Malware Analysis Report

2024-10-23 17:25

Sample ID 240510-palqmsgg36
Target 2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118
SHA256 d87f5b0d4c1f6406f85c9782bb7eff65a37734790cc96aafeadf9c4cb98f8ad8
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d87f5b0d4c1f6406f85c9782bb7eff65a37734790cc96aafeadf9c4cb98f8ad8

Threat Level: Known bad

The file 2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 12:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 12:07

Reported

2024-05-10 12:10

Platform

win7-20231129-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421504725" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b936739d1db0f4c80572ade8873445c0000000002000000000010660000000100002000000091093d1f56086ada876026f2a6318087364d0a608720a60e37e4a9b378aa5c1d000000000e800000000200002000000029764858b52a6b339c48aed0cd951d8d9ebf396b67ab3a574c34293bd9309f5720000000077e05934b82bf43b23d96b69a8ef3a656778d82995a904bea46edf16b27a8f840000000b8e70185f516e24538e2857e4c148666cd362060279c05f1e12574a326a06082f93ea94b65a301ab1088fc342609b5cd435691a937671c1a8489e4de50119172 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80363bbcd2a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E45B0FF1-0EC5-11EF-932B-4E2C21FEB07B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003b936739d1db0f4c80572ade8873445c00000000020000000000106600000001000020000000d315206bb4074421c27813d675f1dd38c737a6b9335abdbc8661cd50dbb41f81000000000e80000000020000200000003792e7d9fedb21980591249a79b5396fd1b617e9d254e34aa954377d751cdb009000000008490eb7adca84b506afb65d291fcba7ebfa2696d44141b44ad641e4b97cde40cea583e17939cee4db12eb9baa2adc55d46911d1067330ef0e1f96cc9e5acbf3737ee374da52296000770219082ea14cc57016083de212deec8903c2a78f7349d113be353222e6315d3218f300ab172e879d1d35bfae1bc190ca814e303dc530e3e4d7e062452a90f5699eadf8ae693a400000004d6e8ea22566c292c0d3f4fc7dba6d11b8ffaa596a542d90fe6c5dffe7011db121e415c944febf11b34cdead9ccf6f03c5f508cb0778b8d54708741ffb6d8ff0 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 buletinolahraga.files.wordpress.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:80 buletinolahraga.files.wordpress.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 54.231.170.153:80 twitter-badges.s3.amazonaws.com tcp
IE 54.76.168.150:80 g2.gumgum.com tcp
US 54.231.170.153:80 twitter-badges.s3.amazonaws.com tcp
IE 54.76.168.150:80 g2.gumgum.com tcp
DK 143.204.237.23:80 i1128.photobucket.com tcp
DK 143.204.237.23:80 i1128.photobucket.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 bloggerpeer.googlecode.com tcp
IE 172.253.116.82:80 bloggerpeer.googlecode.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
DK 143.204.237.23:443 i1128.photobucket.com tcp
DK 143.204.237.23:443 i1128.photobucket.com tcp
DK 18.173.5.100:443 js.gumgum.com tcp
DK 18.173.5.100:443 js.gumgum.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
DK 18.173.5.100:443 js.gumgum.com tcp
DK 18.173.5.100:443 js.gumgum.com tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
DK 18.173.5.100:443 js.gumgum.com tcp
DK 18.173.5.100:443 js.gumgum.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
DK 18.173.5.100:443 js.gumgum.com tcp
DK 18.173.5.100:443 js.gumgum.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 192.0.72.29:443 buletinolahraga.files.wordpress.com tcp
US 8.8.8.8:53 i825.photobucket.com udp
DK 143.204.237.127:80 i825.photobucket.com tcp
DK 143.204.237.127:80 i825.photobucket.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
DK 143.204.237.127:443 i825.photobucket.com tcp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 buletinolahraga.wordpress.com udp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
NL 23.62.61.106:80 www.bing.com tcp
NL 23.62.61.106:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXBHW193\p153993-wisconsin_dells-house_on_the_rock[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 c7e2df9411795b47e39f928848ed482d
SHA1 cf3c0eefc26cbf5ff3a698b1f1c771e50424c0e3
SHA256 104d2913d424fb693eba5f08a5fc74b775dde596053568c32e7341c606816f4a
SHA512 9b99a5b9183994c4acc3da874aa78d150dd3900be547f5d8cbcb79e413520e818cee43d8c8dc4d218343ad6227b88f1bea9ceb0432c9a430a846d4c4becc76fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar10F8.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7db5aec452d2efbe4530a6e0749cab4
