHA1 5af85b1919396443d085be80fe6043b1fb05ba15
SHA256 3fba594e4bd74c029263ad8a6d68a01ba79790f82070bfc5294a9106d2c777ea
SHA512 95444d46dc1c384adf47b1476e0f6ba82d1c4b524cd0bade4b45fa751c4d5e57d567ff6da6750c7115b82e8df87d816a3f445db2b7316d67dc31f45c40bde2d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 029696574936ff01a3dedda554d81bbf
SHA1 7d40385d40b0a047fbf072b6ead032c4e1396cc0
SHA256 62d14d9b235868bbcda67f50f9cebe437abc514c86efcf2b412a272a784fd418
SHA512 3817cb8540ab5d054d088d9d3e4d119b656709fc941ba1f9acac48ebd12bd368803f35d59311a77dc30409db1fbd7dfdaad9edc69a583fcc5d66ed3794586e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f617304460dd98aa60c55ac6258baccb
SHA1 4c65c4ad8b7da6d5e939faaf1e7537668415a596
SHA256 24acd00c62a934927a6d4198e7b4885f55d04622e5ce4b0cb3f6f8a9232244b0
SHA512 6c24ad1254ca28c455807147d5db0371a6632a2a6b6272bdecb5841cf1f900906cececfb7b2d86b2f787821cba94aa5d1eb17ec6b98a78761ff192cf0f27afd1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\e[1].htm

MD5 0daee3d3ef7b72d6a4825052aa8bd18b
SHA1 76d6c314c9724511dc134197822be9742d16a4a4
SHA256 980cd7020a15fb1e07f08199178f4ceeab2384b11ae6631a3d771d75d7f55933
SHA512 4b785602786d80b9fc703d4104c21c0fecc922a315668c4ad145cf85d57f4eee6a0b94c6cfc60dfdfe18abaa597b5f27b07346cebb96cee079964bb808369f10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1caf1e760f1fc1fdde56be1e426a0d
SHA1 d2322038fc125240d60b90c5cff7c9ef59db9a57
SHA256 b63343d1cbdd74c76cc67e4e03d3a5bbf09992bc639343bc6c77f56c091473fb
SHA512 71cb11feda992036e17964caf9be2512965c93f6adab5d93855bf0e562c8508b0cd546f3024cc10abc1d213cba4885e3dfb5d5758d9c5461eab1f56a28f5a972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b49219d8fa7e82703b82fc4590f600d9
SHA1 cd9d05b7a8ac7af7a8528010f2ab2c8daf333dbd
SHA256 09a0bfb6ce4d1217ac0bfeb4722c8fa52f3671175afb10de945c30bbf7e65c37
SHA512 f0321250cae6a7e3f3348a5a7eb92662f19687ae2fd6096307c7d16d98ca15393385809d94f72a81f03da4a754c4fc3778bf46396ea0b7ae3335fcdc773581c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7e2804a607c962e729d9f8b63141291a
SHA1 faa2ab48d646240bc34c07aa4482e94fabf5a998
SHA256 0be6595fe87e819f53e0fb2faefbf02b1486b5b1b30e0e5cff1ee2c390320951
SHA512 9f43c76efc655ede193b847d8083eb949771e2789ef3110022c88b761447bcbeaf4a68a3b50bb832a8483ef7e63dfef44834c21b3ab1e79da4ae5caade1bc2b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8985f14cd8d10da2de081df3f31c36ca
SHA1 88e7557bad634c42309dcf945710024f0e0b4f23
SHA256 a08cb88763c9893addaec86980e48ed722abbb1935d879f93dfd1697e46e4d2a
SHA512 69825f4a970b188f2312e7ccd3ae8cbcb694a726d99797be8ab64fffd255c7699a50d70193c12b08c905cea255fe32ea96fe8636a1e408c4028d60029eb3e0f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cc014d9846bee3e1c60350c6ab04c50
SHA1 d975635ff6079fd41cf0d48b41f5c5045e70a6df
SHA256 66dc04f62d7d82aef66228b096bd272c459bd66c9f70ba10725ac62ea93184fe
SHA512 24b1fb12bb9ccced394923271ee313485297e992ce47b0d1a98559685f238ac956606913952794963a63cd6347c4135d8cb8c7070abc259dd49d882841b751a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2196bea818ce76d97944c047557b8f26
SHA1 bf18328f7491d1ba6b6169b0c01cd2fd0e7b578f
SHA256 6bbdee036afe2e3a0fab27c88638108750c71f95980eaa5c9a418f432d68d932
SHA512 f66cbfb120512b61b6b30b0478a5e350fc362755994b4b6b3c21364901aa0b4f0811fbd95cb79cfbe7730c0e770adcadd7126a2f9a03f86a825728995a4e9058

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1fb4f9934f993549c8bb2a3fef3704b
SHA1 50b11e18a06d0a2264358f5dcf2cd81134024d72
SHA256 8c7b93417033d4136913cbeb8e4e685eb905e7925bc97959968b22aee414ca72
SHA512 dc3f46dbc70fcb74833f8c1b60d017440383dbf1f56eaef5e94b4519528afafa22139fa4c359a532c6cb1f615a0344dcab5846da1b1339318194544125ea0aad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 242412c7e80eb4066ac6530ffe0bc14d
SHA1 b577c405eb9f68e1ae4d0d7c21263933b34c5fe7
SHA256 b594e8ae72c8c1e58918517fa2e5753c6214cd232c9e18baa16be26f3d368c27
SHA512 2548f3baebc4f94fb8dec7d8f393c8d4524446b93c2f64d93d22ddfd6385b953bc39a3a71ff60e3ad555532a13145c130ff2014b90e86cb2848d5ea66bcc5ae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1097ba69109c85497f171be7f8c64b87
SHA1 ffb85381099fdc7a7916e07965605af28f550270
SHA256 b1d3452de0d4e3400b6dce774444df07fc9fd9c3832e187e57ad8c30954dcb21
SHA512 9e4b03c678f4c70e4341f470217f1809136fcf15494ba1ab0a22c01e6f9483fc454f70a1cc60daf84808c205dab7860f98700847a5599e9fa616c3b2a594b703

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 430923897540830df57fa6423f41927b
SHA1 f569164d5f536166ac07e49204a777c7fb43af22
SHA256 1f5954fde43094b6a581896a4cb2893f32a70a87a1f366b9ca49bad0ecd6c86e
SHA512 e69bada36d42b5db09894dd58468fc95bbebffdb09322e4add1777cc762e2652bde249aa77306d08d891d7110cda18eead735934d7702203548ad854365e002d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f54b1935c78d3a72473913faf313acd
SHA1 d0b9f7df9e65ae44a944995bc791f91a7f4ea6de
SHA256 36fa2d8455571810c6b1bbaed491d6adb05a63df4150ca9d85f7987248eaa7c2
SHA512 4df0f56e56ee6fb79d18fddc56f77db23511af0bdc45c773a9ffa7509e17e803a0432dc28f6b25f0ddbd6bd144ba891f1c9762d03f7279d852a72861da358f76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 651470dabcdbecb2c51cec16d85f9db7
SHA1 86073438349f0da119fc622156b352fe55bac420
SHA256 79c2e66dd546db7a0893eb2843f63dcb75e663fb90cf99d9b71ad30ee54674c0
SHA512 d07532aba24b76301d513e93e355d0b4a09c76eb034116ed2bbb63e6601f6447f3ded5bc410fbb61da0f94e655b7c241a709f88dec53b85c4c1ab326e532b46e