SHA1 13086d970f68ba1849e208191a70ccd0d780902e
SHA256 ea2010a1b007419beeb82d3a1e98a162d319910d30e20396adcd2c5c80f27052
SHA512 b289bf143ba8ccc72efe3c9b10b629af5b2621db3c104b12b665d7dbbf600a415309ef3209434dd265f72122ad1f4c11c2777db8748f2d332ec56871a658de80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 baef799b006989f552b995ffca301742
SHA1 30417d9a271d60de817c8adef010e58a6f97feaa
SHA256 67d5cf67dfea55b624cf562919ec372d54b7ee47492d0cc19f2e8933b90f2bb8
SHA512 2b4a7f8c4db1bb916673f3e0adf3d2c214ee467f79fd11a0b39a7c693322a1f42fb89bac904423c941125e55f7c1d24a8ecc46c9988c2cc459ba6cc1bb25c0a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec08c05265d08f3c253e635a7519ac16
SHA1 8c91278916ba851be2751b57204f63c74e5c7a46
SHA256 f0be90169ba2463e1fb4c17bbd6cc3470ac1c8a44ef74b4a855d3733b8dedeb0
SHA512 7a4bae13b4bbd85591cd8f90987da24092addad4ce95afc70feb386c34a5022b026359a54f96c3184bbba0b2da6cc545e0966b7f258950586d3f1343cf4fed55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 31cec29e6c349b238c6a8bae4dbe011c
SHA1 e8f6597fb3013c92b37396b6b6420d73ac7f1a1a
SHA256 cab4c3a6053e823aa2a4e5dda4f54483e7f890b89b62e560d9dcb21aa6541792
SHA512 68128bd118675fc4cbc93a8e736c1344765fe59d5812a4c876cce1d9cc21ca36b16f5e2a048d2530d62e70b56dd1c3cadd2b6e5f317efc6f516020e634f613af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ddf1a6fa67630d03d749f4237ab56d5
SHA1 ad05d26529c9fc829359b1f277304dda07b75321
SHA256 15540b8fc506da055966a007f405db3b537544731780a0ec1a1a94b11791c337
SHA512 156c2735da51f4ee976e7ddb85c97c92c524c8b1a9d1e74fc3ee9cb77ebbfa62d6fa25070e45c93184d49e5dae207f2e8557611803632102b662f4a01b37adcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 610632742b4b24264256c6f7782cf13f
SHA1 4c0b66e4922808b50fa9e7b3efb87fe4959fe9de
SHA256 987da5a40c1726e51b529b671feafa8b1c04fbfd5bed8a00302b967ae226556a
SHA512 a907f63a63195026b070520a5c4a661f8f82e233db8a0a86fff8c5130273afb47102e233b527c13c55f5bd2e7bc83509fc96d81c46f87f0aee8aebaeb84f3362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d60a842dd09e130fc0720f575dedb98
SHA1 d277c1d42cb84275e04a018850f0d6f7b9264c67
SHA256 14630fdcda94f4c3a6e05e821133b21ba8b9651f5a56241b27a953c3f686e523
SHA512 df9f302125ca14bb5829dfb8bc2f2e38a1f7aac97c82dafc3efd6057699a7cb6074f870bb32975dd216890260eca391d8c55854d29a8db1ec81d9a23e7b8ffc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fca8af0dc8436b9952fdf961f8c7f401
SHA1 ac194f887a84a4538985ece94daf59cea48fe65b
SHA256 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9
SHA512 ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8ffae941cd6bc62186b9a8cedba56b61
SHA1 8f8e6ad0e3748342b5c7e9d545bd25e5d6f60fe1
SHA256 a29655cf10c0c0f347828f301775d1e1a592b668b3b7892bc889f2d14975520c
SHA512 726e5fc56370ccbfcd4f1618170c533ed3bc870c9438db3e73812601737d6137feffa6d92a76e9240c5cc65a6a1eb4c32092c8952960d490db33a3df96dce8ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6deff30b1b321b9b666c81b61258fb6
SHA1 3cb5bbcdcd4b4fcae0a90f43bb858414f5af037f
SHA256 90b8fcd2d6a251c8265d26866b29b01483d6dddd8d9dc266d8ce754ee0811ef8
SHA512 e53c4c15877665dd802ab796220a6a6da4a95259c21e0fcc9178e2dd05c1bd9f91515af17966920c16f901a22100b9d8f8fd5bcf0d6be2d60e7e8768a013a2db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 36467f00f9727e72921542d72a72217c
SHA1 0d0068d59229a22a64a9023c51b6d20d2eeacb35
SHA256 c4b39a114cfe8a12c51e8eed71d04183a66cb4691fc50b1181cc39a391800ec5
SHA512 7c21dd1c25b9694f1a8076be4add7b2d69980927f47f5cb52b34e7b43672b42ffcdd0cec61226f9d9cf13425ea4e12f610680d77a6ad8a1726c33499f771d77a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fe3545e64b03e7aa4595b80138d2453
SHA1 291df773ade4836a7b0cac1f8a0f5d1d5f6941c1
SHA256 feb3793017d18036228b8e082b38f7d8cf050cabd88028dcc025994ec9a96153
SHA512 74cc12afa82607860d35812fc71f975cf67d759dfddc8e366c0d6e9d6befaa559cb2ca8388796d3470ad3253957aa46f038f69a04520d6d815f37edd8ab73b76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 80704f8733ef23b2e31aae46b091d9f5
SHA1 23095ceabd99bac51d85862804f988dfdf739c3e
SHA256 65843060bf143bff710250ff9d63b861920ae1c1668f0fef773729c7ee05a672
SHA512 6c2621d382437aeecbd0c5253d1fb80240668161343656a6db29b8e821c902b339607149f7e276e4e4708c87523eb073a6339d3d9788bf11784936a40b08c085

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 693f11aaa0acfd04bbb2bff896dc6f52
SHA1 c04c8a10587f4e20dd03827d5efbb98fcc2d77f0
SHA256 8202e3f04393da7b256e811f8b4376273e2189dd75a730baab4861c78a5fc2f5
SHA512 b42de883721b6eafac2bd5546a67254d6c7cbf933c48a3513c3f33f3ed7a7c8b6c9d76f1bdf8f092b171d9776d177ee64bdcb10f15c020c7a6fbdaf0c3981757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a265d3f96a14339dfddf7319869141
SHA1 e570ce49d77470b45290ba217f920ccaf8340814
SHA256 8b60077a664fe3cc350521204ad7eb60977518080ca398f691055f31e1b240c0
SHA512 a1d96b988c67acb16a19417f0173a31ca0ecc1c5477bdeb82133f15d6c44468e3edf37167d2ed3b54bca6d9ad8999eb310a45bb9ef158ec2f5220f54f89a2061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d95bead143f271f2e8fd1e62cb1a1851
SHA1 e07e8fc0029346edfcccf00ad05eed0425494537
SHA256 8a7ea642de91cde864549f14a399cf5836f1139e517e534bbfaf9b73a72f2772
SHA512 11c4fdf94136b31ccb6105ec71bf6552aff665e21004ce531fb1ed77cbebda5cd63f6b5ae07cfae3fd7d0abd844b21b61803350f2600b612c58b6352604eb75a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72ff9e05906cc1ef2313cdaed10e89a5
SHA1 249d438709dad76cf0df49bef65647078e7ffee4
SHA256 86cceda1fde812ad36717e9232835c5d2880b9a89f111562f0585d6700d945be
SHA512 0a20b984bb5b226ee6f5504ad623a3c1763b828a010b13bb61f78941f4d7c8e0b1be99e95b43e061f62c00cab79e96cfa7e528c5d41e2a2be690179f6a544cd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c61eba2876f79a8444eae5c5cece0b5a
SHA1 ab3788a1511d358255ed936f4a8b81c8dad9530a
SHA256 75a0b4507d90c8679be0e6cd191d4fc948d3a45fba009c62fd153ad750ff781b
SHA512 2bdf7b91b8def81fb35f1a06b52b30667bc0eae1a705a8c050d99466e4935541cb5745066c7be571ed915da8a5da2febee5663f39c38fd9075fc6c689a7925d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9340e1cf8d91881acf89eb27b7c4a3c
SHA1 3717f104f3962ebd6a9d73a7b790755ece001326
SHA256 4fb59bcfb6ba8651a57cc879fc1bdaa92b8bce9bc59ff1f0cd0c422c994b0f2e
SHA512 523b20817e90f85517a7aa74e48ddae097aa0146645f28b40bd715a3ccd8ed64d47afd29784b305aff92acfebb89454ac59bd174a18e8a39beac06ce189d195f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5e17082a0187c7ff0d4264c9c05490
SHA1 32ef1732f595cf9c1f1ca30613d4d417815dd441
SHA256 dd170813332fe9ec06b7daecc694d81b6d29ef6d5a0eb1645977ce0dbd942a71
SHA512 6cbf778fa6d7c326defb72ef0736537e4bb9bf1eb6d9ffa4f7134cf3bbaf9f1b1ecb27c8b0b188f07033c8dc96de0ea218a69e50d360cab523dc3b9f9631d914

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\881QLAZE\platform_gapi.iframes.style.common[1].js

MD5 7ef4bc18139bcdbdd14c5b58b0955a67
SHA1 afe44fd9a877f81a3c36f571c0fc934324c6cbd7
SHA256 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838
SHA512 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 64d90c9fd05bba82b430c9f33502cdce
SHA1 ab289f02031f433108532cb8ba075d8fa885037f
SHA256 abc8a4454eccfcc198fece68a8dda1b4906dbac95bbe03b3816723416aa2981e
SHA512 1f7c9b2d9bc0cc27de0e7f70702fcc801a59fb6dadbac05a7b9cd5189243d3ec5555450b87a24622261d92e919d1f9b066e52f99534b29806230ce96ac2fa4ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7G9NPXJ\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e8179da5dc1c35746b17466e46c879
SHA1 438be75ef2c2abf3cc39df127f1762e1bcfc7314
SHA256 1095a9e84feaad7cfd70ee4715a029dfed7b6c1efee62ffe1ae6a65506f53614
SHA512 61ee2356acf62ac37c5fee405af634b00fabcc05ec41cfb339ee23096418eb395a23298607e1cc9e08e20042aca487f8f06270e3c1f40546e519676aae0b263d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 28b3f1cb0a19cb395b21fb37d89433cb
SHA1 aae2c0f968628b3be5a02a93d07d474c419ba33e
SHA256 2affe517458de2a69d8324e465c84c2cd529eab4692bedf916837f5f1b387585
SHA512 bbd27f8a167b78f491a805b0276431c17f296fc971ae621c0a92c857b1dd2b03609ab9fc40db519519f7e2780172255272b24a1145573d2c8e0507ddafc595f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ea2fcbe3ef1291d3b06086c5e6ad87a
SHA1 f5efce4211a1b2bc575b5d637234f124c8b9217d
SHA256 e79b9a994870f774773adc3815efb700514bf5f0eaa24f66676b3321b8a77750
SHA512 254ca43f0436eaea5d161adfade0370af6cc852d683ef9e130de91db2bc42264259583cf693e1665f9a38c92e3ee6c17211ac21f4cac090a208dad775acf8934

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56fb31ab1a52bcc8e2747e3017d49696
SHA1 652b082002c03034b93157c4ab220a04f55c405a
SHA256 1449accfaa47e2c2bc1758fbee0787f4f1d308707d4a2735a292eb2fc9e225bd
SHA512 9e760eaa2be9bf1f40fe4d88c8d944a5a13634e914cb24d5c3838e134278e5d1bd1972b9d83c7387f2374bee707d6490625d3a392a6af59698996fc8d7d486b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aca18b9c2cdaf7b862a0906408a7222
SHA1 528888a8bb817e7650bd833e0771baba4f4eb5ab
SHA256 8b645d88b0e11a0d6c5db89ae1ac531fd2ce9de563a46f34a8e8f28acc6d8c32
SHA512 c62930c75d751093e5c7ddcd84c456d1eb4e0d731b21702719d2914700dd7e4a5a1190a087fd5ac473a209eb401fafc8e339bc8a94af9eecbe1d6d1b0a466b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7632afff8feba510b1ee9c63edb0b896
SHA1 ae0536deb94718ec0a6147150f4b9fa0d8dc871d
SHA256 110f2b032cc61271136d243c9b96eda3d21c494cd078878bb6329ee61e6114d2
SHA512 75c4fb8377ac8512a1c170ff44a10bf9aeb4d06b9de4bdd7d2ad75027157fc71411630835d595b8c450b985cef3caf0909d09d90d9a04b9b1dbe340aa1e9226d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F1281C167C2A79A62DC52303B611E64D

MD5 c5b4610ab966ff826ef4559ba2cdd685
SHA1 85b91bfa4ab485f18a5e11a51c229aae86966682
SHA256 5b81d0a9ac63e1ddf687399c0be21d14a92050fd7027be346ed16daea1ada0bd
SHA512 8242b9d8bf66a745bab5e123a99d62b29e1d5647db4496b6f19349719a76c68a2a0d6ad4484ae55e973c18cfeeccd146fc6113a292fdaeb1328c3d4362407d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a51c13aa93b577de5f3b0ee0adc0014c
SHA1 f935b3b709263af2edd48999a93f615d2001655e
SHA256 703a60d2a934e6ba1872cd2df0ddf0eb598fbc2b95a4bda70e2faff3712986ca
SHA512 04709f047124bff3315586a3ead55bdd2fb8996d48a0a9ae1cfea3124a073a981879d2cf8f5ae853ce6f4d24e5ac44ecc09875bb2e6298d17153e8b072823fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64479e231db8ca75b4cf274d7f5b281f
SHA1 fe18f66cf0bbcb113c5aec01cdb50cb8dc2ffb26
SHA256 649696100aa1d430b95a2e734aa2af288075966b0fcd4f447b71519030660299
SHA512 5690dcbfb6eeee82a2730b1e682454e9cbd15c98155f4054dc0fceec18da7fca2c58ec4f5ec472c7d28702dff095b7b36e7b946833513d174efe9a8b5ae1fbb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3362d2d212d26265f525b97742165628
SHA1 9cac446d697d9ce1b1c31f24ea3eaea05822b4d6
SHA256 50133634556827d0ca61877ac2c919a9482d41c19506b47f78c6d6e19f903f4f
SHA512 3b9db4d86d41b0e54500bbe3dae797df358da9326fb531ee460fe1363dd3533b32f013375b22b4085b16ff8e23bbf5fee3232661c6ddbf8eddb3d480c681a7a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 652ed24d8b31f9f25afbd209ab82e756
SHA1 ad1865197d1ee4a8fb2815e6011d19d2526d65f5
SHA256 d657df17e042b765ce293f4269c40aaa314424901d15cc9ebeb40392c0cf7d6d
SHA512 dfacd3efab486e20472508fd7586687ca5e65ca5c2048943f3d68dfc21ffac5cf28576fd6bb1879d99e783a1456c704962d556a1b7bc98f81041549394847cdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50af4d4e09d72d8699566993998668a0
SHA1 f049aac4bc191767b1c169a4a783511b444bee2d
SHA256 18bf5b73058325228ed807edaaf87771725cb9e4060eaa9d81438563dcf29249
SHA512 ec72443bb70545bef671fa48f4613013dd666b0e30dafca61f2285b4a02de4d6c912a9e838fab38e84cf618b8a20d8d917bccef68448e560c415f6c4f5c64cf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3f7944aa586c5d66a84bdf468d0de31
SHA1 e8e21ea26fe1354b1529e862f131c4b88810e7b9
SHA256 a6b8270516a290b62b6f3fa367fd1c309339870402f213ad4b3ad08c8a4fa972
SHA512 c17d3a5f66bad9dc4dd0a67a0311554b4c15511196a121b597092ddf6587692dac5d3f5fc018feb4009e6e136a109ebb9ad6e2724efeaf1a5c30a0cc0e53e0a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e9b995512f8441b9e9e6bc6f3766bf6
SHA1 21f83e5b6071d8eb474a1b8ba1a97d7de9914ce4
SHA256 ec97d1114859e1868fcc5a31d0269b7a02d3a56e63e29c9412c9f79752efa4b5
SHA512 59a7bfcb4a634c97ce6f44ce98ac19c062e3842d05af365bd55ac3021514e607da462a61da0839301745b5fc71b19785a508140fdd83c7fd3dc4b0c4d160936c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c4b3da8af786a69ffd81278c240ebd66
SHA1 762ed01da79cfc40a471a183c22902e7a26226ac
SHA256 ca95f74b630a6e0753d0c2b793dd60aea7ab6c8cb57a1e8a245330604541b3c6
SHA512 a89b8c274e5f48708f55bb142f842668b614a36a27e0d8fdaf2cb01385161d948681e1b5acbe3d1e79185f7ddb14856e9502b78edc12d3849673ec05facf5594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 303e987476a07b1197bf98e4190aa273
SHA1 703d33960596f9e230dd0f2e3959e4a956e23d60
SHA256 c7f98070f44ecbd841c0f3fd5a627baebf7e57e98d851addccae858e1b16a71f
SHA512 c53e79537246a0aef42381fb59816c0d96f3ed022b3d709ba477a1f692026eee33bad7fd168917abef733ca2b81d1baa969043a8d8762a93118899960331897e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dab14e8acf036a99e6990325db81fe66
SHA1 6283626b9f1db165fbc431f2e6c17fe40f93be98
SHA256 43663da09175ead65892811567ad7fbd397a9480904e6bbcbb16a665070d5026
SHA512 8ff49be71a15cf67b50d33600bd362dabd527a54c9d32774c7e87cdd0fb740b33947ea8beb80d8c20dd89b162e2894a6557a510a84000f958cd85e0f670d5c07

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6b02c32ca0d763d201c9afcb9abf13a
SHA1 5eea7f948a5124446f59d35744fe99cbf895b180
SHA256 6c490a2d4fee3ea9bac00358034fdc90a3337b520e934aeafc4e48b545eb5d5e
SHA512 6ca3426e03170c54b33f65c5fee1ba287eb5cd7c971dfc5a541e53bd2f7c80452321ce52f1e45deeb7c54fb322f1529b7abf4b012b9e84d34e04ddd472cc15f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72dc2455ec683bb6baaf14058ff1f1ea
SHA1 8ea3535ba09ce3829e10766ef6b19888aec5c572
SHA256 c01dcd88b2ca9068172365d562c8fc855a27317139e0b3dcb11edd629195acae
SHA512 f77807755cd4f0166d5defdaeebc2ed83e2d9720ee308d112ddb4c64207158738c6d93283c384dcda455781c3034945ed782b8cd3bdc3d270dc6f9ac3a17233f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caf98a49cd47c0b0c7c6b618406ca74c
SHA1 ef0c6a144151d0d32dcc17d3f41187778c56659e
SHA256 3e307966ec26240f1f2a14479206f7884b9afdbb585b45336effce693e48a06b
SHA512 b49089c5b91c5936b91d8b5bb0c6134da5fd54d8bb78e2154ed20e75fc758d5d7891f4f36834260dc70e5a285a7f24d6fb3e12d128d93bf25433ccd8529824e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e08adfaa01bf8a2787daae9ba95ca736
SHA1 f786c82ecf9e4cd897c5c2c152b1b7df044298bb
SHA256 63b8be4fd04dc9b70d6b330e554ab176b2e0dfe9e389fd43d61f371c3e57a965
SHA512 aeab8f1fc730fdde9846ea5e955ee87fa445af50b233870e5f14b9cd5d60751ab4b7f8a97acb6efcd6281d1446a6102cbf32e14ec164b09610fd26b28108eccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a34f4ed31836c7690f8d0a8d498525
SHA1 b54b82c1f4fa1fdc7a3e001866e38946b85152d9
SHA256 54746369ea96a827be3d9f1d85f3aae91a50a8e7d81fba5c52f1f07deb69cbcc
SHA512 25a5e1f321164bb05e28bf66bfb8972b6495648894fc4ee07897d800e9857ba2397ef7311adf51968412f171ff1ea760b776ac22a2f33f8b7a4c9a0452d6912a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68d862181f4cf2fae9879638fbdedbc
SHA1 8972f820111da4180c6269f0c162415f7214de36
SHA256 ce87fc98f96876ae828ebcbbb841bb1e8821111e1e8e2b73a41148b7689a7797
SHA512 f7a16f713789837a3c20f3d3acab8c102896934f86b7ea70b2f23178839e375fee75bc4acf39a45bc19647eff9e89e4438a3d8d7172dc7bf8de7d6de830dd9c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cae1d38b29313b289da31d6a7296079
SHA1 cb34bc2c1df4648ac80b3c12e3427d441ca89548
SHA256 a441236ce2b1bdf58492a7b658bb34e0084f4de279357d6135e56b31b2396685
SHA512 b6993d692093e69c5abf793941e57b1a7e03a8cdc6a5a41615fc00c06a18fc4dda46cbd4aac26e58e9936228057817c8313e81e9a0c46bb3b4b8896f265886ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8977327b13ea07f6fbf32dc141824c5d
SHA1 30a277d76a6462b94478eea484af419efe41efbe
SHA256 d7c8d7061260768e02ac5f4a2486d9f16afc0fc7102d87579f2bb1bf73f2e0db
SHA512 f0de06217fb2c45340371af4395f7304a0a819a525b993c2b881b815a7ed71df0d369e3e411bfa91e59aeb19deb4b363b81fb1ffc4019f6c6665056ce1743375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb2bfa6837ff48d81f97a3e1c7477dc
SHA1 bcb94f3f4a4196e3aea77a10210513588e8002e3
SHA256 6446e63f0d4eb38d41efbefe98f99f00868477bf43c0545d04dccc6b8b94d943
SHA512 6627edd7f894b746240fb8cd09d55931d89fd10361d19cc6fbff3853073cc5fdb5d4cb07cf4d70a25b31f0b2542399d531a65e2a918762d1b71824a26eb94290

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 790dd5a70ad6a8982b4947b847aabb26
SHA1 797b6597703673b9181fc641da9381d71bb945c5
SHA256 b2da0ffbd8f74457c14954e5cf5a95e4a91bd30c6fe0addc0ccc069e3deebf96
SHA512 b817a179b39cfc8f18177a53be623b5df7609b9d07e339af2a95e6f735e50bede2529e8b8303a75aff01eca56631b0814a7a8d8ab96e8e5bf30408051d067e5f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 12:07

Reported

2024-05-10 12:10

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1976 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0572cc0c9514ce14a61056ce7d98ad_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa4b146f8,0x7ffaa4b14708,0x7ffaa4b14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15085287155733317252,4362501055521190473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 adsensecamp.com udp
GB 142.250.200.9:443 www.blogger.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
GB 142.250.200.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 buletinolahraga.files.wordpress.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
IE 172.253.116.82:80 bloggerpeer.googlecode.com tcp
GB 142.250.178.4:80 www.google.com tcp
DK 143.204.237.104:80 i825.photobucket.com tcp
IE 63.33.2.172:80 g2.gumgum.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
DK 143.204.237.104:80 i825.photobucket.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 192.0.72.28:80 buletinolahraga.files.wordpress.com tcp
US 192.0.72.28:80 buletinolahraga.files.wordpress.com tcp
US 192.0.72.28:80 buletinolahraga.files.wordpress.com tcp
GB 142.250.200.9:443 www.blogblog.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
US 8.8.8.8:53 js.gumgum.com udp
DK 143.204.237.104:443 i825.photobucket.com tcp
DK 143.204.237.104:443 i825.photobucket.com tcp
DK 18.173.5.25:443 js.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 www.blogblog.com udp
GB 142.250.178.4:80 www.google.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 192.0.72.28:443 buletinolahraga.files.wordpress.com tcp
US 8.8.8.8:53 buletinolahraga.wordpress.com udp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
US 192.0.78.13:443 buletinolahraga.wordpress.com tcp
DK 143.204.237.104:443 i825.photobucket.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 52.216.209.41:80 twitter-badges.s3.amazonaws.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 28.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 172.2.33.63.in-addr.arpa udp
US 8.8.8.8:53 104.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 25.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 31.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 41.209.216.52.in-addr.arpa udp
ID 103.30.145.12:443 adsensecamp.com tcp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.linksalpha.com udp
IE 63.33.2.172:443 g2.gumgum.com tcp
DK 18.173.5.25:443 js.gumgum.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 142.250.178.4:80 www.google.com tcp
DK 143.204.237.66:443 gumgum.com tcp
DK 13.33.141.94:443 aba.gumgum.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 163.70.151.35:80 www.facebook.com tcp
DK 143.204.237.103:443 c.gumgum.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 66.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 94.141.33.13.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
IE 172.253.116.82:80 bloggerpeer.googlecode.com tcp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.10:443 t.dtscout.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 103.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 kencew.blogspot.com udp
GB 216.58.201.97:80 kencew.blogspot.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_1976_RPHAECTUHEHMVVWY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 248cbea7921224f55bdf1a6737e5a2f9
SHA1 371184fc78ef805b90dc4748cecd849f47957a83
SHA256 563f16c50c910fc906c84f55272f8601c356d83fff3f15d3ab6b867ff0e91a7c
SHA512 71eda975a90d71cf94b0aa27b5b05819987cb22a989f4ec7948cf0ca19c3a671842b5c6f32a312ea607c18e321d4080ea19935d9fd6e58c71ae1cf4873f01213

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ede2bfb6d34fdba5d26658471a371d9
SHA1 2ce0a47c999ccc71cc5d060e288b1d52c54a3691
SHA256 579de9f8aadbb9ac5bfd84a3f38b2f10046f9b5919e8a6db31085bf9ccb1a4e3
SHA512 7de2049fa6dec229d5b83dd85b7fb650591d321487123a197c5956e10950a92167a97ac2e29acb700bd44dcb8a23a754aef7eba13afd5c626875f1fe7cbd57bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84f26ede95928d61da6811e20e162e6b
SHA1 d31b2840bb6c77019af964d841da69a1d4c6be64
SHA256 c7dd18a6e300301db6f67b195db4e0eaabc76c5dc056886f00bb5b6e64b8d338
SHA512 e38621c946547f46a705cea4b53c0d341b6643f7c118c39ae503319c43a695aef549871beaca6e48cba695d32b53ef1d3b0e6caca1404055a55951011b4bbbc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed092ee486bfa7a76e57ce13bb18c8da
SHA1 260b61ed76847fc6f82e1dbfd7255b41a8623016
SHA256 b94d55047c9b78cd6cf3b96e143a349d29a02bca22eacaf3eabc3f6c99ec2266
SHA512 6e89e6e8d13f64df21c4177aab23fd25eb2e9f339c8fb08f94472c560ae9d4ccdac2c153483ccbae0cf55c86b12b9aa2fbdbf07e6a75fbd0a092bbcc8d87a367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d0be20f7a5e49972df1d785260e283c
SHA1 b665ff03a8c2246bc9aecf865c10f259aba3a232
SHA256 8b3d67abab09acdb0b3e4ea672a8122ab32eed5e7cfe86ae01e184dc80c8fe3d
SHA512 791f78da349334dd47d84dd50619f60bbbda14af465daa728b1a26edc5df3672872ec5f36438c634a92b24d0032153a0a94c095f5a5a5277243e9368e8b7cb60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6da3730870a8a2b1a2157c50bbdd4756
SHA1 e6226ee281910d7db44d919b41e1d7c59d40c940
SHA256 b8433a240c896adc6e01f424325b9a439bcce7e25b1f8572c85017053b31da9f
SHA512 fc8a91dcd0aa1ee4dbd12159b6f5268532a997f3bb72e2900c953911a5255424f29d172fe9da284d495a2c8ca5a93b795868675f09097a477004cc259567295d